@classytic/arc 2.9.1 → 2.10.3

package/README.md

@@ -2,7 +2,7 @@
 
 Database-agnostic resource framework for Fastify. Define resources, get CRUD routes, permissions, presets, caching, events, OpenAPI, and MCP tools — without boilerplate.
 
-**v2.9** | Fastify 5+ | Node.js 22+ | ESM only
+**v2.10** | Fastify 5+ | Node.js 22+ | ESM only
 
 ## Install
 
@@ -65,12 +65,14 @@ const app = await createApp({
 Clean DX without growing exclude lists:
 
 ```typescript
-import { Repository } from '@classytic/mongokit';
+import { Repository, methodRegistryPlugin, batchOperationsPlugin } from '@classytic/mongokit';
 
 // app.ts — pass any RepositoryLike (mongokit / prismakit / custom)
 await fastify.register(auditPlugin, {
   autoAudit: { perResource: true },
-  repository: new Repository(AuditModel),  // or omit for in-memory dev
+  // batchOperationsPlugin enables deleteMany, required for purgeOlderThan()
+  repository: new Repository(AuditModel, [methodRegistryPlugin(), batchOperationsPlugin()]),
+  // or omit `repository` for in-memory dev
 });
 
 // order.resource.ts — opt in
@@ -737,7 +739,6 @@ Arc sets `"sideEffects": false` in [package.json](package.json), so modern bundl
 | `@classytic/arc/presets` | Preset functions + interfaces |
 | `@classytic/arc/audit` | Audit trail |
 | `@classytic/arc/idempotency` | Idempotency |
-| `@classytic/arc/policies` | Policy engine |
 | `@classytic/arc/schemas` | TypeBox helpers |
 | `@classytic/arc/utils` | Errors, circuit breaker, state machine, query parser |
 | `@classytic/arc/testing` | Test utilities, mocks, in-memory DB |
@@ -750,101 +751,29 @@ Arc sets `"sideEffects": false` in [package.json](package.json), so modern bundl
 | `@classytic/arc/docs` | OpenAPI generation |
 | `@classytic/arc/cli` | CLI commands (programmatic) |
 
-## v2.9.1 Highlights
+## Type imports
 
-`auditPlugin`, `idempotencyPlugin`, and `EventOutbox` take a
-`repository: RepositoryLike` option — pass any `Repository` (mongokit /
-prismakit / your own kit). Arc calls `create` / `getOne` / `findAll` /
-`deleteMany` / `findOneAndUpdate` on it directly:
+Arc owns framework types (`IController`, `IRequestContext`, `ResourceConfig`, `RepositoryLike`, `PaginationResult`). The repository contract lives in `@classytic/repo-core` — import those types directly:
 
 ```typescript
-import { Repository } from '@classytic/mongokit';
-import { auditPlugin } from '@classytic/arc/audit';
-import { idempotencyPlugin } from '@classytic/arc/idempotency';
-import { EventOutbox } from '@classytic/arc/events';
-
-await fastify.register(auditPlugin, { repository: new Repository(AuditModel) });
-await fastify.register(idempotencyPlugin, {
-  repository: new Repository(IdempotencyModel, [
-    methodRegistryPlugin(), batchOperationsPlugin(), mongoOperationsPlugin(),
-  ]),
-});
-new EventOutbox({ repository: new Repository(OutboxModel), transport });
-```
-
-Memory + Redis stores unchanged via `store` / `customStores`. Requires
-`@classytic/mongokit ≥3.8.0`.
-
-## v2.9 Highlights
-
-**Security defaults (breaking):**
-- **Field-write perms reject by default** — requests with non-writable fields return 403 with denied-field list. Opt into legacy silent-strip via `defineResource({ onFieldWriteDenied: 'strip' })`.
-- **multiTenant preset injects org on UPDATE** — body-supplied `organizationId` is overwritten with caller's scope (prior: CREATE only; a member could hop their own doc to another tenant).
-- **Elevation always emits `arc.scope.elevated`** — privilege elevation can no longer be silently un-audited. Subscribe via `fastify.events.subscribe('arc.scope.elevated', …)`. `onElevation` callback still supported.
-- **`verifySignature` throws on parsed body** — prevents the common `req.body` vs `req.rawBody` footgun that looks like a wrong secret.
-- **Upload `sanitizeFilename` policy** — rejects path separators, NUL, `.`/`..`, >255 chars by default. Flexible: pass `false` / `'*'` / custom function to override.
-- **Idempotency `namespace`** — optional key folded into fingerprint for shared-store deployments (prod + canary on one Redis).
+// Arc framework types
+import type { IRequestContext, RepositoryLike, PaginationResult } from '@classytic/arc';
 
-**Event contract v2 (additive):**
-- `EventMeta` gets `schemaVersion`, `causationId`, `partitionKey`, `source`, `idempotencyKey`, `aggregate: { type, id }`
-- `createChildEvent(parent, type, payload)` — auto-chains causation + inherits correlation / userId / organizationId / source / idempotencyKey (aggregate stays explicit)
-- `DeadLetteredEvent<T>` type + optional `transport.deadLetter()` for first-class DLQ
-- `withRetry({ transport })` auto-routes exhausted events to `transport.deadLetter()` — no custom `$deadLetter` plumbing
-- Downstream packages narrow `aggregate.type` to a closed DDD union via interface extension
-
-**Outbox v2 (additive):**
-- `EventOutbox.store()` auto-maps `event.meta.idempotencyKey` → `OutboxWriteOptions.dedupeKey` (caller's explicit `dedupeKey` still wins)
-- `new EventOutbox({ failurePolicy: ({ attempts, error }) => ({ retryAt?, deadLetter? }) })` — centralises retry + DLQ escalation, no more hand-rolled `exponentialBackoff` at every failure site
-- `outbox.getDeadLettered(limit)` returns typed `DeadLetteredEvent[]` — same shape `withRetry` produces, closes the loop between retry DLQ and outbox DLQ state
-- `RelayResult.deadLettered` — per-batch DLQ transition count for dashboards
-- Durable outbox via any `RepositoryLike` — `new EventOutbox({ repository, transport })` (2.9.1); multi-worker claim, TTL purge, dedupe, and session-threaded writes come from the repository's backing kit
-
-**Removed (no replacement kept):**
-- `createActionRouter`, `buildActionBodySchema` — use `defineResource({ actions })`
-- `ResourceConfig.onRegister` — use `actions` or resource `hooks`
-- `PluginResourceResult.additionalRoutes` → `routes: RouteDefinition[]`
-- `PolicyContext` / `PolicyResult` `any` fields → `unknown` (tighten downstream narrowing)
-
-## v2.8.4 Highlights
-
-- **MCP ↔ AI SDK bridge** — expose AI SDK `tool()` definitions over MCP without duplicating code. `bridgeToMcp(bridge)` adapts any AI SDK tool into an MCP tool with automatic auth, guard delegation, and `{ error } → isError` envelope translation. `buildMcpToolsFromBridges(bridges, { include, exclude })` registers a whole catalog at once with per-environment filtering.
-
-```typescript
-import { bridgeToMcp, buildMcpToolsFromBridges, type McpBridge } from '@classytic/arc/mcp';
-
-export const triggerJobBridge: McpBridge = {
-  name: 'trigger_job',
-  description: 'Start a job.',
-  inputSchema: { phase: z.enum(['investigate', 'fix']) },
-  annotations: { destructiveHint: true },
-  buildTool: (ctx) => buildTriggerJobTool(getUserId(ctx) ?? ''),
-};
-
-await app.register(mcpPlugin, {
-  resources,
-  extraTools: buildMcpToolsFromBridges([triggerJobBridge]),
-});
+// Repository contract (repo-core is the single source of truth)
+import type { StandardRepo, WriteOptions, QueryOptions } from '@classytic/repo-core/repository';
+import type { OffsetPaginationResult } from '@classytic/repo-core/pagination';
 ```
 
-## v2.8.1 Highlights
+> Arc 2.10 dropped the legacy `CrudRepository`, `PaginatedResult`, and pass-through `WriteOptions`/`QueryOptions` re-exports. See [CHANGELOG.md](CHANGELOG.md#210) for the migration table.
 
-- **Per-action discriminated validation** — `actions` schemas now enforce required fields via a `oneOf` body schema; missing inputs are rejected at the HTTP layer by AJV (no more silent bypass)
-- **Actions in OpenAPI** — `POST /:id/action` endpoint auto-generated from `ResourceDefinition.actions`, with per-action descriptions and the same discriminated body schema as the runtime router
-- **Route/action metadata preserved** — `mcp: false`, `description`, `annotations` no longer dropped during `routes → additionalRoutes` normalization
-- **Canonical source retained** — `ResourceDefinition.routes` and `ResourceDefinition.actions` now kept as declared, so OpenAPI/MCP/registry can read the original shape
-- **Outbox hardening** — expanded `OutboxStore` contract (`claimPending`, `fail`, write options, dedupe, visibleAt), ownership-mismatch throws, onError reporting, safe multi-worker relay
-- **`slugLookup` fallback** — works with MongoKit's default Repository (no custom `getBySlug` needed)
+## v2.10 Highlights
 
-## v2.8.0 Highlights
+- **Clean-break on repo-core types** — `CrudRepository` / `PaginatedResult` / pass-through repo options removed from arc's public surface. Import `StandardRepo`, `OffsetPaginationResult`, etc. directly from `@classytic/repo-core`. See [CHANGELOG.md](CHANGELOG.md) for the rewrite table.
+- **Outbox bugfix** — `repositoryAsOutboxStore.fail()` now passes `updatePipeline: true` to `findOneAndUpdate`, so retry / DLQ transitions work on mongokit ≥3.10.
+- **Plugin requirements documented** — audit / outbox / idempotency require mongokit's `methodRegistryPlugin` + `batchOperationsPlugin` for `deleteMany`; README snippets + production-ops docs now show the correct chain.
+- **Removed** — `@classytic/arc/policies` (use `permissions/`), `@classytic/arc/rpc`, `@classytic/arc/dynamic` (use `factory/loadResources`).
 
-- **MCP Integration** — expose resources as AI agent tools (stateless by default, service scope, multi-tenancy)
-- **Reply Helpers** — `reply.ok()`, `reply.fail()`, `reply.paginated()`, `reply.stream()` (opt-in)
-- **Error Mappers** — class-based `instanceof` domain error → HTTP response mapping
-- **Multipart Body** — `multipartBody()` middleware for file upload in CRUD routes
-- **Service Scope** — `kind: "service"` RequestScope for machine-to-machine auth (MCP + WebSocket)
-- **BigInt Serialization** — `serializeBigInt: true` auto-converts BigInt → Number
-- **Event WAL** — skips internal `arc.*` events to prevent startup timeout with durable stores
-- **Security** — `auth: false` produces null `ctx.user` (prevents anonymous bypass of `!!ctx.user` guards)
+See [CHANGELOG.md](CHANGELOG.md) for the full v2.9 / v2.8 / v2.7 history.
 
 ## License
 

package/dist/{BaseController-Vu2yc56T.mjs → BaseController-CbKKIflT.mjs}

@@ -1,20 +1,12 @@
-import { h as SYSTEM_FIELDS, o as DEFAULT_TENANT_FIELD } from "./constants-Cxde4rpC.mjs";
+import { h as SYSTEM_FIELDS, o as DEFAULT_TENANT_FIELD } from "./constants-BhY1OHoH.mjs";
 import { _ as isElevated, n as PUBLIC_SCOPE, o as getOrgId, v as isMember } from "./types-AOD8fxIw.mjs";
 import { t as buildQueryKey } from "./keys-qcD-TVJl.mjs";
-import { getUserId } from "./types/index.mjs";
-import { i as resolveEffectiveRoles, n as applyFieldWritePermissions } from "./fields-CU6FlaDV.mjs";
-import { t as getUserRoles } from "./types-ZUu_h0jp.mjs";
-import { r as ForbiddenError } from "./errors-CqWnSqM-.mjs";
-import { t as ArcQueryParser } from "./queryParser-Cs-6SHQK.mjs";
+import { n as getUserId } from "./types-Csi3FLfq.mjs";
+import { i as resolveEffectiveRoles, n as applyFieldWritePermissions } from "./fields-bxkeltzz.mjs";
+import { t as getUserRoles } from "./types-DV9WDfeg.mjs";
+import { r as ForbiddenError } from "./errors-D5c-5BJL.mjs";
+import { t as ArcQueryParser } from "./queryParser-DBqBB6AC.mjs";
 //#region src/core/AccessControl.ts
-/**
-* AccessControl - Composable access control logic extracted from BaseController.
-*
-* Handles ID filtering, policy filter checking, org/tenant scope validation,
-* ownership verification, and fetch-with-access-control patterns.
-*
-* Designed to be used standalone or composed into controllers.
-*/
 var AccessControl = class AccessControl {
 	tenantField;
 	idField;
@@ -664,20 +656,10 @@ var BaseController = class {
 	async executeListQuery(options, req) {
 		const hooks = this.getHooks(req);
 		const repoGetAll = async () => this.repository.getAll(options);
-		const result = hooks && this.resourceName ? await hooks.executeAround(this.resourceName, "list", options, repoGetAll, {
+		return hooks && this.resourceName ? await hooks.executeAround(this.resourceName, "list", options, repoGetAll, {
 			user: req.user,
 			context: this.meta(req)
 		}) : await repoGetAll();
-		if (Array.isArray(result)) return {
-			docs: result,
-			page: 1,
-			limit: result.length,
-			total: result.length,
-			pages: 1,
-			hasNext: false,
-			hasPrev: false
-		};
-		return result;
 	}
 	async get(req) {
 		const id = req.params.id;
@@ -981,27 +963,9 @@ var BaseController = class {
 			status: 501
 		};
 		const parsed = this.queryResolver.resolve(req, this.meta(req));
-		const result = await repo.getDeleted(parsed, parsed);
-		if (Array.isArray(result)) {
-			const docs = result;
-			return {
-				success: true,
-				data: {
-					method: "offset",
-					docs,
-					page: 1,
-					limit: docs.length,
-					total: docs.length,
-					pages: 1,
-					hasNext: false,
-					hasPrev: false
-				},
-				status: 200
-			};
-		}
 		return {
 			success: true,
-			data: result,
+			data: await repo.getDeleted(parsed, parsed),
 			status: 200
 		};
 	}

package/dist/{ResourceRegistry-Dq3_zBQP.mjs → ResourceRegistry-BPd6NQDm.mjs}

@@ -1,4 +1,4 @@
-import { t as CRUD_OPERATIONS } from "./constants-Cxde4rpC.mjs";
+import { t as CRUD_OPERATIONS } from "./constants-BhY1OHoH.mjs";
 //#region src/registry/ResourceRegistry.ts
 /**
 * Resource Registry

package/dist/adapters/index.d.mts

@@ -1,3 +1,3 @@
-import { a as RelationMetadata, c as ValidationResult, i as FieldMetadata, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, t as AdapterFactory } from "../interface-YrWsmKqE.mjs";
-import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter } from "../index-CtGKT0lf.mjs";
-export { AdapterFactory, DataAdapter, FieldMetadata, MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, PrismaQueryOptions, PrismaQueryParser, PrismaQueryParserOptions, RelationMetadata, RepositoryLike, SchemaMetadata, ValidationResult, createMongooseAdapter, createPrismaAdapter };
+import { At as SchemaMetadata, Dt as FieldMetadata, Et as DataAdapter, Ot as RelationMetadata, jt as ValidationResult, kt as RepositoryLike, wt as AdapterFactory } from "../index-Cl0uoKd5.mjs";
+import { a as PrismaQueryParserOptions, c as MongooseAdapterOptions, d as DrizzleAdapterOptions, f as createDrizzleAdapter, i as PrismaQueryParser, l as createMongooseAdapter, n as PrismaAdapterOptions, o as createPrismaAdapter, r as PrismaQueryOptions, s as MongooseAdapter, t as PrismaAdapter, u as DrizzleAdapter } from "../index-DStwgFUK.mjs";
+export { AdapterFactory, DataAdapter, DrizzleAdapter, DrizzleAdapterOptions, FieldMetadata, MongooseAdapter, MongooseAdapterOptions, PrismaAdapter, PrismaAdapterOptions, PrismaQueryOptions, PrismaQueryParser, PrismaQueryParserOptions, RelationMetadata, RepositoryLike, SchemaMetadata, ValidationResult, createDrizzleAdapter, createMongooseAdapter, createPrismaAdapter };

package/dist/adapters/index.mjs

@@ -1,2 +1,2 @@
-import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, r as createPrismaAdapter, t as PrismaAdapter } from "../adapters-BBqAVvPK.mjs";
-export { MongooseAdapter, PrismaAdapter, PrismaQueryParser, createMongooseAdapter, createPrismaAdapter };
+import { a as createMongooseAdapter, i as MongooseAdapter, n as PrismaQueryParser, o as DrizzleAdapter, r as createPrismaAdapter, s as createDrizzleAdapter, t as PrismaAdapter } from "../adapters-BXY4i-hw.mjs";
+export { DrizzleAdapter, MongooseAdapter, PrismaAdapter, PrismaQueryParser, createDrizzleAdapter, createMongooseAdapter, createPrismaAdapter };

package/dist/{adapters-BBqAVvPK.mjs → adapters-BXY4i-hw.mjs}

@@ -1,4 +1,44 @@
-import { h as SYSTEM_FIELDS, m as RESERVED_QUERY_PARAMS } from "./constants-Cxde4rpC.mjs";
+import { h as SYSTEM_FIELDS, m as RESERVED_QUERY_PARAMS } from "./constants-BhY1OHoH.mjs";
+//#region src/adapters/field-rule-helpers.ts
+/**
+* Merge constraint-style `fieldRules` into an `OpenApiSchemas` bag in place.
+*
+* Operates on the three schema slots that carry property maps — `createBody`,
+* `updateBody`, `response`. `listQuery` and `params` are skipped (their
+* constraint vocabulary is owned by the kit's query parser).
+*
+* Existing constraints on a property always win — the merge only fills in
+* gaps. Adapters that already walk `fieldRules` during base-schema assembly
+* can call this helper for free (the checks are no-ops when constraints
+* already exist).
+*/
+function mergeFieldRuleConstraints(schemas, schemaOptions) {
+	if (!schemas || typeof schemas !== "object") return;
+	const rules = schemaOptions?.fieldRules;
+	if (!rules || Object.keys(rules).length === 0) return;
+	for (const slot of [
+		"createBody",
+		"updateBody",
+		"response"
+	]) {
+		const slotSchema = schemas[slot];
+		if (!slotSchema || typeof slotSchema !== "object") continue;
+		const properties = slotSchema.properties;
+		if (!properties) continue;
+		for (const [field, rule] of Object.entries(rules)) {
+			const prop = properties[field];
+			if (!prop || typeof prop !== "object") continue;
+			if (rule.minLength != null && prop.minLength == null) prop.minLength = rule.minLength;
+			if (rule.maxLength != null && prop.maxLength == null) prop.maxLength = rule.maxLength;
+			if (rule.min != null && prop.minimum == null) prop.minimum = rule.min;
+			if (rule.max != null && prop.maximum == null) prop.maximum = rule.max;
+			if (rule.pattern != null && prop.pattern == null) prop.pattern = rule.pattern;
+			if (rule.enum != null && prop.enum == null) prop.enum = rule.enum;
+			if (rule.description != null && prop.description == null) prop.description = rule.description;
+		}
+	}
+}
+//#endregion
 //#region src/adapters/types.ts
 /**
 * Check if value is a Mongoose model
@@ -13,6 +53,168 @@ function isRepository(value) {
 	return typeof value === "object" && value !== null && "getAll" in value && "getById" in value && "create" in value && "update" in value && "delete" in value;
 }
 //#endregion
+//#region src/adapters/drizzle.ts
+const DRIZZLE_COLUMNS_SYMBOL = Symbol.for("drizzle:Columns");
+function getColumns(table) {
+	const cols = table[DRIZZLE_COLUMNS_SYMBOL];
+	if (!cols || typeof cols !== "object") return {};
+	return cols;
+}
+function columnToJsonSchema(column) {
+	const { dataType, columnType, enumValues, length } = column;
+	if (dataType === "date") return {
+		type: "string",
+		format: "date-time"
+	};
+	if (dataType === "boolean") return { type: "boolean" };
+	if (dataType === "json") return {
+		type: "object",
+		additionalProperties: true
+	};
+	if (dataType === "buffer") return {
+		type: "string",
+		contentEncoding: "base64"
+	};
+	if (dataType === "number" || dataType === "bigint") return { type: columnType === "SQLiteInteger" ? "integer" : "number" };
+	if (dataType === "string") {
+		const result = { type: "string" };
+		if (Array.isArray(enumValues) && enumValues.length > 0) result.enum = [...enumValues];
+		if (typeof length === "number" && length > 0) result.maxLength = length;
+		return result;
+	}
+	return {};
+}
+function columnToFieldMetadata(column) {
+	const { dataType, enumValues } = column;
+	const meta = {
+		type: (dataType && {
+			number: "number",
+			bigint: "number",
+			string: "string",
+			date: "date",
+			boolean: "boolean",
+			json: "object",
+			buffer: "object"
+		}[dataType]) ?? (enumValues?.length ? "enum" : "object"),
+		required: !!column.notNull && !column.hasDefault
+	};
+	if (enumValues?.length) meta.enum = [...enumValues];
+	if (typeof column.length === "number") meta.maxLength = column.length;
+	return meta;
+}
+var DrizzleAdapter = class {
+	type = "drizzle";
+	name;
+	table;
+	repository;
+	schemaGenerator;
+	constructor(options) {
+		if (!options.table || typeof options.table !== "object") throw new TypeError("DrizzleAdapter: Invalid table. Expected a Drizzle table created with sqliteTable / pgTable / mysqlTable.");
+		if (!isRepository(options.repository)) throw new TypeError("DrizzleAdapter: Invalid repository. Expected an object implementing MinimalRepo (getAll / getById / create / update / delete).");
+		this.table = options.table;
+		this.repository = options.repository;
+		this.schemaGenerator = options.schemaGenerator;
+		this.name = options.name ?? "DrizzleAdapter";
+	}
+	/**
+	* Introspect Drizzle columns into arc's schema metadata shape.
+	*/
+	getSchemaMetadata() {
+		const columns = getColumns(this.table);
+		const fields = {};
+		const indexes = [];
+		for (const [name, column] of Object.entries(columns)) {
+			fields[name] = columnToFieldMetadata(column);
+			if (column.primary) indexes.push({
+				fields: [name],
+				unique: true
+			});
+		}
+		return {
+			name: this.name,
+			fields,
+			...indexes.length > 0 ? { indexes } : {}
+		};
+	}
+	/**
+	* Generate OpenAPI schemas. Delegates to the user-provided
+	* `schemaGenerator` when available (strongly recommended — that's where
+	* field rules, omit lists, and param-type narrowing live). The built-in
+	* fallback emits a permissive entity + CRUD body shape so routes still
+	* register when no generator is provided.
+	*
+	* After the kit generator runs, arc merges constraint-style field rules
+	* (`minLength`, `maxLength`, `min`, `max`, `pattern`, `enum`, `description`)
+	* into the resulting property schemas so sqlitekit / pgkit behave
+	* identically to mongoose here — rule-driven AJV constraints apply
+	* regardless of backend.
+	*/
+	generateSchemas(schemaOptions, context) {
+		try {
+			if (this.schemaGenerator) {
+				const generated = this.schemaGenerator(this.table, schemaOptions, context);
+				mergeFieldRuleConstraints(generated, schemaOptions);
+				return generated;
+			}
+			const columns = getColumns(this.table);
+			if (Object.keys(columns).length === 0) return null;
+			const entityProperties = {};
+			const inputProperties = {};
+			const inputRequired = [];
+			const updateProperties = {};
+			const fieldRules = schemaOptions?.fieldRules ?? {};
+			const readonlySet = new Set(schemaOptions?.readonlyFields ?? []);
+			const optionalSet = new Set(schemaOptions?.optionalFields ?? []);
+			const blocked = new Set([
+				...Object.entries(fieldRules).filter(([, rules]) => rules.systemManaged || rules.hidden).map(([field]) => field),
+				...schemaOptions?.excludeFields ?? [],
+				...schemaOptions?.hiddenFields ?? []
+			]);
+			for (const [fieldName, column] of Object.entries(columns)) {
+				const schema = columnToJsonSchema(column);
+				entityProperties[fieldName] = schema;
+				if (blocked.has(fieldName)) continue;
+				if (column.primary && column.columnType === "SQLiteInteger") continue;
+				if (!readonlySet.has(fieldName)) {
+					inputProperties[fieldName] = schema;
+					if (!!column.notNull && !column.hasDefault && !optionalSet.has(fieldName)) inputRequired.push(fieldName);
+					updateProperties[fieldName] = schema;
+				}
+			}
+			return {
+				createBody: {
+					type: "object",
+					properties: inputProperties,
+					required: inputRequired.length > 0 ? inputRequired : void 0,
+					additionalProperties: true
+				},
+				updateBody: {
+					type: "object",
+					properties: updateProperties,
+					additionalProperties: true
+				},
+				response: {
+					type: "object",
+					properties: entityProperties,
+					additionalProperties: true
+				}
+			};
+		} catch {
+			return null;
+		}
+	}
+	async healthCheck() {
+		return typeof this.repository.getAll === "function";
+	}
+};
+/**
+* Factory — preferred construction style for symmetry with
+* `createMongooseAdapter` / `createPrismaAdapter`.
+*/
+function createDrizzleAdapter(options) {
+	return new DrizzleAdapter(options);
+}
+//#endregion
 //#region src/adapters/mongoose.ts
 /**
 * Mongoose data adapter with proper type safety
@@ -27,7 +229,7 @@ var MongooseAdapter = class {
 	schemaGenerator;
 	constructor(options) {
 		if (!isMongooseModel(options.model)) throw new TypeError("MongooseAdapter: Invalid model. Expected Mongoose Model instance.\nUsage: createMongooseAdapter({ model: YourModel, repository: yourRepo })");
-		if (!isRepository(options.repository)) throw new TypeError("MongooseAdapter: Invalid repository. Expected CrudRepository instance.\nUsage: createMongooseAdapter({ model: YourModel, repository: yourRepo })");
+		if (!isRepository(options.repository)) throw new TypeError("MongooseAdapter: Invalid repository. Expected StandardRepo instance.\nUsage: createMongooseAdapter({ model: YourModel, repository: yourRepo })");
 		this.model = options.model;
 		this.repository = options.repository;
 		this.schemaGenerator = options.schemaGenerator;
@@ -73,7 +275,11 @@ var MongooseAdapter = class {
 	*/
 	generateSchemas(schemaOptions, context) {
 		try {
-			if (this.schemaGenerator) return this.schemaGenerator(this.model, schemaOptions, context);
+			if (this.schemaGenerator) {
+				const generated = this.schemaGenerator(this.model, schemaOptions, context);
+				mergeFieldRuleConstraints(generated, schemaOptions);
+				return generated;
+			}
 			const paths = this.model.schema.paths;
 			const properties = {};
 			const required = [];
@@ -242,43 +448,6 @@ function createMongooseAdapter(modelOrOptions, repository) {
 //#endregion
 //#region src/adapters/prisma.ts
 /**
-* Prisma Adapter - PostgreSQL/MySQL/SQLite Implementation
-*
-* @experimental This adapter is implemented but has no integration tests yet.
-* Use in production at your own risk. The Mongoose adapter is the recommended
-* and battle-tested path.
-*
-* Bridges Prisma Client with Arc's DataAdapter interface.
-* Supports Prisma 5+ with all database providers.
-*
-* Implemented features:
-* - Schema generation (OpenAPI docs from DMMF)
-* - Health checks (database connectivity)
-* - Query parsing (URL params → Prisma where/orderBy)
-* - Policy filter translation
-* - Soft delete preset support
-*
-* Known gaps:
-* - No integration test coverage
-* - Multi-tenant isolation relies on caller-provided policyFilters (no auto-enforcement)
-*
-* @example
-* ```typescript
-* import { PrismaClient, Prisma } from '@prisma/client';
-* import { createPrismaAdapter, PrismaQueryParser } from '@classytic/arc/adapters';
-*
-* const prisma = new PrismaClient();
-*
-* const userAdapter = createPrismaAdapter({
-*   client: prisma,
-*   modelName: 'user',
-*   repository: new UserRepository(prisma),
-*   dmmf: Prisma.dmmf, // For schema generation
-*   queryParser: new PrismaQueryParser(), // Optional: custom parser
-* });
-* ```
-*/
-/**
 * Prisma Query Parser - Converts URL parameters to Prisma query format
 *
 * Translates Arc's query format to Prisma's where/orderBy/take/skip structure.
@@ -723,4 +892,4 @@ function createPrismaAdapter(options) {
 	return new PrismaAdapter(options);
 }
 //#endregion
-export { createMongooseAdapter as a, MongooseAdapter as i, PrismaQueryParser as n, createPrismaAdapter as r, PrismaAdapter as t };
+export { createMongooseAdapter as a, MongooseAdapter as i, PrismaQueryParser as n, DrizzleAdapter as o, createPrismaAdapter as r, createDrizzleAdapter as s, PrismaAdapter as t };

package/dist/audit/index.d.mts

@@ -1,5 +1,5 @@
-import { o as RepositoryLike } from "../interface-YrWsmKqE.mjs";
-import { i as UserBase } from "../types-DZi1aYhm.mjs";
+import { d as UserBase } from "../fields-Lo1VUDpt.mjs";
+import { kt as RepositoryLike } from "../index-Cl0uoKd5.mjs";
 import { FastifyPluginAsync } from "fastify";
 
 //#region src/audit/stores/interface.d.ts
@@ -59,6 +59,15 @@ interface AuditStore {
   log(entry: AuditEntry): Promise<void>;
   /** Query audit logs (optional - not all stores support querying) */
   query?(options: AuditQueryOptions): Promise<AuditEntry[]>;
+  /**
+   * Purge entries older than `cutoff`, return count deleted. Optional —
+   * stores that don't support deletion (append-only emitters like Kafka,
+   * S3 archivers) simply omit this method and are skipped by
+   * `fastify.audit.purge(...)`. Mongo-backed repositories can also rely
+   * on a server-side TTL index instead of calling this; the method is
+   * the DB-agnostic escape hatch.
+   */
+  purgeOlderThan?(cutoff: Date): Promise<number>;
   /** Close/cleanup (optional) */
   close?(): Promise<void>;
 }
@@ -104,6 +113,22 @@ interface AuditPluginOptions {
    * to every store.
    */
   customStores?: AuditStore[];
+  /**
+   * Retention policy — optional. Entries older than `maxAgeMs` are purged
+   * on a timer (`purgeIntervalMs`, default 24h). Stores that implement
+   * `purgeOlderThan` participate; append-only stores are skipped.
+   *
+   * Apps on MongoDB can instead declare a TTL index on the audit
+   * collection's `timestamp` field — server-side TTL is cheaper than a
+   * periodic delete. Both approaches coexist: `fastify.audit.purge(...)`
+   * is always available for manual / cron-driven purges.
+   *
+   * Set `purgeIntervalMs: 0` to skip the timer (manual purge only).
+   */
+  retention?: {
+    /** Max entry age in ms. Entries with `timestamp < now - maxAgeMs` are purged. */maxAgeMs: number; /** Interval between purges in ms. Default 86_400_000 (24h). 0 disables the timer. */
+    purgeIntervalMs?: number;
+  };
   /**
    * Automatically audit CRUD operations via the hook system (default: true when enabled).
    * When enabled, create/update/delete operations are auto-logged without manual calls.
@@ -167,10 +192,19 @@ interface AuditLogger {
   custom: (resource: string, documentId: string, action: string, data?: Record<string, unknown>, context?: AuditContext) => Promise<void>;
   /** Query audit logs (if stores support it) */
   query: (options: AuditQueryOptions) => Promise<AuditEntry[]>;
+  /**
+   * Purge audit entries older than `cutoff` across every registered store.
+   * Returns the total number of entries deleted. Stores that don't support
+   * deletion (append-only emitters) are skipped silently.
+   */
+  purge: (cutoff: Date) => Promise<number>;
 }
 declare const auditPlugin: FastifyPluginAsync<AuditPluginOptions>;
 declare const _default: FastifyPluginAsync<AuditPluginOptions>;
 //#endregion
+//#region src/audit/repository-audit-adapter.d.ts
+declare function repositoryAsAuditStore(repository: RepositoryLike): AuditStore;
+//#endregion
 //#region src/audit/stores/memory.d.ts
 interface MemoryAuditStoreOptions {
   /** Maximum entries to keep (default: 1000) */
@@ -183,6 +217,7 @@ declare class MemoryAuditStore implements AuditStore {
   constructor(options?: MemoryAuditStoreOptions);
   log(entry: AuditEntry): Promise<void>;
   query(options?: AuditQueryOptions): Promise<AuditEntry[]>;
+  purgeOlderThan(cutoff: Date): Promise<number>;
   close(): Promise<void>;
   /** Get all entries (for testing) */
   getAll(): AuditEntry[];
@@ -190,4 +225,4 @@ declare class MemoryAuditStore implements AuditStore {
   clear(): void;
 }
 //#endregion
-export { type AuditAction, type AuditContext, type AuditEntry, type AuditLogger, type AuditPluginOptions, type AuditQueryOptions, type AuditStore, type AuditStoreOptions, MemoryAuditStore, type MemoryAuditStoreOptions, _default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry };
+export { type AuditAction, type AuditContext, type AuditEntry, type AuditLogger, type AuditPluginOptions, type AuditQueryOptions, type AuditStore, type AuditStoreOptions, MemoryAuditStore, type MemoryAuditStoreOptions, _default as auditPlugin, auditPlugin as auditPluginFn, createAuditEntry, repositoryAsAuditStore };