npm - @classytic/arc - Versions diffs - 2.8.5 → 2.10.3 - Mend

@classytic/arc 2.8.5 → 2.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/README.md +50 -38
package/dist/{BaseController-DAGGc5Xn.mjs → BaseController-CbKKIflT.mjs} +193 -143
package/dist/EventTransport-CUw5NNWe.d.mts +293 -0
package/dist/{ResourceRegistry-C6uXlWe3.mjs → ResourceRegistry-BPd6NQDm.mjs} +1 -1
package/dist/adapters/index.d.mts +3 -3
package/dist/adapters/index.mjs +2 -2
package/dist/{adapters-BBqAVvPK.mjs → adapters-BXY4i-hw.mjs} +210 -41
package/dist/audit/index.d.mts +135 -11
package/dist/audit/index.mjs +107 -20
package/dist/auth/index.d.mts +17 -9
package/dist/auth/index.mjs +14 -7
package/dist/auth/redis-session.d.mts +1 -1
package/dist/{betterAuthOpenApi-BuUcUEJq.mjs → betterAuthOpenApi-BBRVhjQN.mjs} +1 -1
package/dist/cache/index.d.mts +17 -15
package/dist/cache/index.mjs +15 -14
package/dist/{caching-IMuYVjTL.mjs → caching-CBpK_SCM.mjs} +8 -3
package/dist/cli/commands/describe.mjs +1 -1
package/dist/cli/commands/docs.mjs +2 -2
package/dist/cli/commands/generate.mjs +1 -1
package/dist/cli/commands/init.mjs +1 -1
package/dist/cli/commands/introspect.mjs +1 -1
package/dist/core/index.d.mts +3 -3
package/dist/core/index.mjs +4 -6
package/dist/{defineResource-tcgySDo1.mjs → core-CcR01lup.mjs} +58 -61
package/dist/{createActionRouter-BORM8f17.mjs → createActionRouter-Bp_5c_2b.mjs} +3 -3
package/dist/{createApp-B1EY8zxa.mjs → createApp-BuvPma24.mjs} +15 -14
package/dist/docs/index.d.mts +2 -2
package/dist/docs/index.mjs +2 -2
package/dist/{elevation-DtFxrG0s.mjs → elevation-C7hgL_aI.mjs} +22 -8
package/dist/{errorHandler-f869_8PQ.mjs → errorHandler-Bb49BvPD.mjs} +59 -7
package/dist/{errorHandler-Bah5JhBd.d.mts → errorHandler-DRQ3EqfL.d.mts} +37 -2
package/dist/{eventPlugin-D9DKB2zM.d.mts → eventPlugin-CxWgpd6K.d.mts} +14 -2
package/dist/{eventPlugin-CDjVTM82.mjs → eventPlugin-DCUjuiQT.mjs} +83 -5
package/dist/events/index.d.mts +150 -36
package/dist/events/index.mjs +355 -101
package/dist/events/transports/redis-stream-entry.d.mts +1 -1
package/dist/events/transports/redis.d.mts +1 -1
package/dist/factory/index.d.mts +1 -1
package/dist/factory/index.mjs +2 -2
package/dist/{types-DZi1aYhm.d.mts → fields-Lo1VUDpt.d.mts} +121 -1
package/dist/{fields-ipsbIRPK.mjs → fields-bxkeltzz.mjs} +18 -5
package/dist/{filesUpload-C7r7HIeA.mjs → filesUpload-t21LS-py.mjs} +65 -7
package/dist/hooks/index.d.mts +1 -1
package/dist/hooks/index.mjs +1 -1
package/dist/idempotency/index.d.mts +32 -5
package/dist/idempotency/index.mjs +119 -12
package/dist/idempotency/redis.d.mts +1 -1
package/dist/{index-DtDzOBn8.d.mts → index-8qw4y6ff.d.mts} +4 -135
package/dist/{index-BLXBmWud.d.mts → index-ChIw3776.d.mts} +283 -408
package/dist/{interface-CMRutPfe.d.mts → index-Cl0uoKd5.d.mts} +1758 -2506
package/dist/{index-C1meYuDn.d.mts → index-DStwgFUK.d.mts} +81 -7
package/dist/index.d.mts +7 -8
package/dist/index.mjs +11 -12
package/dist/integrations/event-gateway.d.mts +1 -1
package/dist/integrations/event-gateway.mjs +1 -1
package/dist/integrations/index.d.mts +1 -1
package/dist/integrations/mcp/index.d.mts +26 -8
package/dist/integrations/mcp/index.mjs +96 -17
package/dist/integrations/mcp/testing.d.mts +1 -1
package/dist/integrations/mcp/testing.mjs +1 -1
package/dist/integrations/webhooks.d.mts +5 -0
package/dist/integrations/webhooks.mjs +6 -0
package/dist/interface-D218ikEo.d.mts +77 -0
package/dist/{memory-Cp7_cAko.mjs → memory-B5Amv9A1.mjs} +23 -8
package/dist/{openapi-CbKUJY_m.mjs → openapi-B5F8AddX.mjs} +3 -3
package/dist/org/index.d.mts +2 -2
package/dist/permissions/index.d.mts +3 -4
package/dist/permissions/index.mjs +5 -5
package/dist/{permissions-CH4cNwJi.mjs → permissions-Dk6mshja.mjs} +315 -397
package/dist/plugins/index.d.mts +7 -7
package/dist/plugins/index.mjs +14 -16
package/dist/plugins/response-cache.mjs +2 -2
package/dist/plugins/tracing-entry.d.mts +1 -1
package/dist/plugins/tracing-entry.mjs +1 -1
package/dist/presets/filesUpload.d.mts +27 -5
package/dist/presets/filesUpload.mjs +1 -1
package/dist/presets/index.d.mts +3 -2
package/dist/presets/index.mjs +4 -3
package/dist/presets/multiTenant.d.mts +1 -1
package/dist/presets/multiTenant.mjs +2 -2
package/dist/presets/search.d.mts +178 -0
package/dist/presets/search.mjs +150 -0
package/dist/{presets-C2xgzW6x.mjs → presets-fLJVXdVn.mjs} +1 -1
package/dist/{queryCachePlugin-BJJGBTlu.d.mts → queryCachePlugin-BKbWjgDG.d.mts} +1 -1
package/dist/{queryCachePlugin-BH-fidlv.mjs → queryCachePlugin-DQCEfJis.mjs} +9 -9
package/dist/{queryParser-CgCtsjti.mjs → queryParser-DBqBB6AC.mjs} +1 -1
package/dist/{redis-BM00zaPB.d.mts → redis-DqyeggCa.d.mts} +1 -1
package/dist/{redis-stream-CrsfUmPt.d.mts → redis-stream-CakIQmwR.d.mts} +1 -1
package/dist/registry/index.d.mts +1 -1
package/dist/registry/index.mjs +2 -2
package/dist/{resourceToTools-8s-EsCCe.mjs → resourceToTools-BElv3xPT.mjs} +65 -48
package/dist/{schemaConverter-Y7nCYaLJ.mjs → schemaConverter-BxFDdtXu.mjs} +1 -1
package/dist/scope/index.d.mts +1 -1
package/dist/scope/index.mjs +2 -2
package/dist/{sse-Ad7ypl9e.mjs → sse-yBCgOLGu.mjs} +1 -1
package/dist/store-helpers-ZCSMJJAX.mjs +57 -0
package/dist/testing/index.d.mts +9 -17
package/dist/testing/index.mjs +27 -83
package/dist/testing/storageContract.d.mts +1 -1
package/dist/types/index.d.mts +4 -4
package/dist/types/index.mjs +1 -31
package/dist/types/storage.d.mts +1 -1
package/dist/{types-BsbNMEDR.d.mts → types-Btdda02s.d.mts} +1 -1
package/dist/{types-Ch9pTQbf.d.mts → types-Co8k3NyS.d.mts} +11 -9
package/dist/types-Csi3FLfq.mjs +27 -0
package/dist/utils/index.d.mts +208 -4
package/dist/utils/index.mjs +5 -6
package/dist/{utils-yYT3HDXt.mjs → utils-B2fNOD_i.mjs} +285 -2
package/dist/{versioning-CDugduqI.mjs → versioning-C2U_bLY0.mjs} +3 -5
package/package.json +20 -26
package/skills/arc/SKILL.md +97 -23
package/skills/arc/references/auth.md +94 -0
package/skills/arc/references/events.md +200 -12
package/skills/arc/references/mcp.md +4 -17
package/skills/arc/references/multi-tenancy.md +43 -0
package/skills/arc/references/production.md +34 -60
package/dist/EventTransport-BXja8NOc.d.mts +0 -135
package/dist/audit/mongodb.d.mts +0 -2
package/dist/audit/mongodb.mjs +0 -2
package/dist/circuitBreaker-cmi5XDv5.mjs +0 -284
package/dist/circuitBreaker-dTtG-UyS.d.mts +0 -206
package/dist/core-F0QoWBt2.mjs +0 -34
package/dist/dynamic/index.d.mts +0 -93
package/dist/dynamic/index.mjs +0 -122
package/dist/fields-DpZQa_Q3.d.mts +0 -109
package/dist/idempotency/mongodb.d.mts +0 -2
package/dist/idempotency/mongodb.mjs +0 -123
package/dist/interface-4y979v99.d.mts +0 -54
package/dist/mongodb-BsP-WbhN.d.mts +0 -127
package/dist/mongodb-CTcp0hQZ.d.mts +0 -80
package/dist/mongodb-Utc5k_-0.mjs +0 -90
package/dist/policies/index.d.mts +0 -432
package/dist/policies/index.mjs +0 -318
package/dist/rpc/index.d.mts +0 -90
package/dist/rpc/index.mjs +0 -248
/package/dist/{HookSystem-HprTmvVY.mjs → HookSystem-BNYKnrXF.mjs} +0 -0
/package/dist/{applyPermissionResult-D6GPMsvh.mjs → applyPermissionResult-QhV1Pa-g.mjs} +0 -0
/package/dist/{constants-Cxde4rpC.mjs → constants-BhY1OHoH.mjs} +0 -0
/package/dist/{elevation-B6S5csVA.d.mts → elevation-C5SwtkAn.d.mts} +0 -0
/package/dist/{errors-Ck2h67pm.d.mts → errors-CCSsMpXE.d.mts} +0 -0
/package/dist/{errors-BF2bIOIS.mjs → errors-D5c-5BJL.mjs} +0 -0
/package/dist/{externalPaths-BnkYrNzp.d.mts → externalPaths-BQ8QijNH.d.mts} +0 -0
/package/dist/{interface-DfLGcus7.d.mts → interface-CSbZdv_3.d.mts} +0 -0
/package/dist/{loadResources-PWd0OCpV.mjs → loadResources-BAzJItAJ.mjs} +0 -0
/package/dist/{logger-D1YrIImS.mjs → logger-DLg8-Ueg.mjs} +0 -0
/package/dist/{metrics-B-PU4-Yu.mjs → metrics-DuhiSEZI.mjs} +0 -0
/package/dist/{pluralize-CWP6MB39.mjs → pluralize-A0tWEl1K.mjs} +0 -0
/package/dist/{registry-BiTKT1Dg.mjs → registry-B3lRFBWo.mjs} +0 -0
/package/dist/{replyHelpers-CxkYGT81.mjs → replyHelpers-CXtJDAZ0.mjs} +0 -0
/package/dist/{requestContext-DYvHl113.mjs → requestContext-xHIKedG6.mjs} +0 -0
/package/dist/{sessionManager-DDCmiNIo.d.mts → sessionManager-BkzVU8h2.d.mts} +0 -0
/package/dist/{storage-Dfzt4VTl.d.mts → storage-CVk_SEn2.d.mts} +0 -0
/package/dist/{tracing-DdN2-wHJ.d.mts → tracing-65B51Dw3.d.mts} +0 -0
/package/dist/{typeGuards-CcFZXgU7.mjs → typeGuards-Cj5Rgvlg.mjs} +0 -0
/package/dist/{types-ZUu_h0jp.mjs → types-DV9WDfeg.mjs} +0 -0

package/dist/{index-C1meYuDn.d.mts → index-DStwgFUK.d.mts} RENAMED Viewed

@@ -1,6 +1,80 @@
-import { Y as OpenApiSchemas, Z as ParsedQuery, Zt as CrudRepository, c as ValidationResult, n as AdapterSchemaContext, nt as QueryParserInterface, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, vt as RouteSchemaOptions } from "./interface-CMRutPfe.mjs";
+import { At as SchemaMetadata, Et as DataAdapter, Kt as QueryParserInterface, Tt as AdapterSchemaContext, Wt as ParsedQuery, gt as RouteSchemaOptions, jt as ValidationResult, kt as RepositoryLike, rt as OpenApiSchemas } from "./index-Cl0uoKd5.mjs";
 import { Model } from "mongoose";
+import { StandardRepo } from "@classytic/repo-core/repository";
+//#region src/adapters/drizzle.d.ts
+/**
+ * Minimum shape arc needs from a Drizzle column. Every SQLite, PG, and MySQL
+ * column in `drizzle-orm` exposes these via `getTableColumns(table)`. Held
+ * structurally so arc doesn't depend on `drizzle-orm` types.
+ */
+interface DrizzleColumnLike {
+  columnType?: string;
+  dataType?: "number" | "string" | "date" | "boolean" | "json" | "buffer" | "bigint" | "custom";
+  notNull?: boolean;
+  hasDefault?: boolean;
+  primary?: boolean;
+  enumValues?: readonly string[];
+  length?: number;
+  name?: string;
+}
+/**
+ * Structural Drizzle table — only requires `[Symbol.for('drizzle:Columns')]`,
+ * which every Drizzle table exposes. Matches `drizzle-orm`'s `Table` at
+ * runtime without importing it at compile time.
+ */
+type DrizzleTableLike = Record<symbol, Record<string, DrizzleColumnLike>> & {
+  [key: string]: unknown;
+};
+interface DrizzleAdapterOptions<TDoc = unknown> {
+  /** Drizzle table — used for schema introspection. */
+  table: DrizzleTableLike;
+  /** Repository implementing the repo-core contract. */
+  repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
+  /**
+   * External schema generator. When provided, replaces the built-in
+   * type-only conversion. Wire it to your kit's `buildCrudSchemasFromTable`
+   * (sqlitekit, pgkit, ...) to get the full CRUD schemas — strict
+   * additional-property control, field-rule application, param-type
+   * narrowing from primary-key columns, etc.
+   */
+  schemaGenerator?: (table: DrizzleTableLike, options?: RouteSchemaOptions, context?: AdapterSchemaContext) => OpenApiSchemas | Record<string, unknown>;
+  /** Optional name — defaults to "DrizzleAdapter". */
+  name?: string;
+}
+declare class DrizzleAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
+  readonly type: "drizzle";
+  readonly name: string;
+  readonly table: DrizzleTableLike;
+  readonly repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
+  private readonly schemaGenerator?;
+  constructor(options: DrizzleAdapterOptions<TDoc>);
+  /**
+   * Introspect Drizzle columns into arc's schema metadata shape.
+   */
+  getSchemaMetadata(): SchemaMetadata;
+  /**
+   * Generate OpenAPI schemas. Delegates to the user-provided
+   * `schemaGenerator` when available (strongly recommended — that's where
+   * field rules, omit lists, and param-type narrowing live). The built-in
+   * fallback emits a permissive entity + CRUD body shape so routes still
+   * register when no generator is provided.
+   *
+   * After the kit generator runs, arc merges constraint-style field rules
+   * (`minLength`, `maxLength`, `min`, `max`, `pattern`, `enum`, `description`)
+   * into the resulting property schemas so sqlitekit / pgkit behave
+   * identically to mongoose here — rule-driven AJV constraints apply
+   * regardless of backend.
+   */
+  generateSchemas(schemaOptions?: RouteSchemaOptions, context?: AdapterSchemaContext): OpenApiSchemas | Record<string, unknown> | null;
+  healthCheck(): Promise<boolean>;
+}
+/**
+ * Factory — preferred construction style for symmetry with
+ * `createMongooseAdapter` / `createPrismaAdapter`.
+ */
+declare function createDrizzleAdapter<TDoc = unknown>(options: DrizzleAdapterOptions<TDoc>): DrizzleAdapter<TDoc>;
+//#endregion
 //#region src/adapters/mongoose.d.ts
 /**
  * Options for creating a Mongoose adapter.
@@ -12,7 +86,7 @@ interface MongooseAdapterOptions<TDoc = unknown> {
   /** Mongoose model instance — preserves document type for type safety */
   model: Model<TDoc>;
   /** Repository implementing CRUD operations - accepts any repository-like object */
-  repository: CrudRepository<TDoc> | RepositoryLike;
+  repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
   /**
    * External schema generator plugin for OpenAPI docs.
    * When provided, replaces the built-in basic type conversion.
@@ -40,7 +114,7 @@ declare class MongooseAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
   readonly type: "mongoose";
   readonly name: string;
   readonly model: Model<TDoc>;
-  readonly repository: CrudRepository<TDoc> | RepositoryLike;
+  readonly repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
   private readonly schemaGenerator?;
   constructor(options: MongooseAdapterOptions<TDoc>);
   /**
@@ -79,7 +153,7 @@ declare class MongooseAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
  * const adapter = createMongooseAdapter(ProductModel, productRepository);
  * ```
  */
-declare function createMongooseAdapter<TDoc = unknown>(model: Model<TDoc>, repository: CrudRepository<TDoc> | RepositoryLike): DataAdapter<TDoc>;
+declare function createMongooseAdapter<TDoc = unknown>(model: Model<TDoc>, repository: StandardRepo<TDoc> | RepositoryLike<TDoc>): DataAdapter<TDoc>;
 declare function createMongooseAdapter<TDoc = unknown>(options: MongooseAdapterOptions<TDoc>): DataAdapter<TDoc>;
 //#endregion
 //#region src/adapters/prisma.d.ts
@@ -205,7 +279,7 @@ interface PrismaAdapterOptions<TModel> {
   /** Model name (e.g., 'user', 'product') */
   modelName: string;
   /** Repository instance implementing CRUD operations */
-  repository: CrudRepository<TModel>;
+  repository: StandardRepo<TModel>;
   /** Optional: Prisma DMMF (Data Model Meta Format) for schema extraction */
   dmmf?: PrismaDmmf;
   /** Optional: Custom query parser (default: PrismaQueryParser) */
@@ -218,7 +292,7 @@ interface PrismaAdapterOptions<TModel> {
 declare class PrismaAdapter<TModel = unknown> implements DataAdapter<TModel> {
   readonly type: "prisma";
   readonly name: string;
-  readonly repository: CrudRepository<TModel>;
+  readonly repository: StandardRepo<TModel>;
   readonly queryParser: PrismaQueryParser;
   private client;
   private modelName;
@@ -266,4 +340,4 @@ declare class PrismaAdapter<TModel = unknown> implements DataAdapter<TModel> {
  */
 declare function createPrismaAdapter<TModel>(options: PrismaAdapterOptions<TModel>): PrismaAdapter<TModel>;
 //#endregion
-export { PrismaQueryParserOptions as a, MongooseAdapterOptions as c, PrismaQueryParser as i, createMongooseAdapter as l, PrismaAdapterOptions as n, createPrismaAdapter as o, PrismaQueryOptions as r, MongooseAdapter as s, PrismaAdapter as t };
+export { PrismaQueryParserOptions as a, MongooseAdapterOptions as c, DrizzleAdapterOptions as d, createDrizzleAdapter as f, PrismaQueryParser as i, createMongooseAdapter as l, PrismaAdapterOptions as n, createPrismaAdapter as o, PrismaQueryOptions as r, MongooseAdapter as s, PrismaAdapter as t, DrizzleAdapter as u };

package/dist/index.d.mts CHANGED Viewed

@@ -1,10 +1,9 @@
-import { $ as PresetFunction, $t as DeleteOptions, At as BaseController, B as InferResourceDoc, C as ConfigError, Ct as TypedResourceConfig, D as CrudRouterOptions, Dt as ValidationResult$1, E as CrudRouteKey, Et as ValidateOptions, F as GracefulShutdownOptions, H as IntrospectionPluginOptions, Ht as IControllerResponse, I as HealthCheck, Jt as defineResource, K as MiddlewareConfig, L as HealthOptions, M as FastifyWithAuth, N as FastifyWithDecorators, O as CrudSchemas, Ot as envelope, P as FieldRule, Qt as DeleteManyResult, R as InferAdapterDoc, St as TypedRepository, T as CrudController, Tt as UserOrganization, U as JWTPayload, Ut as IRequestContext, V as IntrospectionData, Vt as IController, Wt as RouteHandler, X as OwnershipCheck, Xt as BulkWriteResult, Yt as BulkWriteOperation, Zt as CrudRepository, _ as ArcInternalMetadata, _n as PipelineStep, a as RelationMetadata, an as PaginationParams, at as RegistryStats, b as AuthPluginOptions, c as ValidationResult, cn as RepositorySession, ct as RequestWithExtras, dn as Guard, en as DeleteResult, fn as Interceptor, gn as PipelineContext, gt as RouteHandlerMethod, h as ApiResponse, hn as PipelineConfig, i as FieldMetadata, in as PaginatedResult, it as RegistryEntry, j as FastifyRequestExtras, jt as BaseControllerOptions, k as EventDefinition, ln as UpdateManyResult, m as AnyRecord, mn as OperationFilter, nn as KeysetPaginatedResult, o as RepositoryLike, on as PaginationResult, ot as RequestContext, p as AdditionalRoute, pn as NextFunction, pt as ResourceMetadata, q as MiddlewareHandler, qt as ResourceDefinition, r as DataAdapter, rn as OffsetPaginatedResult, rt as RateLimitConfig, s as SchemaMetadata, sn as QueryOptions, st as RequestIdOptions, tt as PresetResult, un as WriteOptions, ut as ResourceConfig, v as ArcRequest, vn as Transform, vt as RouteSchemaOptions, xt as TypedController, yt as ServiceContext, z as InferDocType, zt as ControllerLike } from "./interface-CMRutPfe.mjs";
-import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, t as FieldPermission } from "./fields-DpZQa_Q3.mjs";
-import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "./types-DZi1aYhm.mjs";
-import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-C1meYuDn.mjs";
-import { A as MUTATION_OPERATIONS, C as HOOK_OPERATIONS, D as MAX_FILTER_DEPTH, E as HookPhase, M as RESERVED_QUERY_PARAMS, N as SYSTEM_FIELDS, O as MAX_REGEX_LENGTH, S as DEFAULT_UPDATE_METHOD, T as HookOperation, _ as DEFAULT_ID_FIELD, a as getControllerScope, b as DEFAULT_SORT, g as CrudOperation, h as CRUD_OPERATIONS, j as MutationOperation, k as MAX_SEARCH_LENGTH, s as defineResourceVariants, v as DEFAULT_LIMIT, w as HOOK_PHASES, x as DEFAULT_TENANT_FIELD, y as DEFAULT_MAX_LIMIT } from "./index-DtDzOBn8.mjs";
-import { C as authenticated, D as publicRead, E as presets_d_exports, O as publicReadAdminWrite, S as adminOnly, T as ownerWithAdminBypass, _ as requireScopeContext, a as allOf, c as createDynamicPermissionMatrix, d as requireAuth, f as requireOrgInScope, g as requireRoles, h as requireOwnership, k as readOnly, l as createOrgPermissions, m as requireOrgRole, n as DynamicPermissionMatrix, o as allowPublic, p as requireOrgMembership, r as DynamicPermissionMatrixConfig, s as anyOf, u as denyAll, v as requireServiceScope, w as fullPublic, x as when, y as requireTeamMembership } from "./index-BLXBmWud.mjs";
-import { a as NotFoundError, d as ValidationError, f as createDomainError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-Ck2h67pm.mjs";
+import { a as applyFieldWritePermissions, c as PermissionCheck, d as UserBase, i as applyFieldReadPermissions, l as PermissionContext, n as FieldPermissionMap, o as fields, t as FieldPermission, u as PermissionResult } from "./fields-Lo1VUDpt.mjs";
+import { $ as CrudSchemas, At as SchemaMetadata, B as FastifyWithDecorators, Bt as ArcInternalMetadata, C as ResourceMetadata, Ct as RouteHandler, D as HealthOptions, Dt as FieldMetadata, E as HealthCheck, Et as DataAdapter, Ft as OperationFilter, G as ResourceDefinition, H as RequestWithExtras, It as PipelineConfig, Jt as ServiceContext, K as defineResource, Lt as PipelineContext, Mt as Guard, Nt as Interceptor, O as IntrospectionPluginOptions, Ot as RelationMetadata, Pt as NextFunction, Q as CrudRouteKey, R as FastifyRequestExtras, Rt as PipelineStep, S as RegistryStats, St as IRequestContext, T as GracefulShutdownOptions, Ut as OwnershipCheck, V as MiddlewareHandler, Z as CrudController, _ as ConfigError, _n as UserOrganization, b as IntrospectionData, bt as IController, d as InferAdapterDoc, dn as AnyRecord, et as EventDefinition, f as InferDocType, fn as ApiResponse, g as TypedResourceConfig, gt as RouteSchemaOptions, h as TypedRepository, it as PresetFunction, j as AuthPluginOptions, jt as ValidationResult, k as RequestIdOptions, kt as RepositoryLike, lt as ResourceConfig, m as TypedController, mn as JWTPayload, n as BaseController, nt as MiddlewareConfig, ot as PresetResult, p as InferResourceDoc, pn as ArcRequest, qt as RequestContext, r as BaseControllerOptions, st as RateLimitConfig, t as RouteHandlerMethod, tt as FieldRule, u as PaginationResult, v as ValidateOptions, vn as envelope, vt as ControllerLike, w as CrudRouterOptions, x as RegistryEntry, xt as IControllerResponse, y as ValidationResult$1, z as FastifyWithAuth, zt as Transform } from "./index-Cl0uoKd5.mjs";
+import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-DStwgFUK.mjs";
+import { C as MAX_REGEX_LENGTH, D as RESERVED_QUERY_PARAMS, E as MutationOperation, O as SYSTEM_FIELDS, S as MAX_FILTER_DEPTH, T as MUTATION_OPERATIONS, _ as DEFAULT_UPDATE_METHOD, a as getControllerScope, b as HookOperation, d as CrudOperation, f as DEFAULT_ID_FIELD, g as DEFAULT_TENANT_FIELD, h as DEFAULT_SORT, m as DEFAULT_MAX_LIMIT, p as DEFAULT_LIMIT, s as defineResourceVariants, u as CRUD_OPERATIONS, v as HOOK_OPERATIONS, w as MAX_SEARCH_LENGTH, x as HookPhase, y as HOOK_PHASES } from "./index-8qw4y6ff.mjs";
+import { A as requireRoles, C as allOf, E as denyAll, M as when, O as requireAuth, S as createOrgPermissions, T as anyOf, a as presets_d_exports, c as readOnly, d as requireOrgRole, f as requireScopeContext, i as ownerWithAdminBypass, k as requireOwnership, l as requireOrgInScope, m as requireTeamMembership, n as authenticated, o as publicRead, p as requireServiceScope, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as requireOrgMembership, v as DynamicPermissionMatrix, w as allowPublic, x as createDynamicPermissionMatrix, y as DynamicPermissionMatrixConfig } from "./index-ChIw3776.mjs";
+import { a as NotFoundError, d as ValidationError, f as createDomainError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-CCSsMpXE.mjs";
 import { AsyncLocalStorage } from "node:async_hooks";
 import { RouteHandlerMethod as RouteHandlerMethod$1 } from "fastify";
@@ -253,4 +252,4 @@ declare function arcLog(module: string): ArcLogger;
 //#region src/index.d.ts
 declare const version: string;
 //#endregion
-export { type ValidationResult as AdapterValidationResult, type AdditionalRoute, type AnyRecord, type ApiResponse, ArcError, type ArcInternalMetadata, type ArcLogWriter, type ArcLogger, type ArcLoggerOptions, type ArcRequest, type AuthPluginOptions, BaseController, type BaseControllerOptions, type BulkWriteOperation, type BulkWriteResult, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, CrudOperation, type CrudRepository, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DeleteManyResult, type DeleteOptions, type DeleteResult, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, type Guard, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, HookOperation, HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type Interceptor, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, type KeysetPaginatedResult, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, MutationOperation, type NamedMiddleware, NotFoundError, type OffsetPaginatedResult, type OwnershipCheck, type PaginatedResult, type PaginationParams, type PaginationResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PipelineConfig, type PipelineContext, type PipelineStep, type PresetFunction, type PresetResult, PrismaAdapter, type QueryOptions, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RepositorySession, type RequestContext, type RequestIdOptions, type RequestStore, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type Transform, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UpdateManyResult, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, type WriteOptions, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_d_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };
+export { type ValidationResult as AdapterValidationResult, type AnyRecord, type ApiResponse, ArcError, type ArcInternalMetadata, type ArcLogWriter, type ArcLogger, type ArcLoggerOptions, type ArcRequest, type AuthPluginOptions, BaseController, type BaseControllerOptions, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, CrudOperation, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, type Guard, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, HookOperation, HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type Interceptor, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, MutationOperation, type NamedMiddleware, NotFoundError, type OwnershipCheck, type PaginationResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PipelineConfig, type PipelineContext, type PipelineStep, type PresetFunction, type PresetResult, PrismaAdapter, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RequestContext, type RequestIdOptions, type RequestStore, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type Transform, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_d_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/index.mjs CHANGED Viewed

@@ -1,14 +1,13 @@
-import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-Cxde4rpC.mjs";
-import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-BBqAVvPK.mjs";
-import { t as BaseController } from "./BaseController-DAGGc5Xn.mjs";
-import { envelope } from "./types/index.mjs";
-import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-ipsbIRPK.mjs";
-import { t as requestContext } from "./requestContext-DYvHl113.mjs";
-import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-BF2bIOIS.mjs";
-import { a as validateResourceConfig, f as getControllerScope, i as formatValidationErrors, m as pipe, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-tcgySDo1.mjs";
-import { C as publicRead, S as presets_exports, T as readOnly, _ as when, a as createOrgPermissions, b as fullPublic, c as requireOrgInScope, d as requireOwnership, f as requireRoles, h as requireTeamMembership, i as createDynamicPermissionMatrix, l as requireOrgMembership, m as requireServiceScope, n as allowPublic, o as denyAll, p as requireScopeContext, r as anyOf, s as requireAuth, t as allOf, u as requireOrgRole, v as adminOnly, w as publicReadAdminWrite, x as ownerWithAdminBypass, y as authenticated } from "./permissions-CH4cNwJi.mjs";
-import { t as defineResourceVariants } from "./core-F0QoWBt2.mjs";
-import { n as configureArcLogger, t as arcLog } from "./logger-D1YrIImS.mjs";
+import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-BXY4i-hw.mjs";
+import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-BhY1OHoH.mjs";
+import { t as BaseController } from "./BaseController-CbKKIflT.mjs";
+import { t as envelope } from "./types-Csi3FLfq.mjs";
+import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-bxkeltzz.mjs";
+import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-D5c-5BJL.mjs";
+import { t as requestContext } from "./requestContext-xHIKedG6.mjs";
+import { a as formatValidationErrors, h as pipe, i as assertValidConfig, n as ResourceDefinition, o as validateResourceConfig, p as getControllerScope, r as defineResource, t as defineResourceVariants } from "./core-CcR01lup.mjs";
+import { C as requireAuth, D as when, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "./permissions-Dk6mshja.mjs";
+import { n as configureArcLogger, t as arcLog } from "./logger-DLg8-Ueg.mjs";
 //#region src/middleware/middleware.ts
 /**
 * Named Middleware — Priority-based, conditional middleware execution.
@@ -128,6 +127,6 @@ function transform(name, handlerOrOptions) {
 }
 //#endregion
 //#region src/index.ts
-const version = "2.8.5";
+const version = "2.10.3";
 //#endregion
 export { ArcError, BaseController, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/integrations/event-gateway.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as DomainEvent } from "../EventTransport-BXja8NOc.mjs";
+import { n as DomainEvent } from "../EventTransport-CUw5NNWe.mjs";
 import { WebSocketClient, WebSocketMessage } from "./websocket.mjs";
 import { FastifyPluginAsync, FastifyRequest } from "fastify";

package/dist/integrations/event-gateway.mjs CHANGED Viewed

@@ -4,7 +4,7 @@ const eventGatewayPluginImpl = async (fastify, opts = {}) => {
 	const { auth = true, orgScoped = false, roomPolicy, maxMessageBytes, maxSubscriptionsPerClient, authenticate } = opts;
 	if (auth && !authenticate && !fastify.hasDecorator("authenticate")) throw new Error("[arc-event-gateway] auth is true but fastify.authenticate is not registered. Register an auth plugin first, provide a custom authenticate function, or set auth: false.");
 	if (opts.sse !== false) {
-		const { default: ssePlugin } = await import("../sse-Ad7ypl9e.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("../sse-yBCgOLGu.mjs").then((n) => n.r);
 		await fastify.register(ssePlugin, {
 			path: opts.sse?.path ?? "/events/stream",
 			requireAuth: auth,

package/dist/integrations/index.d.mts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { WebSocketClient, WebSocketMessage, WebSocketPluginOptions } from "./websocket.mjs";
 import { EventGatewayOptions } from "./event-gateway.mjs";
 import { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats } from "./jobs.mjs";
-import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-BsbNMEDR.mjs";
+import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-Btdda02s.mjs";
 import { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike } from "./streamline.mjs";
 import { WebhookDeliveryRecord, WebhookManager, WebhookPluginOptions, WebhookStore, WebhookSubscription } from "./webhooks.mjs";
 export { type BetterAuthHandler, type CallToolResult, type CreateMcpServerConfig, type CrudOperation, type EventGatewayOptions, type JobDefinition, type JobDispatchOptions, type JobDispatcher, type JobMeta, type JobsPluginOptions, type McpAuthResult, type McpPluginOptions, type McpResourceConfig, type PromptDefinition, type QueueStats, type StreamlinePluginOptions, type ToolAnnotations, type ToolContext, type ToolDefinition, type WebSocketClient, type WebSocketMessage, type WebSocketPluginOptions, type WebhookDeliveryRecord, type WebhookManager, type WebhookPluginOptions, type WebhookStore, type WebhookSubscription, type WorkflowLike, type WorkflowRunLike };

package/dist/integrations/mcp/index.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { qt as ResourceDefinition } from "../../interface-CMRutPfe.mjs";
-import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-BsbNMEDR.mjs";
+import { G as ResourceDefinition } from "../../index-Cl0uoKd5.mjs";
+import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-Btdda02s.mjs";
 import { FastifyPluginAsync } from "fastify";
 import { z } from "zod";
@@ -233,14 +233,32 @@ declare class McpSessionCache {
 }
 //#endregion
 //#region src/integrations/mcp/mcpPlugin.d.ts
+/**
+ * Per-prefix MCP registration info. A single fastify instance can register
+ * mcpPlugin multiple times under different prefixes (e.g. `/mcp/catalog`,
+ * `/mcp/orders`). The decorator is a map keyed by prefix so multi-registration
+ * setups can inspect any endpoint's tool list, not just the first one.
+ */
+interface McpRegistration {
+  sessions: McpSessionCache | null;
+  toolNames: string[];
+  resourceNames: string[];
+  stateful: boolean;
+}
+interface McpDecorator {
+  /** Map of prefix → registration info. Iterate for all endpoints. */
+  registrations: Map<string, McpRegistration>;
+  /** Shortcut for the first registered prefix (back-compat for single-endpoint apps) */
+  readonly sessions: McpSessionCache | null;
+  readonly toolNames: string[];
+  readonly resourceNames: string[];
+  readonly stateful: boolean;
+  /** Look up a specific prefix */
+  get(prefix: string): McpRegistration | undefined;
+}
 declare module "fastify" {
   interface FastifyInstance {
-    mcp?: {
-      sessions: McpSessionCache | null;
-      toolNames: string[];
-      resourceNames: string[];
-      stateful: boolean;
-    };
+    mcp?: McpDecorator;
   }
 }
 declare const mcpPlugin: FastifyPluginAsync<McpPluginOptions>;

package/dist/integrations/mcp/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-8s-EsCCe.mjs";
-import { createHash } from "node:crypto";
+import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-BElv3xPT.mjs";
+import { createHash, randomUUID } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/integrations/mcp/defineTool.ts
 /**
@@ -454,13 +454,46 @@ var McpSessionCache = class {
 };
 //#endregion
 //#region src/integrations/mcp/mcpPlugin.ts
+/**
+* @classytic/arc — MCP Plugin (Level 1)
+*
+* Fastify plugin that auto-generates MCP tools from Arc resources.
+*
+* Two transport modes:
+* - **Stateless** (default) — fresh server per request, no session tracking.
+*   Best for production, horizontal scaling, serverless, edge.
+* - **Stateful** — sessions cached with TTL, reused across requests.
+*   Use when you need server-initiated notifications or long-lived connections.
+*
+* Auth is NOT enforced — the plugin respects whatever auth mode you choose:
+* - `auth: false` — no auth, anonymous access (dev/testing/stdio)
+* - `auth: betterAuthInstance` — OAuth 2.1 via Better Auth's mcp() plugin
+* - `auth: async (headers) => {...}` — custom function (API key, JWT, gateway, etc.)
+*
+* @example
+* ```typescript
+* // Stateless (default) — production, scalable
+* await app.register(mcpPlugin, { resources, auth: false });
+*
+* // Stateful — when you need session persistence
+* await app.register(mcpPlugin, { resources, stateful: true, sessionTtlMs: 600000 });
+*
+* // Multiple MCP endpoints scoped to different resource groups
+* await app.register(mcpPlugin, { resources: catalogResources, prefix: '/mcp/catalog' });
+* await app.register(mcpPlugin, { resources: orderResources, prefix: '/mcp/orders' });
+* ```
+*/
 const mcpPluginImpl = async (fastify, options) => {
 	let StreamableHTTPServerTransport;
 	try {
 		StreamableHTTPServerTransport = (await import("@modelcontextprotocol/sdk/server/streamableHttp.js")).StreamableHTTPServerTransport;
+	} catch {
+		throw new Error("@modelcontextprotocol/sdk is required for MCP support. Install it: npm install @modelcontextprotocol/sdk");
+	}
+	try {
 		await import("zod");
 	} catch {
-		throw new Error("@modelcontextprotocol/sdk and zod are required for MCP support. Install them: npm install @modelcontextprotocol/sdk zod");
+		throw new Error("zod is required for MCP tool schemas. Install it: npm install zod");
 	}
 	let enabledResources;
 	if (options.include) {
@@ -516,18 +549,51 @@ const mcpPluginImpl = async (fastify, options) => {
 		registerStatelessRoutes(fastify, prefix, options, createServerInstance, StreamableHTTPServerTransport, authCache);
 	}
 	if (cache) fastify.addHook("onClose", async () => cache.close());
-	if (!fastify.hasDecorator("mcp")) fastify.decorate("mcp", {
+	const registration = {
 		sessions: cache,
 		toolNames: allTools.map((t) => t.name),
 		resourceNames: enabledResources.map((r) => r.name),
 		stateful
-	});
+	};
+	if (!fastify.hasDecorator("mcp")) {
+		const registrations = /* @__PURE__ */ new Map();
+		registrations.set(prefix, registration);
+		const first = () => registrations.values().next().value;
+		const decorator = {
+			registrations,
+			get(p) {
+				return registrations.get(p);
+			},
+			get sessions() {
+				return first()?.sessions ?? null;
+			},
+			get toolNames() {
+				return first()?.toolNames ?? [];
+			},
+			get resourceNames() {
+				return first()?.resourceNames ?? [];
+			},
+			get stateful() {
+				return first()?.stateful ?? false;
+			}
+		};
+		fastify.decorate("mcp", decorator);
+	} else {
+		const existing = fastify.mcp;
+		if (existing) {
+			if (existing.registrations.has(prefix)) throw new Error(`mcpPlugin: prefix "${prefix}" is already registered`);
+			existing.registrations.set(prefix, registration);
+		}
+	}
 };
 function registerStatelessRoutes(fastify, prefix, options, createServer, Transport, authCache) {
 	fastify.post(prefix, async (request, reply) => {
 		const authResult = await resolveMcpAuth(request.headers, options.auth ?? false, authCache);
 		if (!authResult && options.auth) {
-			fastify.log.warn("mcpPlugin: auth failed — returning 401 (client may silently drop server)");
+			fastify.log.warn({
+				msg: "mcpPlugin: auth failed",
+				status: 401
+			});
 			return reply.code(401).send({
 				jsonrpc: "2.0",
 				error: {
@@ -564,7 +630,10 @@ function registerStatefulRoutes(fastify, prefix, options, cache, createServer, T
 	fastify.post(prefix, async (request, reply) => {
 		const authResult = await resolveMcpAuth(request.headers, options.auth ?? false);
 		if (!authResult && options.auth) {
-			fastify.log.warn("mcpPlugin: auth failed — returning 401 (client may silently drop server)");
+			fastify.log.warn({
+				msg: "mcpPlugin: auth failed",
+				status: 401
+			});
 			return reply.code(401).send({
 				jsonrpc: "2.0",
 				error: {
@@ -592,15 +661,19 @@ function registerStatefulRoutes(fastify, prefix, options, cache, createServer, T
 			}
 		}
 		const authRef = { current: authResult };
-		const transport = new Transport({ sessionIdGenerator: void 0 });
-		await (await createServer(authRef)).connect(transport);
-		cache.set(transport.sessionId, {
-			transport,
-			lastAccessed: Date.now(),
-			organizationId: authResult?.organizationId ?? "",
-			auth: authResult,
-			authRef
+		const transport = new Transport({
+			sessionIdGenerator: () => randomUUID(),
+			onsessioninitialized: (newSessionId) => {
+				cache.set(newSessionId, {
+					transport,
+					lastAccessed: Date.now(),
+					organizationId: authResult?.organizationId ?? "",
+					auth: authResult,
+					authRef
+				});
+			}
 		});
+		await (await createServer(authRef)).connect(transport);
 		await transport.handleRequest(request.raw, reply.raw, request.body);
 	});
 	fastify.get(prefix, async (request, reply) => {
@@ -609,7 +682,10 @@ function registerStatefulRoutes(fastify, prefix, options, cache, createServer, T
 		const entry = cache.get(sessionId);
 		if (!entry) return reply.code(403).send({ error: "Unauthorized" });
 		if (options.auth) {
-			if (!isSessionOwner(entry, await resolveMcpAuth(request.headers, options.auth))) return reply.code(403).send({ error: "Unauthorized" });
+			const authResult = await resolveMcpAuth(request.headers, options.auth);
+			if (!isSessionOwner(entry, authResult)) return reply.code(403).send({ error: "Unauthorized" });
+			entry.auth = authResult;
+			entry.authRef.current = authResult;
 		}
 		cache.touch(sessionId);
 		await entry.transport.handleRequest(request.raw, reply.raw);
@@ -620,7 +696,10 @@ function registerStatefulRoutes(fastify, prefix, options, cache, createServer, T
 		const entry = cache.get(sessionId);
 		if (!entry) return reply.code(204).send();
 		if (options.auth) {
-			if (!isSessionOwner(entry, await resolveMcpAuth(request.headers, options.auth))) return reply.code(403).send({ error: "Unauthorized" });
+			const authResult = await resolveMcpAuth(request.headers, options.auth);
+			if (!isSessionOwner(entry, authResult)) return reply.code(403).send({ error: "Unauthorized" });
+			entry.auth = authResult;
+			entry.authRef.current = authResult;
 		}
 		cache.remove(sessionId);
 		reply.code(204).send();

package/dist/integrations/mcp/testing.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { o as McpAuthResult, s as McpPluginOptions } from "../../types-BsbNMEDR.mjs";
+import { o as McpAuthResult, s as McpPluginOptions } from "../../types-Btdda02s.mjs";
 //#region src/integrations/mcp/testing.d.ts
 interface TestMcpClientOptions {

package/dist/integrations/mcp/testing.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-8s-EsCCe.mjs";
+import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-BElv3xPT.mjs";
 //#region src/integrations/mcp/testing.ts
 /**
 * @classytic/arc/mcp/testing — MCP Test Utilities

package/dist/integrations/webhooks.d.mts CHANGED Viewed

@@ -76,6 +76,11 @@ interface VerifySignatureOptions {
  * Works with Arc's own `signPayload` format by default (`sha256=<hex>`),
  * but configurable for any HMAC scheme via options.
  *
+ * ⚠ The `body` argument must be the exact bytes the sender signed. Fastify
+ * parses JSON bodies by default and the re-serialised object will NOT match
+ * the original signature. Register `@fastify/raw-body` or use `preParsing`
+ * to capture `req.rawBody`, then pass that here.
+ *
  * @param body      - Raw request body (string or Buffer — must be the exact bytes the sender signed)
  * @param secret    - Shared secret between sender and receiver
  * @param signature - The signature header value (e.g. `req.headers['x-webhook-signature']`)

package/dist/integrations/webhooks.mjs CHANGED Viewed

@@ -46,6 +46,11 @@ function signPayload(payload, secret) {
 * Works with Arc's own `signPayload` format by default (`sha256=<hex>`),
 * but configurable for any HMAC scheme via options.
 *
+* ⚠ The `body` argument must be the exact bytes the sender signed. Fastify
+* parses JSON bodies by default and the re-serialised object will NOT match
+* the original signature. Register `@fastify/raw-body` or use `preParsing`
+* to capture `req.rawBody`, then pass that here.
+*
 * @param body      - Raw request body (string or Buffer — must be the exact bytes the sender signed)
 * @param secret    - Shared secret between sender and receiver
 * @param signature - The signature header value (e.g. `req.headers['x-webhook-signature']`)
@@ -77,6 +82,7 @@ function signPayload(payload, secret) {
 * ```
 */
 function verifySignature(body, secret, signature, options) {
+	if (typeof body !== "string" && !Buffer.isBuffer(body)) throw new TypeError("verifySignature: body must be a string or Buffer (the exact bytes the sender signed). Register @fastify/raw-body and pass req.rawBody — not req.body.");
 	if (!signature) return false;
 	const prefix = options?.prefix ?? "sha256=";
 	const algorithm = options?.algorithm ?? "sha256";

package/dist/interface-D218ikEo.d.mts ADDED Viewed

@@ -0,0 +1,77 @@
+//#region src/cache/interface.d.ts
+/**
+ * Cache Store Interface — aligned with `@classytic/repo-core/cache.CacheAdapter`.
+ *
+ * Arc's cache layer speaks the same `get / set(ttlSeconds?) / del / clear(pattern?)`
+ * transport-level contract published by `@classytic/repo-core`. One Redis
+ * implementation drops into Arc's `QueryCache`, mongokit's cache plugin,
+ * sqlitekit's cache plugin, and every future kit without wrapper shims.
+ *
+ * Arc extends the bare adapter with two optional observability fields —
+ * `name` (for diagnostics) and `stats()` (for the response-cache plugin) —
+ * that are opt-in: consumers implementing only `CacheAdapter` still
+ * structurally satisfy `CacheStore`, so a raw repo-core adapter plugs
+ * directly into Arc.
+ *
+ * ## TTL unit
+ *
+ * `ttlSeconds`, not milliseconds. Matches Redis (`SET … EX seconds`) which
+ * is the dominant backend. `0` or `undefined` means no expiry; implementations
+ * may apply their own default.
+ *
+ * ## Not-found semantics
+ *
+ * `get()` returns `undefined` on miss / expired. Matches repo-core.
+ *
+ * ## Sync-or-async
+ *
+ * Method returns are `Promise<T> | T` — in-memory `Map` adapters can be
+ * synchronous; Redis adapters are async. Consumers always `await`, so
+ * sync values just short-circuit the microtask.
+ */
+interface CacheLogger {
+  warn(message: string, ...args: unknown[]): void;
+  error(message: string, ...args: unknown[]): void;
+}
+interface CacheStats {
+  /** Number of entries currently stored */
+  entries: number;
+  /** Estimated memory usage in bytes (-1 if unavailable) */
+  memoryBytes: number;
+  /** Cache hit count since creation */
+  hits: number;
+  /** Cache miss count since creation */
+  misses: number;
+  /** Number of entries evicted since creation */
+  evictions: number;
+}
+interface CacheStore<TValue = unknown> {
+  /** Store name for logs/diagnostics. Optional to match repo-core's bare `CacheAdapter`. */
+  readonly name?: string;
+  /**
+   * Get a value by key. Returns `undefined` when not found or expired.
+   */
+  get(key: string): Promise<TValue | undefined> | TValue | undefined;
+  /**
+   * Store a value with optional TTL (seconds). `0` or `undefined` means
+   * no expiry; implementations may apply a default.
+   */
+  set(key: string, value: TValue, ttlSeconds?: number): Promise<void> | void;
+  /**
+   * Delete a single key. No-op when the key doesn't exist.
+   */
+  delete(key: string): Promise<void> | void;
+  /**
+   * Invalidate keys matching a glob pattern (typically `prefix:*`), or
+   * every key when `pattern` is omitted.
+   *
+   * Optional — simpler adapters that can't enumerate keys (some KV stores)
+   * may omit this and rely on TTL for eventual consistency. Consumers that
+   * need strict invalidation must check for its presence: `store.clear?.(pattern)`.
+   */
+  clear?(pattern?: string): Promise<void> | void;
+  /** Cache statistics for observability. Optional. */
+  stats?(): CacheStats;
+}
+//#endregion
+export { CacheStats as n, CacheStore as r, CacheLogger as t };