@classytic/arc 2.8.1 → 2.8.3

package/README.md

@@ -2,7 +2,7 @@
 
 Database-agnostic resource framework for Fastify. Define resources, get CRUD routes, permissions, presets, caching, events, OpenAPI, and MCP tools — without boilerplate.
 
-**v2.8.1** | Fastify 5+ | Node.js 22+ | ESM only | 260+ test files, 3600+ tests
+**v2.8.3** | Fastify 5+ | Node.js 22+ | ESM only | 278+ test files, 3844+ tests
 
 ## Install
 

package/dist/{ResourceRegistry-Dtcojmu8.mjs → ResourceRegistry-Dq3_zBQP.mjs}

@@ -31,7 +31,7 @@ var ResourceRegistry = class {
 			permissions: resource.permissions,
 			presets: resource._appliedPresets ?? [],
 			routes: [],
-			additionalRoutes: resource.additionalRoutes.map((r) => ({
+			customRoutes: (resource.routes ?? []).map((r) => ({
 				method: r.method,
 				path: r.path,
 				handler: typeof r.handler === "string" ? r.handler : r.handler.name || "anonymous",
@@ -39,7 +39,7 @@ var ResourceRegistry = class {
 				summary: r.summary,
 				description: r.description,
 				permissions: r.permissions,
-				wrapHandler: r.wrapHandler,
+				raw: r.raw,
 				schema: r.schema
 			})),
 			events: Object.keys(resource.events ?? {}),
@@ -111,11 +111,11 @@ var ResourceRegistry = class {
 			presetUsage: presetCounts,
 			totalRoutes: resources.reduce((sum, r) => {
 				const actionsCount = (r.actions?.length ?? 0) > 0 ? 1 : 0;
-				if (r.disableDefaultRoutes) return sum + (r.additionalRoutes?.length ?? 0) + actionsCount;
+				if (r.disableDefaultRoutes) return sum + (r.customRoutes?.length ?? 0) + actionsCount;
 				const disabledSet = new Set(r.disabledRoutes ?? []);
 				let defaultCount = CRUD_OPERATIONS.filter((route) => !disabledSet.has(route)).length;
 				if (!disabledSet.has("update") && r.updateMethod === "both") defaultCount += 1;
-				return sum + defaultCount + (r.additionalRoutes?.length ?? 0) + actionsCount;
+				return sum + defaultCount + (r.customRoutes?.length ?? 0) + actionsCount;
 			}, 0),
 			totalEvents: resources.reduce((sum, r) => sum + (r.events?.length ?? 0), 0)
 		};
@@ -170,7 +170,7 @@ var ResourceRegistry = class {
 					module: r.module,
 					presets: r.presets,
 					permissions: r.permissions,
-					routes: [...defaultRoutes, ...r.additionalRoutes?.map((ar) => ({
+					routes: [...defaultRoutes, ...r.customRoutes?.map((ar) => ({
 						method: ar.method,
 						path: `${r.prefix}${ar.path}`,
 						operation: ar.operation ?? (typeof ar.handler === "string" ? ar.handler : "custom"),

package/dist/adapters/index.d.mts

@@ -1,3 +1,3 @@
-import { a as RelationMetadata, c as ValidationResult, i as FieldMetadata, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, t as AdapterFactory } from "../interface-CS6d7HiB.mjs";
-import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-0zj73o2U.mjs";
+import { a as RelationMetadata, c as ValidationResult, i as FieldMetadata, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, t as AdapterFactory } from "../interface-BVuMfeVv.mjs";
+import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-BgmMdpm8.mjs";
 export { AdapterFactory, DataAdapter, FieldMetadata, MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, PrismaQueryOptions, PrismaQueryParser, PrismaQueryParserOptions, RelationMetadata, RepositoryLike, SchemaMetadata, ValidationResult, createMongooseAdapter, createPrismaAdapter };

package/dist/audit/index.d.mts

@@ -1,4 +1,4 @@
-import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-B1eVtFhw.mjs";
+import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-B8U2xaLj.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/audit/auditPlugin.d.ts

package/dist/audit/index.mjs

@@ -1,4 +1,4 @@
-import { t as MongoAuditStore } from "../mongodb-5Ff3w8jy.mjs";
+import { t as MongoAuditStore } from "../mongodb-B5O6xaW1.mjs";
 import fp from "fastify-plugin";
 //#region src/audit/stores/interface.ts
 /**

package/dist/audit/mongodb.d.mts

@@ -1,2 +1,2 @@
-import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-B1eVtFhw.mjs";
+import { n as MongoAuditStoreOptions, t as MongoAuditStore } from "../mongodb-B8U2xaLj.mjs";
 export { MongoAuditStore, type MongoAuditStoreOptions };

package/dist/audit/mongodb.mjs

@@ -1,2 +1,2 @@
-import { t as MongoAuditStore } from "../mongodb-5Ff3w8jy.mjs";
+import { t as MongoAuditStore } from "../mongodb-B5O6xaW1.mjs";
 export { MongoAuditStore };

package/dist/auth/index.d.mts

@@ -1,7 +1,7 @@
-import { b as AuthPluginOptions, y as AuthHelpers } from "../interface-CS6d7HiB.mjs";
-import { t as PermissionCheck } from "../types-BoaZHr-2.mjs";
-import { t as ExternalOpenApiPaths } from "../externalPaths-BQ8QijNH.mjs";
-import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { b as AuthPluginOptions, y as AuthHelpers } from "../interface-BVuMfeVv.mjs";
+import { t as PermissionCheck } from "../types-CVC4HOKi.mjs";
+import { t as ExternalOpenApiPaths } from "../externalPaths-Bapitwvd.mjs";
+import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-D-oNWHz3.mjs";
 import { FastifyPluginAsync, FastifyReply as FastifyReply$1, FastifyRequest as FastifyRequest$1 } from "fastify";
 
 //#region src/auth/authPlugin.d.ts

package/dist/auth/redis-session.d.mts

@@ -1,4 +1,4 @@
-import { i as SessionData, s as SessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { i as SessionData, s as SessionStore } from "../sessionManager-D-oNWHz3.mjs";
 
 //#region src/auth/redis-session.d.ts
 /** Minimal Redis client interface — compatible with ioredis */

package/dist/cache/index.d.mts

@@ -1,5 +1,5 @@
-import { i as CacheStore, n as CacheSetOptions, r as CacheStats, t as CacheLogger } from "../interface-bpoLKKqx.mjs";
-import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-BCFVXnxK.mjs";
+import { i as CacheStore, n as CacheSetOptions, r as CacheStats, t as CacheLogger } from "../interface-DplgQO2e.mjs";
+import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-CnTZZTC5.mjs";
 
 //#region src/cache/keys.d.ts
 /**

package/dist/cli/commands/describe.mjs

@@ -128,7 +128,7 @@ function describeRoutes(resource) {
 			routes.push(route);
 		}
 	}
-	for (const ar of resource.additionalRoutes) routes.push({
+	for (const ar of resource.routes ?? []) routes.push({
 		method: ar.method,
 		path: `${resource.prefix}${ar.path}`,
 		operation: typeof ar.handler === "string" ? ar.handler : "custom",

package/dist/cli/commands/docs.mjs

@@ -1,5 +1,5 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-Dtcojmu8.mjs";
-import { t as buildOpenApiSpec } from "../../openapi-q6rNKfZy.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-Dq3_zBQP.mjs";
+import { t as buildOpenApiSpec } from "../../openapi-CYCuekCn.mjs";
 import { dirname, resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 import { mkdirSync, writeFileSync } from "node:fs";

package/dist/cli/commands/generate.mjs

@@ -1,4 +1,4 @@
-import { t as pluralize } from "../../pluralize-BneOJkpi.mjs";
+import { t as pluralize } from "../../pluralize-A0tWEl1K.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 //#region src/cli/commands/generate.ts

package/dist/cli/commands/init.mjs

@@ -1678,7 +1678,7 @@ const exampleResource = defineResource${ts ? "<ExampleDocument>" : ""}({
   permissions: ${config.tenant === "multi" ? "orgStaffPermissions" : "publicReadPermissions"},
 
   // Add custom routes here:
-  // additionalRoutes: [
+  // routes: [
   //   {
   //     method: 'GET',
   //     path: '/custom',
@@ -2134,14 +2134,14 @@ export const authResource = defineResource({
   adapter: createAdapter(User${ts ? " as any" : ""}, userRepository${ts ? " as any" : ""}),
   disableDefaultRoutes: true,
 
-  additionalRoutes: [
+  routes: [
     {
       method: 'POST',
       path: '/register',
       summary: 'Register new user',
       permissions: allowPublic(),
       handler: handlers.register,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.registerBody, response: { 201: schemas.successResponse } },
     },
     {
@@ -2150,7 +2150,7 @@ export const authResource = defineResource({
       summary: 'User login',
       permissions: allowPublic(),
       handler: handlers.login,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.loginBody, response: { 200: schemas.loginResponse } },
     },
     {
@@ -2159,7 +2159,7 @@ export const authResource = defineResource({
       summary: 'Refresh access token',
       permissions: allowPublic(),
       handler: handlers.refreshToken,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.refreshBody, response: { 200: schemas.tokenResponse } },
     },
     {
@@ -2168,7 +2168,7 @@ export const authResource = defineResource({
       summary: 'Request password reset',
       permissions: allowPublic(),
       handler: handlers.forgotPassword,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.forgotBody, response: { 200: schemas.successResponse } },
     },
     {
@@ -2177,7 +2177,7 @@ export const authResource = defineResource({
       summary: 'Reset password with token',
       permissions: allowPublic(),
       handler: handlers.resetPassword,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.resetBody, response: { 200: schemas.successResponse } },
     },
   ],
@@ -2195,14 +2195,14 @@ export const userProfileResource = defineResource({
   adapter: createAdapter(User${ts ? " as any" : ""}, userRepository${ts ? " as any" : ""}),
   disableDefaultRoutes: true,
 
-  additionalRoutes: [
+  routes: [
     {
       method: 'GET',
       path: '/me',
       summary: 'Get current user profile',
       permissions: requireAuth(),
       handler: handlers.getUserProfile,
-      wrapHandler: false,
+      raw: true,
       schema: { response: { 200: schemas.userProfileResponse } },
     },
     {
@@ -2211,7 +2211,7 @@ export const userProfileResource = defineResource({
       summary: 'Update current user profile',
       permissions: requireAuth(),
       handler: handlers.updateUserProfile,
-      wrapHandler: false,
+      raw: true,
       schema: { body: schemas.updateUserBody, response: { 200: schemas.userProfileResponse } },
     },
   ],

package/dist/cli/commands/introspect.mjs

@@ -1,4 +1,4 @@
-import { t as ResourceRegistry } from "../../ResourceRegistry-Dtcojmu8.mjs";
+import { t as ResourceRegistry } from "../../ResourceRegistry-Dq3_zBQP.mjs";
 import { resolve } from "node:path";
 import { pathToFileURL } from "node:url";
 //#region src/cli/commands/introspect.ts
@@ -56,14 +56,14 @@ async function introspect(args) {
 				});
 			}
 			if (resource.presets && resource.presets.length > 0) console.log(`   Presets: ${resource.presets.join(", ")}`);
-			if (resource.additionalRoutes && resource.additionalRoutes.length > 0) console.log(`   Additional Routes: ${resource.additionalRoutes.length}`);
+			if (resource.customRoutes && resource.customRoutes.length > 0) console.log(`   Additional Routes: ${resource.customRoutes.length}`);
 			console.log("");
 		});
 		const stats = registry.getStats();
 		console.log("Summary:");
 		console.log(`  Total Resources: ${stats.totalResources}`);
 		console.log(`  With Presets: ${resources.filter((r) => r.presets?.length > 0).length}`);
-		console.log(`  With Custom Routes: ${resources.filter((r) => r.additionalRoutes && r.additionalRoutes.length > 0).length}`);
+		console.log(`  With Custom Routes: ${resources.filter((r) => r.customRoutes && r.customRoutes.length > 0).length}`);
 	} catch (error) {
 		if (error instanceof Error) throw error;
 		throw new Error(String(error));

package/dist/core/index.d.mts

@@ -1,3 +1,3 @@
-import { At as BaseController, Ft as BodySanitizerConfig, It as AccessControl, Jt as defineResource, Lt as AccessControlConfig, Mt as QueryResolver, Nt as QueryResolverConfig, Pt as BodySanitizer, jt as BaseControllerOptions, qt as ResourceDefinition } from "../interface-CS6d7HiB.mjs";
-import { A as MutationOperation, C as HOOK_PHASES, D as MAX_REGEX_LENGTH, E as MAX_FILTER_DEPTH, M as SYSTEM_FIELDS, O as MAX_SEARCH_LENGTH, S as HOOK_OPERATIONS, T as HookPhase, _ as DEFAULT_LIMIT, a as getControllerScope, b as DEFAULT_TENANT_FIELD, c as createCrudRouter, d as ActionRouterConfig, f as IdempotencyService, g as DEFAULT_ID_FIELD, h as CrudOperation, i as getControllerContext, j as RESERVED_QUERY_PARAMS, k as MUTATION_OPERATIONS, l as createPermissionMiddleware, m as CRUD_OPERATIONS, n as createFastifyHandler, o as sendControllerResponse, p as createActionRouter, r as createRequestContext, s as defineResourceVariants, t as createCrudHandlers, u as ActionHandler, v as DEFAULT_MAX_LIMIT, w as HookOperation, x as DEFAULT_UPDATE_METHOD, y as DEFAULT_SORT } from "../index-DadoLP51.mjs";
-export { AccessControl, AccessControlConfig, ActionHandler, ActionRouterConfig, BaseController, BaseControllerOptions, BodySanitizer, BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, IdempotencyService, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };
+import { At as BaseController, Ft as BodySanitizerConfig, It as AccessControl, Jt as defineResource, Lt as AccessControlConfig, Mt as QueryResolver, Nt as QueryResolverConfig, Pt as BodySanitizer, jt as BaseControllerOptions, qt as ResourceDefinition } from "../interface-BVuMfeVv.mjs";
+import { A as MUTATION_OPERATIONS, C as HOOK_OPERATIONS, D as MAX_FILTER_DEPTH, E as HookPhase, M as RESERVED_QUERY_PARAMS, N as SYSTEM_FIELDS, O as MAX_REGEX_LENGTH, S as DEFAULT_UPDATE_METHOD, T as HookOperation, _ as DEFAULT_ID_FIELD, a as getControllerScope, b as DEFAULT_SORT, c as createCrudRouter, d as ActionRouterConfig, f as IdempotencyService, g as CrudOperation, h as CRUD_OPERATIONS, i as getControllerContext, j as MutationOperation, k as MAX_SEARCH_LENGTH, l as createPermissionMiddleware, m as createActionRouter, n as createFastifyHandler, o as sendControllerResponse, p as buildActionBodySchema, r as createRequestContext, s as defineResourceVariants, t as createCrudHandlers, u as ActionHandler, v as DEFAULT_LIMIT, w as HOOK_PHASES, x as DEFAULT_TENANT_FIELD, y as DEFAULT_MAX_LIMIT } from "../index-CpTSDqmD.mjs";
+export { AccessControl, AccessControlConfig, ActionHandler, ActionRouterConfig, BaseController, BaseControllerOptions, BodySanitizer, BodySanitizerConfig, CRUD_OPERATIONS, CrudOperation, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, HookOperation, HookPhase, IdempotencyService, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MutationOperation, QueryResolver, QueryResolverConfig, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, buildActionBodySchema, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/core/index.mjs

@@ -1,6 +1,6 @@
 import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "../constants-Cxde4rpC.mjs";
 import { i as AccessControl, n as QueryResolver, r as BodySanitizer, t as BaseController } from "../BaseController-DAGGc5Xn.mjs";
-import { n as createActionRouter } from "../createActionRouter-Df1BuawX.mjs";
-import { c as createCrudHandlers, d as getControllerContext, f as getControllerScope, l as createFastifyHandler, n as defineResource, o as createCrudRouter, p as sendControllerResponse, s as createPermissionMiddleware, t as ResourceDefinition, u as createRequestContext } from "../defineResource-CqeUltrW.mjs";
-import { t as defineResourceVariants } from "../core-CrLDuqoT.mjs";
-export { AccessControl, BaseController, BodySanitizer, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, QueryResolver, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };
+import { n as createActionRouter, t as buildActionBodySchema } from "../createActionRouter-Df1BuawX.mjs";
+import { c as createCrudHandlers, d as getControllerContext, f as getControllerScope, l as createFastifyHandler, n as defineResource, o as createCrudRouter, p as sendControllerResponse, s as createPermissionMiddleware, t as ResourceDefinition, u as createRequestContext } from "../defineResource-Bb_Bdhtw.mjs";
+import { t as defineResourceVariants } from "../core-DKSwNSXf.mjs";
+export { AccessControl, BaseController, BodySanitizer, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, QueryResolver, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, buildActionBodySchema, createActionRouter, createCrudHandlers, createCrudRouter, createFastifyHandler, createPermissionMiddleware, createRequestContext, defineResource, defineResourceVariants, getControllerContext, getControllerScope, sendControllerResponse };

package/dist/{core-CrLDuqoT.mjs → core-DKSwNSXf.mjs}

@@ -1,4 +1,4 @@
-import { n as defineResource } from "./defineResource-CqeUltrW.mjs";
+import { n as defineResource } from "./defineResource-Bb_Bdhtw.mjs";
 //#region src/core/defineResourceVariants.ts
 /**
 * Define multiple resources from a shared base config and per-variant overrides.

package/dist/{createApp-p2OThysU.mjs → createApp-BOYjBgdI.mjs}

@@ -207,7 +207,7 @@ async function registerArcCore(fastify, config, trackPlugin) {
 	await fastify.register(arcCorePlugin, { emitEvents: config.arcPlugins?.emitEvents !== false });
 	trackPlugin("arc-core");
 	if (config.arcPlugins?.events !== false) {
-		const { default: eventPlugin } = await import("./eventPlugin-XijlQmlL.mjs").then((n) => n.n);
+		const { default: eventPlugin } = await import("./eventPlugin-D91S2YF4.mjs").then((n) => n.n);
 		const eventOpts = typeof config.arcPlugins?.events === "object" ? config.arcPlugins.events : {};
 		await fastify.register(eventPlugin, {
 			...eventOpts,
@@ -243,7 +243,7 @@ async function registerArcPlugins(fastify, config, trackPlugin, modules) {
 		trackPlugin("arc-graceful-shutdown");
 	}
 	if (config.arcPlugins?.caching) {
-		const { default: cachingPlugin } = await import("./caching-CHH-iHs3.mjs").then((n) => n.r);
+		const { default: cachingPlugin } = await import("./caching-CjybdRwx.mjs").then((n) => n.r);
 		const opts = config.arcPlugins.caching === true ? {} : config.arcPlugins.caching;
 		await fastify.register(cachingPlugin, opts);
 		trackPlugin("arc-caching", opts);
@@ -260,19 +260,19 @@ async function registerArcPlugins(fastify, config, trackPlugin, modules) {
 	}
 	if (config.arcPlugins?.sse) if (config.arcPlugins?.events === false) fastify.log.warn("SSE plugin requires events plugin (arcPlugins.events). SSE disabled.");
 	else {
-		const { default: ssePlugin } = await import("./sse-CD5Hghpu.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("./sse-CJpt7LGI.mjs").then((n) => n.r);
 		const opts = config.arcPlugins.sse === true ? {} : config.arcPlugins.sse;
 		await fastify.register(ssePlugin, opts);
 		trackPlugin("arc-sse", opts);
 	}
 	if (config.arcPlugins?.metrics) {
-		const { default: metricsPlugin } = await import("./metrics-DuhiSEZI.mjs").then((n) => n.r);
+		const { default: metricsPlugin } = await import("./metrics-TuOmguhi.mjs").then((n) => n.r);
 		const opts = config.arcPlugins.metrics === true ? {} : config.arcPlugins.metrics;
 		await fastify.register(metricsPlugin, opts);
 		trackPlugin("arc-metrics", opts);
 	}
 	if (config.arcPlugins?.versioning) {
-		const { default: versioningPlugin } = await import("./versioning-CPU_5Xfs.mjs").then((n) => n.r);
+		const { default: versioningPlugin } = await import("./versioning-Cm8qoFDg.mjs").then((n) => n.r);
 		await fastify.register(versioningPlugin, config.arcPlugins.versioning);
 		trackPlugin("arc-versioning", config.arcPlugins.versioning);
 	}
@@ -350,7 +350,7 @@ async function registerElevation(fastify, config, trackPlugin) {
 */
 async function registerErrorHandler(fastify, config, trackPlugin) {
 	if (config.errorHandler === false) return;
-	const { errorHandlerPlugin } = await import("./errorHandler-Cw34h_om.mjs").then((n) => n.n);
+	const { errorHandlerPlugin } = await import("./errorHandler-mzqk4cGl.mjs").then((n) => n.n);
 	const errorOpts = typeof config.errorHandler === "object" ? config.errorHandler : { includeStack: config.preset !== "production" };
 	await fastify.register(errorHandlerPlugin, errorOpts);
 	trackPlugin("arc-error-handler", errorOpts);
@@ -416,6 +416,15 @@ async function registerResources(fastify, config) {
 		for (const init of config.bootstrap) await init(fastify);
 		fastify.log.debug(`${config.bootstrap.length} bootstrap function(s) executed`);
 	}
+	if (!config.resources?.length && config.resourceDir) {
+		const { loadResources } = await import("./loadResources-Bksk8ydA.mjs").then((n) => n.n);
+		const { resolve } = await import("node:path");
+		const dir = resolve(config.resourceDir);
+		config = {
+			...config,
+			resources: await loadResources(dir, { logger: fastify.log })
+		};
+	}
 	if (config.resources?.length) {
 		const seen = /* @__PURE__ */ new Set();
 		for (const resource of config.resources) if (resource.name) {
@@ -720,7 +729,7 @@ async function createApp(options) {
 	await registerErrorHandler(fastify, config, trackPlugin);
 	await registerResources(fastify, config);
 	if (config.replyHelpers) {
-		const { replyHelpersPlugin } = await import("./replyHelpers-CXtJDAZ0.mjs").then((n) => n.n);
+		const { replyHelpersPlugin } = await import("./replyHelpers-BLojtuvR.mjs").then((n) => n.n);
 		await fastify.register(replyHelpersPlugin);
 	}
 	if (config.serializeBigInt) fastify.addHook("preSerialization", async (_request, _reply, payload) => {

package/dist/{defineResource-CqeUltrW.mjs → defineResource-Bb_Bdhtw.mjs}

@@ -6,10 +6,10 @@ import { t as getUserRoles } from "./types-ZUu_h0jp.mjs";
 import { n as normalizePermissionResult, t as applyPermissionResult } from "./applyPermissionResult-D6GPMsvh.mjs";
 import { n as convertRouteSchema, t as convertOpenApiSchemas } from "./schemaConverter-OxfCshus.mjs";
 import { t as requestContext } from "./requestContext-DYvHl113.mjs";
-import { i as getDefaultCrudSchemas } from "./utils-7sJ8X83I.mjs";
+import { i as getDefaultCrudSchemas } from "./utils-yYT3HDXt.mjs";
 import { r as ForbiddenError } from "./errors-BF2bIOIS.mjs";
 import { t as hasEvents } from "./typeGuards-CcFZXgU7.mjs";
-import { r as getAvailablePresets, t as applyPresets } from "./presets-BFrGvvjL.mjs";
+import { r as getAvailablePresets, t as applyPresets } from "./presets-C2xgzW6x.mjs";
 //#region src/pipeline/pipe.ts
 /**
 * Compose pipeline steps into an ordered array.
@@ -390,7 +390,7 @@ function buildPermissionMiddleware(permissionCheck, resourceName, action) {
 * Create additional routes from preset/custom definitions
 */
 function createAdditionalRoutes(fastify, routes, controller, options) {
-	const { tag, resourceName, arcDecorator, rateLimitConfig, cacheMw, idempotencyMw, pipeline } = options;
+	const { tag, resourceName, arcDecorator, rateLimitConfig, cacheMw, idempotencyMw, pipeline, routeGuards } = options;
 	for (const route of routes) {
 		const opName = route.operation ?? (typeof route.handler === "string" ? route.handler : `${route.method.toLowerCase()}${route.path.replace(/[/:]/g, "_")}`);
 		let handler;
@@ -431,6 +431,7 @@ function createAdditionalRoutes(fastify, routes, controller, options) {
 			authMw,
 			permissionMw,
 			pluginMw,
+			...routeGuards,
 			...customPreHandlers
 		].filter(Boolean);
 		const isStream = route.streamResponse === true;
@@ -479,7 +480,7 @@ function createPipelineHandler(controllerMethod, steps, operation, resourceName)
 * @param options - Router configuration
 */
 function createCrudRouter(fastify, controller, options = {}) {
-	const { tag = "Resource", schemas = {}, permissions = {}, middlewares = {}, additionalRoutes = [], disableDefaultRoutes = false, disabledRoutes = [], resourceName = "unknown", schemaOptions, rateLimit, pipe: pipeline, fields: fieldPermissions, updateMethod = DEFAULT_UPDATE_METHOD } = options;
+	const { tag = "Resource", schemas = {}, permissions = {}, middlewares = {}, routeGuards = [], additionalRoutes = [], disableDefaultRoutes = false, disabledRoutes = [], resourceName = "unknown", schemaOptions, rateLimit, pipe: pipeline, fields: fieldPermissions, updateMethod = DEFAULT_UPDATE_METHOD } = options;
 	const rateLimitConfig = buildRateLimitConfig(rateLimit);
 	const cacheMw = !(fastify.hasDecorator("queryCache") && controller && typeof controller._cacheConfig !== "undefined" && controller._cacheConfig !== void 0) && fastify.hasDecorator("responseCache") ? fastify.responseCache.middleware : null;
 	const idempotencyMw = fastify.hasDecorator("idempotency") ? fastify.idempotency.middleware : null;
@@ -542,6 +543,7 @@ function createCrudRouter(fastify, controller, options = {}) {
 				buildAuthMiddleware(fastify, permissions.list),
 				buildPermissionMiddleware(permissions.list, resourceName, "list"),
 				cacheMw,
+				...routeGuards,
 				...mw.list
 			].filter(Boolean);
 			fastify.route({
@@ -562,6 +564,7 @@ function createCrudRouter(fastify, controller, options = {}) {
 				buildAuthMiddleware(fastify, permissions.get),
 				buildPermissionMiddleware(permissions.get, resourceName, "get"),
 				cacheMw,
+				...routeGuards,
 				...mw.get
 			].filter(Boolean);
 			fastify.route({
@@ -583,6 +586,7 @@ function createCrudRouter(fastify, controller, options = {}) {
 				buildAuthMiddleware(fastify, permissions.create),
 				buildPermissionMiddleware(permissions.create, resourceName, "create"),
 				idempotencyMw,
+				...routeGuards,
 				...mw.create
 			].filter(Boolean);
 			fastify.route({
@@ -604,6 +608,7 @@ function createCrudRouter(fastify, controller, options = {}) {
 				buildAuthMiddleware(fastify, permissions.update),
 				buildPermissionMiddleware(permissions.update, resourceName, "update"),
 				idempotencyMw,
+				...routeGuards,
 				...mw.update
 			].filter(Boolean);
 			for (const method of updateMethods) fastify.route({
@@ -624,6 +629,7 @@ function createCrudRouter(fastify, controller, options = {}) {
 				arcDecorator,
 				buildAuthMiddleware(fastify, permissions.delete),
 				buildPermissionMiddleware(permissions.delete, resourceName, "delete"),
+				...routeGuards,
 				...mw.delete
 			].filter(Boolean);
 			fastify.route({
@@ -647,7 +653,8 @@ function createCrudRouter(fastify, controller, options = {}) {
 		rateLimitConfig,
 		cacheMw,
 		idempotencyMw,
-		pipeline
+		pipeline,
+		routeGuards
 	});
 }
 /**
@@ -701,10 +708,10 @@ function validateResourceConfig(config, options = {}) {
 			message: "Adapter must provide a repository",
 			suggestion: "Ensure your adapter returns a valid CrudRepository"
 		});
-	} else if (!config.adapter && !config.additionalRoutes?.length) warnings.push({
+	} else if (!config.adapter && !config.routes?.length) warnings.push({
 		field: "config",
-		message: "Resource has no adapter and no additionalRoutes",
-		suggestion: "Provide either adapter for CRUD or additionalRoutes for custom logic"
+		message: "Resource has no adapter and no routes",
+		suggestion: "Provide either adapter for CRUD or routes for custom logic"
 	});
 	if (config.controller && !options.skipControllerCheck && !config.disableDefaultRoutes) {
 		const ctrl = config.controller;
@@ -715,7 +722,7 @@ function validateResourceConfig(config, options = {}) {
 			suggestion: "Extend BaseController which implements IController interface"
 		});
 	}
-	if (config.controller && config.additionalRoutes) validateAdditionalRouteHandlers(config.controller, config.additionalRoutes, errors);
+	if (config.controller && config.routes) validateRouteHandlers(config.controller, config.routes, errors);
 	if (config.permissions) validatePermissionKeys(config, options, errors, warnings);
 	if (config.presets && !options.allowUnknownPresets) validatePresets(config.presets, errors, warnings);
 	if (config.prefix) {
@@ -730,18 +737,18 @@ function validateResourceConfig(config, options = {}) {
 			suggestion: `Change to "${config.prefix.slice(0, -1)}"`
 		});
 	}
-	if (config.additionalRoutes) validateAdditionalRoutes(config.additionalRoutes, errors);
+	if (config.routes) validateRoutes(config.routes, errors);
 	return {
 		valid: errors.length === 0,
 		errors,
 		warnings
 	};
 }
-function validateAdditionalRouteHandlers(controller, routes, errors) {
+function validateRouteHandlers(controller, routes, errors) {
 	const ctrl = controller;
 	for (const route of routes) if (typeof route.handler === "string") {
 		if (typeof ctrl[route.handler] !== "function") errors.push({
-			field: `additionalRoutes[${route.method} ${route.path}]`,
+			field: `routes[${route.method} ${route.path}]`,
 			message: `Handler "${route.handler}" not found on controller`,
 			suggestion: `Add method "${route.handler}" to controller or use a function handler`
 		});
@@ -749,7 +756,7 @@ function validateAdditionalRouteHandlers(controller, routes, errors) {
 }
 function validatePermissionKeys(config, options, _errors, warnings) {
 	const validKeys = new Set([...CRUD_OPERATIONS, ...options.additionalPermissionKeys ?? []]);
-	for (const route of config.additionalRoutes ?? []) if (typeof route.handler === "string") validKeys.add(route.handler);
+	for (const route of config.routes ?? []) if (typeof route.handler === "string") validKeys.add(route.handler);
 	for (const preset of config.presets ?? []) {
 		const presetName = typeof preset === "string" ? preset : preset.name;
 		if (presetName === "softDelete") {
@@ -773,7 +780,7 @@ function validatePermissionKeys(config, options, _errors, warnings) {
 function validatePresets(presets, errors, warnings) {
 	const availablePresets = getAvailablePresets();
 	for (const preset of presets) {
-		if (typeof preset === "object" && ("middlewares" in preset || "additionalRoutes" in preset)) continue;
+		if (typeof preset === "object" && ("middlewares" in preset || "routes" in preset)) continue;
 		const presetName = typeof preset === "string" ? preset : preset.name;
 		if (!availablePresets.includes(presetName)) errors.push({
 			field: "presets",
@@ -798,7 +805,7 @@ function validatePresetOptions(preset, warnings) {
 		suggestion: validOptions.length > 0 ? `Valid options: ${validOptions.join(", ")}` : `Preset "${preset.name}" has no configurable options`
 	});
 }
-function validateAdditionalRoutes(routes, errors) {
+function validateRoutes(routes, errors) {
 	const validMethods = [
 		"GET",
 		"POST",
@@ -811,26 +818,26 @@ function validateAdditionalRoutes(routes, errors) {
 	const seenRoutes = /* @__PURE__ */ new Set();
 	for (const [i, route] of routes.entries()) {
 		if (!validMethods.includes(route.method)) errors.push({
-			field: `additionalRoutes[${i}].method`,
+			field: `routes[${i}].method`,
 			message: `Invalid HTTP method "${route.method}"`,
 			suggestion: `Valid methods: ${validMethods.join(", ")}`
 		});
 		if (!route.path) errors.push({
-			field: `additionalRoutes[${i}].path`,
+			field: `routes[${i}].path`,
 			message: "Route path is required"
 		});
 		else if (!route.path.startsWith("/")) errors.push({
-			field: `additionalRoutes[${i}].path`,
+			field: `routes[${i}].path`,
 			message: `Route path must start with "/" (got "${route.path}")`,
 			suggestion: `Change to "/${route.path}"`
 		});
 		if (!route.handler) errors.push({
-			field: `additionalRoutes[${i}].handler`,
+			field: `routes[${i}].handler`,
 			message: "Route handler is required"
 		});
 		const routeKey = `${route.method} ${route.path}`;
 		if (seenRoutes.has(routeKey)) errors.push({
-			field: `additionalRoutes[${i}]`,
+			field: `routes[${i}]`,
 			message: `Duplicate route "${routeKey}"`
 		});
 		seenRoutes.add(routeKey);
@@ -884,11 +891,6 @@ function defineResource(config) {
 		if (config.permissions) {
 			for (const [key, value] of Object.entries(config.permissions)) if (value !== void 0 && typeof value !== "function") throw new Error(`[Arc] Resource '${config.name}': permissions.${key} must be a PermissionCheck function.\nUse allowPublic(), requireAuth(), or requireRoles(['role']) from @classytic/arc/permissions.`);
 		}
-		for (const route of config.additionalRoutes ?? []) {
-			if (typeof route.permissions !== "function") throw new Error(`[Arc] Resource '${config.name}' route ${route.method} ${route.path}: permissions is required and must be a PermissionCheck function.\nUse allowPublic() or requireAuth() from @classytic/arc/permissions.`);
-			if (typeof route.wrapHandler !== "boolean") throw new Error(`[Arc] Resource '${config.name}' route ${route.method} ${route.path}: wrapHandler is required.\nSet true for ControllerHandler (context object) or false for FastifyHandler (req, reply).`);
-		}
-		if (config.routes && config.additionalRoutes) throw new Error(`[Arc] Resource '${config.name}': Cannot use both 'routes' and 'additionalRoutes'.\nUse 'routes' (v2.8) — it replaces 'additionalRoutes'.`);
 		for (const route of config.routes ?? []) if (typeof route.permissions !== "function") throw new Error(`[Arc] Resource '${config.name}' route ${route.method} ${route.path}: permissions is required and must be a PermissionCheck function.`);
 		if (config.actions) {
 			const CRUD_OPS = new Set([
@@ -1098,6 +1100,7 @@ var ResourceDefinition = class {
 	*/
 	routes;
 	middlewares;
+	routeGuards;
 	disableDefaultRoutes;
 	disabledRoutes;
 	actions;
@@ -1128,8 +1131,9 @@ var ResourceDefinition = class {
 		this.customSchemas = config.customSchemas ?? {};
 		this.permissions = config.permissions ?? {};
 		this.routes = config.routes;
-		this.additionalRoutes = config.routes ? convertRoutesToAdditionalRoutes(config.routes) : config.additionalRoutes ?? [];
+		this.additionalRoutes = config.routes ? convertRoutesToAdditionalRoutes(config.routes) : [];
 		this.middlewares = config.middlewares ?? {};
+		this.routeGuards = config.routeGuards;
 		this.disableDefaultRoutes = config.disableDefaultRoutes ?? false;
 		this.disabledRoutes = config.disabledRoutes ?? [];
 		this.actions = config.actions;
@@ -1283,6 +1287,7 @@ var ResourceDefinition = class {
 					schemas: schemas ?? void 0,
 					permissions: self.permissions,
 					middlewares: self.middlewares,
+					routeGuards: self.routeGuards,
 					additionalRoutes: resolvedRoutes,
 					disableDefaultRoutes: self.disableDefaultRoutes,
 					disabledRoutes: self.disabledRoutes,
@@ -1331,7 +1336,17 @@ var ResourceDefinition = class {
 			prefix: this.prefix,
 			presets: this._appliedPresets,
 			permissions: this.permissions,
-			additionalRoutes: this.additionalRoutes,
+			customRoutes: (this.routes ?? []).map((r) => ({
+				method: r.method,
+				path: r.path,
+				handler: typeof r.handler === "string" ? r.handler : r.handler.name || "anonymous",
+				operation: r.operation,
+				summary: r.summary,
+				description: r.description,
+				permissions: r.permissions,
+				raw: r.raw,
+				schema: r.schema
+			})),
 			routes: [],
 			events: Object.keys(this.events)
 		};

package/dist/docs/index.d.mts

@@ -1,5 +1,5 @@
-import { it as RegistryEntry } from "../interface-CS6d7HiB.mjs";
-import { t as ExternalOpenApiPaths } from "../externalPaths-BQ8QijNH.mjs";
+import { it as RegistryEntry } from "../interface-BVuMfeVv.mjs";
+import { t as ExternalOpenApiPaths } from "../externalPaths-Bapitwvd.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/docs/openapi.d.ts

package/dist/docs/index.mjs

@@ -1,5 +1,5 @@
 import { t as getUserRoles } from "../types-ZUu_h0jp.mjs";
-import { n as openApiPlugin, r as openapi_default, t as buildOpenApiSpec } from "../openapi-q6rNKfZy.mjs";
+import { n as openApiPlugin, r as openapi_default, t as buildOpenApiSpec } from "../openapi-CYCuekCn.mjs";
 import fp from "fastify-plugin";
 //#region src/docs/scalar.ts
 const scalarPlugin = async (fastify, opts = {}) => {

package/dist/dynamic/index.d.mts

@@ -1,5 +1,5 @@
-import { qt as ResourceDefinition, r as DataAdapter } from "../interface-CS6d7HiB.mjs";
-import { t as PermissionCheck } from "../types-BoaZHr-2.mjs";
+import { qt as ResourceDefinition, r as DataAdapter } from "../interface-BVuMfeVv.mjs";
+import { t as PermissionCheck } from "../types-CVC4HOKi.mjs";
 
 //#region src/dynamic/ArcDynamicLoader.d.ts
 interface ArcArchitectureSchema {