@veloxts/router 0.7.9 → 0.8.1

package/dist/procedure/types.d.ts

@@ -9,11 +9,11 @@
  *
  * @module procedure/types
  */
-import type { BaseContext } from '@veloxts/core';
+import type { BaseContext, DomainError } from '@veloxts/core';
 import type { ZodType } from 'zod';
-import type { FilterFieldsByLevel, OutputForTag, ResourceSchema, TaggedResourceSchema } from '../resource/index.js';
-import type { ContextTag, ExtractTag, LevelToTag, TaggedContext } from '../resource/tags.js';
-import type { CompiledProcedure, GuardLike, MiddlewareFunction, ParentResourceConfig, ProcedureHandler, RestRouteOverride } from '../types.js';
+import type { OutputForLevel, ResourceSchema, TaggedResourceSchema } from '../resource/index.js';
+import type { AfterHandler, CompiledProcedure, GuardLike, MiddlewareFunction, ParentResourceConfig, PolicyActionLike, ProcedureHandler, RestRouteOverride, TransactionalOptions } from '../types.js';
+import type { PipelineStep } from './pipeline.js';
 /**
  * Internal state type that accumulates type information through the builder chain
  *
@@ -23,14 +23,16 @@ import type { CompiledProcedure, GuardLike, MiddlewareFunction, ParentResourceCo
  * @template TInput - The validated input type (unknown if no input schema)
  * @template TOutput - The validated output type (unknown if no output schema)
  * @template TContext - The context type (starts as BaseContext, extended by middleware)
+ * @template TErrors - Union of domain error types (defaults to never)
  */
-export interface ProcedureBuilderState<TInput = unknown, TOutput = unknown, TContext extends BaseContext = BaseContext> {
+export interface ProcedureBuilderState<TInput = unknown, TOutput = unknown, TContext extends BaseContext = BaseContext, TErrors = never> {
     /** Marker for state identification */
     readonly _brand: 'ProcedureBuilderState';
     /** Phantom type holders - not used at runtime */
     readonly _input: TInput;
     readonly _output: TOutput;
     readonly _context: TContext;
+    readonly _errors: TErrors;
 }
 /**
  * Constraint for valid input/output schemas
@@ -50,6 +52,20 @@ export type ValidSchema = ZodType;
 export type InferSchemaOutput<T> = T extends {
     parse: (data: unknown) => infer O;
 } ? O : never;
+/**
+ * Valid types for `.output()` — Zod schemas, tagged resource views, or untagged resource schemas
+ */
+export type ValidOutputSchema = ValidSchema | TaggedResourceSchema | ResourceSchema;
+/**
+ * Infers the output type from a schema passed to `.output()`
+ *
+ * - Zod schema → uses structural `parse()` matching
+ * - Tagged resource view → uses `OutputForLevel` to compute projected fields
+ * - Untagged resource schema → falls back to `unknown` (Level 3 branching resolves at runtime)
+ */
+export type InferOutputSchema<T> = T extends TaggedResourceSchema ? OutputForLevel<T> : T extends {
+    parse: (data: unknown) => infer O;
+} ? O : unknown;
 /**
  * Fluent procedure builder interface
  *
@@ -60,6 +76,7 @@ export type InferSchemaOutput<T> = T extends {
  * @template TInput - Current input type
  * @template TOutput - Current output type
  * @template TContext - Current context type
+ * @template TErrors - Union of domain error types (defaults to never)
  *
  * @example
  * ```typescript
@@ -71,7 +88,7 @@ export type InferSchemaOutput<T> = T extends {
  *   })
  * ```
  */
-export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext extends BaseContext = BaseContext> {
+export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext extends BaseContext = BaseContext, TErrors = never> {
     /**
      * Defines the input validation schema for the procedure
      *
@@ -92,56 +109,33 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   // input is now typed as { id: string; name?: string }
      * ```
      */
-    input<TSchema extends ValidSchema>(schema: TSchema): ProcedureBuilder<InferSchemaOutput<TSchema>, TOutput, TContext>;
+    input<TSchema extends ValidSchema>(schema: TSchema): ProcedureBuilder<InferSchemaOutput<TSchema>, TOutput, TContext, TErrors>;
     /**
-     * Defines the output validation schema (Zod)
+     * Defines the output schema for the procedure
      *
-     * Sets a Zod schema that validates the handler's return value.
-     * All callers receive the same fields.
+     * Accepts two schema variants:
+     * 1. **Zod schema** — validates handler return value, all callers see same fields
+     * 2. **Tagged resource view** (e.g., `UserSchema.authenticated`) — auto-projects fields by access level
      *
-     * For field-level visibility (different fields per access level),
-     * use `.expose()` with a resource schema instead.
-     *
-     * @template TSchema - The Zod schema type
-     * @param schema - Zod schema for output validation
+     * @template TSchema - The Zod or tagged resource schema type
+     * @param schema - Zod schema or tagged resource view
      * @returns New builder with updated output type
      *
-     * @example
+     * @example Zod schema
      * ```typescript
      * procedure()
      *   .output(z.object({ id: z.string(), name: z.string() }))
      *   .query(handler) // handler must return { id: string; name: string }
      * ```
-     */
-    output<TSchema extends ValidSchema>(schema: TSchema): ProcedureBuilder<TInput, InferSchemaOutput<TSchema>, TContext>;
-    /**
-     * Sets field-level visibility via a resource schema
-     *
-     * Accepts two resource schema variants:
-     * 1. **Tagged resource schema** (e.g., `UserSchema.authenticated`) — explicit field projection by access level
-     * 2. **Plain resource schema** (e.g., `UserSchema`) — context-derived field projection from `guardNarrow`
      *
-     * @template TSchema - The resource schema type
-     * @param schema - Resource schema for field projection
-     * @returns New builder with updated output type
-     *
-     * @example Tagged resource schema — explicit projection level
+     * @example Tagged resource view
      * ```typescript
      * procedure()
-     *   .guard(authenticated)
-     *   .expose(UserSchema.authenticated) // returns { id, name, email }
-     *   .query(handler)
-     * ```
-     *
-     * @example Plain resource schema — derives level from guardNarrow
-     * ```typescript
-     * procedure()
-     *   .guardNarrow(authenticatedNarrow)
-     *   .expose(UserSchema) // auto-projects based on guard's accessLevel
+     *   .output(UserSchema.authenticated) // auto-projects to { id, name, email }
      *   .query(handler)
      * ```
      */
-    expose<TSchema extends ResourceSchema>(schema: TSchema): ProcedureBuilder<TInput, TSchema extends TaggedResourceSchema<infer TFields, infer TLevel> ? TLevel extends 'admin' | 'authenticated' | 'public' ? OutputForTag<ResourceSchema<TFields>, LevelToTag<TLevel>> : FilterFieldsByLevel<TFields, TLevel> : TContext extends TaggedContext<infer TTag> ? TTag extends ContextTag ? OutputForTag<TSchema, TTag> : OutputForTag<TSchema, ExtractTag<TContext>> : OutputForTag<TSchema, ExtractTag<TContext>>, TContext>;
+    output<TSchema extends ValidOutputSchema>(schema: TSchema): ProcedureBuilder<TInput, InferOutputSchema<TSchema>, TContext, TErrors>;
     /**
      * Adds middleware to the procedure chain
      *
@@ -171,7 +165,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   })
      * ```
      */
-    use<TNewContext extends BaseContext = TContext>(middleware: MiddlewareFunction<TInput, TContext, TNewContext, TOutput>): ProcedureBuilder<TInput, TOutput, TNewContext>;
+    use<TNewContext extends BaseContext = TContext>(middleware: MiddlewareFunction<TInput, TContext, TNewContext, TOutput>): ProcedureBuilder<TInput, TOutput, TNewContext, TErrors>;
     /**
      * Adds an authorization guard to the procedure
      *
@@ -204,42 +198,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   .mutation(async ({ input, ctx }) => { ... });
      * ```
      */
-    guard<TGuardContext extends Partial<TContext>>(guard: GuardLike<TGuardContext>): ProcedureBuilder<TInput, TOutput, TContext>;
-    /**
-     * Adds an authorization guard with type narrowing (EXPERIMENTAL)
-     *
-     * Unlike `.guard()`, this method narrows the context type based on
-     * what the guard guarantees. For example, `authenticatedNarrow` narrows
-     * `ctx.user` from `User | undefined` to `User`.
-     *
-     * **EXPERIMENTAL**: This API may change. Consider using middleware
-     * for context type extension as the current stable alternative.
-     *
-     * @template TNarrowedContext - The context type guaranteed by the guard
-     * @param guard - Narrowing guard definition with `_narrows` type
-     * @returns New builder with narrowed context type
-     *
-     * @example
-     * ```typescript
-     * import { authenticatedNarrow, hasRoleNarrow } from '@veloxts/auth';
-     *
-     * // ctx.user is guaranteed non-null after guard passes
-     * procedure()
-     *   .guardNarrow(authenticatedNarrow)
-     *   .query(({ ctx }) => {
-     *     return { email: ctx.user.email }; // No null check needed!
-     *   });
-     *
-     * // Chain multiple narrowing guards
-     * procedure()
-     *   .guardNarrow(authenticatedNarrow)
-     *   .guardNarrow(hasRoleNarrow('admin'))
-     *   .mutation(({ ctx }) => { ... });
-     * ```
-     */
-    guardNarrow<TNarrowedContext>(guard: GuardLike<Partial<TContext>> & {
-        readonly _narrows: TNarrowedContext;
-    }): ProcedureBuilder<TInput, TOutput, TContext & TNarrowedContext>;
+    guard<TGuardContext extends Partial<TContext>>(guard: GuardLike<TGuardContext>): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
     /**
      * Adds multiple authorization guards at once
      *
@@ -266,7 +225,62 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   .mutation(async ({ input, ctx }) => { ... });
      * ```
      */
-    guards<TGuards extends GuardLike<Partial<TContext>>[]>(...guards: TGuards): ProcedureBuilder<TInput, TOutput, TContext>;
+    guards<TGuards extends GuardLike<Partial<TContext>>[]>(...guards: TGuards): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
+    /**
+     * Adds a policy action check to the procedure
+     *
+     * Policy actions are checked during execution after guards but before
+     * the pipeline and handler. The policy looks up the resource on the
+     * context by lowercase resource name (e.g., `PostPolicy` → `ctx.post`).
+     *
+     * If the policy check fails, a ForbiddenError is thrown.
+     *
+     * **Compile-time safety:** When the resource name is a string literal
+     * (e.g., from `definePolicy('Post', ...)`), TypeScript enforces that the
+     * context contains the resource key. Forgetting `.use(loadPost)` before
+     * `.policy(PostPolicy.update)` produces a type error.
+     *
+     * @param action - Policy action reference (from definePolicy)
+     * @returns Same builder (no type changes)
+     *
+     * @example
+     * ```typescript
+     * import { PostPolicy } from './policies';
+     *
+     * procedure()
+     *   .guard(authenticated)
+     *   .use(loadPost) // adds { post: Post } to context
+     *   .policy(PostPolicy.update) // ✓ context has 'post'
+     *   .mutation(async ({ input, ctx }) => { ... });
+     * ```
+     */
+    policy<TResourceName extends string>(action: string extends TResourceName ? PolicyActionLike<unknown, unknown, TResourceName> : Uncapitalize<TResourceName> extends keyof TContext ? PolicyActionLike<unknown, unknown, TResourceName> : PolicyActionLike<unknown, unknown, TResourceName> & {
+        _contextMissing: `Add .use() middleware to provide '${Uncapitalize<TResourceName>}' in context before .policy()`;
+    }): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
+    /**
+     * Declares domain error classes that this procedure may throw
+     *
+     * Stores error class references on the compiled procedure for:
+     * - OpenAPI error response generation (per-endpoint error schemas)
+     * - Client-side error type narrowing (`InferProcedureErrors<T>`)
+     *
+     * Can be called multiple times — error classes accumulate across calls.
+     *
+     * @template TDomainErrors - Union of domain error types declared
+     * @param errorClasses - Domain error constructors this procedure may throw
+     * @returns New builder with updated TErrors union
+     *
+     * @example
+     * ```typescript
+     * procedure()
+     *   .input(z.object({ sku: z.string(), qty: z.number() }))
+     *   .throws(InsufficientStock, PaymentFailed)
+     *   .mutation(async ({ input }) => {
+     *     // handler may throw InsufficientStock or PaymentFailed
+     *   })
+     * ```
+     */
+    throws<TDomainErrors extends DomainError<Record<string, unknown>>>(...errorClasses: Array<new (data: Record<string, unknown>) => TDomainErrors>): ProcedureBuilder<TInput, TOutput, TContext, TErrors | TDomainErrors>;
     /**
      * Configures REST route override
      *
@@ -282,7 +296,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   .rest({ method: 'POST', path: '/users/:id/activate' })
      * ```
      */
-    rest(config: RestRouteOverride): ProcedureBuilder<TInput, TOutput, TContext>;
+    rest(config: RestRouteOverride): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
     /**
      * Configures the procedure as a webhook endpoint
      *
@@ -302,7 +316,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   })
      * ```
      */
-    webhook(path: string): ProcedureBuilder<TInput, TOutput, TContext>;
+    webhook(path: string): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
     /**
      * Marks the procedure as deprecated
      *
@@ -325,7 +339,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   .query(handler);
      * ```
      */
-    deprecated(message?: string): ProcedureBuilder<TInput, TOutput, TContext>;
+    deprecated(message?: string): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
     /**
      * Declares a parent resource for nested routes (single level)
      *
@@ -354,7 +368,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   .query(async ({ input }) => { ... });
      * ```
      */
-    parent(resource: string, param?: string): ProcedureBuilder<TInput, TOutput, TContext>;
+    parent(resource: string, param?: string): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
     /**
      * Declares multiple parent resources for deeply nested routes
      *
@@ -385,7 +399,94 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
     parents(config: Array<{
         resource: string;
         param?: string;
-    }>): ProcedureBuilder<TInput, TOutput, TContext>;
+    }>): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
+    /**
+     * Declares a domain event to emit after successful handler execution
+     *
+     * Events fire AFTER the handler returns its result (and AFTER transaction
+     * commit when `.transactional()` is used). Multiple `.emits()` calls
+     * accumulate — all declared events are emitted in order.
+     *
+     * Emission errors are caught and logged; they never fail the request.
+     *
+     * @template TEventData - The event's data payload type
+     * @param eventClass - Domain event class constructor
+     * @param mapper - Optional function to transform the handler result into event data.
+     *   When omitted, the handler result is used directly as event data.
+     * @returns Same builder (no type changes)
+     *
+     * @example With mapper (recommended)
+     * ```typescript
+     * procedure()
+     *   .emits(OrderCreated, (result) => ({ orderId: result.id, total: result.total }))
+     *   .mutation(handler)
+     * ```
+     *
+     * @example Without mapper (result type must match event data type)
+     * ```typescript
+     * procedure()
+     *   .emits(OrderCreated)
+     *   .mutation(handler)
+     * ```
+     */
+    emits<TEventData extends Record<string, unknown>>(eventClass: {
+        new (data: TEventData, options?: {
+            correlationId?: string;
+        }): unknown;
+        readonly name: string;
+    }, mapper?: (result: TOutput) => TEventData): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
+    /**
+     * Wraps the handler in a database transaction via `ctx.db.$transaction()`
+     *
+     * When set, `executeProcedure` replaces `ctx.db` with the transactional
+     * client inside the handler. On throw the transaction auto-rollbacks;
+     * on return it auto-commits.
+     *
+     * Gracefully degrades: if `ctx.db` or `ctx.db.$transaction` is missing,
+     * the handler runs without transaction wrapping.
+     *
+     * @param options - Optional isolation level and timeout
+     * @returns Same builder (no type changes)
+     *
+     * @example
+     * ```typescript
+     * procedure()
+     *   .input(CreateOrderSchema)
+     *   .transactional({ isolationLevel: 'Serializable', timeout: 10000 })
+     *   .mutation(async ({ input, ctx }) => {
+     *     // ctx.db is the transactional client — all queries share the same tx
+     *     const order = await ctx.db.order.create({ data: input });
+     *     await ctx.db.inventory.update({ ... });
+     *     return order; // auto-commit on success
+     *   })
+     * ```
+     */
+    transactional(options?: TransactionalOptions): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
+    /**
+     * Adds pipeline steps that execute BEFORE the handler
+     *
+     * Steps run in declaration order. Each step's output becomes the next
+     * step's input, and the final step's output is passed to the handler
+     * as its `input`. If a step fails, revert actions for previously
+     * completed steps run in reverse order (compensation pattern).
+     *
+     * Can be called multiple times — steps accumulate across calls.
+     *
+     * @param steps - Pipeline steps to execute before the handler
+     * @returns Same builder (no type changes)
+     *
+     * @example
+     * ```typescript
+     * procedure()
+     *   .input(CreateOrderSchema)
+     *   .through(validateInventory, chargePayment.onRevert(refund))
+     *   .mutation(async ({ input, ctx }) => {
+     *     // input has been transformed by pipeline steps
+     *     return ctx.db.order.create({ data: input });
+     *   })
+     * ```
+     */
+    through(...steps: PipelineStep[]): ProcedureBuilder<TInput, TOutput, TContext, TErrors>;
     /**
      * Finalizes the procedure as a query (read-only operation)
      *
@@ -393,7 +494,7 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      * The handler receives the validated input and context.
      *
      * @param handler - The query handler function
-     * @returns Compiled procedure ready for registration
+     * @returns PostHandlerBuilder with all CompiledProcedure fields plus .useAfter()
      *
      * @example
      * ```typescript
@@ -404,15 +505,18 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   })
      * ```
      */
-    query(handler: ProcedureHandler<TInput, TOutput, TContext>): CompiledProcedure<TInput, TOutput, TContext, 'query'>;
+    query(handler: ProcedureHandler<TInput, TOutput, TContext> | Record<string, ProcedureHandler<TInput, TOutput, TContext>>): PostHandlerBuilder<TInput, TOutput, TContext, 'query', TErrors>;
     /**
      * Finalizes the procedure as a mutation (write operation)
      *
      * Mutations map to POST/PUT/DELETE in REST and can modify data.
      * The handler receives the validated input and context.
      *
-     * @param handler - The mutation handler function
-     * @returns Compiled procedure ready for registration
+     * In Level 3 branching mode (when `.output()` receives an untagged resource schema),
+     * accepts a handler map keyed by `[Schema.level.key]` instead of a single handler.
+     *
+     * @param handler - The mutation handler function or handler map
+     * @returns PostHandlerBuilder with all CompiledProcedure fields plus .useAfter()
      *
      * @example
      * ```typescript
@@ -423,22 +527,52 @@ export interface ProcedureBuilder<TInput = unknown, TOutput = unknown, TContext
      *   })
      * ```
      */
-    mutation(handler: ProcedureHandler<TInput, TOutput, TContext>): CompiledProcedure<TInput, TOutput, TContext, 'mutation'>;
+    mutation(handler: ProcedureHandler<TInput, TOutput, TContext> | Record<string, ProcedureHandler<TInput, TOutput, TContext>>): PostHandlerBuilder<TInput, TOutput, TContext, 'mutation', TErrors>;
+}
+/**
+ * Returned by `.query()` and `.mutation()` — extends CompiledProcedure with `.useAfter()`
+ *
+ * PostHandlerBuilder has all CompiledProcedure fields (so it's assignable to
+ * CompiledProcedure and passes `isCompiledProcedure` checks) plus a `.useAfter()`
+ * method for registering post-handler hooks.
+ *
+ * `.useAfter()` returns another PostHandlerBuilder so hooks can be chained.
+ *
+ * @template TInput - The validated input type
+ * @template TOutput - The handler output type
+ * @template TContext - The context type
+ * @template TType - The procedure type literal ('query' or 'mutation')
+ * @template TErrors - Union of domain error types (defaults to never)
+ *
+ * @example
+ * ```typescript
+ * procedure()
+ *   .input(z.object({ id: z.string() }))
+ *   .mutation(async ({ input, ctx }) => {
+ *     return ctx.db.user.delete({ where: { id: input.id } });
+ *   })
+ *   .useAfter(({ input, result, ctx }) => {
+ *     console.log(`Deleted user ${input.id}`);
+ *   })
+ *   .useAfter(({ result }) => {
+ *     invalidateCache(result.id);
+ *   })
+ * ```
+ */
+export interface PostHandlerBuilder<TInput = unknown, TOutput = unknown, TContext extends BaseContext = BaseContext, TType extends 'query' | 'mutation' = 'query' | 'mutation', TErrors = never> extends CompiledProcedure<TInput, TOutput, TContext, TType, TErrors> {
     /**
-     * @deprecated Use `.expose()` instead. `.resource()` will be removed in v1.0.
+     * Registers a post-handler hook that runs after successful handler execution
      *
-     * Sets field-level visibility via a resource schema.
+     * Hooks run after events are emitted (if any) and auto-projection is applied.
+     * Errors in hooks are caught and logged — they never fail the request.
+     * The return value is ignored: hooks cannot modify the result.
      *
-     * @example Migration
-     * ```typescript
-     * // Before
-     * procedure().resource(UserSchema.authenticated).query(handler)
+     * Multiple `.useAfter()` calls chain in registration order.
      *
-     * // After
-     * procedure().expose(UserSchema.authenticated).query(handler)
-     * ```
+     * @param handler - Post-handler hook function
+     * @returns New PostHandlerBuilder with the hook appended
      */
-    resource<TSchema extends ResourceSchema>(schema: TSchema): ProcedureBuilder<TInput, TSchema extends TaggedResourceSchema<infer TFields, infer TLevel> ? OutputForTag<ResourceSchema<TFields>, LevelToTag<TLevel>> : TContext extends TaggedContext<infer TTag> ? TTag extends ContextTag ? OutputForTag<TSchema, TTag> : OutputForTag<TSchema, ExtractTag<TContext>> : OutputForTag<TSchema, ExtractTag<TContext>>, TContext>;
+    useAfter(handler: AfterHandler<TInput, TOutput, TContext>): PostHandlerBuilder<TInput, TOutput, TContext, TType, TErrors>;
 }
 /**
  * Internal runtime state for the procedure builder
@@ -471,6 +605,28 @@ export interface BuilderRuntimeState {
     deprecationMessage?: string;
     /** Whether this procedure is a webhook endpoint (metadata marker) */
     isWebhook?: boolean;
+    /** Whether .output() received an untagged resource schema (Level 3 branching mode) */
+    branchingMode?: boolean;
+    /** Error classes declared via .throws() */
+    errorClasses?: Array<new (data: Record<string, unknown>) => unknown>;
+    /** Whether the handler should be wrapped in a database transaction */
+    transactional?: boolean;
+    /** Options for the database transaction (isolation level, timeout) */
+    transactionalOptions?: TransactionalOptions;
+    /** Domain events to emit after successful handler execution */
+    emittedEvents?: Array<{
+        eventClass: {
+            new (data: Record<string, unknown>, options?: {
+                correlationId?: string;
+            }): unknown;
+            readonly name: string;
+        };
+        mapper?: (result: unknown) => Record<string, unknown>;
+    }>;
+    /** Pipeline steps declared via .through() */
+    pipelineSteps?: PipelineStep[];
+    /** Policy action reference for declarative authorization */
+    policyAction?: PolicyActionLike;
 }
 /**
  * Type for the procedures object passed to defineProcedures
@@ -485,7 +641,7 @@ export interface BuilderRuntimeState {
  * The actual type safety is preserved through InferProcedures<T> which captures
  * the concrete types at definition time. This `any` only allows the assignment.
  */
-export type ProcedureDefinitions = Record<string, CompiledProcedure<any, any, any, any>>;
+export type ProcedureDefinitions = Record<string, CompiledProcedure<any, any, any, any, any>>;
 /**
  * Type helper to preserve procedure types in a collection
  *

package/dist/resource/index.d.ts

@@ -39,7 +39,7 @@
  *
  *   // Authenticated endpoint → returns { id, name, email }
  *   getProfile: procedure()
- *     .guardNarrow(authenticatedNarrow)
+ *     .guard(authenticated)
  *     .input(z.object({ id: z.string() }))
  *     .query(async ({ input, ctx }) => {
  *       const user = await ctx.db.user.findUnique({ where: { id: input.id } });
@@ -48,7 +48,7 @@
  *
  *   // Admin endpoint → returns { id, name, email, internalNotes }
  *   getFullProfile: procedure()
- *     .guardNarrow(adminNarrow)
+ *     .guard(hasRole('admin'))
  *     .input(z.object({ id: z.string() }))
  *     .query(async ({ input, ctx }) => {
  *       const user = await ctx.db.user.findUnique({ where: { id: input.id } });
@@ -60,8 +60,8 @@
  * @module resource
  */
 export { Resource, ResourceCollection, resource, resourceCollection } from './instance.js';
-export type { AccessLevelConfig } from './levels.js';
-export { defineAccessLevels } from './levels.js';
+export type { AccessLevelConfig, AccessLevelGuard, AccessLevelGuards } from './levels.js';
+export { defaultAccess, defineAccessLevels } from './levels.js';
 export type { AdminOutput, AnonymousOutput, AuthenticatedOutput, BuilderField, CustomResourceSchemaWithViews, CustomSchemaBuilder, FilterFieldsByLevel, OutputForLevel, OutputForTag, PublicOutput, RelationField, ResourceField, ResourceSchema, ResourceSchemaWithViews, RuntimeField, TaggedResourceSchema, } from './schema.js';
 export { isResourceSchema, isTaggedResourceSchema, ResourceSchemaBuilder, resourceSchema, } from './schema.js';
 export type { AccessLevel, ADMIN, ANONYMOUS, AUTHENTICATED, ContextTag, ExtractTag, HasTag, LevelToTag, PUBLIC, TaggedContext, TagToLevel, WithTag, } from './tags.js';

package/dist/resource/index.js

@@ -39,7 +39,7 @@
  *
  *   // Authenticated endpoint → returns { id, name, email }
  *   getProfile: procedure()
- *     .guardNarrow(authenticatedNarrow)
+ *     .guard(authenticated)
  *     .input(z.object({ id: z.string() }))
  *     .query(async ({ input, ctx }) => {
  *       const user = await ctx.db.user.findUnique({ where: { id: input.id } });
@@ -48,7 +48,7 @@
  *
  *   // Admin endpoint → returns { id, name, email, internalNotes }
  *   getFullProfile: procedure()
- *     .guardNarrow(adminNarrow)
+ *     .guard(hasRole('admin'))
  *     .input(z.object({ id: z.string() }))
  *     .query(async ({ input, ctx }) => {
  *       const user = await ctx.db.user.findUnique({ where: { id: input.id } });
@@ -64,7 +64,7 @@
 // ============================================================================
 // Resource instances
 export { Resource, ResourceCollection, resource, resourceCollection } from './instance.js';
-export { defineAccessLevels } from './levels.js';
+export { defaultAccess, defineAccessLevels } from './levels.js';
 // Schema builder
 export { isResourceSchema, isTaggedResourceSchema, ResourceSchemaBuilder, resourceSchema, } from './schema.js';
 // Visibility

package/dist/resource/instance.d.ts

@@ -82,7 +82,7 @@ export declare class Resource<TSchema extends ResourceSchema> {
      *
      * @example
      * ```typescript
-     * // In a procedure with guardNarrow(authenticatedNarrow)
+     * // In a procedure with guard(authenticated)
      * const profile = resource(user, UserSchema).for(ctx);
      * // Type is automatically inferred based on ctx's tag
      * ```

package/dist/resource/instance.js

@@ -179,7 +179,7 @@ export class Resource {
      *
      * @example
      * ```typescript
-     * // In a procedure with guardNarrow(authenticatedNarrow)
+     * // In a procedure with guard(authenticated)
      * const profile = resource(user, UserSchema).for(ctx);
      * // Type is automatically inferred based on ctx's tag
      * ```