@classytic/arc 2.9.1 → 2.10.8

package/dist/errorHandler-DixGcttC.d.mts

@@ -1,218 +0,0 @@
-import { n as DomainEvent } from "./EventTransport-CqZ8FyM_.mjs";
-import { FastifyInstance, FastifyPluginAsync, FastifyRequest } from "fastify";
-
-//#region src/plugins/caching.d.ts
-interface CachingRule {
-  /** Path prefix to match (e.g., '/api/products') */
-  match: string;
-  /** Cache-Control max-age in seconds */
-  maxAge: number;
-  /** Cache-Control: private vs public (default: public) */
-  private?: boolean;
-  /** stale-while-revalidate directive in seconds */
-  staleWhileRevalidate?: number;
-}
-interface CachingOptions {
-  /** Default max-age in seconds for Cache-Control (default: 0 = no-cache) */
-  maxAge?: number;
-  /** Enable ETag generation (default: true) */
-  etag?: boolean;
-  /** Enable conditional requests — 304 Not Modified (default: true) */
-  conditional?: boolean;
-  /** HTTP methods to cache (default: ['GET', 'HEAD']) */
-  methods?: string[];
-  /** Paths to exclude from caching (prefix match) */
-  exclude?: string[];
-  /** Custom cache rules per path prefix */
-  rules?: CachingRule[];
-}
-declare const cachingPlugin: FastifyPluginAsync<CachingOptions>;
-declare const _default$3: FastifyPluginAsync<CachingOptions>;
-//#endregion
-//#region src/plugins/sse.d.ts
-interface SSEOptions {
-  /** SSE endpoint path (default: '/events/stream') */
-  path?: string;
-  /** Require authentication (default: true) */
-  requireAuth?: boolean;
-  /** Event patterns to stream (default: ['*'] = all) */
-  patterns?: string[];
-  /** Heartbeat interval in ms (default: 30000) */
-  heartbeat?: number;
-  /** Filter events by organizationId from request.scope (default: false) */
-  orgScoped?: boolean;
-  /** Custom event filter function */
-  filter?: (event: DomainEvent<unknown>, request: FastifyRequest) => boolean;
-}
-declare const ssePlugin: FastifyPluginAsync<SSEOptions>;
-declare const _default$2: FastifyPluginAsync<SSEOptions>;
-//#endregion
-//#region src/plugins/metrics.d.ts
-interface MetricsOptions {
-  /** Endpoint path (default: '/_metrics') */
-  path?: string;
-  /** Prefix for all metric names (default: 'arc') */
-  prefix?: string;
-  /** Called after metrics are collected (for OTLP push, etc.) */
-  onCollect?: (metrics: MetricEntry[]) => void;
-}
-interface MetricEntry {
-  name: string;
-  type: "counter" | "histogram" | "gauge";
-  help: string;
-  values: Array<{
-    labels: Record<string, string>;
-    value: number;
-  }>;
-}
-interface MetricsCollector {
-  /** Get all metrics as structured data */
-  collect(): MetricEntry[];
-  /** Reset all metrics */
-  reset(): void;
-  /** Record a CRUD operation */
-  recordOperation(resource: string, operation: string, status: number, durationMs: number): void;
-  /** Record a cache hit */
-  recordCacheHit(resource: string): void;
-  /** Record a cache miss */
-  recordCacheMiss(resource: string): void;
-  /** Record an event publish */
-  recordEventPublish(eventType: string): void;
-  /** Record an event consume */
-  recordEventConsume(eventType: string): void;
-  /** Record a circuit breaker state change */
-  recordCircuitBreakerState(service: string, state: string): void;
-}
-declare module "fastify" {
-  interface FastifyInstance {
-    metrics: MetricsCollector;
-  }
-}
-declare const metricsPlugin: FastifyPluginAsync<MetricsOptions>;
-declare const _default$1: FastifyPluginAsync<MetricsOptions>;
-//#endregion
-//#region src/plugins/versioning.d.ts
-interface VersioningOptions {
-  /** Versioning strategy */
-  type: "header" | "prefix";
-  /** Default version when none specified (default: '1') */
-  defaultVersion?: string;
-  /** Header name to read (default: 'accept-version') */
-  headerName?: string;
-  /** Response header name (default: 'x-api-version') */
-  responseHeader?: string;
-  /** Deprecated versions — adds Deprecation + Sunset headers */
-  deprecated?: string[];
-  /** Sunset date for deprecated versions (ISO 8601) */
-  sunset?: string;
-}
-declare module "fastify" {
-  interface FastifyRequest {
-    apiVersion: string;
-  }
-}
-declare const versioningPlugin: FastifyPluginAsync<VersioningOptions>;
-declare const _default: FastifyPluginAsync<VersioningOptions>;
-//#endregion
-//#region src/plugins/errorHandler.d.ts
-/** Class-based error mapper — maps thrown error instances to HTTP responses */
-interface ErrorMapper<T extends Error = Error> {
-  /** Error class to match (uses instanceof) */
-  type: new (...args: unknown[]) => T;
-  /** Convert the error to an HTTP response shape */
-  toResponse: (error: T) => {
-    status: number;
-    code?: string;
-    message?: string;
-    details?: Record<string, unknown>;
-  };
-}
-interface ErrorHandlerOptions {
-  /**
-   * Include stack trace in error responses (default: false in production)
-   */
-  includeStack?: boolean;
-  /**
-   * Custom error callback for logging to external services
-   */
-  onError?: (error: Error, request: FastifyRequest) => void | Promise<void>;
-  /**
-   * Map specific error types to custom responses (by error.name string)
-   */
-  errorMap?: Record<string, {
-    statusCode: number;
-    code: string;
-    message?: string;
-  }>;
-  /**
-   * Class-based error mappers — checked via `instanceof`, highest priority.
-   *
-   * Register your domain error classes once; Arc auto-catches and maps them
-   * in every handler. Handlers just `throw` — no try/catch needed.
-   *
-   * @example
-   * ```typescript
-   * class AccountingError extends Error {
-   *   constructor(message: string, public status: number, public code: string) {
-   *     super(message);
-   *   }
-   * }
-   *
-   * const app = await createApp({
-   *   errorHandler: {
-   *     errorMappers: [
-   *       {
-   *         type: AccountingError,
-   *         toResponse: (err) => ({ status: err.status, code: err.code, message: err.message }),
-   *       },
-   *     ],
-   *   },
-   * });
-   *
-   * // Now handlers just throw:
-   * handler: async (req) => {
-   *   await ledger.post(id); // throws AccountingError → Arc maps to proper HTTP response
-   * }
-   * ```
-   */
-  errorMappers?: ErrorMapper[];
-  /**
-   * Classify an error as a duplicate-key / unique-constraint violation →
-   * mapped to `409 Conflict` with `code: "DUPLICATE_KEY"`.
-   *
-   * Mirrors `RepositoryLike.isDuplicateKeyError` for the Fastify layer: errors
-   * that escape a controller (custom routes, user hooks, raw driver calls)
-   * still land here, so the classifier is duplicated at the edge. Defaults
-   * cover MongoDB (`code 11000` / `codeName "DuplicateKey"`), Prisma
-   * (`code "P2002"`), and Postgres (`code "23505"`). Override to add other
-   * backends (DynamoDB `ConditionalCheckFailedException`, etc.) or to disable
-   * the built-in detection.
-   */
-  isDuplicateKeyError?: (err: unknown) => boolean;
-}
-/**
- * Default duplicate-key detector covering the mainstream drivers arc sees
- * most. Detection is strictly by known driver codes — never by message
- * string matching — because false positives on dup-key silently mask real
- * errors (WriteConflict, NotWritablePrimary, etc.) as 409s. For long-tail
- * drivers (Neo4j, MSSQL, DynamoDB, custom kits), compose rather than
- * replace:
- *
- * ```ts
- * import { defaultIsDuplicateKeyError } from '@classytic/arc/plugins';
- *
- * errorHandler: {
- *   isDuplicateKeyError: (err) =>
- *     defaultIsDuplicateKeyError(err) || isNeo4jDupKey(err),
- * }
- * ```
- *
- * Drizzle apps get coverage transitively (Drizzle doesn't wrap driver
- * errors — pg/mysql2/better-sqlite3 codes propagate as-is). Neon is
- * Postgres-wire-compatible → `23505` covers `@neondatabase/serverless`.
- */
-declare function defaultIsDuplicateKeyError(err: unknown): boolean;
-declare function errorHandlerPluginFn(fastify: FastifyInstance, options?: ErrorHandlerOptions): Promise<void>;
-declare const errorHandlerPlugin: typeof errorHandlerPluginFn;
-//#endregion
-export { CachingRule as _, VersioningOptions as a, MetricEntry as c, _default$1 as d, metricsPlugin as f, CachingOptions as g, ssePlugin as h, errorHandlerPlugin as i, MetricsCollector as l, _default$2 as m, ErrorMapper as n, _default as o, SSEOptions as p, defaultIsDuplicateKeyError as r, versioningPlugin as s, ErrorHandlerOptions as t, MetricsOptions as u, _default$3 as v, cachingPlugin as y };

package/dist/fields-BC7zcmI9.d.mts

@@ -1,121 +0,0 @@
-//#region src/permissions/fields.d.ts
-/**
- * Field-Level Permissions
- *
- * Control field visibility and writability per role.
- * Integrated into the response path (read) and sanitization path (write).
- *
- * @example
- * ```typescript
- * import { fields, defineResource } from '@classytic/arc';
- *
- * const userResource = defineResource({
- *   name: 'user',
- *   adapter: userAdapter,
- *   fields: {
- *     salary: fields.visibleTo(['admin', 'hr']),
- *     internalNotes: fields.writableBy(['admin']),
- *     email: fields.redactFor(['viewer']),
- *     password: fields.hidden(),
- *   },
- * });
- * ```
- */
-type FieldPermissionType = "hidden" | "visibleTo" | "writableBy" | "redactFor";
-interface FieldPermission {
-  readonly _type: FieldPermissionType;
-  readonly roles?: readonly string[];
-  readonly redactValue?: unknown;
-}
-type FieldPermissionMap = Record<string, FieldPermission>;
-declare const fields: {
-  /**
-   * Field is never included in responses. Not writable via API.
-   *
-   * @example
-   * ```typescript
-   * fields: { password: fields.hidden() }
-   * ```
-   */
-  hidden(): FieldPermission;
-  /**
-   * Field is only visible to users with specified roles.
-   * Other users don't see the field at all.
-   *
-   * @example
-   * ```typescript
-   * fields: { salary: fields.visibleTo(['admin', 'hr']) }
-   * ```
-   */
-  visibleTo(roles: readonly string[]): FieldPermission;
-  /**
-   * Field is only writable by users with specified roles.
-   * All users can still read the field. Users without the role
-   * have the field silently stripped from write operations.
-   *
-   * @example
-   * ```typescript
-   * fields: { role: fields.writableBy(['admin']) }
-   * ```
-   */
-  writableBy(roles: readonly string[]): FieldPermission;
-  /**
-   * Field is redacted (replaced with a placeholder) for specified roles.
-   * Other users see the real value.
-   *
-   * @param roles - Roles that see the redacted value
-   * @param redactValue - Replacement value (default: '***')
-   *
-   * @example
-   * ```typescript
-   * fields: {
-   *   email: fields.redactFor(['viewer']),
-   *   ssn: fields.redactFor(['basic'], '***-**-****'),
-   * }
-   * ```
-   */
-  redactFor(roles: readonly string[], redactValue?: unknown): FieldPermission;
-};
-/**
- * Apply field-level READ permissions to a response object.
- * Strips hidden fields, enforces visibility, and applies redaction.
- *
- * @param data - The response object (mutated in place for performance)
- * @param fieldPermissions - Field permission map from resource config
- * @param userRoles - Current user's roles (empty array for unauthenticated)
- * @returns The filtered object
- */
-declare function applyFieldReadPermissions<T extends Record<string, unknown>>(data: T, fieldPermissions: FieldPermissionMap, userRoles: readonly string[]): T;
-/**
- * Result of applying write permissions — includes both the filtered body
- * and the list of fields that were stripped so callers can decide whether
- * to reject the request (secure default) or silently strip (legacy).
- */
-interface FieldWritePermissionResult<T extends Record<string, unknown>> {
-  readonly body: T;
-  readonly deniedFields: readonly string[];
-}
-/**
- * Apply field-level WRITE permissions to request body.
- *
- * Returns both the filtered body and the list of denied fields. Callers are
- * expected to reject the request when `deniedFields.length > 0` — silently
- * stripping fields hides misconfigurations and real attacks. See
- * `BodySanitizer` for the default policy.
- *
- * @param body - The request body (returns a new filtered copy)
- * @param fieldPermissions - Field permission map from resource config
- * @param userRoles - Current user's roles
- */
-declare function applyFieldWritePermissions<T extends Record<string, unknown>>(body: T, fieldPermissions: FieldPermissionMap, userRoles: readonly string[]): FieldWritePermissionResult<T>;
-/**
- * Resolve effective roles by merging global user roles with org-level roles.
- *
- * Global roles come from `req.user.role` (normalized via getUserRoles()).
- * Org roles come from `req.context.orgRoles` (set by BA adapter's org bridge).
- *
- * When no org context exists, returns global roles only — backward compatible.
- */
-declare function resolveEffectiveRoles(userRoles: readonly string[], orgRoles: readonly string[]): string[];
-//#endregion
-export { applyFieldWritePermissions as a, applyFieldReadPermissions as i, FieldPermissionMap as n, fields as o, FieldPermissionType as r, resolveEffectiveRoles as s, FieldPermission as t };