@veloxts/router 0.7.4 → 0.7.6

package/dist/resource/schema.js

@@ -5,20 +5,12 @@
  * field-level visibility controls. The builder tracks field types
  * at compile time to enable type-safe projections.
  *
+ * Supports both the default 3-level system (public/authenticated/admin)
+ * and custom access levels defined via `defineAccessLevels()`.
+ *
  * @module resource/schema
  */
-/**
- * Type guard to check if a schema is a TaggedResourceSchema (has _level)
- */
-export function isTaggedResourceSchema(value) {
-    if (typeof value !== 'object' || value === null) {
-        return false;
-    }
-    const obj = value;
-    return (Array.isArray(obj.fields) &&
-        typeof obj._level === 'string' &&
-        (obj._level === 'public' || obj._level === 'authenticated' || obj._level === 'admin'));
-}
+import { defaultLevelToSet } from './levels.js';
 // ============================================================================
 // Schema Builder
 // ============================================================================
@@ -53,66 +45,43 @@ export class ResourceSchemaBuilder {
     }
     /**
      * Adds a public field (visible to everyone)
-     *
-     * @param name - Field name
-     * @param schema - Zod schema for the field
-     * @returns New builder with the field added
      */
     public(name, schema) {
         return new ResourceSchemaBuilder([
             ...this._fields,
-            { name, schema, visibility: 'public' },
+            {
+                name,
+                schema,
+                visibility: 'public',
+                visibleTo: new Set(['public', 'authenticated', 'admin']),
+            },
         ]);
     }
     /**
      * Adds an authenticated field (visible to authenticated users and admins)
-     *
-     * @param name - Field name
-     * @param schema - Zod schema for the field
-     * @returns New builder with the field added
      */
     authenticated(name, schema) {
         return new ResourceSchemaBuilder([
             ...this._fields,
-            { name, schema, visibility: 'authenticated' },
+            {
+                name,
+                schema,
+                visibility: 'authenticated',
+                visibleTo: new Set(['authenticated', 'admin']),
+            },
         ]);
     }
     /**
      * Adds an admin field (visible only to admins)
-     *
-     * @param name - Field name
-     * @param schema - Zod schema for the field
-     * @returns New builder with the field added
      */
     admin(name, schema) {
         return new ResourceSchemaBuilder([
             ...this._fields,
-            { name, schema, visibility: 'admin' },
+            { name, schema, visibility: 'admin', visibleTo: new Set(['admin']) },
         ]);
     }
     /**
      * Adds a has-one relation (nullable nested object)
-     *
-     * The relation's visibility controls WHETHER it appears in the output.
-     * The parent's projection level controls WHAT fields of the nested schema are shown.
-     *
-     * **Note:** The nested schema's generic field types are tracked at compile time
-     * for output type computation, but the runtime field stores an untyped
-     * `ResourceSchema` reference. Always pass the direct result of `.build()`
-     * to ensure the compile-time and runtime schemas stay in sync.
-     *
-     * @param name - Relation field name
-     * @param nestedSchema - The nested resource schema (result of `.build()`)
-     * @param visibility - Visibility level for this relation
-     * @returns New builder with the relation added
-     *
-     * @example
-     * ```typescript
-     * const UserSchema = resourceSchema()
-     *   .public('id', z.string())
-     *   .hasOne('organization', OrgSchema, 'public')
-     *   .build();
-     * ```
      */
     hasOne(name, nestedSchema, visibility) {
         return new ResourceSchemaBuilder([
@@ -120,6 +89,7 @@ export class ResourceSchemaBuilder {
             {
                 name,
                 visibility,
+                visibleTo: defaultLevelToSet(visibility),
                 nestedSchema: nestedSchema,
                 cardinality: 'one',
             },
@@ -127,27 +97,6 @@ export class ResourceSchemaBuilder {
     }
     /**
      * Adds a has-many relation (array of nested objects)
-     *
-     * The relation's visibility controls WHETHER it appears in the output.
-     * The parent's projection level controls WHAT fields of the nested schema are shown.
-     *
-     * **Note:** The nested schema's generic field types are tracked at compile time
-     * for output type computation, but the runtime field stores an untyped
-     * `ResourceSchema` reference. Always pass the direct result of `.build()`
-     * to ensure the compile-time and runtime schemas stay in sync.
-     *
-     * @param name - Relation field name
-     * @param nestedSchema - The nested resource schema (result of `.build()`)
-     * @param visibility - Visibility level for this relation
-     * @returns New builder with the relation added
-     *
-     * @example
-     * ```typescript
-     * const UserSchema = resourceSchema()
-     *   .public('id', z.string())
-     *   .hasMany('posts', PostSchema, 'authenticated')
-     *   .build();
-     * ```
      */
     hasMany(name, nestedSchema, visibility) {
         return new ResourceSchemaBuilder([
@@ -155,6 +104,7 @@ export class ResourceSchemaBuilder {
             {
                 name,
                 visibility,
+                visibleTo: defaultLevelToSet(visibility),
                 nestedSchema: nestedSchema,
                 cardinality: 'many',
             },
@@ -162,39 +112,15 @@ export class ResourceSchemaBuilder {
     }
     /**
      * Adds a field with explicit visibility level
-     *
-     * @param name - Field name
-     * @param schema - Zod schema for the field
-     * @param visibility - Visibility level
-     * @returns New builder with the field added
      */
     field(name, schema, visibility) {
         return new ResourceSchemaBuilder([
             ...this._fields,
-            { name, schema, visibility },
+            { name, schema, visibility, visibleTo: defaultLevelToSet(visibility) },
         ]);
     }
     /**
      * Builds the final resource schema with tagged views
-     *
-     * Returns a schema with `.public`, `.authenticated`, and `.admin`
-     * properties for declarative projection in procedures.
-     *
-     * @returns Completed resource schema with tagged views
-     *
-     * @example
-     * ```typescript
-     * const UserSchema = resourceSchema()
-     *   .public('id', z.string())
-     *   .authenticated('email', z.string())
-     *   .build();
-     *
-     * // Use tagged views in procedures
-     * procedure().resource(UserSchema.authenticated).query(handler);
-     *
-     * // Or in handlers
-     * resource(data, UserSchema.authenticated);
-     * ```
      */
     build() {
         const fields = [...this._fields];
@@ -206,44 +132,126 @@ export class ResourceSchemaBuilder {
         });
     }
 }
-// ============================================================================
-// Factory Function
-// ============================================================================
 /**
- * Creates a new resource schema builder
- *
- * This is the primary entry point for defining resource schemas with
- * field-level visibility controls.
- *
- * @returns New empty schema builder
- *
- * @example
- * ```typescript
- * import { z } from 'zod';
- * import { resourceSchema } from '@veloxts/router';
+ * Resolves a visibility reference (group name, level name, or array) to a Set.
+ * Group names are resolved via config, level names become single-element sets,
+ * and arrays are used directly.
  *
- * const UserSchema = resourceSchema()
- *   .public('id', z.string().uuid())
- *   .public('name', z.string())
- *   .public('avatarUrl', z.string().url().nullable())
- *   .authenticated('email', z.string().email())
- *   .authenticated('createdAt', z.date())
- *   .admin('internalNotes', z.string().nullable())
- *   .admin('lastLoginIp', z.string().nullable())
- *   .build();
+ * @internal
+ */
+function resolveVisibilityRef(visibility, config, groupNames, levelSet) {
+    if (typeof visibility !== 'string') {
+        return new Set(visibility);
+    }
+    if (groupNames.has(visibility)) {
+        return config.resolve(visibility);
+    }
+    if (levelSet.has(visibility)) {
+        return new Set([visibility]);
+    }
+    throw new Error(`Unknown group or level: "${visibility}"`);
+}
+/**
+ * Creates a Proxy-based custom schema builder
  *
- * // Type inference:
- * // AnonymousOutput<typeof UserSchema> = { id: string; name: string; avatarUrl: string | null }
- * // AuthenticatedOutput<typeof UserSchema> = { id: string; name: string; avatarUrl: string | null; email: string; createdAt: Date }
- * // AdminOutput<typeof UserSchema> = { id: string; name: string; avatarUrl: string | null; email: string; createdAt: Date; internalNotes: string | null; lastLoginIp: string | null }
- * ```
+ * @internal
  */
-export function resourceSchema() {
-    return ResourceSchemaBuilder.create();
+function createCustomSchemaBuilder(config, fields) {
+    const levelSet = config.allLevels();
+    const groupNames = new Set(Object.keys(config.groups));
+    const base = {
+        visibleTo(name, schema, levels) {
+            const set = new Set(levels);
+            return createCustomSchemaBuilder(config, [
+                ...fields,
+                { name, schema, visibleTo: set, visibility: levels[0] ?? '' },
+            ]);
+        },
+        hasOne(name, nestedSchema, visibility) {
+            const set = resolveVisibilityRef(visibility, config, groupNames, levelSet);
+            return createCustomSchemaBuilder(config, [
+                ...fields,
+                {
+                    name,
+                    nestedSchema,
+                    visibleTo: set,
+                    visibility: [...set][0] ?? '',
+                    cardinality: 'one',
+                },
+            ]);
+        },
+        hasMany(name, nestedSchema, visibility) {
+            const set = resolveVisibilityRef(visibility, config, groupNames, levelSet);
+            return createCustomSchemaBuilder(config, [
+                ...fields,
+                {
+                    name,
+                    nestedSchema,
+                    visibleTo: set,
+                    visibility: [...set][0] ?? '',
+                    cardinality: 'many',
+                },
+            ]);
+        },
+        build() {
+            const frozenFields = [...fields];
+            const baseSchema = { fields: frozenFields };
+            const result = Object.assign(baseSchema, { _levelConfig: config });
+            for (const level of config.levels) {
+                result[level] = Object.assign({ fields: frozenFields }, { _level: level });
+            }
+            return result;
+        },
+    };
+    return new Proxy(base, {
+        get(target, prop, receiver) {
+            if (typeof prop === 'string') {
+                // Check if it's a group name
+                if (groupNames.has(prop)) {
+                    return (name, schema) => {
+                        const set = config.resolve(prop);
+                        return createCustomSchemaBuilder(config, [
+                            ...fields,
+                            { name, schema, visibleTo: set, visibility: [...set][0] ?? '' },
+                        ]);
+                    };
+                }
+                // Check if it's a level name (not a group)
+                if (levelSet.has(prop)) {
+                    return (name, schema) => {
+                        const set = new Set([prop]);
+                        return createCustomSchemaBuilder(config, [
+                            ...fields,
+                            { name, schema, visibleTo: set, visibility: prop },
+                        ]);
+                    };
+                }
+            }
+            return Reflect.get(target, prop, receiver);
+        },
+    });
+}
+export function resourceSchema(config) {
+    if (!config) {
+        return ResourceSchemaBuilder.create();
+    }
+    return createCustomSchemaBuilder(config, []);
 }
 // ============================================================================
 // Type Guards
 // ============================================================================
+/**
+ * Type guard to check if a schema is a TaggedResourceSchema (has _level)
+ *
+ * Accepts any string _level to support custom access levels.
+ */
+export function isTaggedResourceSchema(value) {
+    if (typeof value !== 'object' || value === null) {
+        return false;
+    }
+    const obj = value;
+    return Array.isArray(obj.fields) && typeof obj._level === 'string';
+}
 /**
  * Type guard to check if a value is a ResourceSchema
  */

package/dist/resource/tags.d.ts

@@ -5,7 +5,7 @@
  * through the type system without any runtime overhead.
  *
  * Additionally provides runtime `__accessLevel` property for auto-projection
- * when using the chained `.resource()` method on procedures.
+ * when using the chained `.expose()` method on procedures.
  *
  * @module resource/tags
  */
@@ -14,8 +14,12 @@
  *
  * These values are set by narrowing guards at runtime and used for
  * automatic resource projection in the procedure builder.
+ *
+ * Widened to `string` to support custom access levels defined via
+ * `defineAccessLevels()`. The default 3-level system still uses
+ * `'public' | 'authenticated' | 'admin'` at the call site.
  */
-export type AccessLevel = 'public' | 'authenticated' | 'admin';
+export type AccessLevel = string;
 /**
  * Maps an AccessLevel string to its corresponding phantom ContextTag
  *
@@ -26,15 +30,31 @@ export type AccessLevel = 'public' | 'authenticated' | 'admin';
  * ```typescript
  * type Tag = LevelToTag<'authenticated'>; // typeof AUTHENTICATED
  * type Tag = LevelToTag<'admin'>;         // typeof ADMIN
- * type Tag = LevelToTag<'public'>;        // typeof ANONYMOUS
+ * type Tag = LevelToTag<'public'>;        // typeof PUBLIC
+ * ```
+ */
+export type LevelToTag<TLevel extends string> = TLevel extends 'admin' ? typeof ADMIN : TLevel extends 'authenticated' ? typeof AUTHENTICATED : typeof PUBLIC;
+/**
+ * Maps a phantom ContextTag to its corresponding level string
+ *
+ * Inverse of `LevelToTag`. Used by `FilterFieldsByLevel` to bridge
+ * the tag-based system to the set-based visibility model.
+ *
+ * @example
+ * ```typescript
+ * type L1 = TagToLevel<typeof ADMIN>;         // 'admin'
+ * type L2 = TagToLevel<typeof AUTHENTICATED>; // 'authenticated'
+ * type L3 = TagToLevel<typeof PUBLIC>;        // 'public'
  * ```
  */
-export type LevelToTag<TLevel extends AccessLevel> = TLevel extends 'admin' ? typeof ADMIN : TLevel extends 'authenticated' ? typeof AUTHENTICATED : typeof ANONYMOUS;
+export type TagToLevel<TTag extends ContextTag> = TTag extends typeof ADMIN ? 'admin' : TTag extends typeof AUTHENTICATED ? 'authenticated' : 'public';
 /**
- * Phantom symbol for anonymous (unauthenticated) context
+ * Phantom symbol for public (unauthenticated) context
  * @internal Compile-time only - never used at runtime
  */
-export declare const ANONYMOUS: unique symbol;
+export declare const PUBLIC: unique symbol;
+/** @deprecated Use PUBLIC */
+export declare const ANONYMOUS: typeof PUBLIC;
 /**
  * Phantom symbol for authenticated user context
  * @internal Compile-time only - never used at runtime
@@ -50,7 +70,7 @@ export declare const ADMIN: unique symbol;
  *
  * Used to constrain generic type parameters that represent access levels.
  */
-export type ContextTag = typeof ANONYMOUS | typeof AUTHENTICATED | typeof ADMIN;
+export type ContextTag = typeof PUBLIC | typeof AUTHENTICATED | typeof ADMIN;
 /**
  * Interface for contexts tagged with an access level
  *
@@ -59,10 +79,10 @@ export type ContextTag = typeof ANONYMOUS | typeof AUTHENTICATED | typeof ADMIN;
  * without any memory overhead.
  *
  * The `__accessLevel` field is a runtime field set by narrowing guards.
- * It enables automatic resource projection when using `.resource()` in
+ * It enables automatic resource projection when using `.expose()` in
  * the procedure builder chain.
  *
- * @template TTag - The context tag type (defaults to ANONYMOUS)
+ * @template TTag - The context tag type (defaults to PUBLIC)
  *
  * @example
  * ```typescript
@@ -77,7 +97,7 @@ export type ContextTag = typeof ANONYMOUS | typeof AUTHENTICATED | typeof ADMIN;
  * }
  * ```
  */
-export interface TaggedContext<TTag extends ContextTag = typeof ANONYMOUS> {
+export interface TaggedContext<TTag extends ContextTag = typeof PUBLIC> {
     /**
      * Phantom field for carrying the context tag
      * @internal Never exists at runtime - purely for type inference
@@ -87,27 +107,27 @@ export interface TaggedContext<TTag extends ContextTag = typeof ANONYMOUS> {
      * Runtime access level set by narrowing guards
      *
      * This field IS present at runtime (unlike __tag) and is used for
-     * automatic resource projection when using `.resource()` in procedures.
+     * automatic resource projection when using `.expose()` in procedures.
      *
      * Set automatically by:
      * - `authenticatedNarrow` → 'authenticated'
      * - `adminNarrow` → 'admin'
      * - No guard → 'public' (default)
      */
-    __accessLevel?: AccessLevel;
+    __accessLevel?: string;
 }
 /**
  * Extracts the tag from a tagged context type
  *
- * Returns ANONYMOUS if the context is not tagged or has no tag.
+ * Returns PUBLIC if the context is not tagged or has no tag.
  *
  * @example
  * ```typescript
  * type Tag1 = ExtractTag<TaggedContext<typeof ADMIN>>; // typeof ADMIN
- * type Tag2 = ExtractTag<{ user: User }>; // typeof ANONYMOUS
+ * type Tag2 = ExtractTag<{ user: User }>; // typeof PUBLIC
  * ```
  */
-export type ExtractTag<TContext> = TContext extends TaggedContext<infer TTag> ? TTag : typeof ANONYMOUS;
+export type ExtractTag<TContext> = TContext extends TaggedContext<infer TTag> ? TTag : typeof PUBLIC;
 /**
  * Checks if a context has a specific tag
  *

package/dist/resource/tags.js

@@ -5,7 +5,7 @@
  * through the type system without any runtime overhead.
  *
  * Additionally provides runtime `__accessLevel` property for auto-projection
- * when using the chained `.resource()` method on procedures.
+ * when using the chained `.expose()` method on procedures.
  *
  * @module resource/tags
  */

package/dist/resource/types.d.ts

@@ -6,8 +6,8 @@
  *
  * @module resource/types
  */
-import type { AdminOutput, AnonymousOutput, AuthenticatedOutput, OutputForTag, ResourceSchema } from './schema.js';
-import type { ADMIN, ANONYMOUS, AUTHENTICATED, ContextTag, ExtractTag, TaggedContext } from './tags.js';
+import type { AdminOutput, AuthenticatedOutput, OutputForTag, PublicOutput, ResourceSchema } from './schema.js';
+import type { ADMIN, AUTHENTICATED, ContextTag, ExtractTag, PUBLIC, TaggedContext } from './tags.js';
 /**
  * Infers the full data shape from a resource schema
  *
@@ -35,12 +35,14 @@ export type InferResourceData<TSchema extends ResourceSchema> = AdminOutput<TSch
  */
 export type InferResourceOutput<TSchema extends ResourceSchema, TContext extends TaggedContext<ContextTag>> = OutputForTag<TSchema, ExtractTag<TContext>>;
 /**
- * Type that represents any anonymous-level tagged context
+ * Type that represents any public-level (unauthenticated) tagged context
  *
  * This is a minimal tagged context type. For auth-specific contexts with
  * user and auth properties, use the types from @veloxts/auth.
  */
-export type AnonymousTaggedContext = TaggedContext<typeof ANONYMOUS>;
+export type PublicTaggedContext = TaggedContext<typeof PUBLIC>;
+/** @deprecated Use PublicTaggedContext */
+export type AnonymousTaggedContext = PublicTaggedContext;
 /**
  * Type that represents any authenticated-level tagged context
  *
@@ -69,7 +71,7 @@ export type AdminTaggedContext = TaggedContext<typeof ADMIN>;
  * }
  * ```
  */
-export type AnyResourceOutput<TSchema extends ResourceSchema> = AnonymousOutput<TSchema> | AuthenticatedOutput<TSchema> | AdminOutput<TSchema>;
+export type AnyResourceOutput<TSchema extends ResourceSchema> = PublicOutput<TSchema> | AuthenticatedOutput<TSchema> | AdminOutput<TSchema>;
 /**
  * Returns the output type if the context has at least authenticated access
  *
@@ -80,7 +82,7 @@ export type AnyResourceOutput<TSchema extends ResourceSchema> = AnonymousOutput<
  * // If MyContext is anonymous: never
  * ```
  */
-export type IfAuthenticated<TContext extends TaggedContext<ContextTag>, TSchema extends ResourceSchema> = ExtractTag<TContext> extends typeof ANONYMOUS ? never : OutputForTag<TSchema, ExtractTag<TContext>>;
+export type IfAuthenticated<TContext extends TaggedContext<ContextTag>, TSchema extends ResourceSchema> = ExtractTag<TContext> extends typeof PUBLIC ? never : OutputForTag<TSchema, ExtractTag<TContext>>;
 /**
  * Returns the output type if the context has admin access
  *
@@ -92,5 +94,5 @@ export type IfAuthenticated<TContext extends TaggedContext<ContextTag>, TSchema
  * ```
  */
 export type IfAdmin<TContext extends TaggedContext<ContextTag>, TSchema extends ResourceSchema> = ExtractTag<TContext> extends typeof ADMIN ? AdminOutput<TSchema> : never;
-export type { AdminOutput, AnonymousOutput, AuthenticatedOutput, OutputForTag, ResourceSchema, } from './schema.js';
-export type { ADMIN, ANONYMOUS, AUTHENTICATED, ContextTag, ExtractTag, HasTag, TaggedContext, WithTag, } from './tags.js';
+export type { AdminOutput, AnonymousOutput, AuthenticatedOutput, OutputForTag, PublicOutput, ResourceSchema, } from './schema.js';
+export type { ADMIN, ANONYMOUS, AUTHENTICATED, ContextTag, ExtractTag, HasTag, PUBLIC, TaggedContext, WithTag, } from './tags.js';

package/dist/resource/visibility.d.ts

@@ -22,12 +22,12 @@ export type VisibilityLevel = 'public' | 'authenticated' | 'admin';
  * Implements the visibility hierarchy:
  * - ADMIN sees: public, authenticated, admin
  * - AUTHENTICATED sees: public, authenticated
- * - ANONYMOUS sees: public only
+ * - PUBLIC sees: public only
  *
  * @example
  * ```typescript
- * type T1 = IsVisibleToTag<'public', typeof ANONYMOUS>; // true
- * type T2 = IsVisibleToTag<'authenticated', typeof ANONYMOUS>; // false
+ * type T1 = IsVisibleToTag<'public', typeof PUBLIC>; // true
+ * type T2 = IsVisibleToTag<'authenticated', typeof PUBLIC>; // false
  * type T3 = IsVisibleToTag<'admin', typeof AUTHENTICATED>; // false
  * type T4 = IsVisibleToTag<'admin', typeof ADMIN>; // true
  * ```
@@ -70,3 +70,16 @@ export declare function getVisibilityForTag(tagId: 'anonymous' | 'authenticated'
  * ```
  */
 export declare function getAccessibleLevels(level: VisibilityLevel): VisibilityLevel[];
+/**
+ * Runtime check: Is a field visible to a given level using set membership?
+ *
+ * All fields created by `ResourceSchemaBuilder` and `createCustomSchemaBuilder`
+ * include a `visibleTo` set, so this always uses set membership.
+ *
+ * @param field - The runtime field to check (must have `visibleTo` set)
+ * @param level - The access level to check visibility for
+ * @returns True if the field should be included in the output
+ */
+export declare function isFieldVisibleToLevel(field: {
+    visibleTo: ReadonlySet<string>;
+}, level: string): boolean;

package/dist/resource/visibility.js

@@ -79,3 +79,19 @@ export function getAccessibleLevels(level) {
     }
     return levels;
 }
+// ============================================================================
+// Set-Based Visibility (Custom Levels)
+// ============================================================================
+/**
+ * Runtime check: Is a field visible to a given level using set membership?
+ *
+ * All fields created by `ResourceSchemaBuilder` and `createCustomSchemaBuilder`
+ * include a `visibleTo` set, so this always uses set membership.
+ *
+ * @param field - The runtime field to check (must have `visibleTo` set)
+ * @param level - The access level to check visibility for
+ * @returns True if the field should be included in the output
+ */
+export function isFieldVisibleToLevel(field, level) {
+    return field.visibleTo.has(level);
+}

package/dist/types.d.ts

@@ -8,6 +8,7 @@
  */
 import type { BaseContext } from '@veloxts/core';
 import type { HttpMethod } from '@veloxts/validation';
+import type { ResourceSchema } from './resource/schema.js';
 /**
  * Procedure operation types
  *
@@ -186,6 +187,21 @@ export interface MiddlewareArgs<TInput, TContext extends BaseContext = BaseConte
  * @template TOutput - The output type
  */
 export type MiddlewareFunction<TInput, TContext extends BaseContext = BaseContext, TNewContext extends BaseContext = TContext, TOutput = unknown> = (args: MiddlewareArgs<TInput, TContext, TNewContext, TOutput>) => Promise<MiddlewareResult<TOutput>>;
+/**
+ * Simple middleware type for most use cases.
+ *
+ * Use this when defining standalone middleware functions. All generics
+ * default to sensible values so you only need to specify what you customize.
+ *
+ * @example
+ * ```typescript
+ * const logging: Middleware = async ({ ctx, next }) => {
+ *   console.log(`${ctx.request.method} ${ctx.request.url}`);
+ *   return next();
+ * };
+ * ```
+ */
+export type Middleware<TContext extends BaseContext = BaseContext> = MiddlewareFunction<unknown, TContext, TContext>;
 /**
  * REST route override configuration
  *
@@ -282,6 +298,13 @@ export interface CompiledProcedure<TInput = unknown, TOutput = unknown, TContext
     readonly deprecated?: boolean;
     /** Deprecation message explaining why and what to use instead */
     readonly deprecationMessage?: string;
+    /**
+     * Whether this procedure is a webhook endpoint.
+     * Set by `.webhook()` builder method. Currently a metadata marker;
+     * will be consumed by REST adapter and OpenAPI generator in a future release.
+     * @internal
+     */
+    readonly isWebhook?: boolean;
     /**
      * Parent resource configuration for nested routes (single level)
      *
@@ -326,14 +349,14 @@ export interface CompiledProcedure<TInput = unknown, TOutput = unknown, TContext
     /**
      * Resource schema for auto-projection
      *
-     * When set via `.resource()`, the procedure executor will automatically
+     * When set via `.expose()`, the procedure executor will automatically
      * project the handler's return value based on `ctx.__accessLevel`.
      *
      * This enables the elegant chained API:
      * ```typescript
      * procedure()
      *   .guardNarrow(authenticatedNarrow)
-     *   .resource(UserSchema)
+     *   .expose(UserSchema)
      *   .query(async ({ ctx }) => {
      *     return ctx.db.user.findUnique(...);
      *     // Auto-projected based on __accessLevel
@@ -342,16 +365,16 @@ export interface CompiledProcedure<TInput = unknown, TOutput = unknown, TContext
      *
      * @internal
      */
-    readonly _resourceSchema?: any;
+    readonly _resourceSchema?: ResourceSchema;
     /**
      * Explicit resource projection level from tagged schema
      *
-     * Set when using `.resource(UserSchema.authenticated)` etc.
+     * Set when using `.expose(UserSchema.authenticated)` etc.
      * Takes precedence over guard-derived access level.
      *
      * @internal
      */
-    readonly _resourceLevel?: 'public' | 'authenticated' | 'admin';
+    readonly _resourceLevel?: string;
 }
 /**
  * Record of named procedures