@classytic/arc 2.8.4 → 2.9.1

package/dist/testing/index.mjs

@@ -1,5 +1,6 @@
 import { t as CRUD_OPERATIONS } from "../constants-Cxde4rpC.mjs";
-import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-ipsbIRPK.mjs";
+import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-CU6FlaDV.mjs";
+import { runStorageContract } from "./storageContract.mjs";
 import Fastify from "fastify";
 import mongoose from "mongoose";
 import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
@@ -1132,8 +1133,11 @@ function pickResource(value) {
 * harness.runAll();
 *
 * // Or run specific test suites
-* harness.runCrud();
 * harness.runPresets();
+* harness.runValidation();
+*
+* // For HTTP-level CRUD coverage (auth, permissions, routes), use
+* // `HttpTestHarness` from `@classytic/arc/testing`.
 */
 var TestHarness = class {
 	resource;
@@ -1156,12 +1160,12 @@ var TestHarness = class {
 		this.Model = model;
 	}
 	/**
-	* Run all baseline tests
+	* Run all baseline tests (schema, presets, field permissions, pipeline, events).
 	*
-	* Executes CRUD, validation, and preset tests
+	* For HTTP-level CRUD coverage (routes, auth, permissions), use
+	* {@link HttpTestHarness} instead.
 	*/
 	runAll() {
-		this.runCrud();
 		this.runValidation();
 		this.runPresets();
 		this.runFieldPermissions();
@@ -1169,67 +1173,6 @@ var TestHarness = class {
 		this.runEvents();
 	}
 	/**
-	* Run CRUD operation tests (model-level)
-	*
-	* Tests: create, read (list + getById), update, delete
-	*
-	* @deprecated Use `HttpTestHarness.runCrud()` for HTTP-level CRUD tests.
-	* This method tests Mongoose models directly and does not exercise
-	* HTTP routes, authentication, permissions, or the Arc pipeline.
-	*/
-	runCrud() {
-		const { resource, fixtures, Model } = this;
-		describe(`${resource.displayName} CRUD Operations`, () => {
-			beforeAll(async () => {
-				await mongoose.connect(this.mongoUri);
-				if (this.setupFn) await this.setupFn();
-			});
-			afterAll(async () => {
-				if (this._createdIds.length > 0) await Model.deleteMany({ _id: { $in: this._createdIds } });
-				if (this.teardownFn) await this.teardownFn();
-				await mongoose.disconnect();
-			});
-			describe("Create", () => {
-				it("should create a new document with valid data", async () => {
-					const doc = await Model.create(fixtures.valid);
-					this._createdIds.push(doc._id);
-					expect(doc).toBeDefined();
-					expect(doc._id).toBeDefined();
-					for (const [key, value] of Object.entries(fixtures.valid)) if (typeof value !== "object") expect(doc[key]).toEqual(value);
-				});
-				it("should have timestamps", async () => {
-					const doc = await Model.findById(this._createdIds[0]);
-					expect(doc).toBeDefined();
-					expect(doc?.createdAt).toBeDefined();
-					expect(doc?.updatedAt).toBeDefined();
-				});
-			});
-			describe("Read", () => {
-				it("should find document by ID", async () => {
-					expect(await Model.findById(this._createdIds[0])).toBeDefined();
-				});
-				it("should list documents", async () => {
-					const docs = await Model.find({});
-					expect(Array.isArray(docs)).toBe(true);
-					expect(docs.length).toBeGreaterThan(0);
-				});
-			});
-			describe("Update", () => {
-				it("should update document", async () => {
-					const updateData = fixtures.update || { updatedAt: /* @__PURE__ */ new Date() };
-					expect(await Model.findByIdAndUpdate(this._createdIds[0], updateData, { new: true })).toBeDefined();
-				});
-			});
-			describe("Delete", () => {
-				it("should delete document", async () => {
-					const toDelete = await Model.create(fixtures.valid);
-					await Model.findByIdAndDelete(toDelete._id);
-					expect(await Model.findById(toDelete._id)).toBeNull();
-				});
-			});
-		});
-	}
-	/**
 	* Run validation tests
 	*
 	* Tests schema validation, required fields, etc.
@@ -1370,7 +1313,7 @@ var TestHarness = class {
 							expect(result.otherField).toBe("visible");
 						});
 						it(`should strip hidden field '${field}' from writes`, () => {
-							const result = applyFieldWritePermissions({
+							const { body: result } = applyFieldWritePermissions({
 								[field]: "attempt",
 								name: "test"
 							}, fieldPerms, []);
@@ -1391,7 +1334,7 @@ var TestHarness = class {
 						break;
 					case "writableBy":
 						it(`should strip field '${field}' from writes by non-privileged users`, () => {
-							const result = applyFieldWritePermissions({
+							const { body: result } = applyFieldWritePermissions({
 								[field]: "new-value",
 								name: "test"
 							}, fieldPerms, ["viewer"]);
@@ -1401,7 +1344,8 @@ var TestHarness = class {
 						if (perm.roles && perm.roles.length > 0) {
 							const writeRole = perm.roles[0];
 							it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
-								expect(applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole])[field]).toBe("new-value");
+								const { body: result } = applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole]);
+								expect(result[field]).toBe("new-value");
 							});
 						}
 						break;
@@ -1653,10 +1597,11 @@ function runFieldPermissionTests(displayName, fieldPerms) {
 					}, fieldPerms, [])[field]).toBeUndefined();
 				});
 				it(`should strip hidden field '${field}' from writes`, () => {
-					expect(applyFieldWritePermissions({
+					const { body: result } = applyFieldWritePermissions({
 						[field]: "attempt",
 						name: "test"
-					}, fieldPerms, [])[field]).toBeUndefined();
+					}, fieldPerms, []);
+					expect(result[field]).toBeUndefined();
 				});
 				break;
 			case "visibleTo":
@@ -1672,15 +1617,17 @@ function runFieldPermissionTests(displayName, fieldPerms) {
 				break;
 			case "writableBy":
 				it(`should strip field '${field}' from writes by non-privileged users`, () => {
-					expect(applyFieldWritePermissions({
+					const { body: result } = applyFieldWritePermissions({
 						[field]: "v",
 						name: "test"
-					}, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
+					}, fieldPerms, ["_no_role_"]);
+					expect(result[field]).toBeUndefined();
 				});
 				if (perm.roles && perm.roles.length > 0) {
 					const writeRole = perm.roles[0];
 					it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
-						expect(applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole])[field]).toBe("v");
+						const { body: result } = applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole]);
+						expect(result[field]).toBe("v");
 					});
 				}
 				break;
@@ -1796,7 +1743,7 @@ function runEventTests(resourceName, displayName, events) {
 * ```
 */
 async function createTestApp(options = {}) {
-	const { createApp } = await import("../createApp-BOYjBgdI.mjs").then((n) => n.r);
+	const { createApp } = await import("../createApp-CBJUJKGP.mjs").then((n) => n.r);
 	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
 	const defaultAuth = {
 		type: "jwt",
@@ -1994,4 +1941,4 @@ var TestDataLoader = class {
 	}
 };
 //#endregion
-export { DatabaseSnapshot, TestFixtures as DbTestFixtures, HttpTestHarness, InMemoryDatabase, TestDataLoader, TestDatabase, TestHarness, TestRequestBuilder, TestSeeder, TestTransaction, createBetterAuthProvider, createBetterAuthTestHelpers, createConfigTestSuite, createDataFactory, createHttpTestHarness, createJwtAuthProvider, createMinimalTestApp, createMockController, createMockReply, createMockRepository, createMockRequest, createMockUser, createSnapshotMatcher, createSpy, createTestApp, createTestAuth, createTestHarness, createTestTimer, generateTestFile, preloadResources, preloadResourcesAsync, request, safeParseBody, setupBetterAuthOrg, waitFor, withTestDb };
+export { DatabaseSnapshot, TestFixtures as DbTestFixtures, HttpTestHarness, InMemoryDatabase, TestDataLoader, TestDatabase, TestHarness, TestRequestBuilder, TestSeeder, TestTransaction, createBetterAuthProvider, createBetterAuthTestHelpers, createConfigTestSuite, createDataFactory, createHttpTestHarness, createJwtAuthProvider, createMinimalTestApp, createMockController, createMockReply, createMockRepository, createMockRequest, createMockUser, createSnapshotMatcher, createSpy, createTestApp, createTestAuth, createTestHarness, createTestTimer, generateTestFile, preloadResources, preloadResourcesAsync, request, runStorageContract, safeParseBody, setupBetterAuthOrg, waitFor, withTestDb };

package/dist/testing/storageContract.d.mts

@@ -0,0 +1,26 @@
+import { t as Storage } from "../storage-BwGQXUpd.mjs";
+
+//#region src/testing/storageContract.d.ts
+interface StorageContractSetupResult {
+  storage: Storage;
+  teardown: () => Promise<void>;
+}
+type StorageContractSetup = () => Promise<StorageContractSetupResult>;
+/**
+ * Register the storage contract suite under the caller's name.
+ *
+ * Assertions covered:
+ *  1. upload() returns a StorageFile with every required field populated
+ *  2. read(upload.id) round-trips the exact bytes
+ *  3. delete() returns true on first call
+ *  4. delete() returns false (or throws) on a missing id
+ *  5. exists() (if implemented) agrees with upload/delete state
+ *  6. resolveUrl() (if implemented) returns a non-empty URL for an existing id
+ *  7. Two isolated scopes don't collide (scope threading)
+ *  8. Full lifecycle: upload → read → delete → read rejects
+ *  9. Both `kind: "stream"` and `kind: "buffer"` read results deliver correct bytes
+ * 10. Ranged reads (if adapter supports them) slice correctly
+ */
+declare function runStorageContract(name: string, setup: StorageContractSetup): void;
+//#endregion
+export { StorageContractSetup, StorageContractSetupResult, runStorageContract };

package/dist/testing/storageContract.mjs

@@ -0,0 +1,216 @@
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+//#region src/testing/storageContract.ts
+/**
+* Storage Contract Suite
+*
+* Any implementation of `@classytic/arc/types/storage`'s `Storage` interface
+* can import this and run it against a live instance to guarantee preset
+* compatibility. Passing this suite is the contract.
+*
+* @example
+* ```typescript
+* import { runStorageContract } from '@classytic/arc/testing/storage';
+* import { s3Storage } from '../src/storage/s3-storage.js';
+*
+* runStorageContract('s3Storage', async () => {
+*   const storage = s3Storage({ bucket: 'test-bucket' });
+*   return { storage, teardown: async () => {} };
+* });
+* ```
+*
+* This module statically imports `vitest`. Only load it from test code — arc's
+* production bundle never references this subpath, so the import tree stays
+* clean under tree-shaking.
+*/
+function makeBytes(size, seed = 0) {
+	const buf = Buffer.allocUnsafe(size);
+	for (let i = 0; i < size; i++) buf[i] = i + seed & 255;
+	return buf;
+}
+async function readAll(result) {
+	if (result.kind === "buffer") return result.buffer;
+	const chunks = [];
+	for await (const chunk of result.stream) chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+	return Buffer.concat(chunks);
+}
+const EMPTY_CTX = { scope: {} };
+function ctxFor(scope) {
+	return { scope };
+}
+/**
+* Register the storage contract suite under the caller's name.
+*
+* Assertions covered:
+*  1. upload() returns a StorageFile with every required field populated
+*  2. read(upload.id) round-trips the exact bytes
+*  3. delete() returns true on first call
+*  4. delete() returns false (or throws) on a missing id
+*  5. exists() (if implemented) agrees with upload/delete state
+*  6. resolveUrl() (if implemented) returns a non-empty URL for an existing id
+*  7. Two isolated scopes don't collide (scope threading)
+*  8. Full lifecycle: upload → read → delete → read rejects
+*  9. Both `kind: "stream"` and `kind: "buffer"` read results deliver correct bytes
+* 10. Ranged reads (if adapter supports them) slice correctly
+*/
+function runStorageContract(name, setup) {
+	describe(`Storage contract — ${name}`, () => {
+		let storage;
+		let teardown;
+		beforeAll(async () => {
+			const result = await setup();
+			storage = result.storage;
+			teardown = result.teardown;
+		});
+		afterAll(async () => {
+			if (teardown) await teardown();
+		});
+		it("upload() returns a populated StorageFile", async () => {
+			const bytes = makeBytes(64);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "contract-1.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			expect(file.id).toBeTruthy();
+			expect(file.url).toBeTruthy();
+			expect(file.pathname).toBeTruthy();
+			expect(file.contentType).toBe("application/octet-stream");
+			expect(file.bytes).toBe(bytes.length);
+			await storage.delete(file.id, EMPTY_CTX);
+		});
+		it("read() round-trips the exact bytes uploaded", async () => {
+			const bytes = makeBytes(1024, 7);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "contract-2.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			const read = await storage.read(file.id, EMPTY_CTX);
+			expect((await readAll(read)).equals(bytes)).toBe(true);
+			expect(read.contentType).toBe("application/octet-stream");
+			await storage.delete(file.id, EMPTY_CTX);
+		});
+		it("delete() returns true the first time, false (or throws) the second time", async () => {
+			const bytes = makeBytes(32);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "contract-3.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			expect(await storage.delete(file.id, EMPTY_CTX)).toBe(true);
+			let second = "threw";
+			try {
+				second = await storage.delete(file.id, EMPTY_CTX);
+			} catch {
+				second = "threw";
+			}
+			expect(second === false || second === "threw").toBe(true);
+		});
+		it("exists() agrees with upload/delete state (if implemented)", async () => {
+			if (!storage.exists) return;
+			const bytes = makeBytes(16);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "contract-4.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			expect(await storage.exists(file.id, EMPTY_CTX)).toBe(true);
+			await storage.delete(file.id, EMPTY_CTX);
+			expect(await storage.exists(file.id, EMPTY_CTX)).toBe(false);
+		});
+		it("resolveUrl() returns a non-empty URL for an existing id (if implemented)", async () => {
+			if (!storage.resolveUrl) return;
+			const bytes = makeBytes(8);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "contract-5.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			const url = await storage.resolveUrl(file.id, EMPTY_CTX);
+			expect(typeof url).toBe("string");
+			expect(url.length).toBeGreaterThan(0);
+			await storage.delete(file.id, EMPTY_CTX);
+		});
+		it("two different scopes get distinct ids (scope threading)", async () => {
+			const bytes = makeBytes(24, 42);
+			const scopeA = ctxFor({ organizationId: "org-a" });
+			const scopeB = ctxFor({ organizationId: "org-b" });
+			const a = await storage.upload({
+				buffer: bytes,
+				filename: "scoped.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, scopeA);
+			const b = await storage.upload({
+				buffer: bytes,
+				filename: "scoped.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, scopeB);
+			expect(a.id).not.toBe(b.id);
+			const readA = await readAll(await storage.read(a.id, scopeA));
+			const readB = await readAll(await storage.read(b.id, scopeB));
+			expect(readA.equals(bytes)).toBe(true);
+			expect(readB.equals(bytes)).toBe(true);
+			await storage.delete(a.id, scopeA);
+			await storage.delete(b.id, scopeB);
+		});
+		it("full lifecycle: upload → read → delete → read rejects", async () => {
+			const bytes = makeBytes(128);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "lifecycle.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			expect((await readAll(await storage.read(file.id, EMPTY_CTX))).equals(bytes)).toBe(true);
+			expect(await storage.delete(file.id, EMPTY_CTX)).toBe(true);
+			let rejected = false;
+			try {
+				if (!(await readAll(await storage.read(file.id, EMPTY_CTX))).equals(bytes)) rejected = true;
+			} catch {
+				rejected = true;
+			}
+			expect(rejected).toBe(true);
+		});
+		it("read() handles both stream and buffer kinds", async () => {
+			const bytes = makeBytes(256, 9);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "kind.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			const result = await storage.read(file.id, EMPTY_CTX);
+			expect(result.kind === "stream" || result.kind === "buffer").toBe(true);
+			expect((await readAll(result)).equals(bytes)).toBe(true);
+			await storage.delete(file.id, EMPTY_CTX);
+		});
+		it("read() with a mid-object range slices correctly (when adapter supports ranges)", async () => {
+			const bytes = makeBytes(1024, 13);
+			const file = await storage.upload({
+				buffer: bytes,
+				filename: "range.bin",
+				mimeType: "application/octet-stream",
+				size: bytes.length
+			}, EMPTY_CTX);
+			const result = await storage.read(file.id, EMPTY_CTX, {
+				start: 100,
+				end: 199
+			});
+			const actual = await readAll(result);
+			if (result.range) {
+				expect(actual.length).toBe(100);
+				expect(actual.equals(bytes.subarray(100, 200))).toBe(true);
+			} else expect(actual.length).toBe(bytes.length);
+			await storage.delete(file.id, EMPTY_CTX);
+		});
+	});
+}
+//#endregion
+export { runStorageContract };

package/dist/types/index.d.mts

@@ -1,5 +1,5 @@
-import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-C72d3NDn.mjs";
-import { $ as PresetFunction, $t as DeleteOptions, A as EventsDecorator, B as InferResourceDoc, Bt as FastifyHandler, C as ConfigError, Ct as TypedResourceConfig, D as CrudRouterOptions, Dt as ValidationResult, E as CrudRouteKey, Et as ValidateOptions, F as GracefulShutdownOptions, G as LookupOption, H as IntrospectionPluginOptions, Ht as IControllerResponse, I as HealthCheck, J as ObjectId, K as MiddlewareConfig, L as HealthOptions, M as FastifyWithAuth, N as FastifyWithDecorators, O as CrudSchemas, Ot as envelope, P as FieldRule, Q as PopulateOption, Qt as DeleteManyResult, R as InferAdapterDoc, Rt as ControllerHandler, S as AuthenticatorContext, St as TypedRepository, T as CrudController, Tt as UserOrganization, U as JWTPayload, Ut as IRequestContext, V as IntrospectionData, Vt as IController, W as JwtContext, Wt as RouteHandler, X as OwnershipCheck, Xt as BulkWriteResult, Y as OpenApiSchemas, Yt as BulkWriteOperation, Z as ParsedQuery, Zt as CrudRepository, _ as ArcInternalMetadata, _t as RouteMcpConfig, an as PaginationParams, at as RegistryStats, b as AuthPluginOptions, bt as TokenPair, cn as RepositorySession, ct as RequestWithExtras, d as ActionHandlerFn, dt as ResourceHookContext, en as DeleteResult, et as PresetHook, f as ActionsMap, ft as ResourceHooks, g as ArcDecorator, gt as RouteHandlerMethod, h as ApiResponse, ht as RouteDefinition, in as PaginatedResult, it as RegistryEntry, j as FastifyRequestExtras, jt as BaseControllerOptions, k as EventDefinition, kt as getUserId, l as ActionDefinition, ln as UpdateManyResult, lt as ResourceCacheConfig, m as AnyRecord, mt as ResourcePermissions, nn as KeysetPaginatedResult, nt as QueryParserInterface, on as PaginationResult, ot as RequestContext, p as AdditionalRoute, pt as ResourceMetadata, q as MiddlewareHandler, rn as OffsetPaginatedResult, rt as RateLimitConfig, sn as QueryOptions, st as RequestIdOptions, tn as InferDoc, tt as PresetResult, u as ActionEntry, un as WriteOptions, ut as ResourceConfig, v as ArcRequest, vt as RouteSchemaOptions, w as ControllerQueryOptions, wt as UserLike, x as Authenticator, xt as TypedController, y as AuthHelpers, yt as ServiceContext, z as InferDocType, zt as ControllerLike } from "../interface-BVuMfeVv.mjs";
-import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "../types-CVC4HOKi.mjs";
-import { n as ElevationOptions, t as ElevationEvent } from "../elevation-s5ykdNHr.mjs";
-export { AUTHENTICATED_SCOPE, ActionDefinition, ActionEntry, ActionHandlerFn, ActionsMap, AdditionalRoute, AnyRecord, ApiResponse, ArcDecorator, ArcInternalMetadata, ArcRequest, AuthHelpers, AuthPluginOptions, Authenticator, AuthenticatorContext, BaseControllerOptions, BulkWriteOperation, BulkWriteResult, ConfigError, ControllerHandler, ControllerLike, ControllerQueryOptions, CrudController, CrudRepository, CrudRouteKey, CrudRouterOptions, CrudSchemas, DeleteManyResult, DeleteOptions, DeleteResult, ElevationEvent, ElevationOptions, EventDefinition, EventsDecorator, FastifyHandler, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, GracefulShutdownOptions, HealthCheck, HealthOptions, IController, IControllerResponse, IRequestContext, InferAdapterDoc, InferDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, JwtContext, KeysetPaginatedResult, LookupOption, MiddlewareConfig, MiddlewareHandler, ObjectId, OffsetPaginatedResult, OpenApiSchemas, OwnershipCheck, PUBLIC_SCOPE, PaginatedResult, PaginationParams, PaginationResult, ParsedQuery, PermissionCheck, PermissionContext, PermissionResult, PopulateOption, PresetFunction, PresetHook, PresetResult, QueryOptions, QueryParserInterface, RateLimitConfig, RegistryEntry, RegistryStats, RepositorySession, RequestContext, RequestIdOptions, RequestScope, RequestWithExtras, ResourceCacheConfig, ResourceConfig, ResourceHookContext, ResourceHooks, ResourceMetadata, ResourcePermissions, RouteDefinition, RouteHandler, RouteHandlerMethod, RouteMcpConfig, RouteSchemaOptions, ServiceContext, TokenPair, TypedController, TypedRepository, TypedResourceConfig, UpdateManyResult, UserBase, UserLike, UserOrganization, ValidateOptions, ValidationResult, WriteOptions, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };
+import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-BD85MlEK.mjs";
+import { $ as PresetHook, $t as DeleteResult, A as FastifyRequestExtras, At as BaseControllerOptions, B as IntrospectionData, Bt as IController, C as ControllerQueryOptions, Ct as UserLike, D as CrudSchemas, Dt as envelope, E as CrudRouterOptions, Et as ValidationResult, F as HealthCheck, G as MiddlewareConfig, H as JWTPayload, Ht as IRequestContext, I as HealthOptions, J as OpenApiSchemas, Jt as BulkWriteOperation, K as MiddlewareHandler, L as InferAdapterDoc, Lt as ControllerHandler, M as FastifyWithDecorators, N as FieldRule, O as EventDefinition, Ot as getUserId, P as GracefulShutdownOptions, Q as PresetFunction, Qt as DeleteOptions, R as InferDocType, Rt as ControllerLike, S as ConfigError, St as TypedResourceConfig, T as CrudRouteKey, Tt as ValidateOptions, U as JwtContext, Ut as RouteHandler, V as IntrospectionPluginOptions, Vt as IControllerResponse, W as LookupOption, X as ParsedQuery, Xt as CrudRepository, Y as OwnershipCheck, Yt as BulkWriteResult, Z as PopulateOption, Zt as DeleteManyResult, _ as ArcRequest, _t as RouteSchemaOptions, an as PaginationParams, at as RequestContext, b as Authenticator, bt as TypedController, cn as RepositorySession, ct as ResourceCacheConfig, d as ActionHandlerFn, dt as ResourceHooks, en as FindOneAndUpdateOptions, et as PresetResult, f as ActionsMap, ft as ResourceMetadata, g as ArcInternalMetadata, gt as RouteMcpConfig, h as ArcDecorator, ht as RouteHandlerMethod, in as PaginatedResult, it as RegistryStats, j as FastifyWithAuth, k as EventsDecorator, l as ActionDefinition, ln as UpdateManyResult, lt as ResourceConfig, m as ApiResponse, mt as RouteDefinition, nn as KeysetPaginatedResult, nt as RateLimitConfig, on as PaginationResult, ot as RequestIdOptions, p as AnyRecord, pt as ResourcePermissions, q as ObjectId, rn as OffsetPaginatedResult, rt as RegistryEntry, sn as QueryOptions, st as RequestWithExtras, tn as InferDoc, tt as QueryParserInterface, u as ActionEntry, un as WriteOptions, ut as ResourceHookContext, v as AuthHelpers, vt as ServiceContext, w as CrudController, wt as UserOrganization, x as AuthenticatorContext, xt as TypedRepository, y as AuthPluginOptions, yt as TokenPair, z as InferResourceDoc, zt as FastifyHandler } from "../interface-YrWsmKqE.mjs";
+import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "../types-DZi1aYhm.mjs";
+import { n as ElevationOptions, t as ElevationEvent } from "../elevation-B6S5csVA.mjs";
+export { AUTHENTICATED_SCOPE, ActionDefinition, ActionEntry, ActionHandlerFn, ActionsMap, AnyRecord, ApiResponse, ArcDecorator, ArcInternalMetadata, ArcRequest, AuthHelpers, AuthPluginOptions, Authenticator, AuthenticatorContext, BaseControllerOptions, BulkWriteOperation, BulkWriteResult, ConfigError, ControllerHandler, ControllerLike, ControllerQueryOptions, CrudController, CrudRepository, CrudRouteKey, CrudRouterOptions, CrudSchemas, DeleteManyResult, DeleteOptions, DeleteResult, ElevationEvent, ElevationOptions, EventDefinition, EventsDecorator, FastifyHandler, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, FindOneAndUpdateOptions, GracefulShutdownOptions, HealthCheck, HealthOptions, IController, IControllerResponse, IRequestContext, InferAdapterDoc, InferDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, JwtContext, KeysetPaginatedResult, LookupOption, MiddlewareConfig, MiddlewareHandler, ObjectId, OffsetPaginatedResult, OpenApiSchemas, OwnershipCheck, PUBLIC_SCOPE, PaginatedResult, PaginationParams, PaginationResult, ParsedQuery, PermissionCheck, PermissionContext, PermissionResult, PopulateOption, PresetFunction, PresetHook, PresetResult, QueryOptions, QueryParserInterface, RateLimitConfig, RegistryEntry, RegistryStats, RepositorySession, RequestContext, RequestIdOptions, RequestScope, RequestWithExtras, ResourceCacheConfig, ResourceConfig, ResourceHookContext, ResourceHooks, ResourceMetadata, ResourcePermissions, RouteDefinition, RouteHandler, RouteHandlerMethod, RouteMcpConfig, RouteSchemaOptions, ServiceContext, TokenPair, TypedController, TypedRepository, TypedResourceConfig, UpdateManyResult, UserBase, UserLike, UserOrganization, ValidateOptions, ValidationResult, WriteOptions, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };

package/dist/types/storage.d.mts

@@ -0,0 +1,2 @@
+import { a as StorageReadResult, i as StorageReadRange, n as StorageContext, o as StorageUploadInput, r as StorageFile, t as Storage } from "../storage-BwGQXUpd.mjs";
+export { Storage, StorageContext, StorageFile, StorageReadRange, StorageReadResult, StorageUploadInput };

package/dist/types/storage.mjs

@@ -0,0 +1 @@
+export {};

package/dist/{types-CcG4avic.d.mts → types-CoSzA-s-.d.mts}

@@ -1,4 +1,4 @@
-import { qt as ResourceDefinition } from "./interface-BVuMfeVv.mjs";
+import { Kt as ResourceDefinition } from "./interface-YrWsmKqE.mjs";
 import { z } from "zod";
 
 //#region src/integrations/mcp/types.d.ts

package/dist/{types-Bg2X42_m.d.mts → types-CunEX4UX.d.mts}

@@ -1,11 +1,11 @@
-import { x as Authenticator } from "./interface-BVuMfeVv.mjs";
-import { n as ElevationOptions } from "./elevation-s5ykdNHr.mjs";
+import { b as Authenticator } from "./interface-YrWsmKqE.mjs";
+import { n as ElevationOptions } from "./elevation-B6S5csVA.mjs";
 import { t as ExternalOpenApiPaths } from "./externalPaths-Bapitwvd.mjs";
 import { i as CacheStore } from "./interface-DplgQO2e.mjs";
 import { r as QueryCachePluginOptions } from "./queryCachePlugin-CnTZZTC5.mjs";
-import { i as EventTransport } from "./EventTransport-CinyO7zQ.mjs";
-import { t as EventPluginOptions } from "./eventPlugin-CVxlE6De.mjs";
-import { f as SSEOptions, h as CachingOptions, i as VersioningOptions, l as MetricsOptions, t as ErrorHandlerOptions } from "./errorHandler-CdZDavNH.mjs";
+import { o as EventTransport } from "./EventTransport-CqZ8FyM_.mjs";
+import { t as EventPluginOptions } from "./eventPlugin-BxvaCIZF.mjs";
+import { a as VersioningOptions, g as CachingOptions, p as SSEOptions, t as ErrorHandlerOptions, u as MetricsOptions } from "./errorHandler-DixGcttC.mjs";
 import { r as IdempotencyStore } from "./interface-B-pe8fhj.mjs";
 import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest, FastifyServerOptions } from "fastify";
 
@@ -409,6 +409,8 @@ interface CreateAppOptions {
   debug?: boolean | string;
   /** Trust proxy headers (X-Forwarded-For, etc.) */
   trustProxy?: boolean;
+  /** Fastify plugin/onReady timeout in ms (default: 10_000). Raise for slow boot work (index materialisation, WAL replay, external warm-up). */
+  pluginTimeout?: number;
   /**
    * Auth configuration
    *

package/dist/{types-CVC4HOKi.d.mts → types-DZi1aYhm.d.mts}

@@ -1,4 +1,4 @@
-import { r as RequestScope } from "./types-C72d3NDn.mjs";
+import { r as RequestScope } from "./types-BD85MlEK.mjs";
 import { FastifyRequest } from "fastify";
 
 //#region src/permissions/types.d.ts

package/dist/utils/index.d.mts

@@ -1,5 +1,5 @@
-import { Y as OpenApiSchemas, Z as ParsedQuery, m as AnyRecord, nt as QueryParserInterface } from "../interface-BVuMfeVv.mjs";
-import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-Bmn3eZT6.mjs";
+import { J as OpenApiSchemas, X as ParsedQuery, p as AnyRecord, tt as QueryParserInterface } from "../interface-YrWsmKqE.mjs";
+import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-BI8kEKsO.mjs";
 import { a as CircuitBreakerStats, c as createCircuitBreakerRegistry, i as CircuitBreakerRegistry, n as CircuitBreakerError, o as CircuitState, r as CircuitBreakerOptions, s as createCircuitBreaker, t as CircuitBreaker } from "../circuitBreaker-CvXkjfrW.mjs";
 import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
 
@@ -506,6 +506,14 @@ declare function getListQueryParams(): AnyRecord;
 declare function getDefaultCrudSchemas(): Record<string, Record<string, unknown>>;
 //#endregion
 //#region src/utils/schemaConverter.d.ts
+/**
+ * Supported JSON Schema output targets for Zod v4's `toJSONSchema()`.
+ * - `draft-7`: Fastify/AJV validation (default)
+ * - `draft-2020-12`: AJV 2020 (opt-in, requires ajv/dist/2020)
+ * - `openapi-3.0`: OpenAPI 3.0 document generation
+ * - `openapi-3.1`: OpenAPI 3.1 document generation
+ */
+type JsonSchemaTarget = "draft-7" | "draft-2020-12" | "openapi-3.0" | "openapi-3.1";
 /**
  * Check if an object is already a plain JSON Schema.
  * Returns true if it has JSON Schema markers (`type`, `properties`, `$ref`,
@@ -522,15 +530,22 @@ declare function isZodSchema(input: unknown): boolean;
  * Detection order:
  * 1. `null`/`undefined` → `undefined`
  * 2. Already JSON Schema → pass through as-is (zero overhead)
- * 3. Zod v4 schema → `z.toJSONSchema(schema, { target: 'openapi-3.0' })`
+ * 3. Zod v4 schema → `z.toJSONSchema(schema, { target })`
  * 4. Unrecognized object → return as-is (treat as opaque schema)
+ *
+ * @param input Schema (Zod, plain JSON Schema, or opaque object)
+ * @param target Output target — defaults to `draft-7` for Fastify compatibility.
+ *               Pass `openapi-3.0`/`openapi-3.1` for OpenAPI document generation.
  */
-declare function toJsonSchema(input: unknown): Record<string, unknown> | undefined;
+declare function toJsonSchema(input: unknown, target?: JsonSchemaTarget): Record<string, unknown> | undefined;
 /**
  * Convert all schema fields in an OpenApiSchemas object.
  * JSON Schema values pass through unchanged. Only Zod schemas are converted.
+ *
+ * Defaults to the `openapi-3.0` target since this function feeds OpenAPI doc
+ * generation, not Fastify route validation.
  */
-declare function convertOpenApiSchemas(schemas: OpenApiSchemas): OpenApiSchemas;
+declare function convertOpenApiSchemas(schemas: OpenApiSchemas, target?: JsonSchemaTarget): OpenApiSchemas;
 /**
  * Convert schema values in a Fastify route schema record.
  *
@@ -539,9 +554,12 @@ declare function convertOpenApiSchemas(schemas: OpenApiSchemas): OpenApiSchemas;
  *
  * JSON Schema values pass through unchanged. Only Zod schemas are converted.
  *
- * Used for both additionalRoutes and customSchemas (CRUD overrides).
+ * Used for both custom routes and customSchemas (CRUD overrides).
+ *
+ * Defaults to `draft-7` so Fastify v5's bundled AJV 8 accepts the output.
+ * Pass `openapi-3.0` (or `openapi-3.1`) when generating OpenAPI documents.
  */
-declare function convertRouteSchema(schema: Record<string, unknown>): Record<string, unknown>;
+declare function convertRouteSchema(schema: Record<string, unknown>, target?: JsonSchemaTarget): Record<string, unknown>;
 //#endregion
 //#region src/utils/stateMachine.d.ts
 /**
@@ -673,4 +691,4 @@ declare function hasEvents(instance: FastifyInstance): instance is FastifyInstan
   events: EventsDecorator;
 };
 //#endregion
-export { ArcError, ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type CompensationDefinition, type CompensationError, type CompensationHooks, type CompensationResult, type CompensationStep, ConflictError, type ErrorDetails, type EventsDecorator, ForbiddenError, type Guard, type GuardConfig, type JsonSchema, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, type StateMachine, type TransitionConfig, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };
+export { ArcError, ArcQueryParser, type ArcQueryParserOptions, CircuitBreaker, CircuitBreakerError, type CircuitBreakerOptions, CircuitBreakerRegistry, type CircuitBreakerStats, CircuitState, type CompensationDefinition, type CompensationError, type CompensationHooks, type CompensationResult, type CompensationStep, ConflictError, type ErrorDetails, type EventsDecorator, ForbiddenError, type Guard, type GuardConfig, type JsonSchema, type JsonSchemaTarget, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, type StateMachine, type TransitionConfig, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/utils/index.mjs

@@ -1,7 +1,7 @@
-import { n as createQueryParser, t as ArcQueryParser } from "../queryParser-CgCtsjti.mjs";
-import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-OxfCshus.mjs";
-import { a as createCircuitBreaker, i as CircuitState, n as CircuitBreakerError, o as createCircuitBreakerRegistry, r as CircuitBreakerRegistry, t as CircuitBreaker } from "../circuitBreaker-cmi5XDv5.mjs";
-import { _ as withCompensation, a as getListQueryParams, c as mutationResponse, d as responses, f as successResponseSchema, g as defineCompensation, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams } from "../utils-yYT3HDXt.mjs";
-import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-BF2bIOIS.mjs";
-import { t as hasEvents } from "../typeGuards-CcFZXgU7.mjs";
+import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-CqWnSqM-.mjs";
+import { n as createQueryParser, t as ArcQueryParser } from "../queryParser-Cs-6SHQK.mjs";
+import { a as createCircuitBreaker, i as CircuitState, n as CircuitBreakerError, o as createCircuitBreakerRegistry, r as CircuitBreakerRegistry, t as CircuitBreaker } from "../circuitBreaker-l18oRgL5.mjs";
+import { _ as withCompensation, a as getListQueryParams, c as mutationResponse, d as responses, f as successResponseSchema, g as defineCompensation, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams } from "../utils-B7FuRr9w.mjs";
+import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-BxFDdtXu.mjs";
+import { t as hasEvents } from "../typeGuards-Cj5Rgvlg.mjs";
 export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/{utils-yYT3HDXt.mjs → utils-B7FuRr9w.mjs}

@@ -1,4 +1,4 @@
-import { t as ArcError } from "./errors-BF2bIOIS.mjs";
+import { t as ArcError } from "./errors-CqWnSqM-.mjs";
 //#region src/utils/compensation.ts
 /**
 * Run steps in order with automatic compensation on failure.