@classytic/arc 2.8.4 → 2.9.1

package/dist/filesUpload-q8oHt--L.mjs

@@ -0,0 +1,377 @@
+import { o as getOrgId, p as getUserId } from "./types-AOD8fxIw.mjs";
+import { i as NotFoundError, u as ValidationError } from "./errors-CqWnSqM-.mjs";
+import { n as allowPublic, s as requireAuth } from "./permissions-oNZawnkR.mjs";
+//#region src/middleware/multipartBody.ts
+const DEFAULT_MAX_FILE_SIZE$1 = 10 * 1024 * 1024;
+const DEFAULT_MAX_FILES = 5;
+const DEFAULT_FILES_KEY = "_files";
+/**
+* Build a matcher for MIME allow-lists that supports exact (e.g. `image/png`),
+* subtype wildcards (e.g. `image/\*`), and total wildcards (`\*` or `\*\/\*`).
+*
+* Returns `undefined` when no filter is needed — either because the option
+* was omitted or because a total wildcard was present.
+*/
+function buildMimeMatcher(allowed) {
+	if (!allowed || allowed.length === 0) return void 0;
+	const exact = /* @__PURE__ */ new Set();
+	const prefixes = [];
+	for (const entry of allowed) {
+		const value = entry.trim().toLowerCase();
+		if (!value) continue;
+		if (value === "*" || value === "*/*") return void 0;
+		if (value.endsWith("/*")) prefixes.push(value.slice(0, -1));
+		else exact.add(value);
+	}
+	if (exact.size === 0 && prefixes.length === 0) return void 0;
+	return {
+		matches(mime) {
+			const m = mime.toLowerCase();
+			if (exact.has(m)) return true;
+			for (const p of prefixes) if (m.startsWith(p)) return true;
+			return false;
+		},
+		describe() {
+			return [...exact, ...prefixes.map((p) => `${p}*`)].join(", ");
+		}
+	};
+}
+/**
+* Create a multipart body parsing middleware.
+*
+* When a request has `content-type: multipart/form-data`, this middleware:
+* 1. Reads all parts (fields + files)
+* 2. Sets text fields on `req.body` as a plain object
+* 3. Attaches file buffers to `req.body[filesKey]` (default: `req.body._files`)
+*
+* For non-multipart requests (regular JSON), this is a no-op — the request
+* passes through unchanged. This makes it safe to add to create/update
+* middlewares without breaking JSON clients.
+*/
+function multipartBody(options = {}) {
+	const maxFileSize = options.maxFileSize ?? DEFAULT_MAX_FILE_SIZE$1;
+	const maxFiles = options.maxFiles ?? DEFAULT_MAX_FILES;
+	const mimeMatcher = buildMimeMatcher(options.allowedMimeTypes);
+	const filesKey = options.filesKey ?? DEFAULT_FILES_KEY;
+	const requiredFields = options.requiredFields && options.requiredFields.length > 0 ? options.requiredFields : void 0;
+	return async function parseMultipartBody(request, reply) {
+		if (!(request.headers["content-type"] ?? "").includes("multipart/form-data")) return;
+		if (typeof request.parts !== "function") {
+			request.log.warn("multipartBody middleware: @fastify/multipart not registered. Ensure createApp() has multipart enabled (default) or install @fastify/multipart.");
+			return;
+		}
+		const body = {};
+		const files = {};
+		let fileCount = 0;
+		try {
+			const parts = request.parts();
+			for await (const part of parts) if (part.type === "file") {
+				if (fileCount >= maxFiles) continue;
+				if (mimeMatcher && !mimeMatcher.matches(part.mimetype)) return reply.code(415).send({
+					success: false,
+					error: `File type '${part.mimetype}' not allowed. Accepted: ${mimeMatcher.describe()}`
+				});
+				const buffer = await part.toBuffer();
+				if (buffer.length > maxFileSize) return reply.code(413).send({
+					success: false,
+					error: `File '${part.filename}' exceeds maximum size of ${Math.round(maxFileSize / 1024 / 1024)}MB`
+				});
+				files[part.fieldname] = {
+					filename: part.filename,
+					mimetype: part.mimetype,
+					buffer,
+					size: buffer.length,
+					fieldname: part.fieldname
+				};
+				fileCount++;
+			} else body[part.fieldname] = tryParseValue(part.value);
+		} catch (err) {
+			request.log.error({ err }, "multipartBody: failed to parse multipart form");
+			return reply.code(400).send({
+				success: false,
+				error: "Failed to parse multipart form data"
+			});
+		}
+		if (requiredFields) {
+			const missing = requiredFields.filter((name) => !(name in files));
+			if (missing.length > 0) return reply.code(400).send({
+				success: false,
+				error: `Missing required file field${missing.length > 1 ? "s" : ""}: ${missing.join(", ")}`,
+				code: "MISSING_FILE_FIELDS",
+				details: { missing }
+			});
+		}
+		if (fileCount > 0) body[filesKey] = files;
+		request.body = body;
+	};
+}
+/**
+* Try to parse a form field value as JSON, number, or boolean.
+* Falls back to the raw string if parsing fails.
+*/
+function tryParseValue(value) {
+	if (value === "true") return true;
+	if (value === "false") return false;
+	if (value === "null") return null;
+	if (/^-?\d+(\.\d+)?$/.test(value) && value.length < 16) {
+		const num = Number(value);
+		if (Number.isFinite(num)) return num;
+	}
+	if (value.startsWith("{") && value.endsWith("}") || value.startsWith("[") && value.endsWith("]")) try {
+		return JSON.parse(value);
+	} catch {}
+	return value;
+}
+//#endregion
+//#region src/presets/filesUpload.ts
+const DEFAULT_FIELD_NAME = "file";
+const DEFAULT_MAX_FILE_SIZE = 10 * 1024 * 1024;
+function defaultContextFrom(scope) {
+	if (!scope) return {};
+	const userId = getUserId(scope);
+	const organizationId = getOrgId(scope);
+	const ctx = {};
+	if (userId !== void 0) ctx.userId = userId;
+	if (organizationId !== void 0) ctx.organizationId = organizationId;
+	return ctx;
+}
+function buildStorageContext(request, contextFrom) {
+	const scope = request.scope;
+	return {
+		scope: contextFrom(scope),
+		requestId: request.id
+	};
+}
+/**
+* Parse a single-range `Range: bytes=start-end` header.
+*
+* Returns `undefined` when the header is missing or unparseable. Only
+* satisfiable single ranges are supported — multi-range requests fall through
+* to the full-object response (per RFC 7233 §4.1 a server MAY ignore ranges).
+*/
+function parseRangeHeader(header, totalSize) {
+	if (!header || !header.startsWith("bytes=")) return void 0;
+	const spec = header.slice(6).split(",")[0]?.trim();
+	if (!spec) return void 0;
+	const dashIndex = spec.indexOf("-");
+	if (dashIndex === -1) return void 0;
+	const startRaw = spec.slice(0, dashIndex);
+	const endRaw = spec.slice(dashIndex + 1);
+	if (startRaw === "") {
+		if (totalSize === void 0) return void 0;
+		const suffix = Number(endRaw);
+		if (!Number.isFinite(suffix) || suffix <= 0) return void 0;
+		return {
+			start: Math.max(0, totalSize - suffix),
+			end: totalSize - 1
+		};
+	}
+	const start = Number(startRaw);
+	if (!Number.isFinite(start) || start < 0) return void 0;
+	if (endRaw === "") {
+		if (totalSize === void 0) return void 0;
+		return {
+			start,
+			end: totalSize - 1
+		};
+	}
+	const end = Number(endRaw);
+	if (!Number.isFinite(end) || end < start) return void 0;
+	if (totalSize !== void 0 && end >= totalSize) return {
+		start,
+		end: totalSize - 1
+	};
+	return {
+		start,
+		end
+	};
+}
+/**
+* Strict policy — rejects filenames that could escape a storage root or
+* confuse a filesystem. Safe default for disk/S3 adapters that compose
+* `${prefix}/${filename}` or `path.join(root, filename)`.
+*/
+function strictFilenamePolicy(filename) {
+	if (filename.length === 0) throw new ValidationError("Upload filename is empty");
+	if (filename.length > 255) throw new ValidationError("Upload filename exceeds 255 characters");
+	if (filename.includes("\0")) throw new ValidationError("Upload filename contains a NUL byte");
+	if (filename.includes("/") || filename.includes("\\")) throw new ValidationError("Upload filename contains a path separator");
+	if (filename === "." || filename === "..") throw new ValidationError("Upload filename is a path traversal component");
+	return filename;
+}
+/** Resolve the user-supplied policy option into a concrete validator. */
+function resolveFilenamePolicy(policy) {
+	if (policy === void 0 || policy === true) return strictFilenamePolicy;
+	if (policy === false || policy === "*") return (f) => f;
+	if (typeof policy === "function") return (filename) => {
+		const result = policy(filename);
+		if (result === false) throw new ValidationError(`Upload filename rejected: ${filename}`);
+		if (typeof result === "string") return result;
+		return filename;
+	};
+	return strictFilenamePolicy;
+}
+function makeUploadHandler(deps) {
+	return async function uploadHandler(request, reply) {
+		const file = (request.body?._files)?.[deps.fieldName];
+		if (!file) throw new ValidationError(`Missing file field '${deps.fieldName}' in multipart body`);
+		const filename = deps.applyFilenamePolicy(file.filename);
+		const ctx = buildStorageContext(request, deps.contextFrom);
+		const result = await deps.storage.upload({
+			buffer: file.buffer,
+			filename,
+			mimeType: file.mimetype,
+			size: file.size
+		}, ctx);
+		return reply.code(201).send({
+			success: true,
+			data: toResponseFile(result)
+		});
+	};
+}
+function toResponseFile(file) {
+	const payload = {
+		id: file.id,
+		url: file.url,
+		pathname: file.pathname,
+		contentType: file.contentType,
+		bytes: file.bytes
+	};
+	if (file.metadata !== void 0) payload.metadata = file.metadata;
+	return payload;
+}
+function makeReadHandler(deps) {
+	return async function readHandler(request, reply) {
+		const { id } = request.params;
+		const ctx = buildStorageContext(request, deps.contextFrom);
+		reply.header("Accept-Ranges", "bytes");
+		const rangeHeader = request.headers.range;
+		let result;
+		try {
+			const parsed = rangeHeader ? parseRangeHeader(rangeHeader, void 0) : void 0;
+			result = await deps.storage.read(id, ctx, parsed);
+		} catch (err) {
+			throw toNotFound(err, "File", id);
+		}
+		if (result.kind === "buffer") return sendBuffer(reply, result, rangeHeader);
+		return sendStream(reply, result, rangeHeader);
+	};
+}
+function sendBuffer(reply, result, rangeHeader) {
+	reply.type(result.contentType);
+	const total = result.totalBytes ?? result.buffer.length;
+	if (result.range) {
+		const { start, end } = result.range;
+		reply.code(206);
+		reply.header("Content-Range", `bytes ${start}-${end}/${total}`);
+		reply.header("Content-Length", String(result.buffer.length));
+		return reply.send(result.buffer);
+	}
+	if (rangeHeader) {
+		const parsed = parseRangeHeader(rangeHeader, total);
+		if (parsed) {
+			const slice = result.buffer.subarray(parsed.start, parsed.end + 1);
+			reply.code(206);
+			reply.header("Content-Range", `bytes ${parsed.start}-${parsed.end}/${total}`);
+			reply.header("Content-Length", String(slice.length));
+			return reply.send(slice);
+		}
+	}
+	reply.header("Content-Length", String(result.buffer.length));
+	return reply.send(result.buffer);
+}
+function sendStream(reply, result, rangeHeader) {
+	reply.type(result.contentType);
+	if (result.range && result.bytes !== void 0) {
+		const { start, end } = result.range;
+		reply.code(206);
+		reply.header("Content-Range", `bytes ${start}-${end}/${result.bytes}`);
+		reply.header("Content-Length", String(end - start + 1));
+	} else if (result.bytes !== void 0) {
+		reply.header("Content-Length", String(result.bytes));
+		if (rangeHeader) reply.request.log.debug({ url: reply.request.url }, "filesUploadPreset: adapter returned unsliced stream for a range request — sending full object");
+	}
+	return reply.send(result.stream);
+}
+function makeDeleteHandler(deps) {
+	return async function deleteHandler(request, reply) {
+		const { id } = request.params;
+		const ctx = buildStorageContext(request, deps.contextFrom);
+		if (!await deps.storage.delete(id, ctx)) throw new NotFoundError("File", id);
+		return reply.code(204).send();
+	};
+}
+function toNotFound(err, resource, id) {
+	if (err instanceof NotFoundError) return err;
+	const maybe = err;
+	if (maybe?.statusCode === 404 || maybe?.code === "NOT_FOUND") return new NotFoundError(resource, id);
+	if (typeof maybe?.message === "string" && /not\s*found/i.test(maybe.message)) return new NotFoundError(resource, id);
+	return err;
+}
+/**
+* Create a files-upload preset bound to a `Storage` adapter.
+*
+* The preset uses `raw: true` routes so binary responses bypass arc's JSON
+* envelope. Upload still returns the standard `{ success: true, data }`
+* envelope manually because the response is structured metadata, not bytes.
+*/
+function filesUploadPreset(options) {
+	if (!options?.storage) throw new Error("filesUploadPreset: `storage` is required");
+	const deps = {
+		storage: options.storage,
+		fieldName: options.fieldName ?? DEFAULT_FIELD_NAME,
+		contextFrom: options.contextFrom ?? defaultContextFrom,
+		applyFilenamePolicy: resolveFilenamePolicy(options.sanitizeFilename)
+	};
+	const maxFileSize = options.maxFileSize ?? DEFAULT_MAX_FILE_SIZE;
+	const allowedMimeTypes = options.allowedMimeTypes;
+	const includeRoutes = {
+		upload: options.includeRoutes?.upload ?? true,
+		read: options.includeRoutes?.read ?? true,
+		delete: options.includeRoutes?.delete ?? true
+	};
+	return {
+		name: "filesUpload",
+		routes: (permissions) => {
+			const routes = [];
+			if (includeRoutes.upload) routes.push({
+				method: "POST",
+				path: "/upload",
+				operation: "filesUpload.upload",
+				summary: "Upload a file",
+				description: "Accepts a multipart/form-data request and persists the bytes via the configured Storage adapter.",
+				permissions: options.permissions?.upload ?? permissions.create ?? requireAuth(),
+				preHandler: [multipartBody({
+					maxFileSize,
+					allowedMimeTypes,
+					requiredFields: [deps.fieldName]
+				})],
+				raw: true,
+				handler: makeUploadHandler(deps)
+			});
+			if (includeRoutes.read) routes.push({
+				method: "GET",
+				path: "/:id",
+				operation: "filesUpload.read",
+				summary: "Download a file",
+				description: "Streams the stored bytes. Supports single-range `Range: bytes=start-end`.",
+				permissions: options.permissions?.read ?? permissions.get ?? allowPublic(),
+				raw: true,
+				handler: makeReadHandler(deps),
+				mcp: false
+			});
+			if (includeRoutes.delete) routes.push({
+				method: "DELETE",
+				path: "/:id",
+				operation: "filesUpload.delete",
+				summary: "Delete a file",
+				permissions: options.permissions?.delete ?? permissions.delete ?? requireAuth(),
+				raw: true,
+				handler: makeDeleteHandler(deps)
+			});
+			return routes;
+		}
+	};
+}
+//#endregion
+export { filesUploadPreset as t };

package/dist/hooks/index.d.mts

@@ -1,2 +1,2 @@
-import { An as beforeCreate, Cn as HookPhase, Dn as afterCreate, En as HookSystemOptions, Mn as beforeUpdate, Nn as createHookSystem, On as afterDelete, Pn as defineHook, Sn as HookOperation, Tn as HookSystem, bn as HookContext, jn as beforeDelete, kn as afterUpdate, wn as HookRegistration, xn as HookHandler, yn as DefineHookOptions } from "../interface-BVuMfeVv.mjs";
+import { An as beforeCreate, Cn as HookPhase, Dn as afterCreate, En as HookSystemOptions, Mn as beforeUpdate, Nn as createHookSystem, On as afterDelete, Pn as defineHook, Sn as HookOperation, Tn as HookSystem, bn as HookContext, jn as beforeDelete, kn as afterUpdate, wn as HookRegistration, xn as HookHandler, yn as DefineHookOptions } from "../interface-YrWsmKqE.mjs";
 export { type DefineHookOptions, type HookContext, type HookHandler, type HookOperation, type HookPhase, type HookRegistration, HookSystem, type HookSystemOptions, afterCreate, afterDelete, afterUpdate, beforeCreate, beforeDelete, beforeUpdate, createHookSystem, defineHook };

package/dist/idempotency/index.d.mts

@@ -1,6 +1,6 @@
+import { o as RepositoryLike } from "../interface-YrWsmKqE.mjs";
 import { i as createIdempotencyResult, n as IdempotencyResult, r as IdempotencyStore, t as IdempotencyLock } from "../interface-B-pe8fhj.mjs";
-import { n as MongoIdempotencyStoreOptions } from "../mongodb-X7LbEjTN.mjs";
-import { r as RedisIdempotencyStoreOptions, t as RedisClient } from "../redis-z3sFr1UP.mjs";
+import { i as RedisIdempotencyStoreOptions, n as RedisClient } from "../redis-MXLp1oOf.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/idempotency/idempotencyPlugin.d.ts
@@ -19,10 +19,34 @@ interface IdempotencyPluginOptions {
   include?: RegExp[];
   /** URL patterns to exclude (regex). Excluded patterns take precedence */
   exclude?: RegExp[];
-  /** Custom store (default: MemoryIdempotencyStore) */
+  /**
+   * Repository managing the idempotency collection. Arc consumes it directly
+   * — no wrapper classes. Requires `getOne`, `deleteMany`, and
+   * `findOneAndUpdate` (mongokit ≥3.8 implements all three). Pass any
+   * `RepositoryLike` that matches.
+   *
+   * Use `store` (below) when your backend isn't a repository (Redis, memory
+   * for tests, custom). `repository` takes precedence when both are passed.
+   */
+  repository?: RepositoryLike;
+  /**
+   * Non-repository store. Use for Redis (the canonical multi-instance
+   * backend when you don't already have a DB repository), memory (tests),
+   * or custom implementations of `IdempotencyStore`.
+   *
+   * Default: `MemoryIdempotencyStore`.
+   */
   store?: IdempotencyStore;
   /** Retry-After header value in seconds when request is in-flight (default: 1) */
   retryAfterSeconds?: number;
+  /**
+   * Namespace key folded into the fingerprint — use when two deployments share
+   * a single store but should not replay each other's responses (e.g. `api`
+   * vs `jobs` with the same Redis, or prod vs canary sharing one cluster).
+   *
+   * Omit for the common case where the store is per-deployment.
+   */
+  namespace?: string;
 }
 declare module "fastify" {
   interface FastifyRequest {
@@ -93,4 +117,4 @@ declare class MemoryIdempotencyStore implements IdempotencyStore {
   private evictOldest;
 }
 //#endregion
-export { type IdempotencyLock, type IdempotencyPluginOptions, type IdempotencyResult, type IdempotencyStore, MemoryIdempotencyStore, type MemoryIdempotencyStoreOptions, type MongoIdempotencyStoreOptions, type RedisClient, type RedisIdempotencyStoreOptions, createIdempotencyResult, _default as idempotencyPlugin, idempotencyPlugin as idempotencyPluginFn };
+export { type IdempotencyLock, type IdempotencyPluginOptions, type IdempotencyResult, type IdempotencyStore, MemoryIdempotencyStore, type MemoryIdempotencyStoreOptions, type RedisClient, type RedisIdempotencyStoreOptions, createIdempotencyResult, _default as idempotencyPlugin, idempotencyPlugin as idempotencyPluginFn };

package/dist/idempotency/index.mjs

@@ -1,5 +1,113 @@
+import { n as createSafeGetOne, t as createIsDuplicateKeyError } from "../store-helpers-DFiZl5TL.mjs";
 import { createHash } from "node:crypto";
 import fp from "fastify-plugin";
+//#region src/idempotency/repository-idempotency-adapter.ts
+function repositoryAsIdempotencyStore(repository, defaultTtlMs) {
+	const missing = [];
+	if (typeof repository.getOne !== "function") missing.push("getOne");
+	if (typeof repository.deleteMany !== "function") missing.push("deleteMany");
+	if (typeof repository.findOneAndUpdate !== "function") missing.push("findOneAndUpdate");
+	if (missing.length > 0) throw new Error(`idempotencyPlugin: repository is missing required methods: ${missing.join(", ")}. mongokit ≥3.8 satisfies these; other kits must implement them to back idempotency via a repository.`);
+	const r = repository;
+	const isDuplicateKeyError = createIsDuplicateKeyError(repository);
+	const safeGetOne = createSafeGetOne(repository);
+	const escapeRegex = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+	return {
+		name: "repository",
+		async get(key) {
+			const doc = await safeGetOne({ _id: key });
+			if (!doc?.result) return void 0;
+			if (new Date(doc.expiresAt) < /* @__PURE__ */ new Date()) return void 0;
+			return {
+				key,
+				statusCode: doc.result.statusCode,
+				headers: doc.result.headers,
+				body: doc.result.body,
+				createdAt: new Date(doc.createdAt),
+				expiresAt: new Date(doc.expiresAt)
+			};
+		},
+		async set(key, result) {
+			await r.findOneAndUpdate({ _id: key }, {
+				$set: {
+					result: {
+						statusCode: result.statusCode,
+						headers: result.headers,
+						body: result.body
+					},
+					createdAt: result.createdAt,
+					expiresAt: result.expiresAt
+				},
+				$unset: { lock: "" }
+			}, {
+				upsert: true,
+				returnDocument: "after"
+			});
+		},
+		async tryLock(key, requestId, ttlMs) {
+			const now = /* @__PURE__ */ new Date();
+			const lockExpiresAt = new Date(now.getTime() + ttlMs);
+			const docExpiresAt = new Date(now.getTime() + defaultTtlMs);
+			try {
+				const doc = await r.findOneAndUpdate({
+					_id: key,
+					$or: [{ lock: { $exists: false } }, { "lock.expiresAt": { $lt: now } }]
+				}, {
+					$set: { lock: {
+						requestId,
+						expiresAt: lockExpiresAt
+					} },
+					$setOnInsert: {
+						createdAt: now,
+						expiresAt: docExpiresAt
+					}
+				}, {
+					upsert: true,
+					returnDocument: "after"
+				});
+				return doc !== null && doc !== void 0;
+			} catch (err) {
+				if (isDuplicateKeyError(err)) return false;
+				throw err;
+			}
+		},
+		async unlock(key, requestId) {
+			await r.findOneAndUpdate({
+				_id: key,
+				"lock.requestId": requestId
+			}, { $unset: { lock: "" } });
+		},
+		async isLocked(key) {
+			const doc = await safeGetOne({ _id: key });
+			if (!doc?.lock) return false;
+			return new Date(doc.lock.expiresAt) > /* @__PURE__ */ new Date();
+		},
+		async delete(key) {
+			await r.deleteMany({ _id: key });
+		},
+		async deleteByPrefix(prefix) {
+			return (await r.deleteMany({ _id: { $regex: `^${escapeRegex(prefix)}` } })).deletedCount ?? 0;
+		},
+		async findByPrefix(prefix) {
+			const doc = await safeGetOne({
+				_id: { $regex: `^${escapeRegex(prefix)}` },
+				result: { $exists: true },
+				expiresAt: { $gt: /* @__PURE__ */ new Date() }
+			});
+			if (!doc?.result) return void 0;
+			return {
+				key: doc._id,
+				statusCode: doc.result.statusCode,
+				headers: doc.result.headers,
+				body: doc.result.body,
+				createdAt: new Date(doc.createdAt),
+				expiresAt: new Date(doc.expiresAt)
+			};
+		},
+		async close() {}
+	};
+}
+//#endregion
 //#region src/idempotency/stores/interface.ts
 /**
 * Helper to create a result object
@@ -171,7 +279,8 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 		"POST",
 		"PUT",
 		"PATCH"
-	], include, exclude, store = new MemoryIdempotencyStore({ ttlMs }), retryAfterSeconds = 1 } = opts;
+	], include, exclude, repository, store: explicitStore, retryAfterSeconds = 1, namespace } = opts;
+	const store = repository ? repositoryAsIdempotencyStore(repository, ttlMs) : explicitStore ?? new MemoryIdempotencyStore({ ttlMs });
 	if (!enabled) {
 		fastify.decorate("idempotency", {
 			invalidate: async () => {},
@@ -225,7 +334,7 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 		}
 		const user = request.user;
 		const userId = user?.id ?? user?._id ?? "anon";
-		return `${request.method}:${request.url}:${bodyHash}:u=${userId}`;
+		return `${namespace ? `n=${namespace}:` : ""}${request.method}:${request.url}:${bodyHash}:u=${userId}`;
 	}
 	const idempotencyMiddleware = async (request, reply) => {
 		if (!shouldApplyIdempotency(request)) return;

package/dist/idempotency/redis.d.mts

@@ -1,2 +1,2 @@
-import { n as RedisIdempotencyStore, r as RedisIdempotencyStoreOptions, t as RedisClient } from "../redis-z3sFr1UP.mjs";
-export { type RedisClient, RedisIdempotencyStore, type RedisIdempotencyStoreOptions };
+import { a as UpstashRedisLike, i as RedisIdempotencyStoreOptions, n as RedisClient, o as ioredisAsIdempotencyClient, r as RedisIdempotencyStore, s as upstashAsIdempotencyClient, t as IoredisLike } from "../redis-MXLp1oOf.mjs";
+export { type IoredisLike, type RedisClient, RedisIdempotencyStore, type RedisIdempotencyStoreOptions, type UpstashRedisLike, ioredisAsIdempotencyClient, upstashAsIdempotencyClient };