@classytic/arc 2.6.2 → 2.7.1

package/dist/{index-B4uZm82R.d.mts → index-KXM8_JmQ.d.mts}

@@ -1,6 +1,6 @@
-import { s as RequestScope } from "./elevation-C_taLQrM.mjs";
-import { Ft as IControllerResponse, It as IRequestContext, O as FastifyWithDecorators, Pt as IController, S as CrudRouterOptions, b as CrudController, rt as RequestWithExtras, tt as RequestContext } from "./interface-CrN45qz1.mjs";
-import { t as PermissionCheck } from "./types-BNUccdcf.mjs";
+import { r as RequestScope } from "./types-CNEbix8T.mjs";
+import { C as CrudRouterOptions, Ft as IController, It as IControllerResponse, Lt as IRequestContext, Vt as ResourceDefinition, it as RequestWithExtras, k as FastifyWithDecorators, nt as RequestContext, ot as ResourceConfig, u as AnyRecord, x as CrudController } from "./interface-Dwzqt4mn.mjs";
+import { t as PermissionCheck } from "./types-DPsC0taJ.mjs";
 import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
 
 //#region src/constants.d.ts
@@ -144,6 +144,49 @@ declare function createCrudRouter<TDoc = unknown>(fastify: FastifyWithDecorators
  */
 declare function createPermissionMiddleware(permission: PermissionCheck, resourceName: string, action: string): RouteHandlerMethod | null;
 //#endregion
+//#region src/core/defineResourceVariants.d.ts
+/**
+ * Required identity fields for each variant. The user MUST provide a unique
+ * `name` (registry collision prevention) and a unique `prefix` (route
+ * collision prevention) for every variant.
+ */
+type VariantIdentity = Required<Pick<ResourceConfig, "name" | "prefix">>;
+/**
+ * A variant override = identity (name + prefix) + any other ResourceConfig
+ * field that should differ from the base.
+ */
+type VariantOverride<TDoc = AnyRecord> = VariantIdentity & Partial<ResourceConfig<TDoc>>;
+/**
+ * Map of variant key → override config. The key becomes the property name in
+ * the returned object (e.g. `{ articlePublic: ... }` → `result.articlePublic`).
+ */
+type VariantsMap<TDoc = AnyRecord> = Record<string, VariantOverride<TDoc>>;
+/**
+ * Result type — preserves the variant keys so destructuring is type-safe:
+ * `const { articlePublic, articleAdmin } = defineResourceVariants(...)`.
+ */
+type VariantsResult<TDoc, V extends VariantsMap<TDoc>> = { [K in keyof V]: ResourceDefinition<TDoc> };
+/**
+ * Define multiple resources from a shared base config and per-variant overrides.
+ *
+ * Each variant is independently passed through `defineResource()` — the
+ * returned `ResourceDefinition`s are real, fully-registered resources.
+ * Register each one's plugin in your app:
+ *
+ * ```typescript
+ * await app.register(articlePublic.toPlugin());
+ * await app.register(articleAdmin.toPlugin());
+ * ```
+ *
+ * @param base    Shared config — adapter, queryParser, schemaOptions, hooks, etc.
+ *                Must NOT include `name` or `prefix` (those are per-variant).
+ * @param variants  Map of variant key → override. Each variant must declare
+ *                  its own `name` and `prefix`. Other fields override the base.
+ * @returns A record where each key from `variants` maps to a real
+ *          `ResourceDefinition` ready for `.toPlugin()` registration.
+ */
+declare function defineResourceVariants<TDoc = AnyRecord, V extends VariantsMap<TDoc> = VariantsMap<TDoc>>(base: Omit<ResourceConfig<TDoc>, "name" | "prefix">, variants: V): VariantsResult<TDoc, V>;
+//#endregion
 //#region src/core/fastifyAdapter.d.ts
 /**
  * Create IRequestContext from Fastify request
@@ -212,4 +255,4 @@ declare function createCrudHandlers<TDoc>(controller: IController<TDoc>): {
   delete: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
 };
 //#endregion
-export { RESERVED_QUERY_PARAMS as A, HookOperation as C, MAX_SEARCH_LENGTH as D, MAX_REGEX_LENGTH as E, MUTATION_OPERATIONS as O, HOOK_PHASES as S, MAX_FILTER_DEPTH as T, DEFAULT_MAX_LIMIT as _, getControllerScope as a, DEFAULT_UPDATE_METHOD as b, createPermissionMiddleware as c, IdempotencyService as d, createActionRouter as f, DEFAULT_LIMIT as g, DEFAULT_ID_FIELD as h, getControllerContext as i, SYSTEM_FIELDS as j, MutationOperation as k, ActionHandler as l, CrudOperation as m, createFastifyHandler as n, sendControllerResponse as o, CRUD_OPERATIONS as p, createRequestContext as r, createCrudRouter as s, createCrudHandlers as t, ActionRouterConfig as u, DEFAULT_SORT as v, HookPhase as w, HOOK_OPERATIONS as x, DEFAULT_TENANT_FIELD as y };
+export { MutationOperation as A, HOOK_PHASES as C, MAX_REGEX_LENGTH as D, MAX_FILTER_DEPTH as E, SYSTEM_FIELDS as M, MAX_SEARCH_LENGTH as O, HOOK_OPERATIONS as S, HookPhase as T, DEFAULT_LIMIT as _, getControllerScope as a, DEFAULT_TENANT_FIELD as b, createCrudRouter as c, ActionRouterConfig as d, IdempotencyService as f, DEFAULT_ID_FIELD as g, CrudOperation as h, getControllerContext as i, RESERVED_QUERY_PARAMS as j, MUTATION_OPERATIONS as k, createPermissionMiddleware as l, CRUD_OPERATIONS as m, createFastifyHandler as n, sendControllerResponse as o, createActionRouter as p, createRequestContext as r, defineResourceVariants as s, createCrudHandlers as t, ActionHandler as u, DEFAULT_MAX_LIMIT as v, HookOperation as w, DEFAULT_UPDATE_METHOD as x, DEFAULT_SORT as y };

package/dist/{index-DrCqa3Jq.d.mts → index-StgFaQKD.d.mts}

@@ -1,4 +1,4 @@
-import { Ht as CrudRepository, K as ParsedQuery, W as OpenApiSchemas, Z as QueryParserInterface, a as RepositoryLike, dt as RouteSchemaOptions, n as DataAdapter, o as SchemaMetadata, s as ValidationResult } from "./interface-CrN45qz1.mjs";
+import { G as OpenApiSchemas, Q as QueryParserInterface, Ut as CrudRepository, c as ValidationResult, ft as RouteSchemaOptions, n as AdapterSchemaContext, o as RepositoryLike, q as ParsedQuery, r as DataAdapter, s as SchemaMetadata } from "./interface-Dwzqt4mn.mjs";
 import { Model } from "mongoose";
 
 //#region src/adapters/mongoose.d.ts
@@ -29,7 +29,7 @@ interface MongooseAdapterOptions<TDoc = unknown> {
    * });
    * ```
    */
-  schemaGenerator?: (model: Model<TDoc>, options?: RouteSchemaOptions) => OpenApiSchemas | Record<string, unknown>;
+  schemaGenerator?: (model: Model<TDoc>, options?: RouteSchemaOptions, context?: AdapterSchemaContext) => OpenApiSchemas | Record<string, unknown>;
 }
 /**
  * Mongoose data adapter with proper type safety
@@ -53,7 +53,7 @@ declare class MongooseAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
    * If a `schemaGenerator` plugin was provided (e.g. MongoKit's buildCrudSchemasFromModel),
    * it is used instead of the built-in basic conversion.
    */
-  generateSchemas(schemaOptions?: RouteSchemaOptions): OpenApiSchemas | Record<string, unknown> | null;
+  generateSchemas(schemaOptions?: RouteSchemaOptions, context?: AdapterSchemaContext): OpenApiSchemas | Record<string, unknown> | null;
   /**
    * Extract relation metadata
    */

package/dist/index.d.mts

@@ -1,10 +1,10 @@
-import { $ as RegistryEntry, $t as PipelineStep, A as GracefulShutdownOptions, Bt as ResourceDefinition, C as CrudSchemas, Ct as BaseController, D as FastifyWithAuth, E as FastifyRequestExtras, F as InferResourceDoc, Ft as IControllerResponse, G as OwnershipCheck, H as MiddlewareHandler, Ht as CrudRepository, I as IntrospectionData, It as IRequestContext, J as PresetFunction, Jt as Interceptor, Kt as QueryOptions, L as IntrospectionPluginOptions, Lt as RouteHandler, M as HealthOptions, Mt as ControllerLike, N as InferAdapterDoc, O as FastifyWithDecorators, P as InferDocType, Pt as IController, Q as RateLimitConfig, Qt as PipelineContext, R as JWTPayload, S as CrudRouterOptions, V as MiddlewareConfig, Vt as defineResource, Wt as PaginatedResult, X as PresetResult, Xt as OperationFilter, Yt as NextFunction, Zt as PipelineConfig, a as RepositoryLike, at as ResourceConfig, b as CrudController, bt as ValidationResult$1, c as AdditionalRoute, ct as ResourceMetadata, dt as RouteSchemaOptions, en as Transform, et as RegistryStats, f as ArcInternalMetadata, ft as ServiceContext, gt as TypedResourceConfig, h as AuthPluginOptions, ht as TypedRepository, i as RelationMetadata, j as HealthCheck, k as FieldRule, l as AnyRecord, mt as TypedController, n as DataAdapter, nt as RequestIdOptions, o as SchemaMetadata, p as ArcRequest, qt as Guard, r as FieldMetadata, rt as RequestWithExtras, s as ValidationResult, tt as RequestContext, u as ApiResponse, ut as RouteHandlerMethod, v as ConfigError, vt as UserOrganization, w as EventDefinition, wt as BaseControllerOptions, x as CrudRouteKey, xt as envelope, yt as ValidateOptions } from "./interface-CrN45qz1.mjs";
-import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, t as FieldPermission } from "./fields-DFwdaWCq.mjs";
-import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "./types-BNUccdcf.mjs";
-import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-DrCqa3Jq.mjs";
-import { A as RESERVED_QUERY_PARAMS, C as HookOperation, D as MAX_SEARCH_LENGTH, E as MAX_REGEX_LENGTH, O as MUTATION_OPERATIONS, S as HOOK_PHASES, T as MAX_FILTER_DEPTH, _ as DEFAULT_MAX_LIMIT, a as getControllerScope, b as DEFAULT_UPDATE_METHOD, g as DEFAULT_LIMIT, h as DEFAULT_ID_FIELD, j as SYSTEM_FIELDS, k as MutationOperation, m as CrudOperation, p as CRUD_OPERATIONS, v as DEFAULT_SORT, w as HookPhase, x as HOOK_OPERATIONS, y as DEFAULT_TENANT_FIELD } from "./index-B4uZm82R.mjs";
-import { C as presets_d_exports, E as readOnly, S as ownerWithAdminBypass, T as publicReadAdminWrite, a as allOf, b as authenticated, c as createDynamicPermissionMatrix, d as requireAuth, f as requireOrgMembership, g as requireTeamMembership, h as requireRoles, l as createOrgPermissions, m as requireOwnership, n as DynamicPermissionMatrix, o as allowPublic, p as requireOrgRole, r as DynamicPermissionMatrixConfig, s as anyOf, u as denyAll, v as when, w as publicRead, x as fullPublic, y as adminOnly } from "./index-NGZksqM5.mjs";
-import { a as NotFoundError, d as ValidationError, f as createDomainError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-CcVbl1-T.mjs";
+import { $ as RateLimitConfig, $t as PipelineContext, A as FieldRule, C as CrudRouterOptions, D as FastifyRequestExtras, F as InferDocType, Ft as IController, Gt as PaginatedResult, H as MiddlewareConfig, Ht as defineResource, I as InferResourceDoc, It as IControllerResponse, Jt as Guard, K as OwnershipCheck, L as IntrospectionData, Lt as IRequestContext, M as HealthCheck, N as HealthOptions, Nt as ControllerLike, O as FastifyWithAuth, P as InferAdapterDoc, Qt as PipelineConfig, R as IntrospectionPluginOptions, Rt as RouteHandler, S as CrudRouteKey, St as envelope, T as EventDefinition, Tt as BaseControllerOptions, U as MiddlewareHandler, Ut as CrudRepository, Vt as ResourceDefinition, Xt as NextFunction, Y as PresetFunction, Yt as Interceptor, Z as PresetResult, Zt as OperationFilter, _t as TypedResourceConfig, a as RelationMetadata, bt as ValidateOptions, c as ValidationResult, d as ApiResponse, dt as RouteHandlerMethod, en as PipelineStep, et as RegistryEntry, ft as RouteSchemaOptions, g as AuthPluginOptions, gt as TypedRepository, ht as TypedController, i as FieldMetadata, it as RequestWithExtras, j as GracefulShutdownOptions, k as FastifyWithDecorators, l as AdditionalRoute, lt as ResourceMetadata, m as ArcRequest, nt as RequestContext, o as RepositoryLike, ot as ResourceConfig, p as ArcInternalMetadata, pt as ServiceContext, qt as QueryOptions, r as DataAdapter, rt as RequestIdOptions, s as SchemaMetadata, tn as Transform, tt as RegistryStats, u as AnyRecord, w as CrudSchemas, wt as BaseController, x as CrudController, xt as ValidationResult$1, y as ConfigError, yt as UserOrganization, z as JWTPayload } from "./interface-Dwzqt4mn.mjs";
+import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, t as FieldPermission } from "./fields-CYuLMJPD.mjs";
+import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "./types-DPsC0taJ.mjs";
+import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-StgFaQKD.mjs";
+import { A as MutationOperation, C as HOOK_PHASES, D as MAX_REGEX_LENGTH, E as MAX_FILTER_DEPTH, M as SYSTEM_FIELDS, O as MAX_SEARCH_LENGTH, S as HOOK_OPERATIONS, T as HookPhase, _ as DEFAULT_LIMIT, a as getControllerScope, b as DEFAULT_TENANT_FIELD, g as DEFAULT_ID_FIELD, h as CrudOperation, j as RESERVED_QUERY_PARAMS, k as MUTATION_OPERATIONS, m as CRUD_OPERATIONS, s as defineResourceVariants, v as DEFAULT_MAX_LIMIT, w as HookOperation, x as DEFAULT_UPDATE_METHOD, y as DEFAULT_SORT } from "./index-KXM8_JmQ.mjs";
+import { C as authenticated, D as publicRead, E as presets_d_exports, O as publicReadAdminWrite, S as adminOnly, T as ownerWithAdminBypass, _ as requireScopeContext, a as allOf, c as createDynamicPermissionMatrix, d as requireAuth, f as requireOrgInScope, g as requireRoles, h as requireOwnership, k as readOnly, l as createOrgPermissions, m as requireOrgRole, n as DynamicPermissionMatrix, o as allowPublic, p as requireOrgMembership, r as DynamicPermissionMatrixConfig, s as anyOf, u as denyAll, v as requireServiceScope, w as fullPublic, x as when, y as requireTeamMembership } from "./index-BYpRGXif.mjs";
+import { a as NotFoundError, d as ValidationError, f as createDomainError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-CCSsMpXE.mjs";
 import { AsyncLocalStorage } from "node:async_hooks";
 
 //#region src/context/requestContext.d.ts
@@ -252,4 +252,4 @@ declare function arcLog(module: string): ArcLogger;
 //#region src/index.d.ts
 declare const version: string;
 //#endregion
-export { type ValidationResult as AdapterValidationResult, type AdditionalRoute, type AnyRecord, type ApiResponse, ArcError, type ArcInternalMetadata, type ArcLogWriter, type ArcLogger, type ArcLoggerOptions, type ArcRequest, type AuthPluginOptions, BaseController, type BaseControllerOptions, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, CrudOperation, type CrudRepository, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, type Guard, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, HookOperation, HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type Interceptor, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, MutationOperation, type NamedMiddleware, NotFoundError, type OwnershipCheck, type PaginatedResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PipelineConfig, type PipelineContext, type PipelineStep, type PresetFunction, type PresetResult, PrismaAdapter, type QueryOptions, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RequestContext, type RequestIdOptions, type RequestStore, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type Transform, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_d_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };
+export { type ValidationResult as AdapterValidationResult, type AdditionalRoute, type AnyRecord, type ApiResponse, ArcError, type ArcInternalMetadata, type ArcLogWriter, type ArcLogger, type ArcLoggerOptions, type ArcRequest, type AuthPluginOptions, BaseController, type BaseControllerOptions, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, CrudOperation, type CrudRepository, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, type Guard, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, HookOperation, HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type Interceptor, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, MutationOperation, type NamedMiddleware, NotFoundError, type OwnershipCheck, type PaginatedResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PipelineConfig, type PipelineContext, type PipelineStep, type PresetFunction, type PresetResult, PrismaAdapter, type QueryOptions, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RequestContext, type RequestIdOptions, type RequestStore, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type Transform, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_d_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/index.mjs

@@ -1,13 +1,14 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-Cxde4rpC.mjs";
-import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-CTn28N4y.mjs";
-import { t as BaseController } from "./BaseController-AbbRx3e0.mjs";
+import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-BxGgSHjj.mjs";
+import { t as BaseController } from "./BaseController-CpMfCXdn.mjs";
 import { envelope } from "./types/index.mjs";
 import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-ipsbIRPK.mjs";
-import { t as requestContext } from "./requestContext-DYtmNpm5.mjs";
-import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-NoQKsbAT.mjs";
-import { a as validateResourceConfig, f as getControllerScope, i as formatValidationErrors, m as pipe, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-Ckxg6HrZ.mjs";
-import { S as readOnly, _ as fullPublic, a as createOrgPermissions, b as publicRead, c as requireOrgMembership, d as requireRoles, f as requireTeamMembership, g as authenticated, h as adminOnly, i as createDynamicPermissionMatrix, l as requireOrgRole, m as when, n as allowPublic, o as denyAll, r as anyOf, s as requireAuth, t as allOf, u as requireOwnership, v as ownerWithAdminBypass, x as publicReadAdminWrite, y as presets_exports } from "./permissions-C8ImI8gC.mjs";
-import { n as configureArcLogger, t as arcLog } from "./logger-Dz3j1ItV.mjs";
+import { t as defineResourceVariants } from "./core-BWekSEju.mjs";
+import { t as requestContext } from "./requestContext-xHIKedG6.mjs";
+import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-Cg58SLNi.mjs";
+import { a as validateResourceConfig, f as getControllerScope, i as formatValidationErrors, m as pipe, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-DZzyl4a4.mjs";
+import { C as publicRead, S as presets_exports, T as readOnly, _ as when, a as createOrgPermissions, b as fullPublic, c as requireOrgInScope, d as requireOwnership, f as requireRoles, h as requireTeamMembership, i as createDynamicPermissionMatrix, l as requireOrgMembership, m as requireServiceScope, n as allowPublic, o as denyAll, p as requireScopeContext, r as anyOf, s as requireAuth, t as allOf, u as requireOrgRole, v as adminOnly, w as publicReadAdminWrite, x as ownerWithAdminBypass, y as authenticated } from "./permissions-CH4cNwJi.mjs";
+import { n as configureArcLogger, t as arcLog } from "./logger-DLg8-Ueg.mjs";
 //#region src/middleware/middleware.ts
 /**
 * Named Middleware — Priority-based, conditional middleware execution.
@@ -127,6 +128,6 @@ function transform(name, handlerOrOptions) {
 }
 //#endregion
 //#region src/index.ts
-const version = "2.6.2";
+const version = "2.7.1";
 //#endregion
-export { ArcError, BaseController, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };
+export { ArcError, BaseController, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/integrations/event-gateway.d.mts

@@ -1,4 +1,4 @@
-import { t as DomainEvent } from "../EventTransport-wc5hSLik.mjs";
+import { t as DomainEvent } from "../EventTransport-CUpRK_Lg.mjs";
 import { WebSocketClient, WebSocketMessage } from "./websocket.mjs";
 import { FastifyPluginAsync, FastifyRequest } from "fastify";
 

package/dist/integrations/event-gateway.mjs

@@ -4,7 +4,7 @@ const eventGatewayPluginImpl = async (fastify, opts = {}) => {
 	const { auth = true, orgScoped = false, roomPolicy, maxMessageBytes, maxSubscriptionsPerClient, authenticate } = opts;
 	if (auth && !authenticate && !fastify.hasDecorator("authenticate")) throw new Error("[arc-event-gateway] auth is true but fastify.authenticate is not registered. Register an auth plugin first, provide a custom authenticate function, or set auth: false.");
 	if (opts.sse !== false) {
-		const { default: ssePlugin } = await import("../sse-BF7GR7IB.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("../sse-Bp3dabF1.mjs").then((n) => n.r);
 		await fastify.register(ssePlugin, {
 			path: opts.sse?.path ?? "/events/stream",
 			requireAuth: auth,

package/dist/integrations/index.d.mts

@@ -1,7 +1,7 @@
 import { WebSocketClient, WebSocketMessage, WebSocketPluginOptions } from "./websocket.mjs";
 import { EventGatewayOptions } from "./event-gateway.mjs";
 import { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats } from "./jobs.mjs";
-import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-DurlBP2N.mjs";
+import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-ClmkMDK1.mjs";
 import { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike } from "./streamline.mjs";
 import { WebhookDeliveryRecord, WebhookManager, WebhookPluginOptions, WebhookStore, WebhookSubscription } from "./webhooks.mjs";
 export { type BetterAuthHandler, type CallToolResult, type CreateMcpServerConfig, type CrudOperation, type EventGatewayOptions, type JobDefinition, type JobDispatchOptions, type JobDispatcher, type JobMeta, type JobsPluginOptions, type McpAuthResult, type McpPluginOptions, type McpResourceConfig, type PromptDefinition, type QueueStats, type StreamlinePluginOptions, type ToolAnnotations, type ToolContext, type ToolDefinition, type WebSocketClient, type WebSocketMessage, type WebSocketPluginOptions, type WebhookDeliveryRecord, type WebhookManager, type WebhookPluginOptions, type WebhookStore, type WebhookSubscription, type WorkflowLike, type WorkflowRunLike };

package/dist/integrations/mcp/index.d.mts

@@ -1,5 +1,5 @@
-import { Bt as ResourceDefinition } from "../../interface-CrN45qz1.mjs";
-import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-DurlBP2N.mjs";
+import { Vt as ResourceDefinition } from "../../interface-Dwzqt4mn.mjs";
+import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-ClmkMDK1.mjs";
 import { FastifyPluginAsync } from "fastify";
 import { z } from "zod";
 

package/dist/integrations/mcp/index.mjs

@@ -1,4 +1,4 @@
-import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-DH3c3e-T.mjs";
+import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-CkVSSzKg.mjs";
 import { createHash } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/integrations/mcp/definePrompt.ts

package/dist/integrations/mcp/testing.d.mts

@@ -1,4 +1,4 @@
-import { o as McpAuthResult, s as McpPluginOptions } from "../../types-DurlBP2N.mjs";
+import { o as McpAuthResult, s as McpPluginOptions } from "../../types-ClmkMDK1.mjs";
 
 //#region src/integrations/mcp/testing.d.ts
 interface TestMcpClientOptions {

package/dist/integrations/mcp/testing.mjs

@@ -1,4 +1,4 @@
-import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-DH3c3e-T.mjs";
+import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-CkVSSzKg.mjs";
 //#region src/integrations/mcp/testing.ts
 /**
 * @classytic/arc/mcp/testing — MCP Test Utilities

package/dist/{interface-CrN45qz1.d.mts → interface-Dwzqt4mn.d.mts}

@@ -1,6 +1,6 @@
-import { s as RequestScope } from "./elevation-C_taLQrM.mjs";
-import { n as FieldPermissionMap } from "./fields-DFwdaWCq.mjs";
-import { i as UserBase, t as PermissionCheck } from "./types-BNUccdcf.mjs";
+import { r as RequestScope } from "./types-CNEbix8T.mjs";
+import { n as FieldPermissionMap } from "./fields-CYuLMJPD.mjs";
+import { i as UserBase, t as PermissionCheck } from "./types-DPsC0taJ.mjs";
 import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest, RouteHandlerMethod, RouteHandlerMethod as RouteHandlerMethod$1 } from "fastify";
 
 //#region src/hooks/HookSystem.d.ts
@@ -618,17 +618,54 @@ interface ServerAccessor {
   };
 }
 /**
- * Request context passed to controller handlers
+ * Request context passed to controller handlers.
+ *
+ * **Generic parameters** (all default to safe permissive types so existing code keeps working):
+ * - `TBody`     — request body shape (default: `unknown`)
+ * - `TParams`   — route param shape (default: `Record<string, string>`)
+ * - `TQuery`    — query string shape (default: `Record<string, unknown>`)
+ * - `TUser`     — authenticated user shape (default: `UserBase`)
+ * - `TMetadata` — internal metadata shape (default: `Record<string, unknown>`;
+ *   override with `ArcInternalMetadata` or your own augmentation when you
+ *   need typed access to `_scope`, `_policyFilters`, custom hook context, etc.)
+ *
+ * @example
+ * ```typescript
+ * // Untyped (default) — req.body is `unknown`, must be narrowed
+ * async create(req: IRequestContext) {
+ *   const data = req.body as Partial<Product>;
+ *   return { success: true, data: await productRepo.create(data) };
+ * }
+ *
+ * // Typed body — req.body is `CreateProductInput`, narrowing not needed
+ * async create(req: IRequestContext<CreateProductInput>) {
+ *   return { success: true, data: await productRepo.create(req.body) };
+ * }
+ *
+ * // Fully typed — body, route params, query, and metadata
+ * async update(
+ *   req: IRequestContext<
+ *     Partial<Product>,
+ *     { id: string },
+ *     { fields?: string },
+ *     ArcInternalMetadata
+ *   >,
+ * ) {
+ *   const fields = req.query.fields?.split(',');
+ *   const orgId = req.metadata?._scope ? getOrgId(req.metadata._scope) : undefined;
+ *   return { success: true, data: await productRepo.update(req.params.id, req.body) };
+ * }
+ * ```
  */
-interface IRequestContext {
+interface IRequestContext<TBody = unknown, TParams extends Record<string, string> = Record<string, string>, TQuery extends Record<string, unknown> = Record<string, unknown>, TUser extends UserBase = UserBase, TMetadata extends Record<string, unknown> = Record<string, unknown>> {
   /** Route parameters (e.g., { id: '123' }) */
-  params: Record<string, string>;
+  params: TParams;
   /** Query string parameters */
-  query: Record<string, unknown>;
+  query: TQuery;
   /** Request body */
-  body: unknown;
+  body: TBody;
   /** Authenticated user or null */
-  user: UserBase | null;
+  user: TUser | null;
   /** Request headers */
   headers: Record<string, string | undefined>;
   /** Organization ID (for multi-tenant apps) */
@@ -649,8 +686,12 @@ interface IRequestContext {
    * ```
    */
   context?: RequestContext;
-  /** Internal metadata (includes context + Arc internals like _policyFilters, log) */
-  metadata?: Record<string, unknown>;
+  /**
+   * Internal metadata (includes context + Arc internals like `_policyFilters`,
+   * `_scope`, `log`). Type as `ArcInternalMetadata` for typed access to Arc's
+   * built-in fields, or supply your own interface to layer custom fields.
+   */
+  metadata?: TMetadata;
   /**
    * Fastify server accessor — publish events, log, and audit
    * from any handler without switching to `wrapHandler: false`.
@@ -686,18 +727,41 @@ interface IControllerResponse<T = unknown> {
   headers?: Record<string, string>;
 }
 /**
- * Controller handler - Arc's standard pattern
+ * Controller handler — Arc's standard pattern.
  *
  * Receives a request context object, returns IControllerResponse.
  * Use with `wrapHandler: true` in additionalRoutes.
  *
+ * **Generic parameters:**
+ * - `TResponse` — shape of `IControllerResponse.data` (default: `unknown`)
+ * - `TBody`     — shape of `req.body` (default: `unknown`)
+ * - `TParams`   — shape of `req.params` (default: `Record<string, string>`)
+ * - `TQuery`    — shape of `req.query` (default: `Record<string, unknown>`)
+ *
+ * Backward-compatible: `ControllerHandler<Product>` still works (only the
+ * response data is typed); add more generics as needed when you want
+ * type-safe access to the request body, params, or query string.
+ *
  * @example
  * ```typescript
+ * // Untyped req — body is unknown, must be narrowed
  * const createProduct: ControllerHandler<Product> = async (req) => {
- *   const product = await productRepo.create(req.body);
+ *   const product = await productRepo.create(req.body as Partial<Product>);
  *   return { success: true, data: product, status: 201 };
  * };
  *
+ * // Fully typed — body, params, query, and response all inferred
+ * const updateProduct: ControllerHandler<
+ *   Product,
+ *   Partial<Product>,
+ *   { id: string },
+ *   { upsert?: string }
+ * > = async (req) => {
+ *   const upsert = req.query.upsert === "true";
+ *   const product = await productRepo.update(req.params.id, req.body, { upsert });
+ *   return { success: true, data: product };
+ * };
+ *
  * additionalRoutes: [{
  *   method: 'POST',
  *   path: '/products',
@@ -707,7 +771,7 @@ interface IControllerResponse<T = unknown> {
  * }]
  * ```
  */
-type ControllerHandler<T = unknown> = (req: IRequestContext) => Promise<IControllerResponse<T>>;
+type ControllerHandler<TResponse = unknown, TBody = unknown, TParams extends Record<string, string> = Record<string, string>, TQuery extends Record<string, unknown> = Record<string, unknown>> = (req: IRequestContext<TBody, TParams, TQuery>) => Promise<IControllerResponse<TResponse>>;
 /**
  * Fastify native handler
  *
@@ -951,6 +1015,14 @@ interface BaseControllerOptions {
   tenantField?: string | false;
   /**
    * Primary key field name (default: '_id').
+   *
+   * If not set, the controller auto-derives it from the repository's own
+   * `idField` property (e.g. MongoKit's `Repository({ idField: 'id' })`),
+   * so you only need to configure it in one place.
+   *
+   * Set explicitly to override the repo's setting (e.g. `'_id'` to opt out
+   * of native pass-through and force the slug-translation path).
+   *
    * Override for non-MongoDB adapters (e.g., 'id' for SQL databases).
    */
   idField?: string;
@@ -1010,6 +1082,23 @@ declare class BaseController<TDoc = AnyRecord, TRepository extends RepositoryLik
   private meta;
   /** Get hook system from request context (instance-scoped) */
   private getHooks;
+  /**
+   * Resolve the repository primary key for mutation calls (update/delete/restore).
+   *
+   * When the resource declares a custom `idField` (e.g. `slug`, `jobId`, UUID),
+   * the default behavior is to translate the route id → the fetched doc's `_id`
+   * because most Mongo repositories key their mutation methods off `_id`.
+   *
+   * Exception: if the repository itself exposes a matching `idField` property
+   * (e.g. MongoKit's `new Repository(Model, [], {}, { idField: 'id' })`), the
+   * repository already knows how to look up by that field — so we pass the
+   * route id through unchanged and skip the translation.
+   *
+   * This makes `defineResource({ idField: 'id' })` work end-to-end with repos
+   * that natively support custom primary keys, without breaking the slug-style
+   * aliasing that Arc 2.6.3 introduced for repos keyed on `_id`.
+   */
+  private resolveRepoId;
   /** Resolve cache config for a specific operation, merging per-op overrides */
   private resolveCacheConfig;
   /**
@@ -1037,10 +1126,62 @@ declare class BaseController<TDoc = AnyRecord, TRepository extends RepositoryLik
   getTree(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
   getChildren(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
   bulkCreate(req: IRequestContext): Promise<IControllerResponse<TDoc[]>>;
+  /**
+   * Build a tenant-scoped filter for bulk update/delete.
+   *
+   * Mirrors `AccessControl.buildIdFilter` semantics for single-doc ops:
+   *   - Always merge `_policyFilters` (from permission middleware)
+   *   - When `tenantField` is set AND a `member` scope is present, add the
+   *     org filter so cross-tenant data can't be touched.
+   *   - When the scope is `elevated` (platform admin), no org filter is
+   *     applied — admins can bulk-update across orgs intentionally.
+   *   - When the scope is `public` on a tenant-scoped resource, deny.
+   *   - When NO scope is present at all (e.g., direct controller calls in
+   *     unit tests, or app routes without auth middleware), the controller
+   *     stays lenient — it's the middleware layer's job to fail-close.
+   *     Apps that want fail-close on bulk routes should run the multi-tenant
+   *     preset middleware (or equivalent) ahead of these handlers.
+   *
+   * Returns the merged filter, or `null` when access must be denied.
+   */
+  private buildBulkFilter;
+  /**
+   * Sanitize a bulk update data payload through the same write-permission
+   * pipeline as single-doc update(). Handles both shapes:
+   *
+   *   - Flat:           `{ name: 'x', status: 'y' }`
+   *   - Mongo operator: `{ $set: { name: 'x' }, $inc: { views: 1 }, $unset: { tag: '' } }`
+   *
+   * For each operand, runs `bodySanitizer.sanitize('update', ...)` so that
+   * system fields, systemManaged/readonly/immutable rules, AND field-level
+   * write permissions are enforced. Without this, a tenant-scoped user could
+   * pass `{ $set: { organizationId: 'org-b' } }` to move records across orgs.
+   *
+   * Returns the sanitized payload along with the list of stripped fields for
+   * audit/error reporting.
+   */
+  private sanitizeBulkUpdateData;
   bulkUpdate(req: IRequestContext): Promise<IControllerResponse<{
     matchedCount: number;
     modifiedCount: number;
   }>>;
+  /**
+   * Bulk delete by `filter` or `ids`.
+   *
+   * Body shape (one of):
+   *   - `{ filter: { status: 'archived' } }`     — delete by query filter
+   *   - `{ ids: ['id1', 'id2', 'id3'] }`         — delete specific docs by id
+   *
+   * The `ids` form translates to `{ [idField]: { $in: ids } }` using the
+   * resource's `idField` (so it works with custom PKs like `slug`, `jobId`,
+   * UUID, etc.). Tenant scope and policy filters are merged in either way,
+   * so cross-tenant deletes are blocked at the controller layer.
+   *
+   * Both forms perform a single `repo.deleteMany()` DB call — no per-doc
+   * fetch loop. Per-doc lifecycle hooks (`before:delete`/`after:delete`) do
+   * NOT fire for bulk operations; use the single-doc `delete()` if you need
+   * them, or subscribe to the bulk lifecycle event from the events plugin.
+   */
   bulkDelete(req: IRequestContext): Promise<IControllerResponse<{
     deletedCount: number;
   }>>;
@@ -1523,9 +1664,22 @@ interface ResourceConfig<TDoc = AnyRecord> {
   tenantField?: string | false;
   /**
    * Primary key field name (default: '_id').
-   * Override for non-MongoDB adapters (e.g., 'id' for SQL databases).
+   *
+   * Type-narrowed to `keyof TDoc` when `defineResource<TDoc>` is called with
+   * a typed document interface — gives autocomplete for valid field names —
+   * while still accepting any string when TDoc is `unknown` / `AnyRecord` so
+   * adapters with dynamic shapes still work.
+   *
+   * @example
+   * ```ts
+   * defineResource<IJob>({ idField: 'jobId' })  // ← autocompletes from IJob fields
+   * defineResource({ idField: 'sku' })          // ← any string allowed
+   * ```
+   *
+   * Override for non-MongoDB adapters (e.g., 'id' for SQL databases) or
+   * resources keyed by a business identifier (slug, sku, orderNumber).
    */
-  idField?: string;
+  idField?: (keyof TDoc & string) | (string & {});
   module?: string;
   events?: Record<string, EventDefinition>;
   skipValidation?: boolean;
@@ -2337,6 +2491,20 @@ interface RepositoryLike {
   create(data: unknown, options?: unknown): Promise<unknown>;
   update(id: string, data: unknown, options?: unknown): Promise<unknown>;
   delete(id: string, options?: unknown): Promise<unknown>;
+  /**
+   * The repository's native primary key field. When set, Arc's BaseController
+   * will pass route params through to `update()`/`delete()`/`restore()` calls
+   * unchanged instead of translating them to `_id`.
+   *
+   * Set this to match your `defineResource({ idField })` for repositories that
+   * natively look up by a custom field (e.g. MongoKit's
+   * `new Repository(Model, [], {}, { idField: 'id' })`). Without it, Arc will
+   * try to translate route ids → fetched doc's `_id` which 404s on repos that
+   * don't key on `_id`.
+   *
+   * Defaults to `'_id'` (Mongo). Repositories that always use `_id` may omit it.
+   */
+  readonly idField?: string;
   /** Find single doc by compound filter — used by AccessControl for idField + org/policy scoping.
    * Without this, Arc falls back to getById + post-fetch security checks. */
   getOne?(filter: Record<string, unknown>, options?: unknown): Promise<unknown>;
@@ -2367,9 +2535,15 @@ interface DataAdapter<TDoc = unknown> {
    * For example, Mongoose adapter can use mongokit to generate schemas from Mongoose models.
    *
    * @param options - Schema generation options (field rules, populate settings, etc.)
+   * @param context - Resource-level context: idField (for params schema), resourceName.
+   *                  Adapters should honor `context.idField` when producing the params
+   *                  schema — e.g. skip the ObjectId pattern when idField is a custom
+   *                  string field. Backwards compatible: legacy adapters ignoring the
+   *                  context still work because Arc strips the mismatched pattern as
+   *                  a safety net.
    * @returns OpenAPI schemas for CRUD operations or null if not supported
    */
-  generateSchemas?(options?: RouteSchemaOptions): OpenApiSchemas | Record<string, unknown> | null;
+  generateSchemas?(options?: RouteSchemaOptions, context?: AdapterSchemaContext): OpenApiSchemas | Record<string, unknown> | null;
   /** Extract schema metadata for OpenAPI/introspection */
   getSchemaMetadata?(): SchemaMetadata | null;
   /** Validate data against schema before persistence */
@@ -2385,6 +2559,18 @@ interface DataAdapter<TDoc = unknown> {
   /** Close/cleanup resources */
   close?(): Promise<void>;
 }
+/**
+ * Context passed to `adapter.generateSchemas()` so adapters can shape the
+ * output to match resource-level configuration (idField overrides, etc).
+ * All fields are optional — adapters are free to ignore this argument, in
+ * which case Arc applies safety-net normalization to the generated schemas.
+ */
+interface AdapterSchemaContext {
+  /** The idField configured on the resource. Defaults to "_id". */
+  idField?: string;
+  /** Resource name (for error messages / logging). */
+  resourceName?: string;
+}
 interface SchemaMetadata {
   name: string;
   fields: Record<string, FieldMetadata>;
@@ -2426,4 +2612,4 @@ interface ValidationResult {
 }
 type AdapterFactory<TDoc> = (config: unknown) => DataAdapter<TDoc>;
 //#endregion
-export { RegistryEntry as $, PipelineStep as $t, GracefulShutdownOptions as A, AccessControlConfig as At, LookupOption as B, ResourceDefinition as Bt, CrudSchemas as C, BaseController as Ct, FastifyWithAuth as D, BodySanitizer as Dt, FastifyRequestExtras as E, QueryResolverConfig as Et, InferResourceDoc as F, IControllerResponse as Ft, OwnershipCheck as G, PaginationParams as Gt, MiddlewareHandler as H, CrudRepository as Ht, IntrospectionData as I, IRequestContext as It, PresetFunction as J, Interceptor as Jt, ParsedQuery as K, QueryOptions as Kt, IntrospectionPluginOptions as L, RouteHandler as Lt, HealthOptions as M, ControllerLike as Mt, InferAdapterDoc as N, FastifyHandler as Nt, FastifyWithDecorators as O, BodySanitizerConfig as Ot, InferDocType as P, IController as Pt, RateLimitConfig as Q, PipelineContext as Qt, JWTPayload as R, RegisterOptions as Rt, CrudRouterOptions as S, getUserId as St, EventsDecorator as T, QueryResolver as Tt, ObjectId as U, InferDoc as Ut, MiddlewareConfig as V, defineResource as Vt, OpenApiSchemas as W, PaginatedResult as Wt, PresetResult as X, OperationFilter as Xt, PresetHook as Y, NextFunction as Yt, QueryParserInterface as Z, PipelineConfig as Zt, AuthenticatorContext as _, UserLike as _t, RepositoryLike as a, HookPhase as an, ResourceConfig as at, CrudController as b, ValidationResult$1 as bt, AdditionalRoute as c, HookSystemOptions as cn, ResourceMetadata as ct, ArcDecorator as d, afterUpdate as dn, RouteSchemaOptions as dt, Transform as en, RegistryStats as et, ArcInternalMetadata as f, beforeCreate as fn, ServiceContext as ft, Authenticator as g, defineHook as gn, TypedResourceConfig as gt, AuthPluginOptions as h, createHookSystem as hn, TypedRepository as ht, RelationMetadata as i, HookOperation as in, ResourceCacheConfig as it, HealthCheck as j, ControllerHandler as jt, FieldRule as k, AccessControl as kt, AnyRecord as l, afterCreate as ln, ResourcePermissions as lt, AuthHelpers as m, beforeUpdate as mn, TypedController as mt, DataAdapter as n, HookContext as nn, RequestIdOptions as nt, SchemaMetadata as o, HookRegistration as on, ResourceHookContext as ot, ArcRequest as p, beforeDelete as pn, TokenPair as pt, PopulateOption as q, Guard as qt, FieldMetadata as r, HookHandler as rn, RequestWithExtras as rt, ValidationResult as s, HookSystem as sn, ResourceHooks as st, AdapterFactory as t, DefineHookOptions as tn, RequestContext as tt, ApiResponse as u, afterDelete as un, RouteHandlerMethod$1 as ut, ConfigError as v, UserOrganization as vt, EventDefinition as w, BaseControllerOptions as wt, CrudRouteKey as x, envelope as xt, ControllerQueryOptions as y, ValidateOptions as yt, JwtContext as z, ResourceRegistry as zt };
+export { RateLimitConfig as $, PipelineContext as $t, FieldRule as A, AccessControl as At, JwtContext as B, ResourceRegistry as Bt, CrudRouterOptions as C, getUserId as Ct, FastifyRequestExtras as D, QueryResolverConfig as Dt, EventsDecorator as E, QueryResolver as Et, InferDocType as F, IController as Ft, OpenApiSchemas as G, PaginatedResult as Gt, MiddlewareConfig as H, defineResource as Ht, InferResourceDoc as I, IControllerResponse as It, PopulateOption as J, Guard as Jt, OwnershipCheck as K, PaginationParams as Kt, IntrospectionData as L, IRequestContext as Lt, HealthCheck as M, ControllerHandler as Mt, HealthOptions as N, ControllerLike as Nt, FastifyWithAuth as O, BodySanitizer as Ot, InferAdapterDoc as P, FastifyHandler as Pt, QueryParserInterface as Q, PipelineConfig as Qt, IntrospectionPluginOptions as R, RouteHandler as Rt, CrudRouteKey as S, envelope as St, EventDefinition as T, BaseControllerOptions as Tt, MiddlewareHandler as U, CrudRepository as Ut, LookupOption as V, ResourceDefinition as Vt, ObjectId as W, InferDoc as Wt, PresetHook as X, NextFunction as Xt, PresetFunction as Y, Interceptor as Yt, PresetResult as Z, OperationFilter as Zt, Authenticator as _, defineHook as _n, TypedResourceConfig as _t, RelationMetadata as a, HookOperation as an, ResourceCacheConfig as at, ControllerQueryOptions as b, ValidateOptions as bt, ValidationResult as c, HookSystem as cn, ResourceHooks as ct, ApiResponse as d, afterDelete as dn, RouteHandlerMethod$1 as dt, PipelineStep as en, RegistryEntry as et, ArcDecorator as f, afterUpdate as fn, RouteSchemaOptions as ft, AuthPluginOptions as g, createHookSystem as gn, TypedRepository as gt, AuthHelpers as h, beforeUpdate as hn, TypedController as ht, FieldMetadata as i, HookHandler as in, RequestWithExtras as it, GracefulShutdownOptions as j, AccessControlConfig as jt, FastifyWithDecorators as k, BodySanitizerConfig as kt, AdditionalRoute as l, HookSystemOptions as ln, ResourceMetadata as lt, ArcRequest as m, beforeDelete as mn, TokenPair as mt, AdapterSchemaContext as n, DefineHookOptions as nn, RequestContext as nt, RepositoryLike as o, HookPhase as on, ResourceConfig as ot, ArcInternalMetadata as p, beforeCreate as pn, ServiceContext as pt, ParsedQuery as q, QueryOptions as qt, DataAdapter as r, HookContext as rn, RequestIdOptions as rt, SchemaMetadata as s, HookRegistration as sn, ResourceHookContext as st, AdapterFactory as t, Transform as tn, RegistryStats as tt, AnyRecord as u, afterCreate as un, ResourcePermissions as ut, AuthenticatorContext as v, UserLike as vt, CrudSchemas as w, BaseController as wt, CrudController as x, ValidationResult$1 as xt, ConfigError as y, UserOrganization as yt, JWTPayload as z, RegisterOptions as zt };

package/dist/{mongodb-pMvOlR5_.d.mts → mongodb-Bq90j-Uj.d.mts}

@@ -1,4 +1,4 @@
-import { n as IdempotencyResult, r as IdempotencyStore } from "./interface-gr-7qo9j.mjs";
+import { n as IdempotencyResult, r as IdempotencyStore } from "./interface-B9rHWPxD.mjs";
 
 //#region src/idempotency/stores/mongodb.d.ts
 interface MongoConnection {

package/dist/{mongodb-kltrBPa1.d.mts → mongodb-DdyYlIXg.d.mts}

@@ -1,4 +1,4 @@
-import { i as UserBase } from "./types-BNUccdcf.mjs";
+import { i as UserBase } from "./types-DPsC0taJ.mjs";
 
 //#region src/audit/stores/interface.d.ts
 type AuditAction = "create" | "update" | "delete" | "restore" | "custom";

package/dist/{openapi-CBmZ6EQN.mjs → openapi-C5UhIeWu.mjs}

@@ -1,5 +1,5 @@
 import { t as getUserRoles } from "./types-ZUu_h0jp.mjs";
-import { n as convertRouteSchema } from "./schemaConverter-DjzHpFam.mjs";
+import { n as convertRouteSchema } from "./schemaConverter-0TyONAwM.mjs";
 import fp from "fastify-plugin";
 //#region src/docs/openapi.ts
 const openApiPlugin = async (fastify, opts = {}) => {

package/dist/org/index.d.mts

@@ -1,5 +1,5 @@
-import { Lt as RouteHandler } from "../interface-CrN45qz1.mjs";
-import { i as UserBase } from "../types-BNUccdcf.mjs";
+import { Rt as RouteHandler } from "../interface-Dwzqt4mn.mjs";
+import { i as UserBase } from "../types-DPsC0taJ.mjs";
 import { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions } from "./types.mjs";
 import { FastifyPluginAsync, RouteHandlerMethod } from "fastify";