@classytic/arc 2.8.0 → 2.8.3

package/README.md

@@ -2,7 +2,7 @@
 
 Database-agnostic resource framework for Fastify. Define resources, get CRUD routes, permissions, presets, caching, events, OpenAPI, and MCP tools — without boilerplate.
 
-**v2.8.0** | Fastify 5+ | Node.js 22+ | ESM only | 260+ test files, 3523+ tests
+**v2.8.3** | Fastify 5+ | Node.js 22+ | ESM only | 278+ test files, 3844+ tests
 
 ## Install
 
@@ -694,6 +694,15 @@ npx @classytic/arc doctor                                        # Health check
 | `@classytic/arc/docs` | OpenAPI generation |
 | `@classytic/arc/cli` | CLI commands (programmatic) |
 
+## v2.8.1 Highlights
+
+- **Per-action discriminated validation** — `actions` schemas now enforce required fields via a `oneOf` body schema; missing inputs are rejected at the HTTP layer by AJV (no more silent bypass)
+- **Actions in OpenAPI** — `POST /:id/action` endpoint auto-generated from `ResourceDefinition.actions`, with per-action descriptions and the same discriminated body schema as the runtime router
+- **Route/action metadata preserved** — `mcp: false`, `description`, `annotations` no longer dropped during `routes → additionalRoutes` normalization
+- **Canonical source retained** — `ResourceDefinition.routes` and `ResourceDefinition.actions` now kept as declared, so OpenAPI/MCP/registry can read the original shape
+- **Outbox hardening** — expanded `OutboxStore` contract (`claimPending`, `fail`, write options, dedupe, visibleAt), ownership-mismatch throws, onError reporting, safe multi-worker relay
+- **`slugLookup` fallback** — works with MongoKit's default Repository (no custom `getBySlug` needed)
+
 ## v2.8.0 Highlights
 
 - **MCP Integration** — expose resources as AI agent tools (stateless by default, service scope, multi-tenancy)

package/dist/{BaseController-CpMfCXdn.mjs → BaseController-DAGGc5Xn.mjs}

@@ -843,9 +843,11 @@ var BaseController = class {
 				status: 400
 			};
 		}
+		const deleteMode = req.query?.hard === "true" || req.query?.hard === true || req.body?.mode === "hard" ? "hard" : void 0;
 		const repoDelete = async () => this.repository.delete(repoId, {
 			user,
-			context: arcContext
+			context: arcContext,
+			...deleteMode ? { mode: deleteMode } : {}
 		});
 		let result;
 		if (hooks && this.resourceName) result = await hooks.executeAround(this.resourceName, "delete", existing, repoDelete, {
@@ -854,7 +856,13 @@ var BaseController = class {
 			meta: { id }
 		});
 		else result = await repoDelete();
-		if (!(typeof result === "object" && result !== null ? result.success : result)) return {
+		if (!(() => {
+			if (typeof result !== "object" || result === null) return !!result;
+			const r = result;
+			if (typeof r.success === "boolean") return r.success;
+			if (typeof r.deletedCount === "number") return r.deletedCount > 0;
+			return true;
+		})()) return {
 			success: false,
 			error: "Resource not found",
 			status: 404
@@ -876,16 +884,23 @@ var BaseController = class {
 		};
 	}
 	async getBySlug(req) {
+		const slugField = this._presetFields.slugField ?? "slug";
+		const slug = req.params[slugField] ?? req.params.slug;
+		const options = this.queryResolver.resolve(req, this.meta(req));
 		const repo = this.repository;
-		if (!repo.getBySlug) return {
+		let item = null;
+		if (repo.getBySlug) item = await repo.getBySlug(slug, options);
+		else if (repo.getOne) {
+			const filter = {
+				[slugField]: slug,
+				...options?.filter ?? {}
+			};
+			item = await repo.getOne(filter, options);
+		} else return {
 			success: false,
-			error: "Slug lookup not implemented",
+			error: "Slug lookup not implemented — repository needs getBySlug() or getOne()",
 			status: 501
 		};
-		const slugField = this._presetFields.slugField ?? "slug";
-		const slug = req.params[slugField] ?? req.params.slug;
-		const options = this.queryResolver.resolve(req, this.meta(req));
-		const item = await repo.getBySlug(slug, options);
 		if (!this.accessControl.validateItemAccess(item, req)) return {
 			success: false,
 			error: "Resource not found",
@@ -904,21 +919,25 @@ var BaseController = class {
 			error: "Soft delete not implemented",
 			status: 501
 		};
-		const options = this.queryResolver.resolve(req, this.meta(req));
-		const result = await repo.getDeleted(options);
-		if (Array.isArray(result)) return {
-			success: true,
-			data: {
-				docs: result,
-				page: 1,
-				limit: result.length,
-				total: result.length,
-				pages: 1,
-				hasNext: false,
-				hasPrev: false
-			},
-			status: 200
-		};
+		const parsed = this.queryResolver.resolve(req, this.meta(req));
+		const result = await repo.getDeleted(parsed, parsed);
+		if (Array.isArray(result)) {
+			const docs = result;
+			return {
+				success: true,
+				data: {
+					method: "offset",
+					docs,
+					page: 1,
+					limit: docs.length,
+					total: docs.length,
+					pages: 1,
+					hasNext: false,
+					hasPrev: false
+				},
+				status: 200
+			};
+		}
 		return {
 			success: true,
 			data: result,
@@ -950,13 +969,45 @@ var BaseController = class {
 			details: { code: "OWNERSHIP_DENIED" },
 			status: 403
 		};
+		const arcContext = this.meta(req);
+		const user = req.user;
 		const repoId = this.resolveRepoId(id, existing);
-		const item = await repo.restore(repoId);
+		const hooks = this.getHooks(req);
+		if (hooks && this.resourceName) try {
+			await hooks.executeBefore(this.resourceName, "restore", existing, {
+				user,
+				context: arcContext,
+				meta: { id }
+			});
+		} catch (err) {
+			return {
+				success: false,
+				error: "Hook execution failed",
+				details: {
+					code: "BEFORE_RESTORE_HOOK_ERROR",
+					message: err.message
+				},
+				status: 400
+			};
+		}
+		const repoRestore = () => repo.restore(repoId);
+		let item;
+		if (hooks && this.resourceName) item = await hooks.executeAround(this.resourceName, "restore", existing, repoRestore, {
+			user,
+			context: arcContext,
+			meta: { id }
+		});
+		else item = await repoRestore();
 		if (!item) return {
 			success: false,
 			error: "Resource not found",
 			status: 404
 		};
+		if (hooks && this.resourceName) await hooks.executeAfter(this.resourceName, "restore", item, {
+			user,
+			context: arcContext,
+			meta: { id }
+		});
 		return {
 			success: true,
 			data: item,
@@ -1223,7 +1274,7 @@ var BaseController = class {
 		};
 		return {
 			success: true,
-			data: await repo.deleteMany(scopedFilter),
+			data: req.query?.hard === "true" || req.query?.hard === true || body.mode === "hard" ? await repo.deleteMany(scopedFilter, { mode: "hard" }) : await repo.deleteMany(scopedFilter),
 			status: 200
 		};
 	}

package/dist/{EventTransport-n1KBxC_N.d.mts → EventTransport-CinyO7zQ.d.mts}

@@ -61,6 +61,25 @@ interface EventTransport {
    * Publish an event to the transport
    */
   publish(event: DomainEvent): Promise<void>;
+  /**
+   * Publish a batch of events to the transport (optional, v2.8.1+).
+   *
+   * Transports that can efficiently batch (Kafka producer, Redis pipeline,
+   * RabbitMQ publisher confirms, SQS send-message-batch) should implement
+   * this. {@link import('./outbox.js').EventOutbox.relay} auto-detects and
+   * uses it for much higher throughput than per-event publishing.
+   *
+   * **Contract**: the returned `PublishManyResult` must describe the
+   * per-event outcome so the caller can acknowledge successes and fail the
+   * rest. Partial success is allowed — the transport reports it per event.
+   *
+   * If not implemented, `EventOutbox.relay` falls back to calling
+   * {@link publish} once per event.
+   *
+   * @param events - Events to publish (in order)
+   * @returns Per-event outcome map keyed by `event.meta.id`
+   */
+  publishMany?(events: readonly DomainEvent[]): Promise<PublishManyResult>;
   /**
    * Subscribe to events matching a pattern
    * @param pattern - Event type pattern (e.g., 'product.*', '*')
@@ -73,6 +92,14 @@ interface EventTransport {
    */
   close?(): Promise<void>;
 }
+/**
+ * Per-event outcome returned by {@link EventTransport.publishMany}.
+ *
+ * The key is `event.meta.id`; the value is `null` for success or an `Error`
+ * for per-event failure. Transports MUST include an entry for every event
+ * in the input batch.
+ */
+type PublishManyResult = ReadonlyMap<string, Error | null>;
 interface MemoryEventTransportOptions {
   /** Logger for error/warning messages (default: console) */
   logger?: EventLogger;
@@ -88,6 +115,15 @@ declare class MemoryEventTransport implements EventTransport {
   private logger;
   constructor(options?: MemoryEventTransportOptions);
   publish(event: DomainEvent): Promise<void>;
+  /**
+   * Reference `publishMany` implementation — delegates to `publish()` in order.
+   *
+   * Production transports (Kafka, Redis pipeline, SQS batch) should override
+   * this with a single batched network call. Memory transport has nothing to
+   * batch, so we just loop — the loop still returns a proper result map so
+   * `EventOutbox.relay` can exercise the batched code path in tests.
+   */
+  publishMany(events: readonly DomainEvent[]): Promise<PublishManyResult>;
   subscribe(pattern: string, handler: EventHandler): Promise<() => void>;
   close(): Promise<void>;
 }
@@ -96,4 +132,4 @@ declare class MemoryEventTransport implements EventTransport {
  */
 declare function createEvent<T>(type: string, payload: T, meta?: Partial<DomainEvent["meta"]>): DomainEvent<T>;
 //#endregion
-export { MemoryEventTransport as a, EventTransport as i, EventHandler as n, MemoryEventTransportOptions as o, EventLogger as r, createEvent as s, DomainEvent as t };
+export { MemoryEventTransport as a, createEvent as c, EventTransport as i, EventHandler as n, MemoryEventTransportOptions as o, EventLogger as r, PublishManyResult as s, DomainEvent as t };

package/dist/{ResourceRegistry-BOtJuRCs.mjs → ResourceRegistry-Dq3_zBQP.mjs}

@@ -31,7 +31,7 @@ var ResourceRegistry = class {
 			permissions: resource.permissions,
 			presets: resource._appliedPresets ?? [],
 			routes: [],
-			additionalRoutes: resource.additionalRoutes.map((r) => ({
+			customRoutes: (resource.routes ?? []).map((r) => ({
 				method: r.method,
 				path: r.path,
 				handler: typeof r.handler === "string" ? r.handler : r.handler.name || "anonymous",
@@ -39,7 +39,7 @@ var ResourceRegistry = class {
 				summary: r.summary,
 				description: r.description,
 				permissions: r.permissions,
-				wrapHandler: r.wrapHandler,
+				raw: r.raw,
 				schema: r.schema
 			})),
 			events: Object.keys(resource.events ?? {}),
@@ -52,6 +52,17 @@ var ResourceRegistry = class {
 			pipelineSteps: extractPipelineSteps(resource.pipe),
 			rateLimit: resource.rateLimit,
 			audit: resource.audit,
+			actionPermissions: resource.actionPermissions,
+			actions: resource.actions ? Object.entries(resource.actions).map(([name, entry]) => {
+				if (typeof entry === "function") return { name };
+				return {
+					name,
+					description: entry.description,
+					schema: entry.schema,
+					permissions: entry.permissions,
+					mcp: entry.mcp
+				};
+			}) : void 0,
 			plugin: resource.toPlugin()
 		};
 		this._resources.set(resource.name, entry);
@@ -99,11 +110,12 @@ var ResourceRegistry = class {
 			byModule: this._groupBy(resources, "module"),
 			presetUsage: presetCounts,
 			totalRoutes: resources.reduce((sum, r) => {
-				if (r.disableDefaultRoutes) return sum + (r.additionalRoutes?.length ?? 0);
+				const actionsCount = (r.actions?.length ?? 0) > 0 ? 1 : 0;
+				if (r.disableDefaultRoutes) return sum + (r.customRoutes?.length ?? 0) + actionsCount;
 				const disabledSet = new Set(r.disabledRoutes ?? []);
 				let defaultCount = CRUD_OPERATIONS.filter((route) => !disabledSet.has(route)).length;
 				if (!disabledSet.has("update") && r.updateMethod === "both") defaultCount += 1;
-				return sum + defaultCount + (r.additionalRoutes?.length ?? 0);
+				return sum + defaultCount + (r.customRoutes?.length ?? 0) + actionsCount;
 			}, 0),
 			totalEvents: resources.reduce((sum, r) => sum + (r.events?.length ?? 0), 0)
 		};
@@ -158,7 +170,7 @@ var ResourceRegistry = class {
 					module: r.module,
 					presets: r.presets,
 					permissions: r.permissions,
-					routes: [...defaultRoutes, ...r.additionalRoutes?.map((ar) => ({
+					routes: [...defaultRoutes, ...r.customRoutes?.map((ar) => ({
 						method: ar.method,
 						path: `${r.prefix}${ar.path}`,
 						operation: ar.operation ?? (typeof ar.handler === "string" ? ar.handler : "custom"),

package/dist/adapters/index.d.mts

@@ -1,3 +1,3 @@
-import { a as RelationMetadata, c as ValidationResult, i as FieldMetadata, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, t as AdapterFactory } from "../interface-IJqN3pXK.mjs";
-import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-BpMhrFgn.mjs";
+import { a as RelationMetadata, c as ValidationResult, i as FieldMetadata, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, t as AdapterFactory } from "../interface-BVuMfeVv.mjs";
+import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-BgmMdpm8.mjs";
 export { AdapterFactory, DataAdapter, FieldMetadata, MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, PrismaQueryOptions, PrismaQueryParser, PrismaQueryParserOptions, RelationMetadata, RepositoryLike, SchemaMetadata, ValidationResult, createMongooseAdapter, createPrismaAdapter };

package/dist/adapters/index.mjs

@@ -1,2 +1,2 @@
-import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, r as createPrismaAdapter, t as PrismaAdapter } from "../adapters-BxGgSHjj.mjs";
+import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, r as createPrismaAdapter, t as PrismaAdapter } from "../adapters-BBqAVvPK.mjs";
 export { MongooseAdapter, PrismaAdapter, PrismaQueryParser, createMongooseAdapter, createPrismaAdapter };

package/dist/{adapters-BxGgSHjj.mjs → adapters-BBqAVvPK.mjs}

@@ -90,6 +90,17 @@ var MongooseAdapter = class {
 				if (blockedFields.has(fieldName)) continue;
 				const typeInfo = schemaType;
 				properties[fieldName] = this.mongooseTypeToOpenApi(typeInfo);
+				const rule = fieldRules[fieldName];
+				if (rule) {
+					const prop = properties[fieldName];
+					if (rule.minLength != null && prop.minLength == null) prop.minLength = rule.minLength;
+					if (rule.maxLength != null && prop.maxLength == null) prop.maxLength = rule.maxLength;
+					if (rule.min != null && prop.minimum == null) prop.minimum = rule.min;
+					if (rule.max != null && prop.maximum == null) prop.maximum = rule.max;
+					if (rule.pattern != null && prop.pattern == null) prop.pattern = rule.pattern;
+					if (rule.enum != null && prop.enum == null) prop.enum = rule.enum;
+					if (rule.description != null && prop.description == null) prop.description = rule.description;
+				}
 				if (typeInfo.isRequired && !optionalSet.has(fieldName) && !fieldRules[fieldName]?.optional) required.push(fieldName);
 			}
 			const readonlyForInput = new Set([...readonlySet]);

package/dist/audit/index.d.mts

@@ -1,4 +1,4 @@
-import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-B1eVtFhw.mjs";
+import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-B8U2xaLj.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/audit/auditPlugin.d.ts

package/dist/audit/index.mjs

@@ -1,4 +1,4 @@
-import { t as MongoAuditStore } from "../mongodb-5Ff3w8jy.mjs";
+import { t as MongoAuditStore } from "../mongodb-B5O6xaW1.mjs";
 import fp from "fastify-plugin";
 //#region src/audit/stores/interface.ts
 /**

package/dist/audit/mongodb.d.mts

@@ -1,2 +1,2 @@
-import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-B1eVtFhw.mjs";
+import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-B8U2xaLj.mjs";
 export { MongoAuditStore, type MongoAuditStoreOptions };

package/dist/audit/mongodb.mjs

@@ -1,2 +1,2 @@
-import { t as MongoAuditStore } from "../mongodb-5Ff3w8jy.mjs";
+import { t as MongoAuditStore } from "../mongodb-B5O6xaW1.mjs";
 export { MongoAuditStore };

package/dist/auth/index.d.mts

@@ -1,7 +1,7 @@
-import { b as AuthPluginOptions, y as AuthHelpers } from "../interface-IJqN3pXK.mjs";
-import { t as PermissionCheck } from "../types-BoaZHr-2.mjs";
-import { t as ExternalOpenApiPaths } from "../externalPaths-BQ8QijNH.mjs";
-import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { b as AuthPluginOptions, y as AuthHelpers } from "../interface-BVuMfeVv.mjs";
+import { t as PermissionCheck } from "../types-CVC4HOKi.mjs";
+import { t as ExternalOpenApiPaths } from "../externalPaths-Bapitwvd.mjs";
+import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-D-oNWHz3.mjs";
 import { FastifyPluginAsync, FastifyReply as FastifyReply$1, FastifyRequest as FastifyRequest$1 } from "fastify";
 
 //#region src/auth/authPlugin.d.ts

package/dist/auth/index.mjs

@@ -1,7 +1,7 @@
 import { n as normalizeRoles, t as getUserRoles } from "../types-ZUu_h0jp.mjs";
-import { t as ArcError } from "../errors-Cg58SLNi.mjs";
+import { t as ArcError } from "../errors-BF2bIOIS.mjs";
 import { h as requireTeamMembership, l as requireOrgMembership, u as requireOrgRole } from "../permissions-CH4cNwJi.mjs";
-import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-CHCIuA-p.mjs";
+import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-C5lDyRH2.mjs";
 import { createHmac, randomUUID, timingSafeEqual } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/auth/authPlugin.ts
@@ -677,7 +677,7 @@ function createBetterAuthAdapter(options) {
 		if (!fastify.hasDecorator("authenticate")) fastify.decorate("authenticate", authenticate);
 		if (!fastify.hasDecorator("optionalAuthenticate")) fastify.decorate("optionalAuthenticate", optionalAuthenticate);
 		if (!extractedOpenApi && openapiOpt !== false && auth.api && typeof auth.api === "object") {
-			const { extractBetterAuthOpenApi } = await import("../betterAuthOpenApi-CHCIuA-p.mjs").then((n) => n.t);
+			const { extractBetterAuthOpenApi } = await import("../betterAuthOpenApi-C5lDyRH2.mjs").then((n) => n.t);
 			extractedOpenApi = extractBetterAuthOpenApi(auth.api, {
 				basePath,
 				userFields

package/dist/auth/redis-session.d.mts

@@ -1,4 +1,4 @@
-import { i as SessionData, s as SessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { i as SessionData, s as SessionStore } from "../sessionManager-D-oNWHz3.mjs";
 
 //#region src/auth/redis-session.d.ts
 /** Minimal Redis client interface — compatible with ioredis */

package/dist/{betterAuthOpenApi-CHCIuA-p.mjs → betterAuthOpenApi-C5lDyRH2.mjs}

@@ -1,5 +1,5 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { a as toJsonSchema } from "./schemaConverter-Y5EejTnJ.mjs";
+import { a as toJsonSchema } from "./schemaConverter-OxfCshus.mjs";
 //#region src/auth/betterAuthOpenApi.ts
 var betterAuthOpenApi_exports = /* @__PURE__ */ __exportAll({ extractBetterAuthOpenApi: () => extractBetterAuthOpenApi });
 /**

package/dist/cache/index.d.mts

@@ -1,5 +1,5 @@
-import { i as CacheStore, n as CacheSetOptions, r as CacheStats, t as CacheLogger } from "../interface-bpoLKKqx.mjs";
-import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-BCFVXnxK.mjs";
+import { i as CacheStore, n as CacheSetOptions, r as CacheStats, t as CacheLogger } from "../interface-DplgQO2e.mjs";
+import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-CnTZZTC5.mjs";
 
 //#region src/cache/keys.d.ts
 /**

package/dist/cli/commands/describe.mjs

@@ -128,7 +128,7 @@ function describeRoutes(resource) {
 			routes.push(route);
 		}
 	}
-	for (const ar of resource.additionalRoutes) routes.push({
+	for (const ar of resource.routes ?? []) routes.push({
 		method: ar.method,
 		path: `${resource.prefix}${ar.path}`,
 		operation: typeof ar.handler === "string" ? ar.handler : "custom",

package/dist/cli/commands/docs.mjs

@@ -1,5 +1,5 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-BOtJuRCs.mjs";
-import { t as buildOpenApiSpec } from "../../openapi-AYLVjqVe.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-Dq3_zBQP.mjs";
+import { t as buildOpenApiSpec } from "../../openapi-CYCuekCn.mjs";
 import { dirname, resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 import { mkdirSync, writeFileSync } from "node:fs";

package/dist/cli/commands/generate.mjs

@@ -1,4 +1,4 @@
-import { t as pluralize } from "../../pluralize-BneOJkpi.mjs";
+import { t as pluralize } from "../../pluralize-A0tWEl1K.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 //#region src/cli/commands/generate.ts

package/dist/cli/commands/init.mjs

@@ -1678,7 +1678,7 @@ const exampleResource = defineResource${ts ? "<ExampleDocument>" : ""}({
   permissions: ${config.tenant === "multi" ? "orgStaffPermissions" : "publicReadPermissions"},
 
   // Add custom routes here:
-  // additionalRoutes: [
+  // routes: [
   //   {
   //     method: 'GET',
   //     path: '/custom',
@@ -2134,14 +2134,14 @@ export const authResource = defineResource({
   adapter: createAdapter(User${ts ? " as any" : ""}, userRepository${ts ? " as any" : ""}),
   disableDefaultRoutes: true,
 
-  additionalRoutes: [
+  routes: [
     {
       method: 'POST',
       path: '/register',
       summary: 'Register new user',
       permissions: allowPublic(),
       handler: handlers.register,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.registerBody, response: { 201: schemas.successResponse } },
     },
     {
@@ -2150,7 +2150,7 @@ export const authResource = defineResource({
       summary: 'User login',
       permissions: allowPublic(),
       handler: handlers.login,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.loginBody, response: { 200: schemas.loginResponse } },
     },
     {
@@ -2159,7 +2159,7 @@ export const authResource = defineResource({
       summary: 'Refresh access token',
       permissions: allowPublic(),
       handler: handlers.refreshToken,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.refreshBody, response: { 200: schemas.tokenResponse } },
     },
     {
@@ -2168,7 +2168,7 @@ export const authResource = defineResource({
       summary: 'Request password reset',
       permissions: allowPublic(),
       handler: handlers.forgotPassword,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.forgotBody, response: { 200: schemas.successResponse } },
     },
     {
@@ -2177,7 +2177,7 @@ export const authResource = defineResource({
       summary: 'Reset password with token',
       permissions: allowPublic(),
       handler: handlers.resetPassword,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.resetBody, response: { 200: schemas.successResponse } },
     },
   ],
@@ -2195,14 +2195,14 @@ export const userProfileResource = defineResource({
   adapter: createAdapter(User${ts ? " as any" : ""}, userRepository${ts ? " as any" : ""}),
   disableDefaultRoutes: true,
 
-  additionalRoutes: [
+  routes: [
     {
       method: 'GET',
       path: '/me',
       summary: 'Get current user profile',
       permissions: requireAuth(),
       handler: handlers.getUserProfile,
-      wrapHandler: false,
+      raw: true,
       schema: { response: { 200: schemas.userProfileResponse } },
     },
     {
@@ -2211,7 +2211,7 @@ export const userProfileResource = defineResource({
       summary: 'Update current user profile',
       permissions: requireAuth(),
       handler: handlers.updateUserProfile,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.updateUserBody, response: { 200: schemas.userProfileResponse } },
     },
   ],

package/dist/cli/commands/introspect.mjs

@@ -1,4 +1,4 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-BOtJuRCs.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-Dq3_zBQP.mjs";
 import { resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 //#region src/cli/commands/introspect.ts
@@ -56,14 +56,14 @@ async function introspect(args) {
 				});
 			}
 			if (resource.presets && resource.presets.length > 0) console.log(`   Presets: ${resource.presets.join(", ")}`);
-			if (resource.additionalRoutes && resource.additionalRoutes.length > 0) console.log(`   Additional Routes: ${resource.additionalRoutes.length}`);
+			if (resource.customRoutes && resource.customRoutes.length > 0) console.log(`   Additional Routes: ${resource.customRoutes.length}`);
 			console.log("");
 		});
 		const stats = registry.getStats();
 		console.log("Summary:");
 		console.log(`  Total Resources: ${stats.totalResources}`);
 		console.log(`  With Presets: ${resources.filter((r) => r.presets?.length > 0).length}`);
-		console.log(`  With Custom Routes: ${resources.filter((r) => r.additionalRoutes && r.additionalRoutes.length > 0).length}`);
+		console.log(`  With Custom Routes: ${resources.filter((r) => r.customRoutes && r.customRoutes.length > 0).length}`);
 	} catch (error) {
 		if (error instanceof Error) throw error;
 		throw new Error(String(error));

package/dist/core/index.d.mts

@@ -1,3 +1,3 @@
-import { At as BaseController, Ft as BodySanitizerConfig, It as AccessControl, Jt as defineResource, Lt as AccessControlConfig, Mt as QueryResolver, Nt as QueryResolverConfig, Pt as BodySanitizer, jt as BaseControllerOptions, qt as ResourceDefinition } from "../interface-IJqN3pXK.mjs";
-import { A as MutationOperation, C as HOOK_PHASES, D as MAX_REGEX_LENGTH, E as MAX_FILTER_DEPTH, M as SYSTEM_FIELDS, O as MAX_SEARCH_LENGTH, S as HOOK_OPERATIONS, T as HookPhase, _ as DEFAULT_LIMIT, a as getControllerScope, b as DEFAULT_TENANT_FIELD, c as createCrudRouter, d as ActionRouterConfig, f as IdempotencyService, g as DEFAULT_ID_FIELD, h as CrudOperation, i as getControllerContext, j as RESERVED_QUERY_PARAMS, k as MUTATION_OPERATIONS, l as createPermissionMiddleware, m as CRUD_OPERATIONS, n as createFastifyHandler, o as sendControllerResponse, p as createActionRouter, r as createRequestContext, s as defineResourceVariants, t as createCrudHandlers, u as ActionHandler, v as DEFAULT_MAX_LIMIT, w as HookOperation, x as DEFAULT_UPDATE_METHOD, y as DEFAULT_SORT } from "../index-qct60lnl.mjs";
-export { AccessControl, AccessControlConfig, ActionHandler, ActionRouterConfig, BaseController, BaseControllerOptions, BodySanitizer, BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, IdempotencyService, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };
+import { At as BaseController, Ft as BodySanitizerConfig, It as AccessControl, Jt as defineResource, Lt as AccessControlConfig, Mt as QueryResolver, Nt as QueryResolverConfig, Pt as BodySanitizer, jt as BaseControllerOptions, qt as ResourceDefinition } from "../interface-BVuMfeVv.mjs";
+import { A as MUTATION_OPERATIONS, C as HOOK_OPERATIONS, D as MAX_FILTER_DEPTH, E as HookPhase, M as RESERVED_QUERY_PARAMS, N as SYSTEM_FIELDS, O as MAX_REGEX_LENGTH, S as DEFAULT_UPDATE_METHOD, T as HookOperation, _ as DEFAULT_ID_FIELD, a as getControllerScope, b as DEFAULT_SORT, c as createCrudRouter, d as ActionRouterConfig, f as IdempotencyService, g as CrudOperation, h as CRUD_OPERATIONS, i as getControllerContext, j as MutationOperation, k as MAX_SEARCH_LENGTH, l as createPermissionMiddleware, m as createActionRouter, n as createFastifyHandler, o as sendControllerResponse, p as buildActionBodySchema, r as createRequestContext, s as defineResourceVariants, t as createCrudHandlers, u as ActionHandler, v as DEFAULT_LIMIT, w as HOOK_PHASES, x as DEFAULT_TENANT_FIELD, y as DEFAULT_MAX_LIMIT } from "../index-CpTSDqmD.mjs";
+export { AccessControl, AccessControlConfig, ActionHandler, ActionRouterConfig, BaseController, BaseControllerOptions, BodySanitizer, BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, IdempotencyService, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, buildActionBodySchema, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/core/index.mjs

@@ -1,6 +1,6 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "../constants-Cxde4rpC.mjs";
-import { i as AccessControl, n as QueryResolver, r as BodySanitizer, t as BaseController } from "../BaseController-CpMfCXdn.mjs";
-import { t as createActionRouter } from "../createActionRouter-CbkIAaGh.mjs";
-import { c as createCrudHandlers, d as getControllerContext, f as getControllerScope, l as createFastifyHandler, n as defineResource, o as createCrudRouter, p as sendControllerResponse, s as createPermissionMiddleware, t as ResourceDefinition, u as createRequestContext } from "../defineResource-CovBXvTB.mjs";
-import { t as defineResourceVariants } from "../core-BfrfxNqO.mjs";
-export { AccessControl, BaseController, BodySanitizer, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, QueryResolver, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };
+import { i as AccessControl, n as QueryResolver, r as BodySanitizer, t as BaseController } from "../BaseController-DAGGc5Xn.mjs";
+import { n as createActionRouter, t as buildActionBodySchema } from "../createActionRouter-Df1BuawX.mjs";
+import { c as createCrudHandlers, d as getControllerContext, f as getControllerScope, l as createFastifyHandler, n as defineResource, o as createCrudRouter, p as sendControllerResponse, s as createPermissionMiddleware, t as ResourceDefinition, u as createRequestContext } from "../defineResource-Bb_Bdhtw.mjs";
+import { t as defineResourceVariants } from "../core-DKSwNSXf.mjs";
+export { AccessControl, BaseController, BodySanitizer, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, QueryResolver, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, buildActionBodySchema, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/{core-BfrfxNqO.mjs → core-DKSwNSXf.mjs}

@@ -1,4 +1,4 @@
-import { n as defineResource } from "./defineResource-CovBXvTB.mjs";
+import { n as defineResource } from "./defineResource-Bb_Bdhtw.mjs";
 //#region src/core/defineResourceVariants.ts
 /**
 * Define multiple resources from a shared base config and per-variant overrides.