@classytic/arc 2.8.5 → 2.10.3

package/dist/audit/index.d.mts

@@ -1,20 +1,134 @@
-import { a as AuditContext, c as AuditStore, i as AuditAction, l as AuditStoreOptions, n as MongoAuditStoreOptions, o as AuditEntry, r as MongoConnection, s as AuditQueryOptions, u as createAuditEntry } from "../mongodb-BsP-WbhN.mjs";
+import { d as UserBase } from "../fields-Lo1VUDpt.mjs";
+import { kt as RepositoryLike } from "../index-Cl0uoKd5.mjs";
 import { FastifyPluginAsync } from "fastify";
 
+//#region src/audit/stores/interface.d.ts
+type AuditAction = "create" | "update" | "delete" | "restore" | "custom";
+interface AuditEntry {
+  /** Unique audit log ID */
+  id: string;
+  /** Resource name (e.g., 'product', 'user') */
+  resource: string;
+  /** Document/entity ID */
+  documentId: string;
+  /** Action performed */
+  action: AuditAction;
+  /** User who performed the action */
+  userId?: string;
+  /** Organization context */
+  organizationId?: string;
+  /** Previous state (for updates) */
+  before?: Record<string, unknown>;
+  /** New state (for creates/updates) */
+  after?: Record<string, unknown>;
+  /** Changed fields (for updates) */
+  changes?: string[];
+  /** Request ID for tracing */
+  requestId?: string;
+  /** IP address */
+  ipAddress?: string;
+  /** User agent */
+  userAgent?: string;
+  /** Custom metadata */
+  metadata?: Record<string, unknown>;
+  /** When the action occurred */
+  timestamp: Date;
+}
+interface AuditContext {
+  user?: UserBase;
+  organizationId?: string;
+  requestId?: string;
+  ipAddress?: string;
+  userAgent?: string;
+  /** HTTP method + route pattern (e.g., 'PATCH /api/products/:id') */
+  endpoint?: string;
+  /** Request duration in milliseconds */
+  duration?: number;
+}
+interface AuditStoreOptions {
+  /** Store name for logging */
+  name: string;
+}
+/**
+ * Abstract audit store interface
+ */
+interface AuditStore {
+  /** Store name */
+  readonly name: string;
+  /** Log an audit entry */
+  log(entry: AuditEntry): Promise<void>;
+  /** Query audit logs (optional - not all stores support querying) */
+  query?(options: AuditQueryOptions): Promise<AuditEntry[]>;
+  /**
+   * Purge entries older than `cutoff`, return count deleted. Optional —
+   * stores that don't support deletion (append-only emitters like Kafka,
+   * S3 archivers) simply omit this method and are skipped by
+   * `fastify.audit.purge(...)`. Mongo-backed repositories can also rely
+   * on a server-side TTL index instead of calling this; the method is
+   * the DB-agnostic escape hatch.
+   */
+  purgeOlderThan?(cutoff: Date): Promise<number>;
+  /** Close/cleanup (optional) */
+  close?(): Promise<void>;
+}
+interface AuditQueryOptions {
+  resource?: string;
+  documentId?: string;
+  userId?: string;
+  organizationId?: string;
+  action?: AuditAction | AuditAction[];
+  from?: Date;
+  to?: Date;
+  limit?: number;
+  offset?: number;
+}
+/**
+ * Create audit entry from context
+ */
+declare function createAuditEntry(resource: string, documentId: string, action: AuditAction, context: AuditContext, data?: {
+  before?: Record<string, unknown>;
+  after?: Record<string, unknown>;
+  metadata?: Record<string, unknown>;
+}): AuditEntry;
+//#endregion
 //#region src/audit/auditPlugin.d.ts
 interface AuditPluginOptions {
   /** Enable audit logging (default: false) */
   enabled?: boolean;
-  /** Storage backends to use */
-  stores?: ("memory" | "mongodb")[];
-  /** MongoDB connection (required if using mongodb store) */
-  mongoConnection?: MongoConnection;
-  /** MongoDB collection name (default: 'audit_logs') */
-  mongoCollection?: string;
-  /** TTL in days for MongoDB (default: 90) */
-  ttlDays?: number;
-  /** Custom stores (advanced) */
+  /**
+   * Repository managing the audit collection. Arc consumes it **directly**
+   * — no wrapping, no aliases, no proxy classes. Pass any object that
+   * implements arc's `RepositoryLike` (mongokit's `Repository`, prismakit's
+   * repo, a custom implementation). Arc calls `repository.create(entry)` to
+   * log and `repository.findAll(filter, options)` to query.
+   *
+   * If neither `repository` nor `customStores` is provided, falls back to
+   * `MemoryAuditStore` (intended for dev / tests only).
+   */
+  repository?: RepositoryLike;
+  /**
+   * Custom audit stores — for backends that aren't repositories (Kafka, S3,
+   * OpenTelemetry exporter, etc.). Each must implement the `AuditStore`
+   * interface. `repository` and `customStores` compose: entries get logged
+   * to every store.
+   */
   customStores?: AuditStore[];
+  /**
+   * Retention policy — optional. Entries older than `maxAgeMs` are purged
+   * on a timer (`purgeIntervalMs`, default 24h). Stores that implement
+   * `purgeOlderThan` participate; append-only stores are skipped.
+   *
+   * Apps on MongoDB can instead declare a TTL index on the audit
+   * collection's `timestamp` field — server-side TTL is cheaper than a
+   * periodic delete. Both approaches coexist: `fastify.audit.purge(...)`
+   * is always available for manual / cron-driven purges.
+   *
+   * Set `purgeIntervalMs: 0` to skip the timer (manual purge only).
+   */
+  retention?: {
+    /** Max entry age in ms. Entries with `timestamp < now - maxAgeMs` are purged. */maxAgeMs: number; /** Interval between purges in ms. Default 86_400_000 (24h). 0 disables the timer. */
+    purgeIntervalMs?: number;
+  };
   /**
    * Automatically audit CRUD operations via the hook system (default: true when enabled).
    * When enabled, create/update/delete operations are auto-logged without manual calls.
@@ -78,10 +192,19 @@ interface AuditLogger {
   custom: (resource: string, documentId: string, action: string, data?: Record<string, unknown>, context?: AuditContext) => Promise<void>;
   /** Query audit logs (if stores support it) */
   query: (options: AuditQueryOptions) => Promise<AuditEntry[]>;
+  /**
+   * Purge audit entries older than `cutoff` across every registered store.
+   * Returns the total number of entries deleted. Stores that don't support
+   * deletion (append-only emitters) are skipped silently.
+   */
+  purge: (cutoff: Date) => Promise<number>;
 }
 declare const auditPlugin: FastifyPluginAsync<AuditPluginOptions>;
 declare const _default: FastifyPluginAsync<AuditPluginOptions>;
 //#endregion
+//#region src/audit/repository-audit-adapter.d.ts
+declare function repositoryAsAuditStore(repository: RepositoryLike): AuditStore;
+//#endregion
 //#region src/audit/stores/memory.d.ts
 interface MemoryAuditStoreOptions {
   /** Maximum entries to keep (default: 1000) */
@@ -94,6 +217,7 @@ declare class MemoryAuditStore implements AuditStore {
   constructor(options?: MemoryAuditStoreOptions);
   log(entry: AuditEntry): Promise<void>;
   query(options?: AuditQueryOptions): Promise<AuditEntry[]>;
+  purgeOlderThan(cutoff: Date): Promise<number>;
   close(): Promise<void>;
   /** Get all entries (for testing) */
   getAll(): AuditEntry[];
@@ -101,4 +225,4 @@ declare class MemoryAuditStore implements AuditStore {
   clear(): void;
 }
 //#endregion
-export { type AuditAction, type AuditContext, type AuditEntry, type AuditLogger, type AuditPluginOptions, type AuditQueryOptions, type AuditStore, type AuditStoreOptions, MemoryAuditStore, type MemoryAuditStoreOptions, type MongoAuditStoreOptions, _default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry };
+export { type AuditAction, type AuditContext, type AuditEntry, type AuditLogger, type AuditPluginOptions, type AuditQueryOptions, type AuditStore, type AuditStoreOptions, MemoryAuditStore, type MemoryAuditStoreOptions, _default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry, repositoryAsAuditStore };

package/dist/audit/index.mjs

@@ -1,5 +1,77 @@
-import { t as MongoAuditStore } from "../mongodb-Utc5k_-0.mjs";
 import fp from "fastify-plugin";
+//#region src/audit/repository-audit-adapter.ts
+function repositoryAsAuditStore(repository) {
+	return {
+		name: "repository",
+		async log(entry) {
+			const doc = {
+				_id: entry.id,
+				id: entry.id,
+				resource: entry.resource,
+				documentId: entry.documentId,
+				action: entry.action,
+				userId: entry.userId,
+				organizationId: entry.organizationId,
+				before: entry.before,
+				after: entry.after,
+				changes: entry.changes,
+				requestId: entry.requestId,
+				ipAddress: entry.ipAddress,
+				userAgent: entry.userAgent,
+				metadata: entry.metadata,
+				timestamp: entry.timestamp
+			};
+			await repository.create(doc);
+		},
+		async purgeOlderThan(cutoff) {
+			if (!repository.deleteMany) return 0;
+			return (await repository.deleteMany({ timestamp: { $lt: cutoff } })).deletedCount ?? 0;
+		},
+		async query(opts = {}) {
+			if (!repository.getAll) throw new Error("auditPlugin: repository.getAll is required for query(). It's on repo-core's MinimalRepo floor — every kit (mongokit, sqlitekit, custom) implements it.");
+			const filter = {};
+			if (opts.resource) filter.resource = opts.resource;
+			if (opts.documentId) filter.documentId = opts.documentId;
+			if (opts.userId) filter.userId = opts.userId;
+			if (opts.organizationId) filter.organizationId = opts.organizationId;
+			if (opts.action) {
+				const actions = Array.isArray(opts.action) ? opts.action : [opts.action];
+				filter.action = actions.length === 1 ? actions[0] : { $in: actions };
+			}
+			if (opts.from || opts.to) {
+				const range = {};
+				if (opts.from) range.$gte = opts.from;
+				if (opts.to) range.$lte = opts.to;
+				filter.timestamp = range;
+			}
+			const limit = opts.limit ?? 100;
+			const page = Math.floor((opts.offset ?? 0) / limit) + 1;
+			const result = await repository.getAll({
+				filters: filter,
+				sort: { timestamp: -1 },
+				page,
+				limit
+			});
+			return (Array.isArray(result) ? result : result.docs ?? []).map((d) => ({
+				id: String(d._id ?? d.id ?? ""),
+				resource: d.resource ?? "",
+				documentId: d.documentId ?? "",
+				action: d.action ?? "create",
+				userId: d.userId,
+				organizationId: d.organizationId,
+				before: d.before,
+				after: d.after,
+				changes: d.changes,
+				requestId: d.requestId,
+				ipAddress: d.ipAddress,
+				userAgent: d.userAgent,
+				metadata: d.metadata,
+				timestamp: d.timestamp ?? /* @__PURE__ */ new Date()
+			}));
+		}
+	};
+}
+//#endregion
 //#region src/audit/stores/interface.ts
 /**
 * Create audit entry from context
@@ -81,6 +153,11 @@ var MemoryAuditStore = class {
 		results = results.slice(offset, offset + limit);
 		return results;
 	}
+	async purgeOlderThan(cutoff) {
+		const before = this.entries.length;
+		this.entries = this.entries.filter((e) => e.timestamp >= cutoff);
+		return before - this.entries.length;
+	}
 	async close() {
 		this.entries = [];
 	}
@@ -96,28 +173,17 @@ var MemoryAuditStore = class {
 //#endregion
 //#region src/audit/auditPlugin.ts
 const auditPlugin = async (fastify, opts = {}) => {
-	const { enabled = false, stores: storeTypes = ["memory"], mongoConnection, mongoCollection = "audit_logs", ttlDays = 90, customStores = [] } = opts;
+	const { enabled = false, repository, customStores = [] } = opts;
 	if (!enabled) {
 		fastify.decorate("audit", createNoopLogger());
 		fastify.decorateRequest("auditContext", void 0);
 		fastify.log?.debug?.("Audit plugin disabled");
 		return;
 	}
-	const stores = [...customStores];
-	for (const type of storeTypes) switch (type) {
-		case "memory":
-			stores.push(new MemoryAuditStore());
-			break;
-		case "mongodb":
-			if (!mongoConnection) throw new Error("Audit: mongoConnection required for mongodb store");
-			stores.push(new MongoAuditStore({
-				connection: mongoConnection,
-				collection: mongoCollection,
-				ttlDays
-			}));
-			break;
-	}
-	if (stores.length === 0) throw new Error("Audit: at least one store must be configured");
+	const stores = [];
+	if (repository) stores.push(repositoryAsAuditStore(repository));
+	stores.push(...customStores);
+	if (stores.length === 0) stores.push(new MemoryAuditStore());
 	async function logToStores(entry) {
 		await Promise.all(stores.map((store) => store.log(entry)));
 	}
@@ -146,6 +212,11 @@ const auditPlugin = async (fastify, opts = {}) => {
 		async query(options) {
 			for (const store of stores) if (store.query) return store.query(options);
 			return [];
+		},
+		async purge(cutoff) {
+			let total = 0;
+			for (const store of stores) if (store.purgeOlderThan) total += await store.purgeOlderThan(cutoff);
+			return total;
 		}
 	};
 	fastify.decorate("audit", audit);
@@ -170,7 +241,22 @@ const auditPlugin = async (fastify, opts = {}) => {
 			request.auditContext.duration = Math.round(reply.elapsedTime);
 		}
 	});
+	const retention = opts.retention;
+	let retentionTimer = null;
+	if (retention) {
+		const interval = retention.purgeIntervalMs ?? 864e5;
+		if (interval > 0) {
+			retentionTimer = setInterval(() => {
+				const cutoff = new Date(Date.now() - retention.maxAgeMs);
+				audit.purge(cutoff).catch((err) => {
+					fastify.log?.warn?.({ err }, "audit retention purge failed");
+				});
+			}, interval);
+			retentionTimer.unref?.();
+		}
+	}
 	fastify.addHook("onClose", async () => {
+		if (retentionTimer) clearInterval(retentionTimer);
 		await Promise.all(stores.map((store) => store.close?.()));
 	});
 	const autoAuditConfig = opts.autoAudit ?? true;
@@ -232,7 +318,7 @@ const auditPlugin = async (fastify, opts = {}) => {
 			}, "Auto-audit hooks registered");
 		});
 	}
-	fastify.log?.debug?.({ stores: storeTypes }, "Audit plugin enabled");
+	fastify.log?.debug?.({ stores: stores.map((s) => s.name) }, "Audit plugin enabled");
 };
 /** Extract document ID from a result */
 function autoAuditExtractId(doc) {
@@ -264,7 +350,8 @@ function createNoopLogger() {
 		delete: noop,
 		restore: noop,
 		custom: noop,
-		query: async () => []
+		query: async () => [],
+		purge: async () => 0
 	};
 }
 var auditPlugin_default = fp(auditPlugin, {
@@ -273,4 +360,4 @@ var auditPlugin_default = fp(auditPlugin, {
 	dependencies: ["arc-core"]
 });
 //#endregion
-export { MemoryAuditStore, auditPlugin_default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry };
+export { MemoryAuditStore, auditPlugin_default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry, repositoryAsAuditStore };

package/dist/auth/index.d.mts

@@ -1,8 +1,8 @@
-import { b as AuthPluginOptions, y as AuthHelpers } from "../interface-CMRutPfe.mjs";
-import { t as PermissionCheck } from "../types-DZi1aYhm.mjs";
-import { t as ExternalOpenApiPaths } from "../externalPaths-BnkYrNzp.mjs";
-import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-DDCmiNIo.mjs";
-import { FastifyPluginAsync, FastifyReply as FastifyReply$1, FastifyRequest as FastifyRequest$1 } from "fastify";
+import { c as PermissionCheck } from "../fields-Lo1VUDpt.mjs";
+import { A as AuthHelpers, j as AuthPluginOptions } from "../index-Cl0uoKd5.mjs";
+import { t as ExternalOpenApiPaths } from "../externalPaths-BQ8QijNH.mjs";
+import { a as SessionManagerOptions, c as createSessionManager, i as SessionData, n as MemorySessionStoreOptions, o as SessionManagerResult, r as SessionCookieOptions, s as SessionStore, t as MemorySessionStore } from "../sessionManager-BkzVU8h2.mjs";
+import { FastifyPluginAsync, FastifyReply as FastifyReply$1, FastifyRequest } from "fastify";
 
 //#region src/auth/authPlugin.d.ts
 declare module "fastify" {
@@ -17,6 +17,14 @@ declare module "fastify" {
     auth: AuthHelpers;
   }
 }
+/**
+ * Extract Bearer token from Authorization header.
+ *
+ * Exported for property-based test coverage — the contract is:
+ *  - header must start with exactly `"Bearer "` (case-sensitive, one space)
+ *  - everything after that prefix is returned verbatim (no trim, no parse)
+ *  - missing header → `null`; any other shape → `null`
+ */
 declare const authPlugin: FastifyPluginAsync<AuthPluginOptions>;
 declare const _default: FastifyPluginAsync<AuthPluginOptions>;
 //#endregion
@@ -90,9 +98,9 @@ interface BetterAuthAdapterResult {
   /** Fastify plugin that registers catch-all auth routes */
   plugin: FastifyPluginAsync;
   /** Authenticate preHandler -- validates session via Better Auth */
-  authenticate: (request: FastifyRequest$1, reply: FastifyReply$1) => Promise<void>;
+  authenticate: (request: FastifyRequest, reply: FastifyReply$1) => Promise<void>;
   /** Optional authenticate -- resolves session silently, continues as unauthenticated on failure */
-  optionalAuthenticate: (request: FastifyRequest$1, reply: FastifyReply$1) => Promise<void>;
+  optionalAuthenticate: (request: FastifyRequest, reply: FastifyReply$1) => Promise<void>;
   /** Permission helpers bound to this auth adapter (available when orgContext is enabled) */
   permissions: {
     requireOrgRole: (...roles: string[]) => PermissionCheck;
@@ -109,7 +117,7 @@ declare module "fastify" {
      * Validates session by calling Better Auth's session endpoint internally.
      * Set by the Better Auth adapter plugin.
      */
-    authenticate: (request: FastifyRequest$1, reply: FastifyReply$1) => Promise<void>;
+    authenticate: (request: FastifyRequest, reply: FastifyReply$1) => Promise<void>;
     /**
      * Optional authenticate middleware (Better Auth variant).
      * Tries to resolve session silently — populates request.user if valid,
@@ -117,7 +125,7 @@ declare module "fastify" {
      * Used on allowPublic() routes so downstream middleware can apply
      * org-scoped queries when a user IS authenticated.
      */
-    optionalAuthenticate: (request: FastifyRequest$1, reply: FastifyReply$1) => Promise<void>;
+    optionalAuthenticate: (request: FastifyRequest, reply: FastifyReply$1) => Promise<void>;
   }
 }
 /**

package/dist/auth/index.mjs

@@ -1,7 +1,7 @@
-import { n as normalizeRoles, t as getUserRoles } from "../types-ZUu_h0jp.mjs";
-import { t as ArcError } from "../errors-BF2bIOIS.mjs";
-import { h as requireTeamMembership, l as requireOrgMembership, u as requireOrgRole } from "../permissions-CH4cNwJi.mjs";
-import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-BuUcUEJq.mjs";
+import { n as normalizeRoles, t as getUserRoles } from "../types-DV9WDfeg.mjs";
+import { t as ArcError } from "../errors-D5c-5BJL.mjs";
+import { _ as requireTeamMembership, m as requireOrgRole, p as requireOrgMembership } from "../permissions-Dk6mshja.mjs";
+import { n as extractBetterAuthOpenApi } from "../betterAuthOpenApi-BBRVhjQN.mjs";
 import { createHmac, randomUUID, timingSafeEqual } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/auth/authPlugin.ts
@@ -21,7 +21,12 @@ function parseExpiresIn(input, defaultValue) {
 	}[match[2]?.toLowerCase() ?? "s"] ?? 1);
 }
 /**
-* Extract Bearer token from Authorization header
+* Extract Bearer token from Authorization header.
+*
+* Exported for property-based test coverage — the contract is:
+*  - header must start with exactly `"Bearer "` (case-sensitive, one space)
+*  - everything after that prefix is returned verbatim (no trim, no parse)
+*  - missing header → `null`; any other shape → `null`
 */
 function extractBearerToken(request) {
 	const auth = request.headers.authorization;
@@ -29,7 +34,7 @@ function extractBearerToken(request) {
 	return auth.slice(7);
 }
 const authPlugin = async (fastify, opts = {}) => {
-	const { jwt: jwtConfig, authenticate: appAuthenticator, onFailure, userProperty = "user", exposeAuthErrors = false, tokenExtractor, isRevoked } = opts;
+	const { jwt: jwtConfig, authenticate: appAuthenticator, onFailure, userProperty = "user", exposeAuthErrors = false, tokenExtractor, isRevoked, strictTokenType = true } = opts;
 	/** Extract token from request — uses custom extractor if provided, else Bearer header */
 	const resolveToken = (request) => {
 		if (tokenExtractor) return tokenExtractor(request);
@@ -84,6 +89,7 @@ const authPlugin = async (fastify, opts = {}) => {
 				if (token) {
 					const decoded = jwtContext.verify(token);
 					if (decoded.type === "refresh") throw new Error("Refresh tokens cannot be used for authentication");
+					if (strictTokenType && decoded.type !== "access") throw new Error("Invalid token type: expected access token");
 					user = decoded;
 				}
 			} else throw new Error("No authenticator configured. Provide auth.authenticate function or auth.jwt.secret.");
@@ -146,6 +152,7 @@ const authPlugin = async (fastify, opts = {}) => {
 				if (token) {
 					const decoded = jwtContext.verify(token);
 					if (decoded.type === "refresh") return;
+					if (strictTokenType && decoded.type !== "access") return;
 					user = decoded;
 				}
 			}
@@ -677,7 +684,7 @@ function createBetterAuthAdapter(options) {
 		if (!fastify.hasDecorator("authenticate")) fastify.decorate("authenticate", authenticate);
 		if (!fastify.hasDecorator("optionalAuthenticate")) fastify.decorate("optionalAuthenticate", optionalAuthenticate);
 		if (!extractedOpenApi && openapiOpt !== false && auth.api && typeof auth.api === "object") {
-			const { extractBetterAuthOpenApi } = await import("../betterAuthOpenApi-BuUcUEJq.mjs").then((n) => n.t);
+			const { extractBetterAuthOpenApi } = await import("../betterAuthOpenApi-BBRVhjQN.mjs").then((n) => n.t);
 			extractedOpenApi = extractBetterAuthOpenApi(auth.api, {
 				basePath,
 				userFields

package/dist/auth/redis-session.d.mts

@@ -1,4 +1,4 @@
-import { i as SessionData, s as SessionStore } from "../sessionManager-DDCmiNIo.mjs";
+import { i as SessionData, s as SessionStore } from "../sessionManager-BkzVU8h2.mjs";
 
 //#region src/auth/redis-session.d.ts
 /** Minimal Redis client interface — compatible with ioredis */

package/dist/{betterAuthOpenApi-BuUcUEJq.mjs → betterAuthOpenApi-BBRVhjQN.mjs}

@@ -1,5 +1,5 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
-import { a as toJsonSchema } from "./schemaConverter-Y7nCYaLJ.mjs";
+import { a as toJsonSchema } from "./schemaConverter-BxFDdtXu.mjs";
 //#region src/auth/betterAuthOpenApi.ts
 var betterAuthOpenApi_exports = /* @__PURE__ */ __exportAll({ extractBetterAuthOpenApi: () => extractBetterAuthOpenApi });
 /**

package/dist/cache/index.d.mts

@@ -1,5 +1,5 @@
-import { i as CacheStore, n as CacheSetOptions, r as CacheStats, t as CacheLogger } from "../interface-4y979v99.mjs";
-import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-BJJGBTlu.mjs";
+import { n as CacheStats, r as CacheStore, t as CacheLogger } from "../interface-D218ikEo.mjs";
+import { a as CacheEnvelope, c as QueryCache, i as queryCachePlugin, l as QueryCacheConfig, n as QueryCacheDefaults, o as CacheResult, r as QueryCachePluginOptions, s as CacheStatus, t as CrossResourceRule } from "../queryCachePlugin-BKbWjgDG.mjs";
 
 //#region src/cache/keys.d.ts
 /**
@@ -24,8 +24,8 @@ declare function hashParams(params: Record<string, unknown>): string;
 //#endregion
 //#region src/cache/memory.d.ts
 interface MemoryCacheStoreOptions {
-  /** Default TTL in milliseconds (default: 60_000) */
-  defaultTtlMs?: number;
+  /** Default TTL in seconds (default: 60) */
+  defaultTtlSeconds?: number;
   /** Hard upper bound for entries (default: 1000) */
   maxEntries?: number;
   /** Background cleanup interval in milliseconds (default: 30_000) */
@@ -59,7 +59,7 @@ interface MemoryCacheStoreOptions {
 declare class MemoryCacheStore<TValue = unknown> implements CacheStore<TValue> {
   readonly name = "memory-cache";
   private readonly cache;
-  private readonly defaultTtlMs;
+  private readonly defaultTtlSeconds;
   private readonly maxEntries;
   private readonly maxEntryBytes;
   private readonly maxMemoryBytes;
@@ -72,9 +72,9 @@ declare class MemoryCacheStore<TValue = unknown> implements CacheStore<TValue> {
   private _evictions;
   constructor(options?: MemoryCacheStoreOptions);
   get(key: string): Promise<TValue | undefined>;
-  set(key: string, value: TValue, options?: CacheSetOptions): Promise<void>;
+  set(key: string, value: TValue, ttlSeconds?: number): Promise<void>;
   delete(key: string): Promise<void>;
-  clear(): Promise<void>;
+  clear(pattern?: string): Promise<void>;
   close(): Promise<void>;
   stats(): CacheStats;
   private removeEntry;
@@ -112,8 +112,8 @@ interface RedisCacheStoreOptions {
   client: RedisCacheClient;
   /** Key prefix for namespacing (default: 'arc:cache:') */
   prefix?: string;
-  /** Default TTL in milliseconds (default: 60_000) */
-  defaultTtlMs?: number;
+  /** Default TTL in seconds (default: 60) */
+  defaultTtlSeconds?: number;
   /** Maximum serialized entry size in bytes. Oversized entries are skipped. */
   maxEntryBytes?: number;
 }
@@ -126,17 +126,19 @@ declare class RedisCacheStore<TValue = unknown> implements CacheStore<TValue> {
   readonly name = "redis-cache";
   private readonly client;
   private readonly prefix;
-  private readonly defaultTtlMs;
+  private readonly defaultTtlSeconds;
   private readonly maxEntryBytes;
   private _hits;
   private _misses;
   constructor(options: RedisCacheStoreOptions);
   get(key: string): Promise<TValue | undefined>;
-  set(key: string, value: TValue, options?: CacheSetOptions): Promise<void>;
+  set(key: string, value: TValue, ttlSeconds?: number): Promise<void>;
   delete(key: string): Promise<void>;
-  clear(): Promise<void>;
-  /** Delete all keys matching `this.prefix + prefix + *`. Returns count deleted. */
-  deleteByPrefix(prefix: string): Promise<number>;
+  /**
+   * Invalidate keys. Pass a glob pattern to delete a subset (`user:*:v2`);
+   * omit to clear every key under this store's prefix.
+   */
+  clear(pattern?: string): Promise<void>;
   stats(): CacheStats;
   private scanAndDelete;
   private withPrefix;
@@ -212,4 +214,4 @@ interface UpstashRedisLike {
  */
 declare function upstashAsCacheClient(client: UpstashRedisLike): RedisCacheClient;
 //#endregion
-export { type CacheEnvelope, type CacheLogger, type CacheResult, type CacheSetOptions, type CacheStats, type CacheStatus, type CacheStore, type CrossResourceRule, type IoredisLike, MemoryCacheStore, type MemoryCacheStoreOptions, QueryCache, type QueryCacheConfig, type QueryCacheDefaults, type QueryCachePluginOptions, type RedisCacheClient, RedisCacheStore, type RedisCacheStoreOptions, type RedisPipeline, type UpstashRedisLike, buildQueryKey, hashParams, ioredisAsCacheClient, queryCachePlugin, tagVersionKey, upstashAsCacheClient, versionKey };
+export { type CacheEnvelope, type CacheLogger, type CacheResult, type CacheStats, type CacheStatus, type CacheStore, type CrossResourceRule, type IoredisLike, MemoryCacheStore, type MemoryCacheStoreOptions, QueryCache, type QueryCacheConfig, type QueryCacheDefaults, type QueryCachePluginOptions, type RedisCacheClient, RedisCacheStore, type RedisCacheStoreOptions, type RedisPipeline, type UpstashRedisLike, buildQueryKey, hashParams, ioredisAsCacheClient, queryCachePlugin, tagVersionKey, upstashAsCacheClient, versionKey };

package/dist/cache/index.mjs

@@ -1,6 +1,6 @@
 import { i as versionKey, n as hashParams, r as tagVersionKey, t as buildQueryKey } from "../keys-qcD-TVJl.mjs";
-import { t as MemoryCacheStore } from "../memory-Cp7_cAko.mjs";
-import { r as QueryCache, t as queryCachePlugin } from "../queryCachePlugin-BH-fidlv.mjs";
+import { t as MemoryCacheStore } from "../memory-B5Amv9A1.mjs";
+import { r as QueryCache, t as queryCachePlugin } from "../queryCachePlugin-DQCEfJis.mjs";
 //#region src/cache/redis.ts
 /**
 * Redis-backed cache store.
@@ -11,14 +11,14 @@ var RedisCacheStore = class {
 	name = "redis-cache";
 	client;
 	prefix;
-	defaultTtlMs;
+	defaultTtlSeconds;
 	maxEntryBytes;
 	_hits = 0;
 	_misses = 0;
 	constructor(options) {
 		this.client = options.client;
 		this.prefix = options.prefix ?? "arc:cache:";
-		this.defaultTtlMs = options.defaultTtlMs ?? 6e4;
+		this.defaultTtlSeconds = options.defaultTtlSeconds ?? 60;
 		this.maxEntryBytes = options.maxEntryBytes ?? 0;
 	}
 	async get(key) {
@@ -36,22 +36,23 @@ var RedisCacheStore = class {
 			return;
 		}
 	}
-	async set(key, value, options = {}) {
-		const ttlMs = options.ttlMs ?? this.defaultTtlMs;
-		if (!Number.isFinite(ttlMs) || ttlMs <= 0) return;
+	async set(key, value, ttlSeconds) {
+		const effectiveTtlSeconds = ttlSeconds ?? this.defaultTtlSeconds;
+		if (!Number.isFinite(effectiveTtlSeconds) || effectiveTtlSeconds <= 0) return;
 		const payload = JSON.stringify(value);
 		if (this.maxEntryBytes > 0 && Buffer.byteLength(payload, "utf8") > this.maxEntryBytes) return;
-		await this.client.set(this.withPrefix(key), payload, { PX: Math.ceil(ttlMs) });
+		await this.client.set(this.withPrefix(key), payload, { EX: Math.ceil(effectiveTtlSeconds) });
 	}
 	async delete(key) {
 		await this.client.del(this.withPrefix(key));
 	}
-	async clear() {
-		await this.scanAndDelete(`${this.prefix}*`);
-	}
-	/** Delete all keys matching `this.prefix + prefix + *`. Returns count deleted. */
-	async deleteByPrefix(prefix) {
-		return this.scanAndDelete(`${this.prefix}${prefix}*`);
+	/**
+	* Invalidate keys. Pass a glob pattern to delete a subset (`user:*:v2`);
+	* omit to clear every key under this store's prefix.
+	*/
+	async clear(pattern) {
+		const scanPattern = pattern ? `${this.prefix}${pattern.includes("*") ? pattern : `${pattern}*`}` : `${this.prefix}*`;
+		await this.scanAndDelete(scanPattern);
 	}
 	stats() {
 		return {

package/dist/{caching-IMuYVjTL.mjs → caching-CBpK_SCM.mjs}

@@ -34,7 +34,7 @@ const cachingPlugin = async (fastify, opts = {}) => {
 		if (rule?.staleWhileRevalidate) parts.push(`stale-while-revalidate=${rule.staleWhileRevalidate}`);
 		return parts.join(", ");
 	}
-	fastify.addHook("onSend", async (request, reply, payload) => {
+	fastify.addHook("preSerialization", async (request, reply, payload) => {
 		const url = request.url;
 		if (exclude.some((p) => url.startsWith(p))) return payload;
 		const method = request.method.toUpperCase();
@@ -48,13 +48,18 @@ const cachingPlugin = async (fastify, opts = {}) => {
 			const rule = findRule(url);
 			reply.header("cache-control", buildCacheControl(rule));
 		}
-		if (etag && payload) {
-			const tag = `"${fnv1a(typeof payload === "string" ? payload : String(payload))}"`;
+		if (etag && payload != null) {
+			let body;
+			if (typeof payload === "string") body = payload;
+			else if (Buffer.isBuffer(payload)) body = payload.toString("utf-8");
+			else body = JSON.stringify(payload);
+			const tag = `"${fnv1a(body)}"`;
 			reply.header("etag", tag);
 			if (conditional) {
 				const ifNoneMatch = request.headers["if-none-match"];
 				if (ifNoneMatch && ifNoneMatch === tag) {
 					reply.code(304);
+					reply.serializer((p) => typeof p === "string" ? p : "");
 					return "";
 				}
 			}