npm - @classytic/arc - Versions diffs - 2.8.1 → 2.8.4 - Mend

@classytic/arc 2.8.1 → 2.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/README.md +22 -1
package/dist/{ResourceRegistry-Dtcojmu8.mjs → ResourceRegistry-Dq3_zBQP.mjs} +5 -5
package/dist/adapters/index.d.mts +2 -2
package/dist/audit/index.d.mts +1 -1
package/dist/audit/index.mjs +1 -1
package/dist/audit/mongodb.d.mts +1 -1
package/dist/audit/mongodb.mjs +1 -1
package/dist/auth/index.d.mts +4 -4
package/dist/auth/redis-session.d.mts +1 -1
package/dist/cache/index.d.mts +2 -2
package/dist/cli/commands/describe.mjs +1 -1
package/dist/cli/commands/docs.mjs +2 -2
package/dist/cli/commands/generate.mjs +1 -1
package/dist/cli/commands/init.mjs +10 -10
package/dist/cli/commands/introspect.mjs +3 -3
package/dist/core/index.d.mts +3 -3
package/dist/core/index.mjs +4 -4
package/dist/{core-CrLDuqoT.mjs → core-DKSwNSXf.mjs} +1 -1
package/dist/{createApp-p2OThysU.mjs → createApp-BOYjBgdI.mjs} +16 -7
package/dist/{defineResource-CqeUltrW.mjs → defineResource-Bb_Bdhtw.mjs} +42 -27
package/dist/docs/index.d.mts +2 -2
package/dist/docs/index.mjs +1 -1
package/dist/dynamic/index.d.mts +2 -2
package/dist/dynamic/index.mjs +1 -1
package/dist/{errorHandler-DJ7OAB2V.d.mts → errorHandler-CdZDavNH.d.mts} +2 -2
package/dist/{eventPlugin-Cdjwo0Gv.d.mts → eventPlugin-CVxlE6De.d.mts} +1 -1
package/dist/events/index.d.mts +3 -3
package/dist/events/index.mjs +1 -1
package/dist/events/transports/redis-stream-entry.d.mts +1 -1
package/dist/events/transports/redis-stream-entry.mjs +3 -1
package/dist/events/transports/redis.d.mts +1 -1
package/dist/factory/index.d.mts +1 -1
package/dist/factory/index.mjs +2 -152
package/dist/hooks/index.d.mts +1 -1
package/dist/idempotency/index.d.mts +3 -3
package/dist/idempotency/mongodb.d.mts +1 -1
package/dist/idempotency/mongodb.mjs +18 -6
package/dist/idempotency/redis.d.mts +1 -1
package/dist/idempotency/redis.mjs +10 -1
package/dist/{index-0zj73o2U.d.mts → index-BgmMdpm8.d.mts} +1 -1
package/dist/{index-CBru2y5Y.d.mts → index-CSkeivBx.d.mts} +3 -3
package/dist/{index-DadoLP51.d.mts → index-CpTSDqmD.d.mts} +26 -4
package/dist/index.d.mts +7 -7
package/dist/index.mjs +3 -3
package/dist/integrations/event-gateway.d.mts +1 -1
package/dist/integrations/event-gateway.mjs +1 -1
package/dist/integrations/index.d.mts +1 -1
package/dist/integrations/mcp/index.d.mts +51 -3
package/dist/integrations/mcp/index.mjs +78 -19
package/dist/integrations/mcp/testing.d.mts +1 -1
package/dist/integrations/mcp/testing.mjs +1 -1
package/dist/{interface-CS6d7HiB.d.mts → interface-BVuMfeVv.d.mts} +47 -18
package/dist/loadResources-Bksk8ydA.mjs +154 -0
package/dist/{mongodb-B1eVtFhw.d.mts → mongodb-B8U2xaLj.d.mts} +1 -1
package/dist/{mongodb-NShVZDMr.d.mts → mongodb-X7LbEjTN.d.mts} +10 -1
package/dist/{openapi-q6rNKfZy.mjs → openapi-CYCuekCn.mjs} +2 -2
package/dist/org/index.d.mts +2 -2
package/dist/permissions/index.d.mts +3 -3
package/dist/plugins/index.d.mts +5 -5
package/dist/plugins/index.mjs +7 -7
package/dist/plugins/tracing-entry.d.mts +1 -1
package/dist/plugins/tracing-entry.mjs +1 -1
package/dist/policies/index.d.mts +1 -1
package/dist/presets/index.d.mts +1 -1
package/dist/presets/index.mjs +1 -1
package/dist/presets/multiTenant.d.mts +1 -1
package/dist/{presets-BFrGvvjL.mjs → presets-C2xgzW6x.mjs} +10 -18
package/dist/{queryCachePlugin-BCFVXnxK.d.mts → queryCachePlugin-CnTZZTC5.d.mts} +1 -1
package/dist/{redis-stream-BgrYzpeq.d.mts → redis-stream-D54N5oXs.d.mts} +1 -1
package/dist/{redis-Bunu3qWg.d.mts → redis-z3sFr1UP.d.mts} +1 -1
package/dist/registry/index.d.mts +1 -1
package/dist/registry/index.mjs +1 -1
package/dist/{resourceToTools-DNNWnZtx.mjs → resourceToTools-O_HwWXFa.mjs} +1 -1
package/dist/rpc/index.d.mts +1 -1
package/dist/scope/index.d.mts +2 -2
package/dist/testing/index.d.mts +2 -2
package/dist/testing/index.mjs +1 -1
package/dist/types/index.d.mts +4 -4
package/dist/{types-BlOuKTPw.d.mts → types-Bg2X42_m.d.mts} +30 -9
package/dist/{types-BoaZHr-2.d.mts → types-CVC4HOKi.d.mts} +1 -1
package/dist/{types-D3b7hA00.d.mts → types-CcG4avic.d.mts} +1 -1
package/dist/utils/index.d.mts +43 -5
package/dist/utils/index.mjs +3 -3
package/dist/{utils-7sJ8X83I.mjs → utils-yYT3HDXt.mjs} +65 -1
package/package.json +8 -8
package/skills/arc/SKILL.md +101 -6
package/skills/arc/references/mcp.md +37 -0
/package/dist/{EventTransport-CLXJUzyT.d.mts → EventTransport-CinyO7zQ.d.mts} +0 -0
/package/dist/{caching-CHH-iHs3.mjs → caching-CjybdRwx.mjs} +0 -0
/package/dist/{circuitBreaker-BGVoB1hD.d.mts → circuitBreaker-CvXkjfrW.d.mts} +0 -0
/package/dist/{elevation-UJO3-NvX.d.mts → elevation-s5ykdNHr.d.mts} +0 -0
/package/dist/{errorHandler-Cw34h_om.mjs → errorHandler-mzqk4cGl.mjs} +0 -0
/package/dist/{errors-BI8kEKsO.d.mts → errors-Bmn3eZT6.d.mts} +0 -0
/package/dist/{eventPlugin-XijlQmlL.mjs → eventPlugin-D91S2YF4.mjs} +0 -0
/package/dist/{externalPaths-BQ8QijNH.d.mts → externalPaths-Bapitwvd.d.mts} +0 -0
/package/dist/{fields-DoeDgh2b.d.mts → fields-DC4So2M2.d.mts} +0 -0
/package/dist/{interface-CkkWm5uR.d.mts → interface-B-pe8fhj.d.mts} +0 -0
/package/dist/{interface-bpoLKKqx.d.mts → interface-DplgQO2e.d.mts} +0 -0
/package/dist/{metrics-DuhiSEZI.mjs → metrics-TuOmguhi.mjs} +0 -0
/package/dist/{mongodb-5Ff3w8jy.mjs → mongodb-B5O6xaW1.mjs} +0 -0
/package/dist/{pluralize-BneOJkpi.mjs → pluralize-A0tWEl1K.mjs} +0 -0
/package/dist/{replyHelpers-CXtJDAZ0.mjs → replyHelpers-BLojtuvR.mjs} +0 -0
/package/dist/{sessionManager-BkzVU8h2.d.mts → sessionManager-D-oNWHz3.d.mts} +0 -0
/package/dist/{sse-CD5Hghpu.mjs → sse-CJpt7LGI.mjs} +0 -0
/package/dist/{tracing-xqXzWeaf.d.mts → tracing-DxjKk7eW.d.mts} +0 -0
/package/dist/{types-CN6JvmYz.d.mts → types-C72d3NDn.d.mts} +0 -0
/package/dist/{versioning-CPU_5Xfs.mjs → versioning-Cm8qoFDg.mjs} +0 -0

package/dist/{presets-BFrGvvjL.mjs → presets-C2xgzW6x.mjs} RENAMED Viewed

@@ -41,13 +41,12 @@ function slugLookupPreset(options = {}) {
 	const { slugField = "slug" } = options;
 	return {
 		name: "slugLookup",
-		additionalRoutes: (permissions) => [{
+		routes: (permissions) => [{
 			method: "GET",
 			path: `/slug/:${slugField}`,
 			handler: "getBySlug",
 			summary: "Get by slug",
 			permissions: permissions.get ?? allowPublic(),
-			wrapHandler: true,
 			operation: "getBySlug"
 		}],
 		controllerOptions: { slugField }
@@ -65,13 +64,12 @@ function slugLookupPreset(options = {}) {
 function softDeletePreset() {
 	return {
 		name: "softDelete",
-		additionalRoutes: (permissions) => [{
+		routes: (permissions) => [{
 			method: "GET",
 			path: "/deleted",
 			handler: "getDeleted",
 			summary: "Get soft-deleted items",
 			permissions: permissions.list ?? requireRoles(["admin"]),
-			wrapHandler: true,
 			operation: "listDeleted"
 		}, {
 			method: "POST",
@@ -79,7 +77,6 @@ function softDeletePreset() {
 			handler: "restore",
 			summary: "Restore soft-deleted item",
 			permissions: permissions.update ?? requireRoles(["admin"]),
-			wrapHandler: true,
 			operation: "restore"
 		}]
 	};
@@ -153,13 +150,12 @@ function bulkPreset(opts) {
 	const maxCreateItems = opts?.maxCreateItems ?? 1e3;
 	return {
 		name: "bulk",
-		additionalRoutes: (permissions) => {
+		routes: (permissions) => {
 			const routes = [];
 			if (operations.includes("createMany")) routes.push({
 				method: "POST",
 				path: "/bulk",
 				handler: "bulkCreate",
-				wrapHandler: true,
 				operation: "bulkCreate",
 				summary: "Create multiple items",
 				permissions: permissions.create ?? requireAuth(),
@@ -190,7 +186,6 @@ function bulkPreset(opts) {
 				method: "PATCH",
 				path: "/bulk",
 				handler: "bulkUpdate",
-				wrapHandler: true,
 				operation: "bulkUpdate",
 				summary: "Update multiple items matching filter",
 				permissions: permissions.update ?? requireAuth(),
@@ -222,7 +217,6 @@ function bulkPreset(opts) {
 				method: "DELETE",
 				path: "/bulk",
 				handler: "bulkDelete",
-				wrapHandler: true,
 				operation: "bulkDelete",
 				summary: "Delete multiple items matching filter",
 				permissions: permissions.delete ?? requireAuth(),
@@ -259,13 +253,12 @@ function treePreset(options = {}) {
 	const { parentField = "parent" } = options;
 	return {
 		name: "tree",
-		additionalRoutes: (permissions) => [{
+		routes: (permissions) => [{
 			method: "GET",
 			path: "/tree",
 			handler: "getTree",
 			summary: "Get hierarchical tree",
 			permissions: permissions.list ?? allowPublic(),
-			wrapHandler: true,
 			operation: "getTree"
 		}, {
 			method: "GET",
@@ -273,7 +266,6 @@ function treePreset(options = {}) {
 			handler: "getChildren",
 			summary: "Get children of parent",
 			permissions: permissions.list ?? allowPublic(),
-			wrapHandler: true,
 			operation: "getChildren"
 		}],
 		controllerOptions: { parentField }
@@ -341,8 +333,8 @@ function validatePresetCombination(presets) {
 	const routeMap = /* @__PURE__ */ new Map();
 	for (const preset of presets) {
 		const name = preset.name ?? "unknown";
-		const routes = typeof preset.additionalRoutes === "function" ? preset.additionalRoutes({}) : preset.additionalRoutes ?? [];
-		for (const route of routes) {
+		const presetRoutes = preset.routes ? typeof preset.routes === "function" ? preset.routes({}) : preset.routes : [];
+		for (const route of presetRoutes) {
 			const key = `${route.method} ${route.path}`;
 			const existing = routeMap.get(key);
 			if (existing) conflicts.push({
@@ -371,7 +363,7 @@ function applyPresets(config, presets = []) {
 * Resolve preset input to PresetResult
 */
 function resolvePresetInput(preset) {
-	if (typeof preset === "object" && ("middlewares" in preset || "additionalRoutes" in preset)) return preset;
+	if (typeof preset === "object" && ("middlewares" in preset || "routes" in preset)) return preset;
 	if (typeof preset === "object" && "name" in preset) {
 		const { name, ...options } = preset;
 		return resolvePreset(name, options);
@@ -383,9 +375,9 @@ function resolvePresetInput(preset) {
 */
 function mergePreset(config, preset) {
 	const result = { ...config };
-	if (preset.additionalRoutes) {
-		const routes = typeof preset.additionalRoutes === "function" ? preset.additionalRoutes(config.permissions ?? {}) : preset.additionalRoutes;
-		result.additionalRoutes = [...result.additionalRoutes ?? [], ...routes];
+	if (preset.routes) {
+		const resolved = typeof preset.routes === "function" ? preset.routes(config.permissions ?? {}) : preset.routes;
+		result.routes = [...result.routes ?? [], ...resolved];
 	}
 	if (preset.middlewares) {
 		result.middlewares = result.middlewares ?? {};

package/dist/{queryCachePlugin-BCFVXnxK.d.mts → queryCachePlugin-CnTZZTC5.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { i as CacheStore } from "./interface-bpoLKKqx.mjs";
+import { i as CacheStore } from "./interface-DplgQO2e.mjs";
 import { FastifyPluginAsync } from "fastify";
 //#region src/cache/QueryCache.d.ts

package/dist/{redis-stream-BgrYzpeq.d.mts → redis-stream-D54N5oXs.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { i as EventTransport, n as EventHandler, r as EventLogger, t as DomainEvent } from "./EventTransport-CLXJUzyT.mjs";
+import { i as EventTransport, n as EventHandler, r as EventLogger, t as DomainEvent } from "./EventTransport-CinyO7zQ.mjs";
 //#region src/events/transports/redis-stream.d.ts
 interface RedisStreamLike {

package/dist/{redis-Bunu3qWg.d.mts → redis-z3sFr1UP.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { n as IdempotencyResult, r as IdempotencyStore } from "./interface-CkkWm5uR.mjs";
+import { n as IdempotencyResult, r as IdempotencyStore } from "./interface-B-pe8fhj.mjs";
 //#region src/idempotency/stores/redis.d.ts
 interface RedisClient {

package/dist/registry/index.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Gt as RegisterOptions, H as IntrospectionPluginOptions, Kt as ResourceRegistry } from "../interface-CS6d7HiB.mjs";
+import { Gt as RegisterOptions, H as IntrospectionPluginOptions, Kt as ResourceRegistry } from "../interface-BVuMfeVv.mjs";
 import { FastifyPluginAsync } from "fastify";
 //#region src/registry/introspectionPlugin.d.ts

package/dist/registry/index.mjs CHANGED Viewed

@@ -1,3 +1,3 @@
 import { n as introspectionPlugin_default, t as introspectionPlugin } from "../registry-B0Wl7uVV.mjs";
-import { t as ResourceRegistry } from "../ResourceRegistry-Dtcojmu8.mjs";
+import { t as ResourceRegistry } from "../ResourceRegistry-Dq3_zBQP.mjs";
 export { ResourceRegistry, introspectionPlugin_default as introspectionPlugin, introspectionPlugin as introspectionPluginFn };

package/dist/{resourceToTools-DNNWnZtx.mjs → resourceToTools-O_HwWXFa.mjs} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { t as BaseController } from "./BaseController-DAGGc5Xn.mjs";
 import { n as normalizePermissionResult } from "./applyPermissionResult-D6GPMsvh.mjs";
-import { t as pluralize } from "./pluralize-BneOJkpi.mjs";
+import { t as pluralize } from "./pluralize-A0tWEl1K.mjs";
 import { z } from "zod";
 //#region src/integrations/mcp/createMcpServer.ts
 /**

package/dist/rpc/index.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { r as CircuitBreakerOptions } from "../circuitBreaker-BGVoB1hD.mjs";
+import { r as CircuitBreakerOptions } from "../circuitBreaker-CvXkjfrW.mjs";
 //#region src/rpc/serviceClient.d.ts
 interface RetryConfig {

package/dist/scope/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { _ as isAuthenticated, a as getClientId, b as isOrgInScope, c as getOrgRoles, d as getScopeContextMap, f as getServiceScopes, g as hasOrgAccess, h as getUserRoles, i as getAncestorOrgIds, l as getRequestScope, m as getUserId, n as PUBLIC_SCOPE, o as getOrgContext, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, u as getScopeContext, v as isElevated, x as isService, y as isMember } from "../types-CN6JvmYz.mjs";
-import { i as elevationPlugin, n as ElevationOptions, r as _default, t as ElevationEvent } from "../elevation-UJO3-NvX.mjs";
+import { _ as isAuthenticated, a as getClientId, b as isOrgInScope, c as getOrgRoles, d as getScopeContextMap, f as getServiceScopes, g as hasOrgAccess, h as getUserRoles, i as getAncestorOrgIds, l as getRequestScope, m as getUserId, n as PUBLIC_SCOPE, o as getOrgContext, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, u as getScopeContext, v as isElevated, x as isService, y as isMember } from "../types-C72d3NDn.mjs";
+import { i as elevationPlugin, n as ElevationOptions, r as _default, t as ElevationEvent } from "../elevation-s5ykdNHr.mjs";
 import { FastifyReply, FastifyRequest } from "fastify";
 //#region src/scope/rateLimitKey.d.ts

package/dist/testing/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { Zt as CrudRepository, m as AnyRecord, qt as ResourceDefinition } from "../interface-CS6d7HiB.mjs";
-import { d as ResourceLike, r as CreateAppOptions } from "../types-BlOuKTPw.mjs";
+import { Zt as CrudRepository, m as AnyRecord, qt as ResourceDefinition } from "../interface-BVuMfeVv.mjs";
+import { d as ResourceLike, r as CreateAppOptions } from "../types-Bg2X42_m.mjs";
 import Fastify, { FastifyInstance, FastifyServerOptions } from "fastify";
 import { Connection } from "mongoose";
 import { Mock } from "vitest";

package/dist/testing/index.mjs CHANGED Viewed

@@ -1796,7 +1796,7 @@ function runEventTests(resourceName, displayName, events) {
 * ```
 */
 async function createTestApp(options = {}) {
-	const { createApp } = await import("../createApp-p2OThysU.mjs").then((n) => n.r);
+	const { createApp } = await import("../createApp-BOYjBgdI.mjs").then((n) => n.r);
 	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
 	const defaultAuth = {
 		type: "jwt",

package/dist/types/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-CN6JvmYz.mjs";
-import { $ as PresetFunction, $t as DeleteOptions, A as EventsDecorator, B as InferResourceDoc, Bt as FastifyHandler, C as ConfigError, Ct as TypedResourceConfig, D as CrudRouterOptions, Dt as ValidationResult, E as CrudRouteKey, Et as ValidateOptions, F as GracefulShutdownOptions, G as LookupOption, H as IntrospectionPluginOptions, Ht as IControllerResponse, I as HealthCheck, J as ObjectId, K as MiddlewareConfig, L as HealthOptions, M as FastifyWithAuth, N as FastifyWithDecorators, O as CrudSchemas, Ot as envelope, P as FieldRule, Q as PopulateOption, Qt as DeleteManyResult, R as InferAdapterDoc, Rt as ControllerHandler, S as AuthenticatorContext, St as TypedRepository, T as CrudController, Tt as UserOrganization, U as JWTPayload, Ut as IRequestContext, V as IntrospectionData, Vt as IController, W as JwtContext, Wt as RouteHandler, X as OwnershipCheck, Xt as BulkWriteResult, Y as OpenApiSchemas, Yt as BulkWriteOperation, Z as ParsedQuery, Zt as CrudRepository, _ as ArcInternalMetadata, _t as RouteMcpConfig, an as PaginationParams, at as RegistryStats, b as AuthPluginOptions, bt as TokenPair, cn as RepositorySession, ct as RequestWithExtras, d as ActionHandlerFn, dt as ResourceHookContext, en as DeleteResult, et as PresetHook, f as ActionsMap, ft as ResourceHooks, g as ArcDecorator, gt as RouteHandlerMethod, h as ApiResponse, ht as RouteDefinition, in as PaginatedResult, it as RegistryEntry, j as FastifyRequestExtras, jt as BaseControllerOptions, k as EventDefinition, kt as getUserId, l as ActionDefinition, ln as UpdateManyResult, lt as ResourceCacheConfig, m as AnyRecord, mt as ResourcePermissions, nn as KeysetPaginatedResult, nt as QueryParserInterface, on as PaginationResult, ot as RequestContext, p as AdditionalRoute, pt as ResourceMetadata, q as MiddlewareHandler, rn as OffsetPaginatedResult, rt as RateLimitConfig, sn as QueryOptions, st as RequestIdOptions, tn as InferDoc, tt as PresetResult, u as ActionEntry, un as WriteOptions, ut as ResourceConfig, v as ArcRequest, vt as RouteSchemaOptions, w as ControllerQueryOptions, wt as UserLike, x as Authenticator, xt as TypedController, y as AuthHelpers, yt as ServiceContext, z as InferDocType, zt as ControllerLike } from "../interface-CS6d7HiB.mjs";
-import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "../types-BoaZHr-2.mjs";
-import { n as ElevationOptions, t as ElevationEvent } from "../elevation-UJO3-NvX.mjs";
+import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-C72d3NDn.mjs";
+import { $ as PresetFunction, $t as DeleteOptions, A as EventsDecorator, B as InferResourceDoc, Bt as FastifyHandler, C as ConfigError, Ct as TypedResourceConfig, D as CrudRouterOptions, Dt as ValidationResult, E as CrudRouteKey, Et as ValidateOptions, F as GracefulShutdownOptions, G as LookupOption, H as IntrospectionPluginOptions, Ht as IControllerResponse, I as HealthCheck, J as ObjectId, K as MiddlewareConfig, L as HealthOptions, M as FastifyWithAuth, N as FastifyWithDecorators, O as CrudSchemas, Ot as envelope, P as FieldRule, Q as PopulateOption, Qt as DeleteManyResult, R as InferAdapterDoc, Rt as ControllerHandler, S as AuthenticatorContext, St as TypedRepository, T as CrudController, Tt as UserOrganization, U as JWTPayload, Ut as IRequestContext, V as IntrospectionData, Vt as IController, W as JwtContext, Wt as RouteHandler, X as OwnershipCheck, Xt as BulkWriteResult, Y as OpenApiSchemas, Yt as BulkWriteOperation, Z as ParsedQuery, Zt as CrudRepository, _ as ArcInternalMetadata, _t as RouteMcpConfig, an as PaginationParams, at as RegistryStats, b as AuthPluginOptions, bt as TokenPair, cn as RepositorySession, ct as RequestWithExtras, d as ActionHandlerFn, dt as ResourceHookContext, en as DeleteResult, et as PresetHook, f as ActionsMap, ft as ResourceHooks, g as ArcDecorator, gt as RouteHandlerMethod, h as ApiResponse, ht as RouteDefinition, in as PaginatedResult, it as RegistryEntry, j as FastifyRequestExtras, jt as BaseControllerOptions, k as EventDefinition, kt as getUserId, l as ActionDefinition, ln as UpdateManyResult, lt as ResourceCacheConfig, m as AnyRecord, mt as ResourcePermissions, nn as KeysetPaginatedResult, nt as QueryParserInterface, on as PaginationResult, ot as RequestContext, p as AdditionalRoute, pt as ResourceMetadata, q as MiddlewareHandler, rn as OffsetPaginatedResult, rt as RateLimitConfig, sn as QueryOptions, st as RequestIdOptions, tn as InferDoc, tt as PresetResult, u as ActionEntry, un as WriteOptions, ut as ResourceConfig, v as ArcRequest, vt as RouteSchemaOptions, w as ControllerQueryOptions, wt as UserLike, x as Authenticator, xt as TypedController, y as AuthHelpers, yt as ServiceContext, z as InferDocType, zt as ControllerLike } from "../interface-BVuMfeVv.mjs";
+import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "../types-CVC4HOKi.mjs";
+import { n as ElevationOptions, t as ElevationEvent } from "../elevation-s5ykdNHr.mjs";
 export { AUTHENTICATED_SCOPE, ActionDefinition, ActionEntry, ActionHandlerFn, ActionsMap, AdditionalRoute, AnyRecord, ApiResponse, ArcDecorator, ArcInternalMetadata, ArcRequest, AuthHelpers, AuthPluginOptions, Authenticator, AuthenticatorContext, BaseControllerOptions, BulkWriteOperation, BulkWriteResult, ConfigError, ControllerHandler, ControllerLike, ControllerQueryOptions, CrudController, CrudRepository, CrudRouteKey, CrudRouterOptions, CrudSchemas, DeleteManyResult, DeleteOptions, DeleteResult, ElevationEvent, ElevationOptions, EventDefinition, EventsDecorator, FastifyHandler, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, GracefulShutdownOptions, HealthCheck, HealthOptions, IController, IControllerResponse, IRequestContext, InferAdapterDoc, InferDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, JwtContext, KeysetPaginatedResult, LookupOption, MiddlewareConfig, MiddlewareHandler, ObjectId, OffsetPaginatedResult, OpenApiSchemas, OwnershipCheck, PUBLIC_SCOPE, PaginatedResult, PaginationParams, PaginationResult, ParsedQuery, PermissionCheck, PermissionContext, PermissionResult, PopulateOption, PresetFunction, PresetHook, PresetResult, QueryOptions, QueryParserInterface, RateLimitConfig, RegistryEntry, RegistryStats, RepositorySession, RequestContext, RequestIdOptions, RequestScope, RequestWithExtras, ResourceCacheConfig, ResourceConfig, ResourceHookContext, ResourceHooks, ResourceMetadata, ResourcePermissions, RouteDefinition, RouteHandler, RouteHandlerMethod, RouteMcpConfig, RouteSchemaOptions, ServiceContext, TokenPair, TypedController, TypedRepository, TypedResourceConfig, UpdateManyResult, UserBase, UserLike, UserOrganization, ValidateOptions, ValidationResult, WriteOptions, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };

package/dist/{types-BlOuKTPw.d.mts → types-Bg2X42_m.d.mts} RENAMED Viewed

@@ -1,12 +1,12 @@
-import { x as Authenticator } from "./interface-CS6d7HiB.mjs";
-import { n as ElevationOptions } from "./elevation-UJO3-NvX.mjs";
-import { t as ExternalOpenApiPaths } from "./externalPaths-BQ8QijNH.mjs";
-import { i as CacheStore } from "./interface-bpoLKKqx.mjs";
-import { r as QueryCachePluginOptions } from "./queryCachePlugin-BCFVXnxK.mjs";
-import { i as EventTransport } from "./EventTransport-CLXJUzyT.mjs";
-import { t as EventPluginOptions } from "./eventPlugin-Cdjwo0Gv.mjs";
-import { c as MetricsOptions, d as SSEOptions, m as CachingOptions, r as VersioningOptions, t as ErrorHandlerOptions } from "./errorHandler-DJ7OAB2V.mjs";
-import { r as IdempotencyStore } from "./interface-CkkWm5uR.mjs";
+import { x as Authenticator } from "./interface-BVuMfeVv.mjs";
+import { n as ElevationOptions } from "./elevation-s5ykdNHr.mjs";
+import { t as ExternalOpenApiPaths } from "./externalPaths-Bapitwvd.mjs";
+import { i as CacheStore } from "./interface-DplgQO2e.mjs";
+import { r as QueryCachePluginOptions } from "./queryCachePlugin-CnTZZTC5.mjs";
+import { i as EventTransport } from "./EventTransport-CinyO7zQ.mjs";
+import { t as EventPluginOptions } from "./eventPlugin-CVxlE6De.mjs";
+import { f as SSEOptions, h as CachingOptions, i as VersioningOptions, l as MetricsOptions, t as ErrorHandlerOptions } from "./errorHandler-CdZDavNH.mjs";
+import { r as IdempotencyStore } from "./interface-B-pe8fhj.mjs";
 import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest, FastifyServerOptions } from "fastify";
 //#region src/factory/loadResources.d.ts
@@ -664,6 +664,27 @@ interface CreateAppOptions {
    * ```
    */
   resourcePrefix?: string;
+  /**
+   * Auto-discover resources from a directory instead of passing an explicit
+   * `resources` array. Resolves relative to `process.cwd()`.
+   *
+   * This replaces the common pattern:
+   * ```ts
+   * resources: await loadResources(import.meta.url)
+   * ```
+   *
+   * When both `resourceDir` and `resources` are provided, `resources` wins
+   * (explicit always beats convention).
+   *
+   * @example
+   * ```ts
+   * const app = await createApp({
+   *   resourceDir: 'src/resources',
+   *   resourcePrefix: '/api/v1',
+   * });
+   * ```
+   */
+  resourceDir?: string;
   /**
    * Custom plugin registration — runs after Arc core (security, auth, events)
    * but before `bootstrap` and `resources`.

package/dist/{types-BoaZHr-2.d.mts → types-CVC4HOKi.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { r as RequestScope } from "./types-CN6JvmYz.mjs";
+import { r as RequestScope } from "./types-C72d3NDn.mjs";
 import { FastifyRequest } from "fastify";
 //#region src/permissions/types.d.ts

package/dist/{types-D3b7hA00.d.mts → types-CcG4avic.d.mts} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { qt as ResourceDefinition } from "./interface-CS6d7HiB.mjs";
+import { qt as ResourceDefinition } from "./interface-BVuMfeVv.mjs";
 import { z } from "zod";
 //#region src/integrations/mcp/types.d.ts

package/dist/utils/index.d.mts CHANGED Viewed

@@ -1,7 +1,7 @@
-import { Y as OpenApiSchemas, Z as ParsedQuery, m as AnyRecord, nt as QueryParserInterface } from "../interface-CS6d7HiB.mjs";
-import { a as NotFoundError, c as RateLimitError, d as ValidationError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-BI8kEKsO.mjs";
-import { a as CircuitBreakerStats, c as createCircuitBreakerRegistry, i as CircuitBreakerRegistry, n as CircuitBreakerError, o as CircuitState, r as CircuitBreakerOptions, s as createCircuitBreaker, t as CircuitBreaker } from "../circuitBreaker-BGVoB1hD.mjs";
-import { FastifyInstance } from "fastify";
+import { Y as OpenApiSchemas, Z as ParsedQuery, m as AnyRecord, nt as QueryParserInterface } from "../interface-BVuMfeVv.mjs";
+import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-Bmn3eZT6.mjs";
+import { a as CircuitBreakerStats, c as createCircuitBreakerRegistry, i as CircuitBreakerRegistry, n as CircuitBreakerError, o as CircuitState, r as CircuitBreakerOptions, s as createCircuitBreaker, t as CircuitBreaker } from "../circuitBreaker-CvXkjfrW.mjs";
+import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
 //#region src/utils/compensation.d.ts
 /**
@@ -92,6 +92,44 @@ interface CompensationDefinition<TCtx extends Record<string, unknown> = Record<s
 }
 declare function defineCompensation<TCtx extends Record<string, unknown> = Record<string, unknown>>(name: string, steps: readonly CompensationStep<TCtx>[]): CompensationDefinition<TCtx>;
 //#endregion
+//#region src/utils/defineGuard.d.ts
+interface GuardConfig<T> {
+  /** Unique name — used as the storage key on the request. */
+  readonly name: string;
+  /**
+   * Resolve the guard context from the request. Throw to abort the request
+   * (Fastify's error handler will produce the appropriate HTTP response).
+   * Return a value to stash it for `from()` extraction.
+   */
+  readonly resolve: (req: FastifyRequest, reply: FastifyReply) => T | Promise<T>;
+}
+interface Guard<T> {
+  /** Use in `routeGuards` or per-route `preHandler` arrays. */
+  readonly preHandler: RouteHandlerMethod;
+  /**
+   * Extract the resolved context from a request. Throws if the guard
+   * hasn't run yet (i.e. not in the preHandler chain).
+   */
+  from(req: FastifyRequest): T;
+  /** The guard name (for debugging). */
+  readonly name: string;
+}
+/**
+ * Create a typed guard. See module JSDoc for usage.
+ */
+declare function defineGuard<T>(config: GuardConfig<T>): Guard<T>;
+//#endregion
+//#region src/utils/handleRaw.d.ts
+/**
+ * Wrap a raw Fastify handler with Arc's response envelope and error handling.
+ *
+ * @param handler - Async function that receives `(request, reply)` and returns data.
+ *   The return value is sent as `{ success: true, data }`. If it returns
+ *   `undefined` or `null`, `{ success: true }` is sent (no `data` field).
+ * @param statusCode - HTTP status code for successful responses (default: 200)
+ */
+declare function handleRaw<T>(handler: (request: FastifyRequest, reply: FastifyReply) => Promise<T>, statusCode?: number): (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
+//#endregion
 //#region src/utils/queryParser.d.ts
 interface ArcQueryParserOptions {
   /** Maximum allowed limit value (default: 1000) */
@@ -635,4 +673,4 @@ declare function hasEvents(instance: FastifyInstance): instance is FastifyInstan
   events: EventsDecorator;
 };
 //#endregion
-export { ArcError, ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type CompensationDefinition, type CompensationError, type CompensationHooks, type CompensationResult, type CompensationStep, ConflictError, type ErrorDetails, type EventsDecorator, ForbiddenError, type JsonSchema, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, type StateMachine, type TransitionConfig, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createError, createQueryParser, createStateMachine, defineCompensation, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };
+export { ArcError, ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type CompensationDefinition, type CompensationError, type CompensationHooks, type CompensationResult, type CompensationStep, ConflictError, type ErrorDetails, type EventsDecorator, ForbiddenError, type Guard, type GuardConfig, type JsonSchema, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, type StateMachine, type TransitionConfig, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/utils/index.mjs CHANGED Viewed

@@ -1,7 +1,7 @@
 import { n as createQueryParser, t as ArcQueryParser } from "../queryParser-CgCtsjti.mjs";
 import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-OxfCshus.mjs";
 import { a as createCircuitBreaker, i as CircuitState, n as CircuitBreakerError, o as createCircuitBreakerRegistry, r as CircuitBreakerRegistry, t as CircuitBreaker } from "../circuitBreaker-cmi5XDv5.mjs";
-import { a as getListQueryParams, c as mutationResponse, d as responses, f as successResponseSchema, h as withCompensation, i as getDefaultCrudSchemas, l as paginationSchema, m as defineCompensation, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams } from "../utils-7sJ8X83I.mjs";
-import { a as OrgAccessDeniedError, c as ServiceUnavailableError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-BF2bIOIS.mjs";
+import { _ as withCompensation, a as getListQueryParams, c as mutationResponse, d as responses, f as successResponseSchema, g as defineCompensation, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams } from "../utils-yYT3HDXt.mjs";
+import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-BF2bIOIS.mjs";
 import { t as hasEvents } from "../typeGuards-CcFZXgU7.mjs";
-export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createError, createQueryParser, createStateMachine, defineCompensation, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };
+export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/{utils-7sJ8X83I.mjs → utils-yYT3HDXt.mjs} RENAMED Viewed

@@ -1,3 +1,4 @@
+import { t as ArcError } from "./errors-BF2bIOIS.mjs";
 //#region src/utils/compensation.ts
 /**
 * Run steps in order with automatic compensation on failure.
@@ -69,6 +70,69 @@ function defineCompensation(name, steps) {
 	};
 }
 //#endregion
+//#region src/utils/defineGuard.ts
+/** Hidden property key for guard context storage on the request object. */
+const GUARD_STORE_KEY = "__arcGuardContext";
+/**
+* Create a typed guard. See module JSDoc for usage.
+*/
+function defineGuard(config) {
+	const { name, resolve } = config;
+	const preHandler = async (req, reply) => {
+		const ctx = await resolve(req, reply);
+		if (!reply.sent) {
+			const store = req[GUARD_STORE_KEY] ?? {};
+			store[name] = ctx;
+			req[GUARD_STORE_KEY] = store;
+		}
+	};
+	return {
+		preHandler,
+		name,
+		from(req) {
+			const store = req[GUARD_STORE_KEY];
+			if (!store || !(name in store)) throw new Error(`Guard '${name}' not resolved on this request. Add it to routeGuards or the route's preHandler array.`);
+			return store[name];
+		}
+	};
+}
+//#endregion
+//#region src/utils/handleRaw.ts
+/**
+* Wrap a raw Fastify handler with Arc's response envelope and error handling.
+*
+* @param handler - Async function that receives `(request, reply)` and returns data.
+*   The return value is sent as `{ success: true, data }`. If it returns
+*   `undefined` or `null`, `{ success: true }` is sent (no `data` field).
+* @param statusCode - HTTP status code for successful responses (default: 200)
+*/
+function handleRaw(handler, statusCode = 200) {
+	return async (request, reply) => {
+		try {
+			const result = await handler(request, reply);
+			if (reply.sent) return;
+			if (result === void 0 || result === null) reply.code(statusCode).send({ success: true });
+			else reply.code(statusCode).send({
+				success: true,
+				data: result
+			});
+		} catch (err) {
+			if (reply.sent) return;
+			if (err instanceof ArcError) {
+				reply.code(err.statusCode).send(err.toJSON());
+				return;
+			}
+			const error = err;
+			const code = error.statusCode ?? error.status ?? 500;
+			reply.code(code).send({
+				success: false,
+				error: error.message ?? "Internal server error",
+				...error.code && { code: error.code }
+			});
+		}
+	};
+}
+//#endregion
 //#region src/utils/responseSchemas.ts
 /**
 * Base success response schema
@@ -579,4 +643,4 @@ function createStateMachine(name, transitions = {}, options = {}) {
 	};
 }
 //#endregion
-export { getListQueryParams as a, mutationResponse as c, responses as d, successResponseSchema as f, withCompensation as h, getDefaultCrudSchemas as i, paginationSchema as l, defineCompensation as m, deleteResponse as n, itemResponse as o, wrapResponse as p, errorResponseSchema as r, listResponse as s, createStateMachine as t, queryParams as u };
+export { withCompensation as _, getListQueryParams as a, mutationResponse as c, responses as d, successResponseSchema as f, defineCompensation as g, defineGuard as h, getDefaultCrudSchemas as i, paginationSchema as l, handleRaw as m, deleteResponse as n, itemResponse as o, wrapResponse as p, errorResponseSchema as r, listResponse as s, createStateMachine as t, queryParams as u };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@classytic/arc",
-  "version": "2.8.1",
+  "version": "2.8.4",
   "description": "Resource-oriented backend framework for Fastify — clean, minimal, powerful, tree-shakable",
   "type": "module",
   "exports": {
@@ -340,19 +340,18 @@
   },
   "dependencies": {
     "fastify-plugin": "^5.0.1",
-    "qs": "^6.14.1",
+    "qs": "^6.15.1",
     "secure-json-parse": "^4.1.0"
   },
   "devDependencies": {
-    "@better-auth/mongo-adapter": "^1.6.0",
-    "@biomejs/biome": "^2.4.10",
-    "ajv": "^8.18.0",
+    "@better-auth/mongo-adapter": "^1.6.2",
+    "@biomejs/biome": "^2.4.11",
     "@classytic/mongokit": "file:../../packages/mongokit/classytic-mongokit-3.6.0.tgz",
     "@classytic/streamline": "^2.1.0",
     "@fastify/cors": "^11.2.0",
     "@fastify/helmet": "^13.0.2",
     "@fastify/jwt": "^10.0.0",
-    "@fastify/multipart": "^9.0.0",
+    "@fastify/multipart": "^10.0.0",
     "@fastify/rate-limit": "^10.3.0",
     "@fastify/sensible": "^6.0.4",
     "@fastify/type-provider-typebox": "^6.0.0",
@@ -363,10 +362,11 @@
     "@types/node": "^22.10.0",
     "@types/qs": "^6.14.0",
     "@vitest/coverage-v8": "^3.2.4",
-    "better-auth": "^1.6.0",
+    "ajv": "^8.18.0",
+    "better-auth": "^1.6.2",
     "fastify-raw-body": "^5.0.0",
     "jsonwebtoken": "^9.0.0",
-    "knip": "^6.3.0",
+    "knip": "^6.4.1",
     "mongodb": "^7.1.0",
     "mongodb-memory-server": "^11.0.1",
     "mongoose": "^9.4.1",

package/skills/arc/SKILL.md CHANGED Viewed

@@ -8,7 +8,7 @@ description: |
   Triggers: arc, fastify resource, defineResource, createApp, BaseController, arc preset,
   arc auth, arc events, arc jobs, arc websocket, arc mcp, arc plugin, arc testing, arc cli,
   arc permissions, arc hooks, arc pipeline, arc factory, arc cache, arc QueryCache.
-version: 2.8.0
+version: 2.8.1
 license: MIT
 metadata:
   author: Classytic
@@ -88,17 +88,28 @@ const productResource = defineResource({
     delete: requireRoles(['admin']),
   },
   cache: { staleTime: 30, gcTime: 300, tags: ['catalog'] },
-  additionalRoutes: [
-    { method: 'GET', path: '/featured', handler: 'getFeatured', permissions: allowPublic(), wrapHandler: true },
-  ],
-  // v2.8: routes (replaces additionalRoutes — additionalRoutes still works but is deprecated)
+  // v2.8.1: routeGuards — auto-apply to ALL routes (CRUD + custom + preset)
+  routeGuards: [modeGuard, orgGuard.preHandler],
+  // v2.8.1: fieldRules constraints → auto-map to OpenAPI + AJV validation
+  schemaOptions: {
+    fieldRules: {
+      name: { minLength: 2, maxLength: 200, description: 'Product name' },
+      price: { min: 0, max: 100000 },
+      sku: { pattern: '^[A-Z]{3}-\\d{3}$' },
+      status: { enum: ['draft', 'active', 'archived'] },
+      deletedAt: { systemManaged: true },
+    },
+  },
+  // Custom routes (compose with presets — softDelete adds /deleted, /:id/restore)
   routes: [
     { method: 'GET', path: '/stats', handler: 'getStats', permissions: auth() },
     { method: 'POST', path: '/webhook', handler: webhookFn, raw: true, permissions: auth() },
   ],
-  // v2.8: actions (replaces onRegister + createActionRouter)
+  // Actions (replaces onRegister + createActionRouter)
   actions: {
     approve: async (id, data, req) => service.approve(id, req.user._id),
     cancel: {
@@ -112,8 +123,70 @@ const productResource = defineResource({
 await fastify.register(productResource.toPlugin());
 // Auto-generates: GET /, GET /:id, POST /, PATCH /:id, DELETE /:id
+// + softDelete preset adds: GET /deleted, POST /:id/restore
 ```
+## routeGuards + defineGuard (v2.8.1)
+Resource-level guards that apply to **every** route (CRUD + custom + preset):
+```typescript
+import { defineGuard } from '@classytic/arc/utils';
+import type { RouteHandlerMethod } from '@classytic/arc';
+// Simple guard — reject if condition fails
+const modeGuard: RouteHandlerMethod = async (req, reply) => {
+  if (!req.headers['x-mode']) {
+    reply.code(403).send({ error: 'Mode header required' });
+  }
+};
+// Typed guard — resolve context once, extract anywhere
+const orgGuard = defineGuard({
+  name: 'org',
+  resolve: (req) => {
+    const orgId = req.headers['x-org-id'] as string;
+    if (!orgId) throw new Error('Missing x-org-id');
+    return { orgId, actorId: req.user?.id ?? 'system' };
+  },
+});
+defineResource({
+  name: 'procurement',
+  routeGuards: [modeGuard, orgGuard.preHandler],  // all routes protected
+  routes: [{
+    method: 'GET', path: '/summary', raw: true, permissions: auth(),
+    handler: async (req, reply) => {
+      const { orgId } = orgGuard.from(req);  // typed, no re-computation
+      reply.send({ orgId, count: await Model.countDocuments() });
+    },
+  }],
+  // ...
+});
+```
+**Execution order:** auth → permissions → cache/idempotency → `routeGuards` → per-route `preHandler`
+## fieldRules → OpenAPI + AJV (v2.8.1)
+One definition, two outputs — constraints auto-map to OpenAPI schema + Fastify AJV validation:
+```typescript
+schemaOptions: {
+  fieldRules: {
+    name: { minLength: 2, maxLength: 200, description: 'Product name' },
+    price: { min: 0, max: 100000 },
+    sku: { pattern: '^[A-Z]{3}-\\d{3}$' },
+    status: { enum: ['draft', 'active', 'archived'] },
+    password: { hidden: true },           // blocked from select + OpenAPI
+    deletedAt: { systemManaged: true },   // blocked from input schemas
+    slug: { immutable: true },            // excluded from update body
+  },
+},
+```
+Mongoose model-level constraints (`minlength`, `maxlength`, `min`, `max`, `enum`) take precedence. `fieldRules` supplements what the model doesn't declare.
 ## Authentication
 Auth uses a **discriminated union** with `type` field:
@@ -783,6 +856,28 @@ auth: async (headers) => ({
 **Guards** for custom tools: `guard(requireAuth, requireOrg, requireRole('admin'), handler)`
+**AI SDK bridge** (v2.8.4+) — expose AI SDK `tool()` definitions over MCP without duplicating glue. Handles auth, guards, `{ error } → isError` translation, and thrown-error mapping:
+```typescript
+import { bridgeToMcp, buildMcpToolsFromBridges, getUserId, hasOrg, type McpBridge } from '@classytic/arc/mcp';
+export const triggerJobBridge: McpBridge = {
+  name: 'trigger_job',
+  description: 'Start a job.',
+  inputSchema: { phase: z.enum(['investigate', 'fix']) },
+  annotations: { destructiveHint: true },
+  buildTool: (ctx) => buildTriggerJobTool(getUserId(ctx) ?? ''),
+  guard: (ctx) => (hasOrg(ctx) ? null : 'Organization scope required'),
+};
+await app.register(mcpPlugin, {
+  resources,
+  extraTools: buildMcpToolsFromBridges([triggerJobBridge], {
+    exclude: process.env.DEPLOYMENT === 'readonly' ? ['trigger_job'] : [],
+  }),
+});
+```
 **Service scope**: When `clientId` is set in auth result, MCP produces `kind: "service"` RequestScope — works with `requireServiceScope()`, `getClientId()`, `getServiceScopes()`. No synthetic userId needed for machine principals.
 **Multi-tenancy**: `organizationId` from auth flows into BaseController org-scoping automatically.