@classytic/arc 2.8.5 → 2.9.1

package/dist/{resourceToTools-8s-EsCCe.mjs → resourceToTools-C3cWymnW.mjs}

@@ -1,5 +1,5 @@
-import { t as BaseController } from "./BaseController-DAGGc5Xn.mjs";
-import { n as normalizePermissionResult } from "./applyPermissionResult-D6GPMsvh.mjs";
+import { t as BaseController } from "./BaseController-Vu2yc56T.mjs";
+import { n as normalizePermissionResult } from "./applyPermissionResult-bqGpo9ML.mjs";
 import { t as pluralize } from "./pluralize-CWP6MB39.mjs";
 import { z } from "zod";
 //#region src/integrations/mcp/createMcpServer.ts
@@ -568,7 +568,7 @@ function resourceToTools(resource, config = {}) {
 	const hasSoftDelete = resource._appliedPresets?.includes("softDelete") ?? false;
 	const tools = [];
 	const prefix = config.toolNamePrefix;
-	if (!controller) {} else {
+	if (controller) {
 		let ops = ALL_CRUD_OPS.filter((op) => {
 			if (resource.disabledRoutes?.includes(op)) return false;
 			return true;
@@ -595,50 +595,51 @@ function resourceToTools(resource, config = {}) {
 				handler: createHandler(op, controller, resource.name, resource.permissions)
 			});
 		}
-		for (const route of resource.additionalRoutes ?? []) {
-			if (route.mcp === false) continue;
-			const mcpHandler = route.mcpHandler;
-			if (!route.wrapHandler && !mcpHandler) continue;
-			if (!mcpHandler && ![
-				"POST",
-				"PUT",
-				"PATCH",
-				"DELETE"
-			].includes(route.method)) continue;
-			const opName = route.operation ?? slugifyRoute(route.method, route.path);
-			const hasId = route.path.includes(":id");
-			const mcpConfig = typeof route.mcp === "object" && route.mcp !== null ? route.mcp : void 0;
-			const toolDescription = mcpConfig?.description ?? route.summary ?? route.description ?? `${opName} on ${resource.displayName}`;
-			const toolAnnotations = mcpConfig?.annotations ? { ...mcpConfig.annotations } : { openWorldHint: true };
-			const inputShape = {};
-			if (hasId) inputShape.id = z.string().describe("Resource ID");
-			if (mcpHandler) tools.push({
-				name: prefix ? `${prefix}_${opName}_${resource.name}` : `${opName}_${resource.name}`,
-				description: toolDescription,
-				annotations: toolAnnotations,
-				inputSchema: inputShape,
-				handler: async (input, _ctx) => {
-					try {
-						return await mcpHandler(input);
-					} catch (err) {
-						return {
-							content: [{
-								type: "text",
-								text: `Error: ${err instanceof Error ? err.message : String(err)}`
-							}],
-							isError: true
-						};
-					}
+	}
+	for (const route of resource.routes ?? []) {
+		if (route.mcp === false) continue;
+		const mcpHandler = route.mcpHandler;
+		if (!!route.raw && !mcpHandler) continue;
+		if (!mcpHandler && ![
+			"POST",
+			"PUT",
+			"PATCH",
+			"DELETE"
+		].includes(route.method)) continue;
+		if (!mcpHandler && typeof route.handler === "string" && !controller) continue;
+		const opName = route.operation ?? slugifyRoute(route.method, route.path);
+		const hasId = route.path.includes(":id");
+		const mcpConfig = typeof route.mcp === "object" && route.mcp !== null ? route.mcp : void 0;
+		const toolDescription = mcpConfig?.description ?? route.summary ?? route.description ?? `${opName} on ${resource.displayName}`;
+		const toolAnnotations = mcpConfig?.annotations ? { ...mcpConfig.annotations } : { openWorldHint: true };
+		const inputShape = {};
+		if (hasId) inputShape.id = z.string().describe("Resource ID");
+		if (mcpHandler) tools.push({
+			name: prefix ? `${prefix}_${opName}_${resource.name}` : `${opName}_${resource.name}`,
+			description: toolDescription,
+			annotations: toolAnnotations,
+			inputSchema: inputShape,
+			handler: async (input, _ctx) => {
+				try {
+					return await mcpHandler(input);
+				} catch (err) {
+					return {
+						content: [{
+							type: "text",
+							text: `Error: ${err instanceof Error ? err.message : String(err)}`
+						}],
+						isError: true
+					};
 				}
-			});
-			else tools.push({
-				name: prefix ? `${prefix}_${opName}_${resource.name}` : `${opName}_${resource.name}`,
-				description: toolDescription,
-				annotations: toolAnnotations,
-				inputSchema: inputShape,
-				handler: createAdditionalRouteHandler(route, controller, hasId)
-			});
-		}
+			}
+		});
+		else tools.push({
+			name: prefix ? `${prefix}_${opName}_${resource.name}` : `${opName}_${resource.name}`,
+			description: toolDescription,
+			annotations: toolAnnotations,
+			inputSchema: inputShape,
+			handler: createCustomRouteHandler(route, controller, hasId)
+		});
 	}
 	if (resource.actions) for (const [actionName, entry] of Object.entries(resource.actions)) {
 		const def = typeof entry === "function" ? { handler: entry } : entry;
@@ -757,11 +758,27 @@ function createHandler(op, controller, resourceName, permissions) {
 		}
 	};
 }
-function createAdditionalRouteHandler(route, controller, hasId) {
+function createCustomRouteHandler(route, controller, hasId) {
 	const ctrl = controller;
 	const handlerName = typeof route.handler === "string" ? route.handler : route.operation ?? slugifyRoute(route.method, route.path);
 	return async (input, ctx) => {
 		try {
+			if (typeof route.handler === "function") {
+				const reqCtx = buildRequestContext(input, ctx.session, hasId ? "update" : "create");
+				const fn = route.handler;
+				const out = await fn(reqCtx);
+				return toCallToolResult(out !== null && typeof out === "object" && "success" in out ? out : {
+					success: true,
+					data: out
+				});
+			}
+			if (!ctrl) return {
+				content: [{
+					type: "text",
+					text: `Handler "${handlerName}" has no controller available`
+				}],
+				isError: true
+			};
 			const method = ctrl[handlerName];
 			if (typeof method !== "function") return {
 				content: [{

package/dist/rpc/index.d.mts

@@ -1,4 +1,4 @@
-import { r as CircuitBreakerOptions } from "../circuitBreaker-dTtG-UyS.mjs";
+import { r as CircuitBreakerOptions } from "../circuitBreaker-CvXkjfrW.mjs";
 
 //#region src/rpc/serviceClient.d.ts
 interface RetryConfig {

package/dist/rpc/index.mjs

@@ -1,4 +1,4 @@
-import { t as CircuitBreaker } from "../circuitBreaker-cmi5XDv5.mjs";
+import { t as CircuitBreaker } from "../circuitBreaker-l18oRgL5.mjs";
 //#region src/rpc/serviceClient.ts
 /**
 * Service Client — Resource-Oriented RPC

package/dist/{schemaConverter-Y7nCYaLJ.mjs → schemaConverter-BxFDdtXu.mjs}

@@ -85,7 +85,7 @@ function convertOpenApiSchemas(schemas, target = DEFAULT_OPENAPI_TARGET) {
 *
 * JSON Schema values pass through unchanged. Only Zod schemas are converted.
 *
-* Used for both additionalRoutes and customSchemas (CRUD overrides).
+* Used for both custom routes and customSchemas (CRUD overrides).
 *
 * Defaults to `draft-7` so Fastify v5's bundled AJV 8 accepts the output.
 * Pass `openapi-3.0` (or `openapi-3.1`) when generating OpenAPI documents.

package/dist/scope/index.mjs

@@ -1,6 +1,6 @@
 import { _ as isElevated, a as getOrgContext, b as isService, c as getRequestScope, d as getServiceScopes, f as getTeamId, g as isAuthenticated, h as hasOrgAccess, i as getClientId, l as getScopeContext, m as getUserRoles, n as PUBLIC_SCOPE, o as getOrgId, p as getUserId, r as getAncestorOrgIds, s as getOrgRoles, t as AUTHENTICATED_SCOPE, u as getScopeContextMap, v as isMember, y as isOrgInScope } from "../types-AOD8fxIw.mjs";
 import { n as normalizeRoles } from "../types-ZUu_h0jp.mjs";
-import { n as elevation_default, t as elevationPlugin } from "../elevation-DtFxrG0s.mjs";
+import { n as elevation_default, t as elevationPlugin } from "../elevation-DxQ6ACbt.mjs";
 //#region src/scope/rateLimitKey.ts
 function createTenantKeyGenerator(opts) {
 	if (opts?.strategy) return opts.strategy;

package/dist/{sse-Ad7ypl9e.mjs → sse-CJpt7LGI.mjs}

@@ -1,6 +1,6 @@
 import { t as __exportAll } from "./chunk-BpYLSNr0.mjs";
 import { n as PUBLIC_SCOPE, o as getOrgId } from "./types-AOD8fxIw.mjs";
-import { t as arcLog } from "./logger-D1YrIImS.mjs";
+import { t as arcLog } from "./logger-CDjpjySd.mjs";
 import fp from "fastify-plugin";
 //#region src/plugins/sse.ts
 var sse_exports = /* @__PURE__ */ __exportAll({

package/dist/store-helpers-DFiZl5TL.mjs

@@ -0,0 +1,57 @@
+//#region src/adapters/store-helpers.ts
+/**
+* Classify an error thrown by `getOne` / `getById` / `update` as a
+* "document not found" miss. Mongokit uses `status: 404`, Prisma uses
+* `code: 'P2025'`, some kits throw `DocumentNotFoundError`. Kits that
+* return `null` on miss never see this predicate fire — it only kicks in
+* when a driver chose to throw.
+*/
+function isNotFoundError(err) {
+	if (!err || typeof err !== "object") return false;
+	const e = err;
+	if (e.status === 404 || e.statusCode === 404) return true;
+	if (e.code === "P2025") return true;
+	if (e.name === "DocumentNotFoundError") return true;
+	return false;
+}
+/**
+* Build a `safeGetOne(filter)` that papers over the throw-vs-null split
+* in kit implementations. Real errors propagate; miss returns `null`.
+* Throws if the repository lacks `getOne` — callers must check.
+*/
+function createSafeGetOne(repository) {
+	if (typeof repository.getOne !== "function") throw new Error("createSafeGetOne: repository.getOne is required");
+	const getOne = repository.getOne.bind(repository);
+	return async (filter) => {
+		try {
+			return await getOne(filter) ?? null;
+		} catch (err) {
+			if (isNotFoundError(err)) return null;
+			throw err;
+		}
+	};
+}
+/**
+* Build a dup-key predicate for the given repository. Prefers the kit's
+* own `isDuplicateKeyError` (it knows its driver — Mongo `11000`, Prisma
+* `P2002`, Postgres `23505`, MySQL `1062`, etc.); falls back to a
+* conservative Mongo check so mongokit ≤3.8 keeps working without changes.
+*
+* Non-mongo kits MUST implement the predicate to participate in
+* idempotency/outbox dup-handling semantics.
+*
+* `name === "MongoServerError"` alone is deliberately NOT matched — that
+* also fires on WriteConflict / NotWritablePrimary / transient failures,
+* which must propagate rather than silently become 409s.
+*/
+function createIsDuplicateKeyError(repository) {
+	const repoPredicate = typeof repository.isDuplicateKeyError === "function" ? repository.isDuplicateKeyError.bind(repository) : null;
+	return (err) => {
+		if (repoPredicate) return repoPredicate(err);
+		if (!err || typeof err !== "object") return false;
+		const e = err;
+		return e.code === 11e3 || e.codeName === "DuplicateKey";
+	};
+}
+//#endregion
+export { createSafeGetOne as n, createIsDuplicateKeyError as t };

package/dist/testing/index.d.mts

@@ -1,5 +1,5 @@
-import { Zt as CrudRepository, m as AnyRecord, qt as ResourceDefinition } from "../interface-CMRutPfe.mjs";
-import { d as ResourceLike, r as CreateAppOptions } from "../types-Ch9pTQbf.mjs";
+import { Kt as ResourceDefinition, Xt as CrudRepository, p as AnyRecord } from "../interface-YrWsmKqE.mjs";
+import { d as ResourceLike, r as CreateAppOptions } from "../types-CunEX4UX.mjs";
 import { StorageContractSetup, StorageContractSetupResult, runStorageContract } from "./storageContract.mjs";
 import Fastify, { FastifyInstance, FastifyServerOptions } from "fastify";
 import { Connection } from "mongoose";
@@ -631,21 +631,12 @@ declare class TestHarness<T = unknown> {
   private _createdIds;
   constructor(resource: ResourceDefinition<unknown>, options: TestHarnessOptions<T>);
   /**
-   * Run all baseline tests
+   * Run all baseline tests (schema, presets, field permissions, pipeline, events).
    *
-   * Executes CRUD, validation, and preset tests
+   * For HTTP-level CRUD coverage (routes, auth, permissions), use
+   * {@link HttpTestHarness} instead.
    */
   runAll(): void;
-  /**
-   * Run CRUD operation tests (model-level)
-   *
-   * Tests: create, read (list + getById), update, delete
-   *
-   * @deprecated Use `HttpTestHarness.runCrud()` for HTTP-level CRUD tests.
-   * This method tests Mongoose models directly and does not exercise
-   * HTTP routes, authentication, permissions, or the Arc pipeline.
-   */
-  runCrud(): void;
   /**
    * Run validation tests
    *

package/dist/testing/index.mjs

@@ -1,5 +1,5 @@
 import { t as CRUD_OPERATIONS } from "../constants-Cxde4rpC.mjs";
-import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-ipsbIRPK.mjs";
+import { n as applyFieldWritePermissions, t as applyFieldReadPermissions } from "../fields-CU6FlaDV.mjs";
 import { runStorageContract } from "./storageContract.mjs";
 import Fastify from "fastify";
 import mongoose from "mongoose";
@@ -1133,8 +1133,11 @@ function pickResource(value) {
 * harness.runAll();
 *
 * // Or run specific test suites
-* harness.runCrud();
 * harness.runPresets();
+* harness.runValidation();
+*
+* // For HTTP-level CRUD coverage (auth, permissions, routes), use
+* // `HttpTestHarness` from `@classytic/arc/testing`.
 */
 var TestHarness = class {
 	resource;
@@ -1157,12 +1160,12 @@ var TestHarness = class {
 		this.Model = model;
 	}
 	/**
-	* Run all baseline tests
+	* Run all baseline tests (schema, presets, field permissions, pipeline, events).
 	*
-	* Executes CRUD, validation, and preset tests
+	* For HTTP-level CRUD coverage (routes, auth, permissions), use
+	* {@link HttpTestHarness} instead.
 	*/
 	runAll() {
-		this.runCrud();
 		this.runValidation();
 		this.runPresets();
 		this.runFieldPermissions();
@@ -1170,67 +1173,6 @@ var TestHarness = class {
 		this.runEvents();
 	}
 	/**
-	* Run CRUD operation tests (model-level)
-	*
-	* Tests: create, read (list + getById), update, delete
-	*
-	* @deprecated Use `HttpTestHarness.runCrud()` for HTTP-level CRUD tests.
-	* This method tests Mongoose models directly and does not exercise
-	* HTTP routes, authentication, permissions, or the Arc pipeline.
-	*/
-	runCrud() {
-		const { resource, fixtures, Model } = this;
-		describe(`${resource.displayName} CRUD Operations`, () => {
-			beforeAll(async () => {
-				await mongoose.connect(this.mongoUri);
-				if (this.setupFn) await this.setupFn();
-			});
-			afterAll(async () => {
-				if (this._createdIds.length > 0) await Model.deleteMany({ _id: { $in: this._createdIds } });
-				if (this.teardownFn) await this.teardownFn();
-				await mongoose.disconnect();
-			});
-			describe("Create", () => {
-				it("should create a new document with valid data", async () => {
-					const doc = await Model.create(fixtures.valid);
-					this._createdIds.push(doc._id);
-					expect(doc).toBeDefined();
-					expect(doc._id).toBeDefined();
-					for (const [key, value] of Object.entries(fixtures.valid)) if (typeof value !== "object") expect(doc[key]).toEqual(value);
-				});
-				it("should have timestamps", async () => {
-					const doc = await Model.findById(this._createdIds[0]);
-					expect(doc).toBeDefined();
-					expect(doc?.createdAt).toBeDefined();
-					expect(doc?.updatedAt).toBeDefined();
-				});
-			});
-			describe("Read", () => {
-				it("should find document by ID", async () => {
-					expect(await Model.findById(this._createdIds[0])).toBeDefined();
-				});
-				it("should list documents", async () => {
-					const docs = await Model.find({});
-					expect(Array.isArray(docs)).toBe(true);
-					expect(docs.length).toBeGreaterThan(0);
-				});
-			});
-			describe("Update", () => {
-				it("should update document", async () => {
-					const updateData = fixtures.update || { updatedAt: /* @__PURE__ */ new Date() };
-					expect(await Model.findByIdAndUpdate(this._createdIds[0], updateData, { new: true })).toBeDefined();
-				});
-			});
-			describe("Delete", () => {
-				it("should delete document", async () => {
-					const toDelete = await Model.create(fixtures.valid);
-					await Model.findByIdAndDelete(toDelete._id);
-					expect(await Model.findById(toDelete._id)).toBeNull();
-				});
-			});
-		});
-	}
-	/**
 	* Run validation tests
 	*
 	* Tests schema validation, required fields, etc.
@@ -1371,7 +1313,7 @@ var TestHarness = class {
 							expect(result.otherField).toBe("visible");
 						});
 						it(`should strip hidden field '${field}' from writes`, () => {
-							const result = applyFieldWritePermissions({
+							const { body: result } = applyFieldWritePermissions({
 								[field]: "attempt",
 								name: "test"
 							}, fieldPerms, []);
@@ -1392,7 +1334,7 @@ var TestHarness = class {
 						break;
 					case "writableBy":
 						it(`should strip field '${field}' from writes by non-privileged users`, () => {
-							const result = applyFieldWritePermissions({
+							const { body: result } = applyFieldWritePermissions({
 								[field]: "new-value",
 								name: "test"
 							}, fieldPerms, ["viewer"]);
@@ -1402,7 +1344,8 @@ var TestHarness = class {
 						if (perm.roles && perm.roles.length > 0) {
 							const writeRole = perm.roles[0];
 							it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
-								expect(applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole])[field]).toBe("new-value");
+								const { body: result } = applyFieldWritePermissions({ [field]: "new-value" }, fieldPerms, [writeRole]);
+								expect(result[field]).toBe("new-value");
 							});
 						}
 						break;
@@ -1654,10 +1597,11 @@ function runFieldPermissionTests(displayName, fieldPerms) {
 					}, fieldPerms, [])[field]).toBeUndefined();
 				});
 				it(`should strip hidden field '${field}' from writes`, () => {
-					expect(applyFieldWritePermissions({
+					const { body: result } = applyFieldWritePermissions({
 						[field]: "attempt",
 						name: "test"
-					}, fieldPerms, [])[field]).toBeUndefined();
+					}, fieldPerms, []);
+					expect(result[field]).toBeUndefined();
 				});
 				break;
 			case "visibleTo":
@@ -1673,15 +1617,17 @@ function runFieldPermissionTests(displayName, fieldPerms) {
 				break;
 			case "writableBy":
 				it(`should strip field '${field}' from writes by non-privileged users`, () => {
-					expect(applyFieldWritePermissions({
+					const { body: result } = applyFieldWritePermissions({
 						[field]: "v",
 						name: "test"
-					}, fieldPerms, ["_no_role_"])[field]).toBeUndefined();
+					}, fieldPerms, ["_no_role_"]);
+					expect(result[field]).toBeUndefined();
 				});
 				if (perm.roles && perm.roles.length > 0) {
 					const writeRole = perm.roles[0];
 					it(`should allow writing field '${field}' by roles: ${[...perm.roles].join(", ")}`, () => {
-						expect(applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole])[field]).toBe("v");
+						const { body: result } = applyFieldWritePermissions({ [field]: "v" }, fieldPerms, [writeRole]);
+						expect(result[field]).toBe("v");
 					});
 				}
 				break;
@@ -1797,7 +1743,7 @@ function runEventTests(resourceName, displayName, events) {
 * ```
 */
 async function createTestApp(options = {}) {
-	const { createApp } = await import("../createApp-B1EY8zxa.mjs").then((n) => n.r);
+	const { createApp } = await import("../createApp-CBJUJKGP.mjs").then((n) => n.r);
 	const { useInMemoryDb = true, mongoUri: providedMongoUri, ...appOptions } = options;
 	const defaultAuth = {
 		type: "jwt",

package/dist/testing/storageContract.d.mts

@@ -1,4 +1,4 @@
-import { t as Storage } from "../storage-Dfzt4VTl.mjs";
+import { t as Storage } from "../storage-BwGQXUpd.mjs";
 
 //#region src/testing/storageContract.d.ts
 interface StorageContractSetupResult {

package/dist/types/index.d.mts

@@ -1,5 +1,5 @@
 import { _ as isAuthenticated, c as getOrgRoles, g as hasOrgAccess, n as PUBLIC_SCOPE, p as getTeamId, r as RequestScope, s as getOrgId, t as AUTHENTICATED_SCOPE, v as isElevated, y as isMember } from "../types-BD85MlEK.mjs";
-import { $ as PresetFunction, $t as DeleteOptions, A as EventsDecorator, B as InferResourceDoc, Bt as FastifyHandler, C as ConfigError, Ct as TypedResourceConfig, D as CrudRouterOptions, Dt as ValidationResult, E as CrudRouteKey, Et as ValidateOptions, F as GracefulShutdownOptions, G as LookupOption, H as IntrospectionPluginOptions, Ht as IControllerResponse, I as HealthCheck, J as ObjectId, K as MiddlewareConfig, L as HealthOptions, M as FastifyWithAuth, N as FastifyWithDecorators, O as CrudSchemas, Ot as envelope, P as FieldRule, Q as PopulateOption, Qt as DeleteManyResult, R as InferAdapterDoc, Rt as ControllerHandler, S as AuthenticatorContext, St as TypedRepository, T as CrudController, Tt as UserOrganization, U as JWTPayload, Ut as IRequestContext, V as IntrospectionData, Vt as IController, W as JwtContext, Wt as RouteHandler, X as OwnershipCheck, Xt as BulkWriteResult, Y as OpenApiSchemas, Yt as BulkWriteOperation, Z as ParsedQuery, Zt as CrudRepository, _ as ArcInternalMetadata, _t as RouteMcpConfig, an as PaginationParams, at as RegistryStats, b as AuthPluginOptions, bt as TokenPair, cn as RepositorySession, ct as RequestWithExtras, d as ActionHandlerFn, dt as ResourceHookContext, en as DeleteResult, et as PresetHook, f as ActionsMap, ft as ResourceHooks, g as ArcDecorator, gt as RouteHandlerMethod, h as ApiResponse, ht as RouteDefinition, in as PaginatedResult, it as RegistryEntry, j as FastifyRequestExtras, jt as BaseControllerOptions, k as EventDefinition, kt as getUserId, l as ActionDefinition, ln as UpdateManyResult, lt as ResourceCacheConfig, m as AnyRecord, mt as ResourcePermissions, nn as KeysetPaginatedResult, nt as QueryParserInterface, on as PaginationResult, ot as RequestContext, p as AdditionalRoute, pt as ResourceMetadata, q as MiddlewareHandler, rn as OffsetPaginatedResult, rt as RateLimitConfig, sn as QueryOptions, st as RequestIdOptions, tn as InferDoc, tt as PresetResult, u as ActionEntry, un as WriteOptions, ut as ResourceConfig, v as ArcRequest, vt as RouteSchemaOptions, w as ControllerQueryOptions, wt as UserLike, x as Authenticator, xt as TypedController, y as AuthHelpers, yt as ServiceContext, z as InferDocType, zt as ControllerLike } from "../interface-CMRutPfe.mjs";
+import { $ as PresetHook, $t as DeleteResult, A as FastifyRequestExtras, At as BaseControllerOptions, B as IntrospectionData, Bt as IController, C as ControllerQueryOptions, Ct as UserLike, D as CrudSchemas, Dt as envelope, E as CrudRouterOptions, Et as ValidationResult, F as HealthCheck, G as MiddlewareConfig, H as JWTPayload, Ht as IRequestContext, I as HealthOptions, J as OpenApiSchemas, Jt as BulkWriteOperation, K as MiddlewareHandler, L as InferAdapterDoc, Lt as ControllerHandler, M as FastifyWithDecorators, N as FieldRule, O as EventDefinition, Ot as getUserId, P as GracefulShutdownOptions, Q as PresetFunction, Qt as DeleteOptions, R as InferDocType, Rt as ControllerLike, S as ConfigError, St as TypedResourceConfig, T as CrudRouteKey, Tt as ValidateOptions, U as JwtContext, Ut as RouteHandler, V as IntrospectionPluginOptions, Vt as IControllerResponse, W as LookupOption, X as ParsedQuery, Xt as CrudRepository, Y as OwnershipCheck, Yt as BulkWriteResult, Z as PopulateOption, Zt as DeleteManyResult, _ as ArcRequest, _t as RouteSchemaOptions, an as PaginationParams, at as RequestContext, b as Authenticator, bt as TypedController, cn as RepositorySession, ct as ResourceCacheConfig, d as ActionHandlerFn, dt as ResourceHooks, en as FindOneAndUpdateOptions, et as PresetResult, f as ActionsMap, ft as ResourceMetadata, g as ArcInternalMetadata, gt as RouteMcpConfig, h as ArcDecorator, ht as RouteHandlerMethod, in as PaginatedResult, it as RegistryStats, j as FastifyWithAuth, k as EventsDecorator, l as ActionDefinition, ln as UpdateManyResult, lt as ResourceConfig, m as ApiResponse, mt as RouteDefinition, nn as KeysetPaginatedResult, nt as RateLimitConfig, on as PaginationResult, ot as RequestIdOptions, p as AnyRecord, pt as ResourcePermissions, q as ObjectId, rn as OffsetPaginatedResult, rt as RegistryEntry, sn as QueryOptions, st as RequestWithExtras, tn as InferDoc, tt as QueryParserInterface, u as ActionEntry, un as WriteOptions, ut as ResourceHookContext, v as AuthHelpers, vt as ServiceContext, w as CrudController, wt as UserOrganization, x as AuthenticatorContext, xt as TypedRepository, y as AuthPluginOptions, yt as TokenPair, z as InferResourceDoc, zt as FastifyHandler } from "../interface-YrWsmKqE.mjs";
 import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "../types-DZi1aYhm.mjs";
 import { n as ElevationOptions, t as ElevationEvent } from "../elevation-B6S5csVA.mjs";
-export { AUTHENTICATED_SCOPE, ActionDefinition, ActionEntry, ActionHandlerFn, ActionsMap, AdditionalRoute, AnyRecord, ApiResponse, ArcDecorator, ArcInternalMetadata, ArcRequest, AuthHelpers, AuthPluginOptions, Authenticator, AuthenticatorContext, BaseControllerOptions, BulkWriteOperation, BulkWriteResult, ConfigError, ControllerHandler, ControllerLike, ControllerQueryOptions, CrudController, CrudRepository, CrudRouteKey, CrudRouterOptions, CrudSchemas, DeleteManyResult, DeleteOptions, DeleteResult, ElevationEvent, ElevationOptions, EventDefinition, EventsDecorator, FastifyHandler, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, GracefulShutdownOptions, HealthCheck, HealthOptions, IController, IControllerResponse, IRequestContext, InferAdapterDoc, InferDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, JwtContext, KeysetPaginatedResult, LookupOption, MiddlewareConfig, MiddlewareHandler, ObjectId, OffsetPaginatedResult, OpenApiSchemas, OwnershipCheck, PUBLIC_SCOPE, PaginatedResult, PaginationParams, PaginationResult, ParsedQuery, PermissionCheck, PermissionContext, PermissionResult, PopulateOption, PresetFunction, PresetHook, PresetResult, QueryOptions, QueryParserInterface, RateLimitConfig, RegistryEntry, RegistryStats, RepositorySession, RequestContext, RequestIdOptions, RequestScope, RequestWithExtras, ResourceCacheConfig, ResourceConfig, ResourceHookContext, ResourceHooks, ResourceMetadata, ResourcePermissions, RouteDefinition, RouteHandler, RouteHandlerMethod, RouteMcpConfig, RouteSchemaOptions, ServiceContext, TokenPair, TypedController, TypedRepository, TypedResourceConfig, UpdateManyResult, UserBase, UserLike, UserOrganization, ValidateOptions, ValidationResult, WriteOptions, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };
+export { AUTHENTICATED_SCOPE, ActionDefinition, ActionEntry, ActionHandlerFn, ActionsMap, AnyRecord, ApiResponse, ArcDecorator, ArcInternalMetadata, ArcRequest, AuthHelpers, AuthPluginOptions, Authenticator, AuthenticatorContext, BaseControllerOptions, BulkWriteOperation, BulkWriteResult, ConfigError, ControllerHandler, ControllerLike, ControllerQueryOptions, CrudController, CrudRepository, CrudRouteKey, CrudRouterOptions, CrudSchemas, DeleteManyResult, DeleteOptions, DeleteResult, ElevationEvent, ElevationOptions, EventDefinition, EventsDecorator, FastifyHandler, FastifyRequestExtras, FastifyWithAuth, FastifyWithDecorators, FieldRule, FindOneAndUpdateOptions, GracefulShutdownOptions, HealthCheck, HealthOptions, IController, IControllerResponse, IRequestContext, InferAdapterDoc, InferDoc, InferDocType, InferResourceDoc, IntrospectionData, IntrospectionPluginOptions, JWTPayload, JwtContext, KeysetPaginatedResult, LookupOption, MiddlewareConfig, MiddlewareHandler, ObjectId, OffsetPaginatedResult, OpenApiSchemas, OwnershipCheck, PUBLIC_SCOPE, PaginatedResult, PaginationParams, PaginationResult, ParsedQuery, PermissionCheck, PermissionContext, PermissionResult, PopulateOption, PresetFunction, PresetHook, PresetResult, QueryOptions, QueryParserInterface, RateLimitConfig, RegistryEntry, RegistryStats, RepositorySession, RequestContext, RequestIdOptions, RequestScope, RequestWithExtras, ResourceCacheConfig, ResourceConfig, ResourceHookContext, ResourceHooks, ResourceMetadata, ResourcePermissions, RouteDefinition, RouteHandler, RouteHandlerMethod, RouteMcpConfig, RouteSchemaOptions, ServiceContext, TokenPair, TypedController, TypedRepository, TypedResourceConfig, UpdateManyResult, UserBase, UserLike, UserOrganization, ValidateOptions, ValidationResult, WriteOptions, envelope, getOrgId, getOrgRoles, getTeamId, getUserId, hasOrgAccess, isAuthenticated, isElevated, isMember };

package/dist/types/storage.d.mts

@@ -1,2 +1,2 @@
-import { a as StorageReadResult, i as StorageReadRange, n as StorageContext, o as StorageUploadInput, r as StorageFile, t as Storage } from "../storage-Dfzt4VTl.mjs";
+import { a as StorageReadResult, i as StorageReadRange, n as StorageContext, o as StorageUploadInput, r as StorageFile, t as Storage } from "../storage-BwGQXUpd.mjs";
 export { Storage, StorageContext, StorageFile, StorageReadRange, StorageReadResult, StorageUploadInput };

package/dist/{types-BsbNMEDR.d.mts → types-CoSzA-s-.d.mts}

@@ -1,4 +1,4 @@
-import { qt as ResourceDefinition } from "./interface-CMRutPfe.mjs";
+import { Kt as ResourceDefinition } from "./interface-YrWsmKqE.mjs";
 import { z } from "zod";
 
 //#region src/integrations/mcp/types.d.ts

package/dist/{types-Ch9pTQbf.d.mts → types-CunEX4UX.d.mts}

@@ -1,12 +1,12 @@
-import { x as Authenticator } from "./interface-CMRutPfe.mjs";
+import { b as Authenticator } from "./interface-YrWsmKqE.mjs";
 import { n as ElevationOptions } from "./elevation-B6S5csVA.mjs";
-import { t as ExternalOpenApiPaths } from "./externalPaths-BnkYrNzp.mjs";
-import { i as CacheStore } from "./interface-4y979v99.mjs";
-import { r as QueryCachePluginOptions } from "./queryCachePlugin-BJJGBTlu.mjs";
-import { i as EventTransport } from "./EventTransport-BXja8NOc.mjs";
-import { t as EventPluginOptions } from "./eventPlugin-D9DKB2zM.mjs";
-import { f as SSEOptions, h as CachingOptions, i as VersioningOptions, l as MetricsOptions, t as ErrorHandlerOptions } from "./errorHandler-Bah5JhBd.mjs";
-import { r as IdempotencyStore } from "./interface-DfLGcus7.mjs";
+import { t as ExternalOpenApiPaths } from "./externalPaths-Bapitwvd.mjs";
+import { i as CacheStore } from "./interface-DplgQO2e.mjs";
+import { r as QueryCachePluginOptions } from "./queryCachePlugin-CnTZZTC5.mjs";
+import { o as EventTransport } from "./EventTransport-CqZ8FyM_.mjs";
+import { t as EventPluginOptions } from "./eventPlugin-BxvaCIZF.mjs";
+import { a as VersioningOptions, g as CachingOptions, p as SSEOptions, t as ErrorHandlerOptions, u as MetricsOptions } from "./errorHandler-DixGcttC.mjs";
+import { r as IdempotencyStore } from "./interface-B-pe8fhj.mjs";
 import { FastifyInstance, FastifyPluginAsync, FastifyReply, FastifyRequest, FastifyServerOptions } from "fastify";
 
 //#region src/factory/loadResources.d.ts
@@ -409,6 +409,8 @@ interface CreateAppOptions {
   debug?: boolean | string;
   /** Trust proxy headers (X-Forwarded-For, etc.) */
   trustProxy?: boolean;
+  /** Fastify plugin/onReady timeout in ms (default: 10_000). Raise for slow boot work (index materialisation, WAL replay, external warm-up). */
+  pluginTimeout?: number;
   /**
    * Auth configuration
    *

package/dist/utils/index.d.mts

@@ -1,6 +1,6 @@
-import { Y as OpenApiSchemas, Z as ParsedQuery, m as AnyRecord, nt as QueryParserInterface } from "../interface-CMRutPfe.mjs";
-import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-Ck2h67pm.mjs";
-import { a as CircuitBreakerStats, c as createCircuitBreakerRegistry, i as CircuitBreakerRegistry, n as CircuitBreakerError, o as CircuitState, r as CircuitBreakerOptions, s as createCircuitBreaker, t as CircuitBreaker } from "../circuitBreaker-dTtG-UyS.mjs";
+import { J as OpenApiSchemas, X as ParsedQuery, p as AnyRecord, tt as QueryParserInterface } from "../interface-YrWsmKqE.mjs";
+import { a as NotFoundError, c as RateLimitError, d as ValidationError, f as createDomainError, i as ForbiddenError, l as ServiceUnavailableError, m as isArcError, n as ConflictError, o as OrgAccessDeniedError, p as createError, r as ErrorDetails, s as OrgRequiredError, t as ArcError, u as UnauthorizedError } from "../errors-BI8kEKsO.mjs";
+import { a as CircuitBreakerStats, c as createCircuitBreakerRegistry, i as CircuitBreakerRegistry, n as CircuitBreakerError, o as CircuitState, r as CircuitBreakerOptions, s as createCircuitBreaker, t as CircuitBreaker } from "../circuitBreaker-CvXkjfrW.mjs";
 import { FastifyInstance, FastifyReply, FastifyRequest, RouteHandlerMethod } from "fastify";
 
 //#region src/utils/compensation.d.ts
@@ -554,7 +554,7 @@ declare function convertOpenApiSchemas(schemas: OpenApiSchemas, target?: JsonSch
  *
  * JSON Schema values pass through unchanged. Only Zod schemas are converted.
  *
- * Used for both additionalRoutes and customSchemas (CRUD overrides).
+ * Used for both custom routes and customSchemas (CRUD overrides).
  *
  * Defaults to `draft-7` so Fastify v5's bundled AJV 8 accepts the output.
  * Pass `openapi-3.0` (or `openapi-3.1`) when generating OpenAPI documents.

package/dist/utils/index.mjs

@@ -1,7 +1,7 @@
-import { n as createQueryParser, t as ArcQueryParser } from "../queryParser-CgCtsjti.mjs";
-import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-Y7nCYaLJ.mjs";
-import { a as createCircuitBreaker, i as CircuitState, n as CircuitBreakerError, o as createCircuitBreakerRegistry, r as CircuitBreakerRegistry, t as CircuitBreaker } from "../circuitBreaker-cmi5XDv5.mjs";
-import { _ as withCompensation, a as getListQueryParams, c as mutationResponse, d as responses, f as successResponseSchema, g as defineCompensation, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams } from "../utils-yYT3HDXt.mjs";
-import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-BF2bIOIS.mjs";
-import { t as hasEvents } from "../typeGuards-CcFZXgU7.mjs";
+import { a as OrgAccessDeniedError, c as ServiceUnavailableError, d as createDomainError, f as createError, i as NotFoundError, l as UnauthorizedError, n as ConflictError, o as OrgRequiredError, p as isArcError, r as ForbiddenError, s as RateLimitError, t as ArcError, u as ValidationError } from "../errors-CqWnSqM-.mjs";
+import { n as createQueryParser, t as ArcQueryParser } from "../queryParser-Cs-6SHQK.mjs";
+import { a as createCircuitBreaker, i as CircuitState, n as CircuitBreakerError, o as createCircuitBreakerRegistry, r as CircuitBreakerRegistry, t as CircuitBreaker } from "../circuitBreaker-l18oRgL5.mjs";
+import { _ as withCompensation, a as getListQueryParams, c as mutationResponse, d as responses, f as successResponseSchema, g as defineCompensation, h as defineGuard, i as getDefaultCrudSchemas, l as paginationSchema, m as handleRaw, n as deleteResponse, o as itemResponse, p as wrapResponse, r as errorResponseSchema, s as listResponse, t as createStateMachine, u as queryParams } from "../utils-B7FuRr9w.mjs";
+import { a as toJsonSchema, i as isZodSchema, n as convertRouteSchema, r as isJsonSchema, t as convertOpenApiSchemas } from "../schemaConverter-BxFDdtXu.mjs";
+import { t as hasEvents } from "../typeGuards-Cj5Rgvlg.mjs";
 export { ArcError, ArcQueryParser, CircuitBreaker, CircuitBreakerError, CircuitBreakerRegistry, CircuitState, ConflictError, ForbiddenError, NotFoundError, OrgAccessDeniedError, OrgRequiredError, RateLimitError, ServiceUnavailableError, UnauthorizedError, ValidationError, convertOpenApiSchemas, convertRouteSchema, createCircuitBreaker, createCircuitBreakerRegistry, createDomainError, createError, createQueryParser, createStateMachine, defineCompensation, defineGuard, deleteResponse, errorResponseSchema, getDefaultCrudSchemas, getListQueryParams, handleRaw, hasEvents, isArcError, isJsonSchema, isZodSchema, itemResponse, listResponse, mutationResponse, paginationSchema, queryParams, responses, successResponseSchema, toJsonSchema, withCompensation, wrapResponse };

package/dist/{utils-yYT3HDXt.mjs → utils-B7FuRr9w.mjs}

@@ -1,4 +1,4 @@
-import { t as ArcError } from "./errors-BF2bIOIS.mjs";
+import { t as ArcError } from "./errors-CqWnSqM-.mjs";
 //#region src/utils/compensation.ts
 /**
 * Run steps in order with automatic compensation on failure.