@broberg/media 0.1.0

package/README.md

@@ -0,0 +1,60 @@
+# @broberg/media
+
+The fleet's **provider-agnostic media-storage facade** — one `createMedia()` API
+(`upload` · `signedUrl` · `delete`) over swappable storage providers, so a later
+move between backends never touches a call-site (the `@broberg/ai-sdk` pattern,
+for object storage). Ships with **Cloudflare R2**; the config grows to S3 /
+Supabase / GCS without changing your code.
+
+```bash
+npm i @broberg/media
+```
+
+The R2 provider speaks the S3 API and signs with [`aws4fetch`](https://github.com/mhart/aws4fetch)
+(tiny, zero-dep, runs in Node · Bun · edge / Workers) — no AWS SDK.
+
+## Usage
+
+```ts
+import { createMedia } from "@broberg/media";
+
+const media = createMedia({
+  provider: "r2",
+  accountId: process.env.R2_ACCOUNT_ID!,
+  accessKeyId: process.env.R2_ACCESS_KEY_ID!,
+  secretAccessKey: process.env.R2_SECRET_ACCESS_KEY!,
+  bucket: "assets",
+  jurisdiction: "eu",          // pin EU data-residency (GDPR); must match how the bucket was created
+  keyPrefix: "tenants/acme/",  // optional multi-tenant isolation
+});
+
+await media.upload("logo.png", bytes, { contentType: "image/png" });
+const url = await media.signedUrl("logo.png", { expiresIn: 600 }); // presigned GET, no public bucket
+await media.delete("logo.png"); // idempotent — a missing key is not an error
+```
+
+## API
+
+| Method | Returns | Notes |
+|---|---|---|
+| `upload(key, body, opts?)` | `{ key }` | `body` = anything `fetch` accepts; `opts.contentType` / `opts.cacheControl` |
+| `signedUrl(key, opts?)` | `string` | time-limited presigned GET (`opts.expiresIn` seconds, default 3600) |
+| `delete(key)` | `void` | idempotent (404 tolerated) |
+
+`keyPrefix` is prepended to every key (with a single `/`); leading slashes on
+keys are stripped, so `keyPrefix:"tenants/acme"` + `"/logo.png"` →
+`tenants/acme/logo.png`.
+
+## Provisioning the bucket
+
+This package **consumes** an existing bucket + S3 creds. To create an
+EU-jurisdiction R2 bucket + scoped creds 100% programmatically (no dashboard),
+use the fleet's `dns-mcp` R2Client / MCP tools (`r2_create_bucket`,
+`r2_create_scoped_token`) — see the **Cloudflare** card on
+[discovery.broberg.ai](https://discovery.broberg.ai/api/infra/cloudflare).
+EU jurisdiction is set at creation and is immutable.
+
+---
+
+Part of the [broberg.ai shared inventory](https://discovery.broberg.ai). Search
+before you build: `GET https://discovery.broberg.ai/api/search?q=storage`.

package/dist/index.cjs

@@ -0,0 +1,58 @@
+'use strict';
+
+var aws4fetch = require('aws4fetch');
+
+// src/providers/r2.ts
+var r2Host = (accountId, jurisdiction) => jurisdiction === "eu" ? `${accountId}.eu.r2.cloudflarestorage.com` : `${accountId}.r2.cloudflarestorage.com`;
+var encodeKey = (key) => key.split("/").map(encodeURIComponent).join("/");
+function createR2Store(cfg) {
+  const base = `https://${r2Host(cfg.accountId, cfg.jurisdiction)}/${cfg.bucket}`;
+  const prefix = cfg.keyPrefix ? `${cfg.keyPrefix.replace(/\/+$/, "")}/` : "";
+  const aws = new aws4fetch.AwsClient({
+    accessKeyId: cfg.accessKeyId,
+    secretAccessKey: cfg.secretAccessKey,
+    region: "auto",
+    service: "s3",
+    retries: 2
+    // modest resilience against R2's transient 5xx/429 (aws4fetch defaults to 10)
+  });
+  const fullKey = (key) => prefix + key.replace(/^\/+/, "");
+  const objectUrl = (key) => `${base}/${encodeKey(fullKey(key))}`;
+  return {
+    async upload(key, body, opts) {
+      const headers = {};
+      if (opts?.contentType) headers["content-type"] = opts.contentType;
+      if (opts?.cacheControl) headers["cache-control"] = opts.cacheControl;
+      const res = await aws.fetch(objectUrl(key), { method: "PUT", body, headers });
+      if (!res.ok) {
+        throw new Error(`media(r2): upload failed ${res.status} ${await res.text().catch(() => "")}`.trim());
+      }
+      return { key: fullKey(key) };
+    },
+    async signedUrl(key, opts) {
+      const url = `${objectUrl(key)}?X-Amz-Expires=${opts?.expiresIn ?? 3600}`;
+      const signed = await aws.sign(url, { method: "GET", aws: { signQuery: true } });
+      return signed.url;
+    },
+    async delete(key) {
+      const res = await aws.fetch(objectUrl(key), { method: "DELETE" });
+      if (!res.ok && res.status !== 404) {
+        throw new Error(`media(r2): delete failed ${res.status}`);
+      }
+    }
+  };
+}
+
+// src/index.ts
+function createMedia(config) {
+  switch (config.provider) {
+    case "r2":
+      return createR2Store(config);
+    default:
+      throw new Error(`media: unknown provider "${config.provider}"`);
+  }
+}
+
+exports.createMedia = createMedia;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/providers/r2.ts","../src/index.ts"],"names":["AwsClient"],"mappings":";;;;;AAOA,IAAM,MAAA,GAAS,CAAC,SAAA,EAAmB,YAAA,KACjC,YAAA,KAAiB,OACb,CAAA,EAAG,SAAS,CAAA,4BAAA,CAAA,GACZ,CAAA,EAAG,SAAS,CAAA,yBAAA,CAAA;AAGlB,IAAM,SAAA,GAAY,CAAC,GAAA,KACjB,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,GAAA,CAAI,kBAAkB,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA;AAE1C,SAAS,cAAc,GAAA,EAA2B;AACvD,EAAA,MAAM,IAAA,GAAO,CAAA,QAAA,EAAW,MAAA,CAAO,GAAA,CAAI,SAAA,EAAW,IAAI,YAAY,CAAC,CAAA,CAAA,EAAI,GAAA,CAAI,MAAM,CAAA,CAAA;AAC7E,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,SAAA,GAAY,CAAA,EAAG,GAAA,CAAI,UAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,CAAA,CAAA,GAAM,EAAA;AAEzE,EAAA,MAAM,GAAA,GAAM,IAAIA,mBAAA,CAAU;AAAA,IACxB,aAAa,GAAA,CAAI,WAAA;AAAA,IACjB,iBAAiB,GAAA,CAAI,eAAA;AAAA,IACrB,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,IAAA;AAAA,IACT,OAAA,EAAS;AAAA;AAAA,GACV,CAAA;AAED,EAAA,MAAM,UAAU,CAAC,GAAA,KAAgB,SAAS,GAAA,CAAI,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAChE,EAAA,MAAM,SAAA,GAAY,CAAC,GAAA,KAAgB,CAAA,EAAG,IAAI,IAAI,SAAA,CAAU,OAAA,CAAQ,GAAG,CAAC,CAAC,CAAA,CAAA;AAErE,EAAA,OAAO;AAAA,IACL,MAAM,MAAA,CAAO,GAAA,EAAa,IAAA,EAAiB,IAAA,EAAsB;AAC/D,MAAA,MAAM,UAAkC,EAAC;AACzC,MAAA,IAAI,IAAA,EAAM,WAAA,EAAa,OAAA,CAAQ,cAAc,IAAI,IAAA,CAAK,WAAA;AACtD,MAAA,IAAI,IAAA,EAAM,YAAA,EAAc,OAAA,CAAQ,eAAe,IAAI,IAAA,CAAK,YAAA;AACxD,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,KAAA,CAAM,SAAA,CAAU,GAAG,CAAA,EAAG,EAAE,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAwB,OAAA,EAAS,CAAA;AAC9F,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,GAAA,CAAI,MAAM,IAAI,MAAM,GAAA,CAAI,IAAA,EAAK,CAAE,MAAM,MAAM,EAAE,CAAC,CAAA,CAAA,CAAG,MAAM,CAAA;AAAA,MACrG;AACA,MAAA,OAAO,EAAE,GAAA,EAAK,OAAA,CAAQ,GAAG,CAAA,EAAE;AAAA,IAC7B,CAAA;AAAA,IAEA,MAAM,SAAA,CAAU,GAAA,EAAa,IAAA,EAAyB;AACpD,MAAA,MAAM,GAAA,GAAM,GAAG,SAAA,CAAU,GAAG,CAAC,CAAA,eAAA,EAAkB,IAAA,EAAM,aAAa,IAAI,CAAA,CAAA;AACtE,MAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,IAAA,CAAK,GAAA,EAAK,EAAE,MAAA,EAAQ,KAAA,EAAO,GAAA,EAAK,EAAE,SAAA,EAAW,IAAA,IAAQ,CAAA;AAC9E,MAAA,OAAO,MAAA,CAAO,GAAA;AAAA,IAChB,CAAA;AAAA,IAEA,MAAM,OAAO,GAAA,EAAa;AACxB,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,KAAA,CAAM,SAAA,CAAU,GAAG,CAAA,EAAG,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAChE,MAAA,IAAI,CAAC,GAAA,CAAI,EAAA,IAAM,GAAA,CAAI,WAAW,GAAA,EAAK;AACjC,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,MAC1D;AAAA,IACF;AAAA,GACF;AACF;;;AC3BO,SAAS,YAAY,MAAA,EAAiC;AAC3D,EAAA,QAAQ,OAAO,QAAA;AAAU,IACvB,KAAK,IAAA;AACH,MAAA,OAAO,cAAc,MAAM,CAAA;AAAA,IAC7B;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA6B,MAAA,CAAiC,QAAQ,CAAA,CAAA,CAAG,CAAA;AAAA;AAE/F","file":"index.cjs","sourcesContent":["// Cloudflare R2 provider. R2 speaks the S3 API, so this is a thin SigV4 layer\n// over aws4fetch (tiny, zero-dep, runs in Node/Bun/edge/Workers). No AWS SDK.\nimport { AwsClient } from \"aws4fetch\";\nimport type { MediaBody, MediaStore, R2Config, SignedUrlOptions, UploadOptions } from \"../types\";\n\n// R2's S3 endpoint host. The EU jurisdiction pins data-residency and MUST match\n// how the bucket was created (jurisdiction is immutable at creation).\nconst r2Host = (accountId: string, jurisdiction?: string) =>\n  jurisdiction === \"eu\"\n    ? `${accountId}.eu.r2.cloudflarestorage.com`\n    : `${accountId}.r2.cloudflarestorage.com`;\n\n// Encode each path segment but keep the \"/\" separators intact.\nconst encodeKey = (key: string) =>\n  key.split(\"/\").map(encodeURIComponent).join(\"/\");\n\nexport function createR2Store(cfg: R2Config): MediaStore {\n  const base = `https://${r2Host(cfg.accountId, cfg.jurisdiction)}/${cfg.bucket}`;\n  const prefix = cfg.keyPrefix ? `${cfg.keyPrefix.replace(/\\/+$/, \"\")}/` : \"\";\n  // R2 always uses region \"auto\"; the S3 service signs the request.\n  const aws = new AwsClient({\n    accessKeyId: cfg.accessKeyId,\n    secretAccessKey: cfg.secretAccessKey,\n    region: \"auto\",\n    service: \"s3\",\n    retries: 2, // modest resilience against R2's transient 5xx/429 (aws4fetch defaults to 10)\n  });\n\n  const fullKey = (key: string) => prefix + key.replace(/^\\/+/, \"\");\n  const objectUrl = (key: string) => `${base}/${encodeKey(fullKey(key))}`;\n\n  return {\n    async upload(key: string, body: MediaBody, opts?: UploadOptions) {\n      const headers: Record<string, string> = {};\n      if (opts?.contentType) headers[\"content-type\"] = opts.contentType;\n      if (opts?.cacheControl) headers[\"cache-control\"] = opts.cacheControl;\n      const res = await aws.fetch(objectUrl(key), { method: \"PUT\", body: body as BodyInit, headers });\n      if (!res.ok) {\n        throw new Error(`media(r2): upload failed ${res.status} ${await res.text().catch(() => \"\")}`.trim());\n      }\n      return { key: fullKey(key) };\n    },\n\n    async signedUrl(key: string, opts?: SignedUrlOptions) {\n      const url = `${objectUrl(key)}?X-Amz-Expires=${opts?.expiresIn ?? 3600}`;\n      const signed = await aws.sign(url, { method: \"GET\", aws: { signQuery: true } });\n      return signed.url;\n    },\n\n    async delete(key: string) {\n      const res = await aws.fetch(objectUrl(key), { method: \"DELETE\" });\n      if (!res.ok && res.status !== 404) {\n        throw new Error(`media(r2): delete failed ${res.status}`);\n      }\n    },\n  };\n}\n","// @broberg/media — the fleet's provider-agnostic media-storage facade (F006).\n// One API (upload · signedUrl · delete) over swappable storage providers, so a\n// later move between backends never touches a call-site. Ships with Cloudflare\n// R2; the config union grows as providers are added (s3, supabase, gcs …).\nimport { createR2Store } from \"./providers/r2\";\nimport type { MediaConfig, MediaStore } from \"./types\";\n\nexport type {\n  MediaBody,\n  MediaConfig,\n  MediaStore,\n  R2Config,\n  SignedUrlOptions,\n  UploadOptions,\n} from \"./types\";\n\n/**\n * Create a media store for the configured provider. The returned {@link MediaStore}\n * is identical across providers — swap `provider` and your call-sites don't change.\n *\n * @example\n * const media = createMedia({\n *   provider: \"r2\",\n *   accountId, accessKeyId, secretAccessKey, bucket: \"assets\",\n *   jurisdiction: \"eu\", keyPrefix: \"tenants/acme/\",\n * });\n * await media.upload(\"logo.png\", bytes, { contentType: \"image/png\" });\n * const url = await media.signedUrl(\"logo.png\", { expiresIn: 600 });\n */\nexport function createMedia(config: MediaConfig): MediaStore {\n  switch (config.provider) {\n    case \"r2\":\n      return createR2Store(config);\n    default:\n      throw new Error(`media: unknown provider \"${(config as { provider?: string }).provider}\"`);\n  }\n}\n"]}

package/dist/index.d.cts

@@ -0,0 +1,54 @@
+/** A binary payload to store. Anything fetch() accepts as a body. */
+type MediaBody = Uint8Array | ArrayBuffer | Blob | string | ReadableStream;
+interface UploadOptions {
+    /** MIME type stored on the object (e.g. "image/png"). */
+    contentType?: string;
+    /** Cache-Control header stored on the object. */
+    cacheControl?: string;
+}
+interface SignedUrlOptions {
+    /** Seconds the presigned GET URL stays valid (default 3600). */
+    expiresIn?: number;
+}
+/** The uniform surface every provider implements. */
+interface MediaStore {
+    /** Store an object at `key`; returns the final (prefixed) key. */
+    upload(key: string, body: MediaBody, opts?: UploadOptions): Promise<{
+        key: string;
+    }>;
+    /** A time-limited presigned GET URL for `key` (no public bucket needed). */
+    signedUrl(key: string, opts?: SignedUrlOptions): Promise<string>;
+    /** Delete the object at `key` (idempotent — a missing key is not an error). */
+    delete(key: string): Promise<void>;
+}
+/** Cloudflare R2 provider config (S3-compatible). */
+interface R2Config {
+    provider: "r2";
+    accountId: string;
+    accessKeyId: string;
+    secretAccessKey: string;
+    bucket: string;
+    /** R2 jurisdiction — "eu" pins EU data-residency (GDPR); default otherwise. */
+    jurisdiction?: "default" | "eu";
+    /** Optional key prefix prepended to every key (e.g. "tenants/acme/") for multi-tenant isolation. */
+    keyPrefix?: string;
+}
+/** The config union — grows as providers are added (s3, supabase, gcs …). */
+type MediaConfig = R2Config;
+
+/**
+ * Create a media store for the configured provider. The returned {@link MediaStore}
+ * is identical across providers — swap `provider` and your call-sites don't change.
+ *
+ * @example
+ * const media = createMedia({
+ *   provider: "r2",
+ *   accountId, accessKeyId, secretAccessKey, bucket: "assets",
+ *   jurisdiction: "eu", keyPrefix: "tenants/acme/",
+ * });
+ * await media.upload("logo.png", bytes, { contentType: "image/png" });
+ * const url = await media.signedUrl("logo.png", { expiresIn: 600 });
+ */
+declare function createMedia(config: MediaConfig): MediaStore;
+
+export { type MediaBody, type MediaConfig, type MediaStore, type R2Config, type SignedUrlOptions, type UploadOptions, createMedia };

package/dist/index.d.ts

@@ -0,0 +1,54 @@
+/** A binary payload to store. Anything fetch() accepts as a body. */
+type MediaBody = Uint8Array | ArrayBuffer | Blob | string | ReadableStream;
+interface UploadOptions {
+    /** MIME type stored on the object (e.g. "image/png"). */
+    contentType?: string;
+    /** Cache-Control header stored on the object. */
+    cacheControl?: string;
+}
+interface SignedUrlOptions {
+    /** Seconds the presigned GET URL stays valid (default 3600). */
+    expiresIn?: number;
+}
+/** The uniform surface every provider implements. */
+interface MediaStore {
+    /** Store an object at `key`; returns the final (prefixed) key. */
+    upload(key: string, body: MediaBody, opts?: UploadOptions): Promise<{
+        key: string;
+    }>;
+    /** A time-limited presigned GET URL for `key` (no public bucket needed). */
+    signedUrl(key: string, opts?: SignedUrlOptions): Promise<string>;
+    /** Delete the object at `key` (idempotent — a missing key is not an error). */
+    delete(key: string): Promise<void>;
+}
+/** Cloudflare R2 provider config (S3-compatible). */
+interface R2Config {
+    provider: "r2";
+    accountId: string;
+    accessKeyId: string;
+    secretAccessKey: string;
+    bucket: string;
+    /** R2 jurisdiction — "eu" pins EU data-residency (GDPR); default otherwise. */
+    jurisdiction?: "default" | "eu";
+    /** Optional key prefix prepended to every key (e.g. "tenants/acme/") for multi-tenant isolation. */
+    keyPrefix?: string;
+}
+/** The config union — grows as providers are added (s3, supabase, gcs …). */
+type MediaConfig = R2Config;
+
+/**
+ * Create a media store for the configured provider. The returned {@link MediaStore}
+ * is identical across providers — swap `provider` and your call-sites don't change.
+ *
+ * @example
+ * const media = createMedia({
+ *   provider: "r2",
+ *   accountId, accessKeyId, secretAccessKey, bucket: "assets",
+ *   jurisdiction: "eu", keyPrefix: "tenants/acme/",
+ * });
+ * await media.upload("logo.png", bytes, { contentType: "image/png" });
+ * const url = await media.signedUrl("logo.png", { expiresIn: 600 });
+ */
+declare function createMedia(config: MediaConfig): MediaStore;
+
+export { type MediaBody, type MediaConfig, type MediaStore, type R2Config, type SignedUrlOptions, type UploadOptions, createMedia };

package/dist/index.js

@@ -0,0 +1,56 @@
+import { AwsClient } from 'aws4fetch';
+
+// src/providers/r2.ts
+var r2Host = (accountId, jurisdiction) => jurisdiction === "eu" ? `${accountId}.eu.r2.cloudflarestorage.com` : `${accountId}.r2.cloudflarestorage.com`;
+var encodeKey = (key) => key.split("/").map(encodeURIComponent).join("/");
+function createR2Store(cfg) {
+  const base = `https://${r2Host(cfg.accountId, cfg.jurisdiction)}/${cfg.bucket}`;
+  const prefix = cfg.keyPrefix ? `${cfg.keyPrefix.replace(/\/+$/, "")}/` : "";
+  const aws = new AwsClient({
+    accessKeyId: cfg.accessKeyId,
+    secretAccessKey: cfg.secretAccessKey,
+    region: "auto",
+    service: "s3",
+    retries: 2
+    // modest resilience against R2's transient 5xx/429 (aws4fetch defaults to 10)
+  });
+  const fullKey = (key) => prefix + key.replace(/^\/+/, "");
+  const objectUrl = (key) => `${base}/${encodeKey(fullKey(key))}`;
+  return {
+    async upload(key, body, opts) {
+      const headers = {};
+      if (opts?.contentType) headers["content-type"] = opts.contentType;
+      if (opts?.cacheControl) headers["cache-control"] = opts.cacheControl;
+      const res = await aws.fetch(objectUrl(key), { method: "PUT", body, headers });
+      if (!res.ok) {
+        throw new Error(`media(r2): upload failed ${res.status} ${await res.text().catch(() => "")}`.trim());
+      }
+      return { key: fullKey(key) };
+    },
+    async signedUrl(key, opts) {
+      const url = `${objectUrl(key)}?X-Amz-Expires=${opts?.expiresIn ?? 3600}`;
+      const signed = await aws.sign(url, { method: "GET", aws: { signQuery: true } });
+      return signed.url;
+    },
+    async delete(key) {
+      const res = await aws.fetch(objectUrl(key), { method: "DELETE" });
+      if (!res.ok && res.status !== 404) {
+        throw new Error(`media(r2): delete failed ${res.status}`);
+      }
+    }
+  };
+}
+
+// src/index.ts
+function createMedia(config) {
+  switch (config.provider) {
+    case "r2":
+      return createR2Store(config);
+    default:
+      throw new Error(`media: unknown provider "${config.provider}"`);
+  }
+}
+
+export { createMedia };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/providers/r2.ts","../src/index.ts"],"names":[],"mappings":";;;AAOA,IAAM,MAAA,GAAS,CAAC,SAAA,EAAmB,YAAA,KACjC,YAAA,KAAiB,OACb,CAAA,EAAG,SAAS,CAAA,4BAAA,CAAA,GACZ,CAAA,EAAG,SAAS,CAAA,yBAAA,CAAA;AAGlB,IAAM,SAAA,GAAY,CAAC,GAAA,KACjB,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,GAAA,CAAI,kBAAkB,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA;AAE1C,SAAS,cAAc,GAAA,EAA2B;AACvD,EAAA,MAAM,IAAA,GAAO,CAAA,QAAA,EAAW,MAAA,CAAO,GAAA,CAAI,SAAA,EAAW,IAAI,YAAY,CAAC,CAAA,CAAA,EAAI,GAAA,CAAI,MAAM,CAAA,CAAA;AAC7E,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,SAAA,GAAY,CAAA,EAAG,GAAA,CAAI,UAAU,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAC,CAAA,CAAA,CAAA,GAAM,EAAA;AAEzE,EAAA,MAAM,GAAA,GAAM,IAAI,SAAA,CAAU;AAAA,IACxB,aAAa,GAAA,CAAI,WAAA;AAAA,IACjB,iBAAiB,GAAA,CAAI,eAAA;AAAA,IACrB,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,IAAA;AAAA,IACT,OAAA,EAAS;AAAA;AAAA,GACV,CAAA;AAED,EAAA,MAAM,UAAU,CAAC,GAAA,KAAgB,SAAS,GAAA,CAAI,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAChE,EAAA,MAAM,SAAA,GAAY,CAAC,GAAA,KAAgB,CAAA,EAAG,IAAI,IAAI,SAAA,CAAU,OAAA,CAAQ,GAAG,CAAC,CAAC,CAAA,CAAA;AAErE,EAAA,OAAO;AAAA,IACL,MAAM,MAAA,CAAO,GAAA,EAAa,IAAA,EAAiB,IAAA,EAAsB;AAC/D,MAAA,MAAM,UAAkC,EAAC;AACzC,MAAA,IAAI,IAAA,EAAM,WAAA,EAAa,OAAA,CAAQ,cAAc,IAAI,IAAA,CAAK,WAAA;AACtD,MAAA,IAAI,IAAA,EAAM,YAAA,EAAc,OAAA,CAAQ,eAAe,IAAI,IAAA,CAAK,YAAA;AACxD,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,KAAA,CAAM,SAAA,CAAU,GAAG,CAAA,EAAG,EAAE,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAwB,OAAA,EAAS,CAAA;AAC9F,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,GAAA,CAAI,MAAM,IAAI,MAAM,GAAA,CAAI,IAAA,EAAK,CAAE,MAAM,MAAM,EAAE,CAAC,CAAA,CAAA,CAAG,MAAM,CAAA;AAAA,MACrG;AACA,MAAA,OAAO,EAAE,GAAA,EAAK,OAAA,CAAQ,GAAG,CAAA,EAAE;AAAA,IAC7B,CAAA;AAAA,IAEA,MAAM,SAAA,CAAU,GAAA,EAAa,IAAA,EAAyB;AACpD,MAAA,MAAM,GAAA,GAAM,GAAG,SAAA,CAAU,GAAG,CAAC,CAAA,eAAA,EAAkB,IAAA,EAAM,aAAa,IAAI,CAAA,CAAA;AACtE,MAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,IAAA,CAAK,GAAA,EAAK,EAAE,MAAA,EAAQ,KAAA,EAAO,GAAA,EAAK,EAAE,SAAA,EAAW,IAAA,IAAQ,CAAA;AAC9E,MAAA,OAAO,MAAA,CAAO,GAAA;AAAA,IAChB,CAAA;AAAA,IAEA,MAAM,OAAO,GAAA,EAAa;AACxB,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,KAAA,CAAM,SAAA,CAAU,GAAG,CAAA,EAAG,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAChE,MAAA,IAAI,CAAC,GAAA,CAAI,EAAA,IAAM,GAAA,CAAI,WAAW,GAAA,EAAK;AACjC,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,MAC1D;AAAA,IACF;AAAA,GACF;AACF;;;AC3BO,SAAS,YAAY,MAAA,EAAiC;AAC3D,EAAA,QAAQ,OAAO,QAAA;AAAU,IACvB,KAAK,IAAA;AACH,MAAA,OAAO,cAAc,MAAM,CAAA;AAAA,IAC7B;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA6B,MAAA,CAAiC,QAAQ,CAAA,CAAA,CAAG,CAAA;AAAA;AAE/F","file":"index.js","sourcesContent":["// Cloudflare R2 provider. R2 speaks the S3 API, so this is a thin SigV4 layer\n// over aws4fetch (tiny, zero-dep, runs in Node/Bun/edge/Workers). No AWS SDK.\nimport { AwsClient } from \"aws4fetch\";\nimport type { MediaBody, MediaStore, R2Config, SignedUrlOptions, UploadOptions } from \"../types\";\n\n// R2's S3 endpoint host. The EU jurisdiction pins data-residency and MUST match\n// how the bucket was created (jurisdiction is immutable at creation).\nconst r2Host = (accountId: string, jurisdiction?: string) =>\n  jurisdiction === \"eu\"\n    ? `${accountId}.eu.r2.cloudflarestorage.com`\n    : `${accountId}.r2.cloudflarestorage.com`;\n\n// Encode each path segment but keep the \"/\" separators intact.\nconst encodeKey = (key: string) =>\n  key.split(\"/\").map(encodeURIComponent).join(\"/\");\n\nexport function createR2Store(cfg: R2Config): MediaStore {\n  const base = `https://${r2Host(cfg.accountId, cfg.jurisdiction)}/${cfg.bucket}`;\n  const prefix = cfg.keyPrefix ? `${cfg.keyPrefix.replace(/\\/+$/, \"\")}/` : \"\";\n  // R2 always uses region \"auto\"; the S3 service signs the request.\n  const aws = new AwsClient({\n    accessKeyId: cfg.accessKeyId,\n    secretAccessKey: cfg.secretAccessKey,\n    region: \"auto\",\n    service: \"s3\",\n    retries: 2, // modest resilience against R2's transient 5xx/429 (aws4fetch defaults to 10)\n  });\n\n  const fullKey = (key: string) => prefix + key.replace(/^\\/+/, \"\");\n  const objectUrl = (key: string) => `${base}/${encodeKey(fullKey(key))}`;\n\n  return {\n    async upload(key: string, body: MediaBody, opts?: UploadOptions) {\n      const headers: Record<string, string> = {};\n      if (opts?.contentType) headers[\"content-type\"] = opts.contentType;\n      if (opts?.cacheControl) headers[\"cache-control\"] = opts.cacheControl;\n      const res = await aws.fetch(objectUrl(key), { method: \"PUT\", body: body as BodyInit, headers });\n      if (!res.ok) {\n        throw new Error(`media(r2): upload failed ${res.status} ${await res.text().catch(() => \"\")}`.trim());\n      }\n      return { key: fullKey(key) };\n    },\n\n    async signedUrl(key: string, opts?: SignedUrlOptions) {\n      const url = `${objectUrl(key)}?X-Amz-Expires=${opts?.expiresIn ?? 3600}`;\n      const signed = await aws.sign(url, { method: \"GET\", aws: { signQuery: true } });\n      return signed.url;\n    },\n\n    async delete(key: string) {\n      const res = await aws.fetch(objectUrl(key), { method: \"DELETE\" });\n      if (!res.ok && res.status !== 404) {\n        throw new Error(`media(r2): delete failed ${res.status}`);\n      }\n    },\n  };\n}\n","// @broberg/media — the fleet's provider-agnostic media-storage facade (F006).\n// One API (upload · signedUrl · delete) over swappable storage providers, so a\n// later move between backends never touches a call-site. Ships with Cloudflare\n// R2; the config union grows as providers are added (s3, supabase, gcs …).\nimport { createR2Store } from \"./providers/r2\";\nimport type { MediaConfig, MediaStore } from \"./types\";\n\nexport type {\n  MediaBody,\n  MediaConfig,\n  MediaStore,\n  R2Config,\n  SignedUrlOptions,\n  UploadOptions,\n} from \"./types\";\n\n/**\n * Create a media store for the configured provider. The returned {@link MediaStore}\n * is identical across providers — swap `provider` and your call-sites don't change.\n *\n * @example\n * const media = createMedia({\n *   provider: \"r2\",\n *   accountId, accessKeyId, secretAccessKey, bucket: \"assets\",\n *   jurisdiction: \"eu\", keyPrefix: \"tenants/acme/\",\n * });\n * await media.upload(\"logo.png\", bytes, { contentType: \"image/png\" });\n * const url = await media.signedUrl(\"logo.png\", { expiresIn: 600 });\n */\nexport function createMedia(config: MediaConfig): MediaStore {\n  switch (config.provider) {\n    case \"r2\":\n      return createR2Store(config);\n    default:\n      throw new Error(`media: unknown provider \"${(config as { provider?: string }).provider}\"`);\n  }\n}\n"]}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@broberg/media",
+  "version": "0.1.0",
+  "description": "The fleet's provider-agnostic media-storage facade — one createMedia() API (upload · signedUrl · delete) over swappable storage providers, so a later move between providers never touches a call-site. Ships with a Cloudflare R2 provider (S3-compatible, SigV4 via aws4fetch — Node/Bun/edge), multi-tenant keyPrefix and EU-jurisdiction support. Start on R2, add S3/Supabase later without changing your code.",
+  "type": "module",
+  "license": "MIT",
+  "sideEffects": false,
+  "files": ["dist", "README.md"],
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "aws4fetch": "^1.0.20"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsup": "^8.3.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "keywords": [
+    "media",
+    "storage",
+    "object-storage",
+    "r2",
+    "cloudflare",
+    "s3",
+    "upload",
+    "signed-url",
+    "broberg"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/broberg-ai/components",
+    "directory": "packages/media"
+  },
+  "publishConfig": { "access": "public" }
+}