@classytic/arc 2.8.5 → 2.10.3

package/dist/{fields-ipsbIRPK.mjs → fields-bxkeltzz.mjs}

@@ -77,24 +77,37 @@ function applyFieldReadPermissions(data, fieldPermissions, userRoles) {
 }
 /**
 * Apply field-level WRITE permissions to request body.
-* Strips fields that the user doesn't have permission to write.
+*
+* Returns both the filtered body and the list of denied fields. Callers are
+* expected to reject the request when `deniedFields.length > 0` — silently
+* stripping fields hides misconfigurations and real attacks. See
+* `BodySanitizer` for the default policy.
 *
 * @param body - The request body (returns a new filtered copy)
 * @param fieldPermissions - Field permission map from resource config
 * @param userRoles - Current user's roles
-* @returns Filtered body
 */
 function applyFieldWritePermissions(body, fieldPermissions, userRoles) {
 	const result = { ...body };
+	const deniedFields = [];
 	for (const [field, perm] of Object.entries(fieldPermissions)) switch (perm._type) {
 		case "hidden":
-			delete result[field];
+			if (field in result) {
+				deniedFields.push(field);
+				delete result[field];
+			}
 			break;
 		case "writableBy":
-			if (field in result && !perm.roles?.some((r) => userRoles.includes(r))) delete result[field];
+			if (field in result && !perm.roles?.some((r) => userRoles.includes(r))) {
+				deniedFields.push(field);
+				delete result[field];
+			}
 			break;
 	}
-	return result;
+	return {
+		body: result,
+		deniedFields
+	};
 }
 /**
 * Resolve effective roles by merging global user roles with org-level roles.

package/dist/{filesUpload-C7r7HIeA.mjs → filesUpload-t21LS-py.mjs}

@@ -1,11 +1,42 @@
 import { o as getOrgId, p as getUserId } from "./types-AOD8fxIw.mjs";
-import { i as NotFoundError, u as ValidationError } from "./errors-BF2bIOIS.mjs";
-import { n as allowPublic, s as requireAuth } from "./permissions-CH4cNwJi.mjs";
+import { i as NotFoundError, u as ValidationError } from "./errors-D5c-5BJL.mjs";
+import { C as requireAuth, y as allowPublic } from "./permissions-Dk6mshja.mjs";
 //#region src/middleware/multipartBody.ts
 const DEFAULT_MAX_FILE_SIZE$1 = 10 * 1024 * 1024;
 const DEFAULT_MAX_FILES = 5;
 const DEFAULT_FILES_KEY = "_files";
 /**
+* Build a matcher for MIME allow-lists that supports exact (e.g. `image/png`),
+* subtype wildcards (e.g. `image/\*`), and total wildcards (`\*` or `\*\/\*`).
+*
+* Returns `undefined` when no filter is needed — either because the option
+* was omitted or because a total wildcard was present.
+*/
+function buildMimeMatcher(allowed) {
+	if (!allowed || allowed.length === 0) return void 0;
+	const exact = /* @__PURE__ */ new Set();
+	const prefixes = [];
+	for (const entry of allowed) {
+		const value = entry.trim().toLowerCase();
+		if (!value) continue;
+		if (value === "*" || value === "*/*") return void 0;
+		if (value.endsWith("/*")) prefixes.push(value.slice(0, -1));
+		else exact.add(value);
+	}
+	if (exact.size === 0 && prefixes.length === 0) return void 0;
+	return {
+		matches(mime) {
+			const m = mime.toLowerCase();
+			if (exact.has(m)) return true;
+			for (const p of prefixes) if (m.startsWith(p)) return true;
+			return false;
+		},
+		describe() {
+			return [...exact, ...prefixes.map((p) => `${p}*`)].join(", ");
+		}
+	};
+}
+/**
 * Create a multipart body parsing middleware.
 *
 * When a request has `content-type: multipart/form-data`, this middleware:
@@ -20,7 +51,7 @@ const DEFAULT_FILES_KEY = "_files";
 function multipartBody(options = {}) {
 	const maxFileSize = options.maxFileSize ?? DEFAULT_MAX_FILE_SIZE$1;
 	const maxFiles = options.maxFiles ?? DEFAULT_MAX_FILES;
-	const allowedMimeTypes = options.allowedMimeTypes ? new Set(options.allowedMimeTypes) : void 0;
+	const mimeMatcher = buildMimeMatcher(options.allowedMimeTypes);
 	const filesKey = options.filesKey ?? DEFAULT_FILES_KEY;
 	const requiredFields = options.requiredFields && options.requiredFields.length > 0 ? options.requiredFields : void 0;
 	return async function parseMultipartBody(request, reply) {
@@ -36,9 +67,9 @@ function multipartBody(options = {}) {
 			const parts = request.parts();
 			for await (const part of parts) if (part.type === "file") {
 				if (fileCount >= maxFiles) continue;
-				if (allowedMimeTypes && !allowedMimeTypes.has(part.mimetype)) return reply.code(415).send({
+				if (mimeMatcher && !mimeMatcher.matches(part.mimetype)) return reply.code(415).send({
 					success: false,
-					error: `File type '${part.mimetype}' not allowed. Accepted: ${[...allowedMimeTypes].join(", ")}`
+					error: `File type '${part.mimetype}' not allowed. Accepted: ${mimeMatcher.describe()}`
 				});
 				const buffer = await part.toBuffer();
 				if (buffer.length > maxFileSize) return reply.code(413).send({
@@ -155,14 +186,40 @@ function parseRangeHeader(header, totalSize) {
 		end
 	};
 }
+/**
+* Strict policy — rejects filenames that could escape a storage root or
+* confuse a filesystem. Safe default for disk/S3 adapters that compose
+* `${prefix}/${filename}` or `path.join(root, filename)`.
+*/
+function strictFilenamePolicy(filename) {
+	if (filename.length === 0) throw new ValidationError("Upload filename is empty");
+	if (filename.length > 255) throw new ValidationError("Upload filename exceeds 255 characters");
+	if (filename.includes("\0")) throw new ValidationError("Upload filename contains a NUL byte");
+	if (filename.includes("/") || filename.includes("\\")) throw new ValidationError("Upload filename contains a path separator");
+	if (filename === "." || filename === "..") throw new ValidationError("Upload filename is a path traversal component");
+	return filename;
+}
+/** Resolve the user-supplied policy option into a concrete validator. */
+function resolveFilenamePolicy(policy) {
+	if (policy === void 0 || policy === true) return strictFilenamePolicy;
+	if (policy === false || policy === "*") return (f) => f;
+	if (typeof policy === "function") return (filename) => {
+		const result = policy(filename);
+		if (result === false) throw new ValidationError(`Upload filename rejected: ${filename}`);
+		if (typeof result === "string") return result;
+		return filename;
+	};
+	return strictFilenamePolicy;
+}
 function makeUploadHandler(deps) {
 	return async function uploadHandler(request, reply) {
 		const file = (request.body?._files)?.[deps.fieldName];
 		if (!file) throw new ValidationError(`Missing file field '${deps.fieldName}' in multipart body`);
+		const filename = deps.applyFilenamePolicy(file.filename);
 		const ctx = buildStorageContext(request, deps.contextFrom);
 		const result = await deps.storage.upload({
 			buffer: file.buffer,
-			filename: file.filename,
+			filename,
 			mimeType: file.mimetype,
 			size: file.size
 		}, ctx);
@@ -263,7 +320,8 @@ function filesUploadPreset(options) {
 	const deps = {
 		storage: options.storage,
 		fieldName: options.fieldName ?? DEFAULT_FIELD_NAME,
-		contextFrom: options.contextFrom ?? defaultContextFrom
+		contextFrom: options.contextFrom ?? defaultContextFrom,
+		applyFilenamePolicy: resolveFilenamePolicy(options.sanitizeFilename)
 	};
 	const maxFileSize = options.maxFileSize ?? DEFAULT_MAX_FILE_SIZE;
 	const allowedMimeTypes = options.allowedMimeTypes;

package/dist/hooks/index.d.mts

@@ -1,2 +1,2 @@
-import { An as beforeCreate, Cn as HookPhase, Dn as afterCreate, En as HookSystemOptions, Mn as beforeUpdate, Nn as createHookSystem, On as afterDelete, Pn as defineHook, Sn as HookOperation, Tn as HookSystem, bn as HookContext, jn as beforeDelete, kn as afterUpdate, wn as HookRegistration, xn as HookHandler, yn as DefineHookOptions } from "../interface-CMRutPfe.mjs";
+import { $t as HookPhase, Qt as HookOperation, Xt as HookContext, Yt as DefineHookOptions, Zt as HookHandler, an as afterUpdate, cn as beforeUpdate, en as HookRegistration, in as afterDelete, ln as createHookSystem, nn as HookSystemOptions, on as beforeCreate, rn as afterCreate, sn as beforeDelete, tn as HookSystem, un as defineHook } from "../index-Cl0uoKd5.mjs";
 export { type DefineHookOptions, type HookContext, type HookHandler, type HookOperation, type HookPhase, type HookRegistration, HookSystem, type HookSystemOptions, afterCreate, afterDelete, afterUpdate, beforeCreate, beforeDelete, beforeUpdate, createHookSystem, defineHook };

package/dist/hooks/index.mjs

@@ -1,2 +1,2 @@
-import { a as beforeCreate, c as createHookSystem, i as afterUpdate, l as defineHook, n as afterCreate, o as beforeDelete, r as afterDelete, s as beforeUpdate, t as HookSystem } from "../HookSystem-HprTmvVY.mjs";
+import { a as beforeCreate, c as createHookSystem, i as afterUpdate, l as defineHook, n as afterCreate, o as beforeDelete, r as afterDelete, s as beforeUpdate, t as HookSystem } from "../HookSystem-BNYKnrXF.mjs";
 export { HookSystem, afterCreate, afterDelete, afterUpdate, beforeCreate, beforeDelete, beforeUpdate, createHookSystem, defineHook };

package/dist/idempotency/index.d.mts

@@ -1,6 +1,6 @@
-import { i as createIdempotencyResult, n as IdempotencyResult, r as IdempotencyStore, t as IdempotencyLock } from "../interface-DfLGcus7.mjs";
-import { n as MongoIdempotencyStoreOptions } from "../mongodb-CTcp0hQZ.mjs";
-import { i as RedisIdempotencyStoreOptions, n as RedisClient } from "../redis-BM00zaPB.mjs";
+import { kt as RepositoryLike } from "../index-Cl0uoKd5.mjs";
+import { i as createIdempotencyResult, n as IdempotencyResult, r as IdempotencyStore, t as IdempotencyLock } from "../interface-CSbZdv_3.mjs";
+import { i as RedisIdempotencyStoreOptions, n as RedisClient } from "../redis-DqyeggCa.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/idempotency/idempotencyPlugin.d.ts
@@ -19,10 +19,34 @@ interface IdempotencyPluginOptions {
   include?: RegExp[];
   /** URL patterns to exclude (regex). Excluded patterns take precedence */
   exclude?: RegExp[];
-  /** Custom store (default: MemoryIdempotencyStore) */
+  /**
+   * Repository managing the idempotency collection. Arc consumes it directly
+   * — no wrapper classes. Requires `getOne`, `deleteMany`, and
+   * `findOneAndUpdate` (mongokit ≥3.8 implements all three). Pass any
+   * `RepositoryLike` that matches.
+   *
+   * Use `store` (below) when your backend isn't a repository (Redis, memory
+   * for tests, custom). `repository` takes precedence when both are passed.
+   */
+  repository?: RepositoryLike;
+  /**
+   * Non-repository store. Use for Redis (the canonical multi-instance
+   * backend when you don't already have a DB repository), memory (tests),
+   * or custom implementations of `IdempotencyStore`.
+   *
+   * Default: `MemoryIdempotencyStore`.
+   */
   store?: IdempotencyStore;
   /** Retry-After header value in seconds when request is in-flight (default: 1) */
   retryAfterSeconds?: number;
+  /**
+   * Namespace key folded into the fingerprint — use when two deployments share
+   * a single store but should not replay each other's responses (e.g. `api`
+   * vs `jobs` with the same Redis, or prod vs canary sharing one cluster).
+   *
+   * Omit for the common case where the store is per-deployment.
+   */
+  namespace?: string;
 }
 declare module "fastify" {
   interface FastifyRequest {
@@ -58,6 +82,9 @@ declare module "fastify" {
 declare const idempotencyPlugin: FastifyPluginAsync<IdempotencyPluginOptions>;
 declare const _default: FastifyPluginAsync<IdempotencyPluginOptions>;
 //#endregion
+//#region src/idempotency/repository-idempotency-adapter.d.ts
+declare function repositoryAsIdempotencyStore(repository: RepositoryLike, defaultTtlMs: number): IdempotencyStore;
+//#endregion
 //#region src/idempotency/stores/memory.d.ts
 interface MemoryIdempotencyStoreOptions {
   /** Default TTL in milliseconds (default: 86400000 = 24h) */
@@ -93,4 +120,4 @@ declare class MemoryIdempotencyStore implements IdempotencyStore {
   private evictOldest;
 }
 //#endregion
-export { type IdempotencyLock, type IdempotencyPluginOptions, type IdempotencyResult, type IdempotencyStore, MemoryIdempotencyStore, type MemoryIdempotencyStoreOptions, type MongoIdempotencyStoreOptions, type RedisClient, type RedisIdempotencyStoreOptions, createIdempotencyResult, _default as idempotencyPlugin, idempotencyPlugin as idempotencyPluginFn };
+export { type IdempotencyLock, type IdempotencyPluginOptions, type IdempotencyResult, type IdempotencyStore, MemoryIdempotencyStore, type MemoryIdempotencyStoreOptions, type RedisClient, type RedisIdempotencyStoreOptions, createIdempotencyResult, _default as idempotencyPlugin, idempotencyPlugin as idempotencyPluginFn, repositoryAsIdempotencyStore };

package/dist/idempotency/index.mjs

@@ -1,5 +1,113 @@
+import { n as createSafeGetOne, t as createIsDuplicateKeyError } from "../store-helpers-ZCSMJJAX.mjs";
 import { createHash } from "node:crypto";
 import fp from "fastify-plugin";
+//#region src/idempotency/repository-idempotency-adapter.ts
+function repositoryAsIdempotencyStore(repository, defaultTtlMs) {
+	const missing = [];
+	if (typeof repository.getOne !== "function") missing.push("getOne");
+	if (typeof repository.deleteMany !== "function") missing.push("deleteMany");
+	if (typeof repository.findOneAndUpdate !== "function") missing.push("findOneAndUpdate");
+	if (missing.length > 0) throw new Error(`idempotencyPlugin: repository is missing required methods: ${missing.join(", ")}. mongokit ≥3.8 satisfies these; other kits must implement them to back idempotency via a repository.`);
+	const r = repository;
+	const isDuplicateKeyError = createIsDuplicateKeyError(repository);
+	const safeGetOne = createSafeGetOne(repository);
+	const escapeRegex = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+	return {
+		name: "repository",
+		async get(key) {
+			const doc = await safeGetOne({ _id: key });
+			if (!doc?.result) return void 0;
+			if (new Date(doc.expiresAt) < /* @__PURE__ */ new Date()) return void 0;
+			return {
+				key,
+				statusCode: doc.result.statusCode,
+				headers: doc.result.headers,
+				body: doc.result.body,
+				createdAt: new Date(doc.createdAt),
+				expiresAt: new Date(doc.expiresAt)
+			};
+		},
+		async set(key, result) {
+			await r.findOneAndUpdate({ _id: key }, {
+				$set: {
+					result: {
+						statusCode: result.statusCode,
+						headers: result.headers,
+						body: result.body
+					},
+					createdAt: result.createdAt,
+					expiresAt: result.expiresAt
+				},
+				$unset: { lock: "" }
+			}, {
+				upsert: true,
+				returnDocument: "after"
+			});
+		},
+		async tryLock(key, requestId, ttlMs) {
+			const now = /* @__PURE__ */ new Date();
+			const lockExpiresAt = new Date(now.getTime() + ttlMs);
+			const docExpiresAt = new Date(now.getTime() + defaultTtlMs);
+			try {
+				const doc = await r.findOneAndUpdate({
+					_id: key,
+					$or: [{ lock: { $exists: false } }, { "lock.expiresAt": { $lt: now } }]
+				}, {
+					$set: { lock: {
+						requestId,
+						expiresAt: lockExpiresAt
+					} },
+					$setOnInsert: {
+						createdAt: now,
+						expiresAt: docExpiresAt
+					}
+				}, {
+					upsert: true,
+					returnDocument: "after"
+				});
+				return doc !== null && doc !== void 0;
+			} catch (err) {
+				if (isDuplicateKeyError(err)) return false;
+				throw err;
+			}
+		},
+		async unlock(key, requestId) {
+			await r.findOneAndUpdate({
+				_id: key,
+				"lock.requestId": requestId
+			}, { $unset: { lock: "" } });
+		},
+		async isLocked(key) {
+			const doc = await safeGetOne({ _id: key });
+			if (!doc?.lock) return false;
+			return new Date(doc.lock.expiresAt) > /* @__PURE__ */ new Date();
+		},
+		async delete(key) {
+			await r.deleteMany({ _id: key });
+		},
+		async deleteByPrefix(prefix) {
+			return (await r.deleteMany({ _id: { $regex: `^${escapeRegex(prefix)}` } })).deletedCount ?? 0;
+		},
+		async findByPrefix(prefix) {
+			const doc = await safeGetOne({
+				_id: { $regex: `^${escapeRegex(prefix)}` },
+				result: { $exists: true },
+				expiresAt: { $gt: /* @__PURE__ */ new Date() }
+			});
+			if (!doc?.result) return void 0;
+			return {
+				key: doc._id,
+				statusCode: doc.result.statusCode,
+				headers: doc.result.headers,
+				body: doc.result.body,
+				createdAt: new Date(doc.createdAt),
+				expiresAt: new Date(doc.expiresAt)
+			};
+		},
+		async close() {}
+	};
+}
+//#endregion
 //#region src/idempotency/stores/interface.ts
 /**
 * Helper to create a result object
@@ -171,7 +279,8 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 		"POST",
 		"PUT",
 		"PATCH"
-	], include, exclude, store = new MemoryIdempotencyStore({ ttlMs }), retryAfterSeconds = 1 } = opts;
+	], include, exclude, repository, store: explicitStore, retryAfterSeconds = 1, namespace } = opts;
+	const store = repository ? repositoryAsIdempotencyStore(repository, ttlMs) : explicitStore ?? new MemoryIdempotencyStore({ ttlMs });
 	if (!enabled) {
 		fastify.decorate("idempotency", {
 			invalidate: async () => {},
@@ -225,7 +334,7 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 		}
 		const user = request.user;
 		const userId = user?.id ?? user?._id ?? "anon";
-		return `${request.method}:${request.url}:${bodyHash}:u=${userId}`;
+		return `${namespace ? `n=${namespace}:` : ""}${request.method}:${request.url}:${bodyHash}:u=${userId}`;
 	}
 	const idempotencyMiddleware = async (request, reply) => {
 		if (!shouldApplyIdempotency(request)) return;
@@ -252,6 +361,7 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 			return;
 		}
 		request._idempotencyFullKey = fullKey;
+		reply.header(HEADER_IDEMPOTENCY_KEY, idempotencyKey);
 	};
 	fastify.decorate("idempotency", {
 		invalidate: async (key) => {
@@ -262,15 +372,12 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 		},
 		middleware: idempotencyMiddleware
 	});
-	fastify.addHook("onSend", async (request, reply, payload) => {
+	fastify.addHook("preSerialization", async (request, reply, payload) => {
 		if (request.idempotencyReplayed) return payload;
 		const fullKey = request._idempotencyFullKey;
 		if (!fullKey) return payload;
 		const statusCode = reply.statusCode;
-		if (statusCode < 200 || statusCode >= 300) {
-			await store.unlock(fullKey, request.id);
-			return payload;
-		}
+		if (statusCode < 200 || statusCode >= 300) return payload;
 		const headersToCache = {};
 		const excludeHeaders = new Set([
 			"content-length",
@@ -290,13 +397,13 @@ const idempotencyPlugin = async (fastify, opts = {}) => {
 		}
 		const result = createIdempotencyResult(statusCode, body, headersToCache, ttlMs);
 		await store.set(fullKey, result);
-		await store.unlock(fullKey, request.id);
-		reply.header(HEADER_IDEMPOTENCY_KEY, request.idempotencyKey);
 		return payload;
 	});
-	fastify.addHook("onError", async (request) => {
+	fastify.addHook("onResponse", async (request) => {
+		if (request.idempotencyReplayed) return;
 		const fullKey = request._idempotencyFullKey;
-		if (fullKey) await store.unlock(fullKey, request.id);
+		if (!fullKey) return;
+		await store.unlock(fullKey, request.id);
 	});
 	fastify.addHook("onClose", async () => {
 		await store.close?.();
@@ -312,4 +419,4 @@ var idempotencyPlugin_default = fp(idempotencyPlugin, {
 	fastify: "5.x"
 });
 //#endregion
-export { MemoryIdempotencyStore, createIdempotencyResult, idempotencyPlugin_default as idempotencyPlugin, idempotencyPlugin as idempotencyPluginFn };
+export { MemoryIdempotencyStore, createIdempotencyResult, idempotencyPlugin_default as idempotencyPlugin, idempotencyPlugin as idempotencyPluginFn, repositoryAsIdempotencyStore };

package/dist/idempotency/redis.d.mts

@@ -1,2 +1,2 @@
-import { a as UpstashRedisLike, i as RedisIdempotencyStoreOptions, n as RedisClient, o as ioredisAsIdempotencyClient, r as RedisIdempotencyStore, s as upstashAsIdempotencyClient, t as IoredisLike } from "../redis-BM00zaPB.mjs";
+import { a as UpstashRedisLike, i as RedisIdempotencyStoreOptions, n as RedisClient, o as ioredisAsIdempotencyClient, r as RedisIdempotencyStore, s as upstashAsIdempotencyClient, t as IoredisLike } from "../redis-DqyeggCa.mjs";
 export { type IoredisLike, type RedisClient, RedisIdempotencyStore, type RedisIdempotencyStoreOptions, type UpstashRedisLike, ioredisAsIdempotencyClient, upstashAsIdempotencyClient };

package/dist/{index-DtDzOBn8.d.mts → index-8qw4y6ff.d.mts}

@@ -1,7 +1,7 @@
 import { r as RequestScope } from "./types-BD85MlEK.mjs";
-import { D as CrudRouterOptions, Ht as IControllerResponse, N as FastifyWithDecorators, T as CrudController, Ut as IRequestContext, Vt as IController, ct as RequestWithExtras, m as AnyRecord, ot as RequestContext, qt as ResourceDefinition, ut as ResourceConfig } from "./interface-CMRutPfe.mjs";
-import { t as PermissionCheck } from "./types-DZi1aYhm.mjs";
-import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
+import { c as PermissionCheck } from "./fields-Lo1VUDpt.mjs";
+import { B as FastifyWithDecorators, G as ResourceDefinition, St as IRequestContext, Z as CrudController, bt as IController, dn as AnyRecord, lt as ResourceConfig, qt as RequestContext, w as CrudRouterOptions, xt as IControllerResponse } from "./index-Cl0uoKd5.mjs";
+import { FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
 
 //#region src/constants.d.ts
 /**
@@ -52,137 +52,6 @@ declare const MAX_FILTER_DEPTH: 10;
  */
 declare const RESERVED_QUERY_PARAMS: Readonly<Set<string>>;
 //#endregion
-//#region src/core/createActionRouter.d.ts
-/**
- * Action handler function
- * @param id - Resource ID
- * @param data - Action-specific data from request body
- * @param req - Full Fastify request object
- * @returns Action result (will be wrapped in success response)
- */
-type ActionHandler<TData = Record<string, unknown>, TResult = unknown> = (id: string, data: TData, req: RequestWithExtras) => Promise<TResult>;
-/**
- * Action router configuration
- */
-interface ActionRouterConfig {
-  /**
-   * OpenAPI tag for grouping routes
-   */
-  readonly tag?: string;
-  /**
-   * Action handlers map
-   * @example { approve: (id, data, req) => service.approve(id), ... }
-   */
-  readonly actions: Record<string, ActionHandler>;
-  /**
-   * Per-action permission checks (PermissionCheck functions)
-   * @example { approve: requireRoles(['admin', 'manager']), cancel: requireRoles(['admin']) }
-   */
-  readonly actionPermissions?: Record<string, PermissionCheck>;
-  /**
-   * Per-action schema for body validation.
-   *
-   * Accepted shapes per action:
-   *
-   * 1. **Full JSON Schema object** with `type: 'object'`, `properties`, `required` —
-   *    used verbatim. Required fields ARE enforced by Fastify's AJV.
-   *
-   * 2. **Zod v4 schema** — auto-converted via `z.toJSONSchema()`. Required fields
-   *    ARE enforced.
-   *
-   * 3. **Legacy field map** `{ fieldName: { type: 'string' } }` — each key becomes
-   *    a property and is treated as REQUIRED unless the property schema has
-   *    `nullable: true` or Arc's sentinel `required: false`. Kept for back-compat.
-   *
-   * All shapes are compiled into a single `oneOf` discriminator body schema
-   * so AJV can validate action-specific required fields at the HTTP layer.
-   *
-   * @example JSON Schema
-   * ```ts
-   * actionSchemas: {
-   *   dispatch: {
-   *     type: 'object',
-   *     properties: { carrier: { type: 'string' } },
-   *     required: ['carrier'],
-   *   },
-   * }
-   * ```
-   *
-   * @example Zod v4
-   * ```ts
-   * actionSchemas: {
-   *   dispatch: z.object({ carrier: z.string() }),
-   * }
-   * ```
-   */
-  readonly actionSchemas?: Record<string, Record<string, unknown>>;
-  /**
-   * Global permission check applied to all actions (if action-specific not defined)
-   */
-  readonly globalAuth?: PermissionCheck;
-  /**
-   * Optional idempotency service
-   * If provided, will handle idempotency-key header
-   */
-  readonly idempotencyService?: IdempotencyService;
-  /**
-   * Custom error handler for action execution failures
-   * @param error - The error thrown by action handler
-   * @param action - The action that failed
-   * @param id - The resource ID
-   * @returns Status code and error response
-   */
-  readonly onError?: (error: Error, action: string, id: string) => {
-    statusCode: number;
-    error: string;
-    code?: string;
-  };
-}
-/**
- * Idempotency service interface
- * Apps can provide their own implementation
- */
-interface IdempotencyService {
-  check(key: string, payload: unknown): Promise<{
-    isNew: boolean;
-    existingResult?: unknown;
-  }>;
-  complete(key: string | undefined, result: unknown): Promise<void>;
-  fail(key: string | undefined, error: Error): Promise<void>;
-}
-/**
- * Create action-based state transition endpoint
- *
- * Registers: POST /:id/action
- * Body: { action: string, ...actionData }
- *
- * @param fastify - Fastify instance
- * @param config - Action router configuration
- */
-declare function createActionRouter(fastify: FastifyInstance, config: ActionRouterConfig): void;
-/**
- * Build a discriminated body schema for the unified action endpoint.
- *
- * Produces a schema of the form:
- * ```json
- * {
- *   "type": "object",
- *   "required": ["action"],
- *   "oneOf": [
- *     { "properties": { "action": { "const": "dispatch" }, "carrier": {...} }, "required": ["action", "carrier"] },
- *     { "properties": { "action": { "const": "approve" } }, "required": ["action"] }
- *   ]
- * }
- * ```
- *
- * AJV validates this natively, so an action call missing required fields is
- * rejected with HTTP 400 before the handler ever runs.
- *
- * Exported so OpenAPI generation and MCP tool generation can reuse the same
- * schema shape (single source of truth).
- */
-declare function buildActionBodySchema(actionEnum: readonly string[], actionSchemas?: Record<string, Record<string, unknown>>): Record<string, unknown>;
-//#endregion
 //#region src/core/createCrudRouter.d.ts
 /**
  * Create CRUD routes for a controller
@@ -309,4 +178,4 @@ declare function createCrudHandlers<TDoc>(controller: IController<TDoc>): {
   delete: (req: FastifyRequest, reply: FastifyReply) => Promise<void>;
 };
 //#endregion
-export { MUTATION_OPERATIONS as A, HOOK_OPERATIONS as C, MAX_FILTER_DEPTH as D, HookPhase as E, RESERVED_QUERY_PARAMS as M, SYSTEM_FIELDS as N, MAX_REGEX_LENGTH as O, DEFAULT_UPDATE_METHOD as S, HookOperation as T, DEFAULT_ID_FIELD as _, getControllerScope as a, DEFAULT_SORT as b, createCrudRouter as c, ActionRouterConfig as d, IdempotencyService as f, CrudOperation as g, CRUD_OPERATIONS as h, getControllerContext as i, MutationOperation as j, MAX_SEARCH_LENGTH as k, createPermissionMiddleware as l, createActionRouter as m, createFastifyHandler as n, sendControllerResponse as o, buildActionBodySchema as p, createRequestContext as r, defineResourceVariants as s, createCrudHandlers as t, ActionHandler as u, DEFAULT_LIMIT as v, HOOK_PHASES as w, DEFAULT_TENANT_FIELD as x, DEFAULT_MAX_LIMIT as y };
+export { MAX_REGEX_LENGTH as C, RESERVED_QUERY_PARAMS as D, MutationOperation as E, SYSTEM_FIELDS as O, MAX_FILTER_DEPTH as S, MUTATION_OPERATIONS as T, DEFAULT_UPDATE_METHOD as _, getControllerScope as a, HookOperation as b, createCrudRouter as c, CrudOperation as d, DEFAULT_ID_FIELD as f, DEFAULT_TENANT_FIELD as g, DEFAULT_SORT as h, getControllerContext as i, createPermissionMiddleware as l, DEFAULT_MAX_LIMIT as m, createFastifyHandler as n, sendControllerResponse as o, DEFAULT_LIMIT as p, createRequestContext as r, defineResourceVariants as s, createCrudHandlers as t, CRUD_OPERATIONS as u, HOOK_OPERATIONS as v, MAX_SEARCH_LENGTH as w, HookPhase as x, HOOK_PHASES as y };