npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.1.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/package.json +90 -0
package/src/audit/__tests__/audit.integration.ts +328 -0
package/src/audit/constants.ts +7 -0
package/src/audit/feature.ts +23 -0
package/src/audit/handlers/list.query.ts +98 -0
package/src/audit/index.ts +2 -0
package/src/auth-email-password/__tests__/account-lockout-no-redis.integration.ts +149 -0
package/src/auth-email-password/__tests__/account-lockout.integration.ts +308 -0
package/src/auth-email-password/__tests__/auth-claims.integration.ts +512 -0
package/src/auth-email-password/__tests__/auth.integration.ts +610 -0
package/src/auth-email-password/__tests__/confirm-token-flow.test.ts +67 -0
package/src/auth-email-password/__tests__/email-templates.test.ts +106 -0
package/src/auth-email-password/__tests__/email-verification.integration.ts +327 -0
package/src/auth-email-password/__tests__/identity-v3-hash.test.ts +174 -0
package/src/auth-email-password/__tests__/identity-v3-login.integration.ts +150 -0
package/src/auth-email-password/__tests__/invite-flow.integration.ts +458 -0
package/src/auth-email-password/__tests__/multi-roles.integration.ts +256 -0
package/src/auth-email-password/__tests__/password-reset.integration.ts +346 -0
package/src/auth-email-password/__tests__/public-routes-rate-limit.integration.ts +144 -0
package/src/auth-email-password/__tests__/seed-admin.integration.ts +176 -0
package/src/auth-email-password/__tests__/session-callbacks.integration.ts +310 -0
package/src/auth-email-password/__tests__/session-strict-mode.integration.ts +101 -0
package/src/auth-email-password/__tests__/signed-token.test.ts +78 -0
package/src/auth-email-password/__tests__/signup-flow.integration.ts +259 -0
package/src/auth-email-password/auth-user-row.ts +41 -0
package/src/auth-email-password/constants.ts +101 -0
package/src/auth-email-password/email-templates.ts +283 -0
package/src/auth-email-password/feature.ts +140 -0
package/src/auth-email-password/handlers/change-password.write.ts +58 -0
package/src/auth-email-password/handlers/confirm-token-flow.ts +191 -0
package/src/auth-email-password/handlers/invite-accept-with-login.write.ts +203 -0
package/src/auth-email-password/handlers/invite-accept.write.ts +189 -0
package/src/auth-email-password/handlers/invite-create.write.ts +145 -0
package/src/auth-email-password/handlers/invite-signup-complete.write.ts +192 -0
package/src/auth-email-password/handlers/login.write.ts +208 -0
package/src/auth-email-password/handlers/logout.write.ts +12 -0
package/src/auth-email-password/handlers/request-email-verification.write.ts +29 -0
package/src/auth-email-password/handlers/request-password-reset.write.ts +31 -0
package/src/auth-email-password/handlers/reset-password.write.ts +61 -0
package/src/auth-email-password/handlers/signup-confirm.write.ts +170 -0
package/src/auth-email-password/handlers/signup-request.write.ts +104 -0
package/src/auth-email-password/handlers/token-request-handler.ts +114 -0
package/src/auth-email-password/handlers/verify-email.write.ts +62 -0
package/src/auth-email-password/i18n.ts +211 -0
package/src/auth-email-password/identity-v3-hash.ts +97 -0
package/src/auth-email-password/index.ts +35 -0
package/src/auth-email-password/invite-token-store.ts +92 -0
package/src/auth-email-password/lockout-store.ts +118 -0
package/src/auth-email-password/password-hashing.ts +43 -0
package/src/auth-email-password/reset-token.ts +28 -0
package/src/auth-email-password/seeding.ts +183 -0
package/src/auth-email-password/signed-token.ts +85 -0
package/src/auth-email-password/signup-token-store.ts +104 -0
package/src/auth-email-password/stream-tenant.ts +31 -0
package/src/auth-email-password/testing.ts +5 -0
package/src/auth-email-password/token-burn-store.ts +57 -0
package/src/auth-email-password/verification-token.ts +27 -0
package/src/auth-email-password/web/__tests__/auth-gate.test.tsx +51 -0
package/src/auth-email-password/web/__tests__/forgot-password-screen.test.tsx +80 -0
package/src/auth-email-password/web/__tests__/login-screen.test.tsx +94 -0
package/src/auth-email-password/web/__tests__/reset-password-screen.test.tsx +108 -0
package/src/auth-email-password/web/__tests__/session-roles.test.ts +54 -0
package/src/auth-email-password/web/__tests__/tenant-switcher.test.tsx +100 -0
package/src/auth-email-password/web/__tests__/test-utils.tsx +73 -0
package/src/auth-email-password/web/__tests__/user-menu.test.tsx +55 -0
package/src/auth-email-password/web/__tests__/verify-email-screen.test.tsx +59 -0
package/src/auth-email-password/web/auth-client.ts +350 -0
package/src/auth-email-password/web/auth-form-primitives.tsx +70 -0
package/src/auth-email-password/web/auth-gate.tsx +33 -0
package/src/auth-email-password/web/client-plugin.ts +48 -0
package/src/auth-email-password/web/default-topbar-actions.tsx +47 -0
package/src/auth-email-password/web/forgot-password-screen.tsx +110 -0
package/src/auth-email-password/web/index.ts +56 -0
package/src/auth-email-password/web/invite-accept-screen.tsx +220 -0
package/src/auth-email-password/web/login-screen.tsx +150 -0
package/src/auth-email-password/web/reset-password-screen.tsx +152 -0
package/src/auth-email-password/web/session.tsx +171 -0
package/src/auth-email-password/web/signup-complete-screen.tsx +150 -0
package/src/auth-email-password/web/signup-screen.tsx +130 -0
package/src/auth-email-password/web/tenant-switcher.tsx +116 -0
package/src/auth-email-password/web/use-shell-user.ts +34 -0
package/src/auth-email-password/web/user-menu.tsx +89 -0
package/src/auth-email-password/web/verify-email-screen.tsx +102 -0
package/src/billing-foundation/__tests__/billing-foundation.integration.ts +568 -0
package/src/billing-foundation/__tests__/feature.test.ts +110 -0
package/src/billing-foundation/__tests__/webhook-handler.test.ts +199 -0
package/src/billing-foundation/aggregate-id.ts +21 -0
package/src/billing-foundation/constants.ts +70 -0
package/src/billing-foundation/entities.ts +50 -0
package/src/billing-foundation/events.ts +71 -0
package/src/billing-foundation/feature.ts +122 -0
package/src/billing-foundation/get-subscription-for-tenant.ts +39 -0
package/src/billing-foundation/handlers/create-checkout-session.write.ts +79 -0
package/src/billing-foundation/handlers/create-portal-session.write.ts +73 -0
package/src/billing-foundation/handlers/list-subscriptions.query.ts +20 -0
package/src/billing-foundation/handlers/process-event.write.ts +160 -0
package/src/billing-foundation/index.ts +42 -0
package/src/billing-foundation/projection.ts +135 -0
package/src/billing-foundation/types.ts +157 -0
package/src/billing-foundation/webhook-handler.ts +184 -0
package/src/cap-counter/__tests__/cap-counter.integration.ts +566 -0
package/src/cap-counter/__tests__/enforce-cap.test.ts +422 -0
package/src/cap-counter/__tests__/with-cap-enforcement.integration.ts +265 -0
package/src/cap-counter/aggregate-id.ts +61 -0
package/src/cap-counter/constants.ts +32 -0
package/src/cap-counter/enforce-cap.ts +404 -0
package/src/cap-counter/entity.ts +48 -0
package/src/cap-counter/feature.ts +90 -0
package/src/cap-counter/handlers/get-counter.query.ts +43 -0
package/src/cap-counter/handlers/increment-rolling.write.ts +79 -0
package/src/cap-counter/handlers/increment.write.ts +92 -0
package/src/cap-counter/handlers/mark-soft-warned.write.ts +57 -0
package/src/cap-counter/index.ts +34 -0
package/src/cap-counter/with-cap-enforcement.ts +179 -0
package/src/channel-email/email-channel.ts +48 -0
package/src/channel-email/feature.ts +15 -0
package/src/channel-email/index.ts +4 -0
package/src/channel-email/smtp-transport.ts +65 -0
package/src/channel-email/types.ts +34 -0
package/src/channel-in-app/constants.ts +11 -0
package/src/channel-in-app/feature.ts +30 -0
package/src/channel-in-app/handlers/inbox.query.ts +28 -0
package/src/channel-in-app/handlers/mark-all-read.write.ts +21 -0
package/src/channel-in-app/handlers/mark-read.write.ts +32 -0
package/src/channel-in-app/handlers/unread-count.query.ts +20 -0
package/src/channel-in-app/in-app-channel.ts +44 -0
package/src/channel-in-app/index.ts +4 -0
package/src/channel-in-app/tables.ts +22 -0
package/src/channel-push/feature.ts +15 -0
package/src/channel-push/index.ts +3 -0
package/src/channel-push/push-channel.ts +33 -0
package/src/channel-push/types.ts +22 -0
package/src/config/__tests__/app-overrides.test.ts +118 -0
package/src/config/__tests__/config.integration.ts +1246 -0
package/src/config/constants.ts +23 -0
package/src/config/feature.ts +117 -0
package/src/config/handlers/__tests__/prepare-config-write.test.ts +209 -0
package/src/config/handlers/reset.write.ts +45 -0
package/src/config/handlers/schema.query.ts +22 -0
package/src/config/handlers/set.write.ts +93 -0
package/src/config/handlers/values.query.ts +43 -0
package/src/config/index.ts +15 -0
package/src/config/resolver.ts +283 -0
package/src/config/table.ts +35 -0
package/src/config/write-helpers.ts +268 -0
package/src/delivery/__tests__/delivery-events.integration.ts +166 -0
package/src/delivery/__tests__/delivery.integration.ts +1405 -0
package/src/delivery/constants.ts +33 -0
package/src/delivery/delivery-service.ts +489 -0
package/src/delivery/events.ts +18 -0
package/src/delivery/feature.ts +70 -0
package/src/delivery/handlers/log.query.ts +21 -0
package/src/delivery/handlers/preferences.query.ts +18 -0
package/src/delivery/handlers/set-preference.write.ts +28 -0
package/src/delivery/index.ts +35 -0
package/src/delivery/tables.ts +74 -0
package/src/delivery/testing.ts +47 -0
package/src/delivery/types.ts +71 -0
package/src/delivery/unsubscribe.ts +99 -0
package/src/delivery/upsert-preference.ts +145 -0
package/src/feature-toggles/__tests__/feature-toggles.integration.ts +687 -0
package/src/feature-toggles/constants.ts +20 -0
package/src/feature-toggles/events.ts +18 -0
package/src/feature-toggles/feature.ts +98 -0
package/src/feature-toggles/global-feature-state-table.ts +28 -0
package/src/feature-toggles/handlers/list.query.ts +26 -0
package/src/feature-toggles/handlers/registered.query.ts +56 -0
package/src/feature-toggles/handlers/set.write.ts +158 -0
package/src/feature-toggles/index.ts +9 -0
package/src/feature-toggles/toggle-runtime.ts +73 -0
package/src/file-foundation/__tests__/feature.test.ts +35 -0
package/src/file-foundation/__tests__/file-foundation.integration.ts +235 -0
package/src/file-foundation/feature.ts +123 -0
package/src/file-foundation/index.ts +7 -0
package/src/file-provider-inmemory/__tests__/feature.test.ts +35 -0
package/src/file-provider-inmemory/feature.ts +73 -0
package/src/file-provider-inmemory/index.ts +3 -0
package/src/file-provider-s3/__tests__/feature.test.ts +54 -0
package/src/file-provider-s3/feature.ts +169 -0
package/src/file-provider-s3/index.ts +3 -0
package/src/files-provider-s3/__tests__/env-helper.test.ts +161 -0
package/src/files-provider-s3/__tests__/s3-provider.integration.ts +134 -0
package/src/files-provider-s3/__tests__/s3-provider.test.ts +36 -0
package/src/files-provider-s3/env-helper.ts +49 -0
package/src/files-provider-s3/index.ts +3 -0
package/src/files-provider-s3/s3-provider.ts +114 -0
package/src/foundation-shared/config-helpers.ts +67 -0
package/src/foundation-shared/index.ts +4 -0
package/src/jobs/__tests__/job-system-user.integration.ts +194 -0
package/src/jobs/__tests__/jobs-events.integration.ts +143 -0
package/src/jobs/__tests__/jobs-feature.integration.ts +342 -0
package/src/jobs/constants.ts +21 -0
package/src/jobs/events.ts +39 -0
package/src/jobs/feature.ts +150 -0
package/src/jobs/handlers/detail.query.ts +30 -0
package/src/jobs/handlers/list.query.ts +36 -0
package/src/jobs/handlers/retry.write.ts +69 -0
package/src/jobs/handlers/trigger.write.ts +39 -0
package/src/jobs/index.ts +5 -0
package/src/jobs/job-run-logger.ts +213 -0
package/src/jobs/job-run-table.ts +55 -0
package/src/legal-pages/README.md +195 -0
package/src/legal-pages/__tests__/legal-pages.integration.ts +361 -0
package/src/legal-pages/constants.ts +36 -0
package/src/legal-pages/feature.ts +187 -0
package/src/legal-pages/index.ts +13 -0
package/src/legal-pages/markdown.ts +69 -0
package/src/mail-foundation/__tests__/feature.test.ts +46 -0
package/src/mail-foundation/__tests__/mail-foundation.integration.ts +247 -0
package/src/mail-foundation/feature.ts +160 -0
package/src/mail-foundation/index.ts +14 -0
package/src/mail-transport-inmemory/__tests__/feature.test.ts +37 -0
package/src/mail-transport-inmemory/feature.ts +90 -0
package/src/mail-transport-inmemory/index.ts +3 -0
package/src/mail-transport-smtp/__tests__/feature.test.ts +61 -0
package/src/mail-transport-smtp/feature.ts +182 -0
package/src/mail-transport-smtp/index.ts +3 -0
package/src/rate-limiting/__tests__/rate-limiting.integration.ts +84 -0
package/src/rate-limiting/constants.ts +9 -0
package/src/rate-limiting/feature.ts +16 -0
package/src/rate-limiting/handlers/status.query.ts +52 -0
package/src/rate-limiting/index.ts +2 -0
package/src/renderer-simple/__tests__/simple-renderer.test.ts +97 -0
package/src/renderer-simple/feature.ts +12 -0
package/src/renderer-simple/index.ts +2 -0
package/src/renderer-simple/simple-renderer.ts +72 -0
package/src/secrets/__tests__/rotate.integration.ts +176 -0
package/src/secrets/__tests__/secrets-events.integration.ts +125 -0
package/src/secrets/__tests__/secrets.integration.ts +118 -0
package/src/secrets/feature.ts +84 -0
package/src/secrets/handlers/delete.write.ts +20 -0
package/src/secrets/handlers/list.query.ts +38 -0
package/src/secrets/handlers/rotate.job.ts +193 -0
package/src/secrets/handlers/set.write.ts +50 -0
package/src/secrets/index.ts +16 -0
package/src/secrets/secrets-context.ts +296 -0
package/src/secrets/table.ts +68 -0
package/src/sessions/__tests__/cleanup.integration.ts +175 -0
package/src/sessions/__tests__/password-auto-revoke.integration.ts +202 -0
package/src/sessions/__tests__/sessions.integration.ts +472 -0
package/src/sessions/__tests__/test-helpers.ts +66 -0
package/src/sessions/constants.ts +43 -0
package/src/sessions/feature.ts +84 -0
package/src/sessions/handlers/cleanup.job.ts +109 -0
package/src/sessions/handlers/list.query.ts +35 -0
package/src/sessions/handlers/mine.query.ts +37 -0
package/src/sessions/handlers/revoke-all-others.write.ts +42 -0
package/src/sessions/handlers/revoke.write.ts +76 -0
package/src/sessions/index.ts +17 -0
package/src/sessions/schema/index.ts +5 -0
package/src/sessions/schema/user-session.ts +67 -0
package/src/sessions/session-callbacks.ts +110 -0
package/src/sessions/testing.ts +42 -0
package/src/subscription-mollie/__tests__/feature.test.ts +106 -0
package/src/subscription-mollie/__tests__/mollie-foundation.integration.ts +421 -0
package/src/subscription-mollie/__tests__/verify-webhook.test.ts +388 -0
package/src/subscription-mollie/constants.ts +33 -0
package/src/subscription-mollie/feature.ts +144 -0
package/src/subscription-mollie/index.ts +13 -0
package/src/subscription-mollie/plugin-methods.ts +79 -0
package/src/subscription-mollie/verify-webhook.ts +244 -0
package/src/subscription-stripe/__tests__/feature.test.ts +98 -0
package/src/subscription-stripe/__tests__/plugin-methods.test.ts +161 -0
package/src/subscription-stripe/__tests__/stripe-foundation.integration.ts +315 -0
package/src/subscription-stripe/__tests__/verify-webhook.test.ts +306 -0
package/src/subscription-stripe/constants.ts +20 -0
package/src/subscription-stripe/feature.ts +120 -0
package/src/subscription-stripe/index.ts +14 -0
package/src/subscription-stripe/plugin-methods.ts +91 -0
package/src/subscription-stripe/verify-webhook.ts +235 -0
package/src/tenant/__tests__/multi-tenant.integration.ts +278 -0
package/src/tenant/__tests__/seed-testing.integration.ts +229 -0
package/src/tenant/__tests__/tenant.integration.ts +347 -0
package/src/tenant/command-schemas.ts +37 -0
package/src/tenant/constants.ts +37 -0
package/src/tenant/feature.ts +109 -0
package/src/tenant/handlers/active-tenant-ids.query.ts +19 -0
package/src/tenant/handlers/add-member.write.ts +53 -0
package/src/tenant/handlers/cancel-invitation.write.ts +87 -0
package/src/tenant/handlers/create.write.ts +21 -0
package/src/tenant/handlers/disable.write.ts +18 -0
package/src/tenant/handlers/invitations.query.ts +31 -0
package/src/tenant/handlers/list.query.ts +17 -0
package/src/tenant/handlers/me.query.ts +17 -0
package/src/tenant/handlers/members.query.ts +22 -0
package/src/tenant/handlers/memberships.query.ts +24 -0
package/src/tenant/handlers/remove-member.write.ts +40 -0
package/src/tenant/handlers/resolve-user-ids.query.ts +43 -0
package/src/tenant/handlers/update-member-roles.write.ts +54 -0
package/src/tenant/handlers/update.write.ts +20 -0
package/src/tenant/index.ts +12 -0
package/src/tenant/invitation-table.ts +93 -0
package/src/tenant/membership-table.ts +35 -0
package/src/tenant/schema/index.ts +5 -0
package/src/tenant/schema/tenant.ts +27 -0
package/src/tenant/seeding.ts +155 -0
package/src/tenant/testing.ts +8 -0
package/src/text-content/README.md +190 -0
package/src/text-content/__tests__/text-content.integration.ts +415 -0
package/src/text-content/api.ts +92 -0
package/src/text-content/constants.ts +19 -0
package/src/text-content/feature.ts +29 -0
package/src/text-content/handlers/by-slug.query.ts +55 -0
package/src/text-content/handlers/set.write.ts +118 -0
package/src/text-content/index.ts +14 -0
package/src/text-content/seeding.ts +91 -0
package/src/text-content/table.ts +45 -0
package/src/tier-engine/__tests__/compose-app.test.ts +182 -0
package/src/tier-engine/__tests__/drift.test.ts +42 -0
package/src/tier-engine/__tests__/tier-engine.integration.ts +241 -0
package/src/tier-engine/aggregate-id.ts +27 -0
package/src/tier-engine/compose-app.ts +150 -0
package/src/tier-engine/constants.ts +15 -0
package/src/tier-engine/entity.ts +30 -0
package/src/tier-engine/feature.ts +72 -0
package/src/tier-engine/handlers/active-tier.query.ts +23 -0
package/src/tier-engine/index.ts +22 -0
package/src/user/__tests__/seed-testing.integration.ts +127 -0
package/src/user/__tests__/user.integration.ts +198 -0
package/src/user/command-schemas.ts +15 -0
package/src/user/constants.ts +23 -0
package/src/user/feature.ts +32 -0
package/src/user/handlers/create.write.ts +54 -0
package/src/user/handlers/detail.query.ts +9 -0
package/src/user/handlers/find-for-auth.query.ts +38 -0
package/src/user/handlers/list.query.ts +8 -0
package/src/user/handlers/me.query.ts +15 -0
package/src/user/handlers/update.write.ts +54 -0
package/src/user/index.ts +4 -0
package/src/user/schema/index.ts +5 -0
package/src/user/schema/user.ts +69 -0
package/src/user/seeding.ts +93 -0
package/src/user/testing.ts +5 -0

package/src/file-provider-s3/feature.ts ADDED Viewed

@@ -0,0 +1,169 @@
+// kumiko-feature-version: 1
+//
+// file-provider-s3 — concrete S3-implementation for the
+// file-foundation plugin-API.
+//
+// **Was diese Feature liefert:**
+//   1. Provider-spezifische Tenant-Config (bucket/region/endpoint/
+//      forcePathStyle/accessKeyId) und Secret (s3.secretAccessKey).
+//      Self-contained — file-foundation kennt diese nicht.
+//   2. Plugin-Registration via `r.useExtension("fileProvider", "s3",
+//      { build })`. file-foundation's Factory findet den Plugin via
+//      registry.
+//   3. build(ctx, tenantId) liest config + secret, ruft `createS3Provider`
+//      aus files-provider-s3 auf. Der EINZIGE Cross-Feature-Import
+//      des Plugins — bewusst lokal gehalten.
+//
+// **Pattern-Vorbild:** mirrors mail-transport-smtp.
+//
+// **Boot-Dependencies:** config + secrets + file-foundation.
+import type { FileProviderPlugin } from "@cosmicdrift/kumiko-bundled-features/file-foundation";
+import { createS3Provider } from "@cosmicdrift/kumiko-bundled-features/files-provider-s3";
+import {
+  requireDefined,
+  requireNonEmpty,
+} from "@cosmicdrift/kumiko-bundled-features/foundation-shared";
+import { requireSecretsContext } from "@cosmicdrift/kumiko-bundled-features/secrets";
+import {
+  access,
+  createTenantConfig,
+  defineFeature,
+  type HandlerContext,
+} from "@cosmicdrift/kumiko-framework/engine";
+import type { FileStorageProvider } from "@cosmicdrift/kumiko-framework/files";
+const FEATURE_NAME = "file-provider-s3";
+// =============================================================================
+// Feature-definition
+// =============================================================================
+export const fileProviderS3Feature = defineFeature(FEATURE_NAME, (r) => {
+  r.requires("config");
+  r.requires("secrets");
+  r.requires("file-foundation");
+  const secretAccessKey = r.secret("s3.secretAccessKey", {
+    label: { de: "S3 Secret Access Key", en: "S3 Secret Access Key" },
+    hint: {
+      de: "Privater Teil des S3-Schlüsselpaares. Bei Hetzner Object Storage 'Secret Key', bei AWS S3 'Secret Access Key'.",
+      en: "Private half of the S3 key pair. Hetzner calls it 'Secret Key', AWS calls it 'Secret Access Key'.",
+    },
+    redact: (plaintext) => {
+      if (plaintext.length < 8) return "•".repeat(plaintext.length);
+      return `${plaintext.slice(0, 4)}...${plaintext.slice(-4)}`;
+    },
+    scope: "tenant",
+  });
+  const configKeys = r.config({
+    keys: {
+      bucket: createTenantConfig("text", {
+        default: "",
+        write: access.roles("TenantAdmin", "SystemAdmin"),
+        read: access.roles("TenantAdmin", "SystemAdmin"),
+      }),
+      region: createTenantConfig("text", {
+        default: "",
+        write: access.roles("TenantAdmin", "SystemAdmin"),
+        read: access.roles("TenantAdmin", "SystemAdmin"),
+      }),
+      endpoint: createTenantConfig("text", {
+        default: "",
+        write: access.roles("TenantAdmin", "SystemAdmin"),
+        read: access.roles("TenantAdmin", "SystemAdmin"),
+      }),
+      forcePathStyle: createTenantConfig("boolean", {
+        default: false,
+        write: access.roles("TenantAdmin", "SystemAdmin"),
+      }),
+      accessKeyId: createTenantConfig("text", {
+        default: "",
+        write: access.roles("TenantAdmin", "SystemAdmin"),
+        read: access.roles("TenantAdmin", "SystemAdmin"),
+      }),
+    },
+  });
+  // Plugin-Registration. entityName "s3" ist was tenants in
+  // file-foundation's `provider` config-key setzen.
+  const plugin: FileProviderPlugin = {
+    build: async (ctx: HandlerContext, tenantId: string) => buildS3Provider(ctx, tenantId),
+  };
+  r.useExtension("fileProvider", "s3", plugin);
+  return { configKeys, secretAccessKey };
+});
+/** Typed handle for the S3 secret-access-key. */
+export const S3_SECRET_ACCESS_KEY = fileProviderS3Feature.exports.secretAccessKey;
+// =============================================================================
+// Internal: build the FileStorageProvider from tenant config + secret
+// =============================================================================
+async function buildS3Provider(
+  ctx: HandlerContext,
+  tenantId: string,
+): Promise<FileStorageProvider> {
+  const ctxConfig = ctx.config;
+  if (!ctxConfig) {
+    throw new Error(
+      `${FEATURE_NAME}: ctx.config is missing — feature requires the config-feature mounted in the registry`,
+    );
+  }
+  const FILE_HINT = "Set via tenant-admin UI or seed-handler before reading or writing files.";
+  const bucket = requireNonEmpty(
+    await ctxConfig(fileProviderS3Feature.exports.configKeys.bucket),
+    FEATURE_NAME,
+    "bucket",
+    FILE_HINT,
+  );
+  const region = requireNonEmpty(
+    await ctxConfig(fileProviderS3Feature.exports.configKeys.region),
+    FEATURE_NAME,
+    "region",
+    FILE_HINT,
+  );
+  const endpointRaw = requireDefined(
+    await ctxConfig(fileProviderS3Feature.exports.configKeys.endpoint),
+    FEATURE_NAME,
+    "endpoint",
+  ) as string;
+  const endpoint = endpointRaw.length > 0 ? endpointRaw : undefined;
+  const forcePathStyle = requireDefined(
+    await ctxConfig(fileProviderS3Feature.exports.configKeys.forcePathStyle),
+    FEATURE_NAME,
+    "forcePathStyle",
+  ) as boolean;
+  const accessKeyId = requireNonEmpty(
+    await ctxConfig(fileProviderS3Feature.exports.configKeys.accessKeyId),
+    FEATURE_NAME,
+    "accessKeyId",
+    FILE_HINT,
+  );
+  const secretAccessKey = await readSecretAccessKey(ctx, tenantId);
+  return createS3Provider({
+    bucket,
+    region,
+    accessKeyId,
+    secretAccessKey,
+    ...(endpoint !== undefined && { endpoint }),
+    forcePathStyle,
+  });
+}
+async function readSecretAccessKey(ctx: HandlerContext, tenantId: string): Promise<string> {
+  const secrets = requireSecretsContext(ctx, FEATURE_NAME);
+  const branded = await secrets.get(tenantId, S3_SECRET_ACCESS_KEY);
+  if (!branded) {
+    throw new Error(
+      `${FEATURE_NAME}: ${S3_SECRET_ACCESS_KEY.name} not set for tenant ${tenantId} — Tenant-Admin must set it via /api/write/secrets:write:set`,
+    );
+  }
+  return branded.reveal();
+}

package/src/file-provider-s3/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+// Public API of the file-provider-s3 bundled-feature.
+export { fileProviderS3Feature, S3_SECRET_ACCESS_KEY } from "./feature";

package/src/files-provider-s3/__tests__/env-helper.test.ts ADDED Viewed

@@ -0,0 +1,161 @@
+import { afterEach, beforeEach, describe, expect, test } from "vitest";
+import { parseS3EnvConfig } from "../env-helper";
+// Tests run against real process.env — we snapshot + restore per-test so
+// parallel test files don't leak env vars into one another. vi.stubEnv is
+// intentionally avoided: it only affects Vite-transformed reads, and
+// env-helper reads process.env directly at runtime.
+const TOUCHED_KEYS = [
+  "TEST_S3_BUCKET",
+  "TEST_S3_REGION",
+  "TEST_S3_ACCESS_KEY",
+  "TEST_S3_SECRET_KEY",
+  "TEST_S3_ENDPOINT",
+  "TEST_S3_FORCE_PATH_STYLE",
+  "OTHER_BUCKET",
+  "OTHER_REGION",
+  "OTHER_ACCESS_KEY",
+  "OTHER_SECRET_KEY",
+];
+const snapshot = new Map<string, string | undefined>();
+beforeEach(() => {
+  snapshot.clear();
+  for (const k of TOUCHED_KEYS) {
+    snapshot.set(k, process.env[k]);
+    delete process.env[k];
+  }
+});
+afterEach(() => {
+  for (const [k, v] of snapshot) {
+    if (v === undefined) delete process.env[k];
+    else process.env[k] = v;
+  }
+});
+function setRequired(prefix = "TEST_S3_"): void {
+  process.env[`${prefix}BUCKET`] = "my-bucket";
+  process.env[`${prefix}REGION`] = "us-east-1";
+  process.env[`${prefix}ACCESS_KEY`] = "access";
+  process.env[`${prefix}SECRET_KEY`] = "secret";
+}
+describe("parseS3EnvConfig — required vars", () => {
+  test("throws missing_env when BUCKET is absent", () => {
+    setRequired();
+    delete process.env["TEST_S3_BUCKET"];
+    expect(() => parseS3EnvConfig("TEST_S3_")).toThrow(/missing_env.*TEST_S3_BUCKET/);
+  });
+  test("throws missing_env when REGION is absent", () => {
+    setRequired();
+    delete process.env["TEST_S3_REGION"];
+    expect(() => parseS3EnvConfig("TEST_S3_")).toThrow(/missing_env.*TEST_S3_REGION/);
+  });
+  test("throws missing_env when ACCESS_KEY is absent", () => {
+    setRequired();
+    delete process.env["TEST_S3_ACCESS_KEY"];
+    expect(() => parseS3EnvConfig("TEST_S3_")).toThrow(/missing_env.*TEST_S3_ACCESS_KEY/);
+  });
+  test("throws missing_env when SECRET_KEY is absent", () => {
+    setRequired();
+    delete process.env["TEST_S3_SECRET_KEY"];
+    expect(() => parseS3EnvConfig("TEST_S3_")).toThrow(/missing_env.*TEST_S3_SECRET_KEY/);
+  });
+  test("treats empty string as missing (CI that exports VAR='' to unset)", () => {
+    setRequired();
+    process.env["TEST_S3_BUCKET"] = "";
+    expect(() => parseS3EnvConfig("TEST_S3_")).toThrow(/missing_env.*TEST_S3_BUCKET/);
+  });
+  test("passes required vars straight through", () => {
+    setRequired();
+    const config = parseS3EnvConfig("TEST_S3_");
+    expect(config.bucket).toBe("my-bucket");
+    expect(config.region).toBe("us-east-1");
+    expect(config.accessKeyId).toBe("access");
+    expect(config.secretAccessKey).toBe("secret");
+  });
+});
+describe("parseS3EnvConfig — optional ENDPOINT", () => {
+  test("undefined endpoint → omitted from config (AWS default behaviour)", () => {
+    setRequired();
+    const config = parseS3EnvConfig("TEST_S3_");
+    expect(config.endpoint).toBeUndefined();
+  });
+  test("empty-string endpoint → omitted (don't forward '' to SDK)", () => {
+    setRequired();
+    process.env["TEST_S3_ENDPOINT"] = "";
+    const config = parseS3EnvConfig("TEST_S3_");
+    expect(config.endpoint).toBeUndefined();
+  });
+  test("non-empty endpoint → forwarded verbatim", () => {
+    setRequired();
+    process.env["TEST_S3_ENDPOINT"] = "https://r2.example.com";
+    const config = parseS3EnvConfig("TEST_S3_");
+    expect(config.endpoint).toBe("https://r2.example.com");
+  });
+});
+describe("parseS3EnvConfig — FORCE_PATH_STYLE parsing", () => {
+  test("undefined → config has no forcePathStyle (auto-detect at provider level)", () => {
+    setRequired();
+    const config = parseS3EnvConfig("TEST_S3_");
+    expect(config.forcePathStyle).toBeUndefined();
+  });
+  test("'true' → forcePathStyle: true", () => {
+    setRequired();
+    process.env["TEST_S3_FORCE_PATH_STYLE"] = "true";
+    expect(parseS3EnvConfig("TEST_S3_").forcePathStyle).toBe(true);
+  });
+  test("'false' → forcePathStyle: false (explicit AWS-style override)", () => {
+    setRequired();
+    process.env["TEST_S3_FORCE_PATH_STYLE"] = "false";
+    expect(parseS3EnvConfig("TEST_S3_").forcePathStyle).toBe(false);
+  });
+  test("any other non-'true' value → treated as false (strict parse)", () => {
+    setRequired();
+    process.env["TEST_S3_FORCE_PATH_STYLE"] = "yes";
+    // Only the literal string "true" flips the flag on. Prevents typos
+    // like "True" / "1" from silently enabling a non-default behaviour.
+    expect(parseS3EnvConfig("TEST_S3_").forcePathStyle).toBe(false);
+  });
+});
+describe("parseS3EnvConfig — prefix variants", () => {
+  test("custom prefix reads independent env vars", () => {
+    process.env["OTHER_BUCKET"] = "other-bucket";
+    process.env["OTHER_REGION"] = "eu-west-1";
+    process.env["OTHER_ACCESS_KEY"] = "other-access";
+    process.env["OTHER_SECRET_KEY"] = "other-secret";
+    const config = parseS3EnvConfig("OTHER_");
+    expect(config.bucket).toBe("other-bucket");
+    expect(config.region).toBe("eu-west-1");
+  });
+  test("different prefixes don't bleed config into each other", () => {
+    setRequired("TEST_S3_");
+    process.env["OTHER_BUCKET"] = "other-bucket";
+    process.env["OTHER_REGION"] = "eu-west-1";
+    process.env["OTHER_ACCESS_KEY"] = "other-access";
+    process.env["OTHER_SECRET_KEY"] = "other-secret";
+    const a = parseS3EnvConfig("TEST_S3_");
+    const b = parseS3EnvConfig("OTHER_");
+    expect(a.bucket).toBe("my-bucket");
+    expect(b.bucket).toBe("other-bucket");
+  });
+});

package/src/files-provider-s3/__tests__/s3-provider.integration.ts ADDED Viewed

@@ -0,0 +1,134 @@
+import type { FileStorageProvider } from "@cosmicdrift/kumiko-framework/files";
+import { generateId } from "@cosmicdrift/kumiko-framework/utils";
+import { afterAll, beforeAll, describe, expect, test } from "vitest";
+import { createS3ProviderFromEnv } from "../env-helper";
+import { createS3Provider } from "../s3-provider";
+// These tests run against the Minio container from docker-compose
+// (kumiko dev starts it alongside postgres/redis/meili). If Minio isn't up
+// the tests fail fast — same as postgres, not env-gated.
+function requireEnv(name: string): string {
+  const value = process.env[name];
+  if (!value) throw new Error(`Missing env for S3 integration test: ${name}`);
+  return value;
+}
+// Keep all keys under a per-run prefix so repeated test runs don't pollute
+// each other and a stray failure doesn't leak bytes into the next developer's
+// session. Cleanup happens in afterAll via the provider's delete().
+const RUN_PREFIX = `test-run-${generateId()}`;
+const createdKeys: string[] = [];
+function uniqueKey(suffix: string): string {
+  const key = `${RUN_PREFIX}/${suffix}`;
+  createdKeys.push(key);
+  return key;
+}
+let provider: FileStorageProvider;
+beforeAll(() => {
+  // forcePathStyle is deliberately NOT set — resolveForcePathStyle() must
+  // auto-detect path-style from the `endpoint` presence. If auto-detection
+  // regressed, Minio would reject virtual-host-style URLs (bucket.host/key)
+  // and every round-trip below would fail. That's the proof.
+  provider = createS3Provider({
+    endpoint: requireEnv("MINIO_ENDPOINT"),
+    region: requireEnv("MINIO_REGION"),
+    accessKeyId: requireEnv("MINIO_ACCESS_KEY"),
+    secretAccessKey: requireEnv("MINIO_SECRET_KEY"),
+    bucket: requireEnv("MINIO_BUCKET"),
+  });
+});
+afterAll(async () => {
+  // Best-effort cleanup — don't fail the suite if a key can't be removed.
+  for (const key of createdKeys) {
+    try {
+      await provider.delete(key);
+    } catch {
+      // ignore: test isolation doesn't depend on clean teardown
+    }
+  }
+});
+describe("s3-provider (Minio)", () => {
+  test("write + read round-trip preserves bytes", async () => {
+    const key = uniqueKey("round-trip.bin");
+    const payload = new Uint8Array([0x89, 0x50, 0x4e, 0x47, 0x01, 0x02, 0x03, 0xff]);
+    await provider.write(key, payload, "application/octet-stream");
+    const readBack = await provider.read(key);
+    expect(readBack.length).toBe(payload.length);
+    expect(Array.from(readBack)).toEqual(Array.from(payload));
+  });
+  test("exists reflects write + delete", async () => {
+    const key = uniqueKey("exists-check.txt");
+    expect(await provider.exists(key)).toBe(false);
+    await provider.write(key, new TextEncoder().encode("hello"), "text/plain");
+    expect(await provider.exists(key)).toBe(true);
+    await provider.delete(key);
+    expect(await provider.exists(key)).toBe(false);
+  });
+  test("getSignedUrl returns a URL that fetches the bytes", async () => {
+    const key = uniqueKey("signed-download.txt");
+    const payload = new TextEncoder().encode("signed-url-payload");
+    await provider.write(key, payload, "text/plain");
+    // getSignedUrl is optional on the contract; the S3 provider always
+    // implements it. Narrow for TS.
+    if (!provider.getSignedUrl) throw new Error("s3 provider should implement getSignedUrl");
+    const url = await provider.getSignedUrl(key, 60, {
+      contentDisposition: 'attachment; filename="original.txt"',
+    });
+    expect(url).toMatch(/^https?:\/\//);
+    // The signed URL goes to the MINIO_ENDPOINT, not a virtual-host-style
+    // host — proves forcePathStyle is on.
+    expect(url).toContain("localhost:19000");
+    // Presigner encodes the expiry as X-Amz-Expires.
+    expect(url).toContain("X-Amz-Expires=60");
+    // Content-Disposition override is presigned into the query string.
+    expect(url.toLowerCase()).toContain("response-content-disposition");
+    // Fetch through the URL — proves it actually works end-to-end.
+    const response = await fetch(url);
+    expect(response.status).toBe(200);
+    const fetched = new Uint8Array(await response.arrayBuffer());
+    expect(Array.from(fetched)).toEqual(Array.from(payload));
+  });
+  test("read throws on missing key", async () => {
+    const key = uniqueKey("never-existed.bin");
+    await expect(provider.read(key)).rejects.toThrow();
+  });
+});
+describe("createS3ProviderFromEnv", () => {
+  test("builds a working provider from MINIO_* env vars", async () => {
+    // Construct via env-helper with the MINIO_ prefix to match the docker
+    // container's env. Then prove it works by writing + reading through it.
+    const envProvider = createS3ProviderFromEnv("MINIO_");
+    const key = uniqueKey("env-helper-check.bin");
+    const payload = new Uint8Array([1, 2, 3, 4]);
+    await envProvider.write(key, payload);
+    const readBack = await envProvider.read(key);
+    expect(Array.from(readBack)).toEqual(Array.from(payload));
+    await envProvider.delete(key);
+  });
+  test("throws for missing required env var", () => {
+    // Any prefix that doesn't map to any env vars should yield a missing_env
+    // error immediately — not a silent misconfiguration at first I/O.
+    expect(() => createS3ProviderFromEnv("NON_EXISTENT_PREFIX_")).toThrow(/missing_env/);
+  });
+});

package/src/files-provider-s3/__tests__/s3-provider.test.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import { describe, expect, test } from "vitest";
+import type { S3ProviderConfig } from "../s3-provider";
+import { resolveForcePathStyle } from "../s3-provider";
+const baseConfig: S3ProviderConfig = {
+  bucket: "b",
+  region: "us-east-1",
+  accessKeyId: "a",
+  secretAccessKey: "s",
+};
+describe("resolveForcePathStyle", () => {
+  test("no endpoint + no override → false (AWS virtual-host default)", () => {
+    expect(resolveForcePathStyle(baseConfig)).toBe(false);
+  });
+  test("custom endpoint + no override → true (auto-detect for Minio/R2/etc.)", () => {
+    expect(resolveForcePathStyle({ ...baseConfig, endpoint: "http://localhost:9000" })).toBe(true);
+  });
+  test("explicit true override always wins, even without endpoint", () => {
+    expect(resolveForcePathStyle({ ...baseConfig, forcePathStyle: true })).toBe(true);
+  });
+  test("explicit false override always wins, even with custom endpoint", () => {
+    // Edge case: someone running a custom endpoint that does support
+    // virtual-host-style (rare, but legal) can opt out.
+    expect(
+      resolveForcePathStyle({
+        ...baseConfig,
+        endpoint: "http://localhost:9000",
+        forcePathStyle: false,
+      }),
+    ).toBe(false);
+  });
+});

package/src/files-provider-s3/env-helper.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import type { FileStorageProvider } from "@cosmicdrift/kumiko-framework/files";
+import { createS3Provider, type S3ProviderConfig } from "./s3-provider";
+// Reads S3 connection details from process.env with a configurable prefix so
+// multi-tenant deploys can wire more than one bucket (S3_* for user-uploads,
+// BACKUP_S3_* for archives, …). Keeps apps out of the boilerplate of hand-
+// rolling a config object.
+//
+// Required vars: <prefix>BUCKET, <prefix>REGION, <prefix>ACCESS_KEY,
+// <prefix>SECRET_KEY. Optional: <prefix>ENDPOINT (for R2/Minio),
+// <prefix>FORCE_PATH_STYLE (explicit override — auto-detected when ENDPOINT
+// is set).
+export function createS3ProviderFromEnv(prefix = "S3_"): FileStorageProvider {
+  return createS3Provider(parseS3EnvConfig(prefix));
+}
+// Separated from createS3ProviderFromEnv so the env → config translation is
+// unit-testable without spinning up an S3Client. The returned config is a
+// plain object — pass it to createS3Provider to get a working provider.
+export function parseS3EnvConfig(prefix: string): S3ProviderConfig {
+  const bucket = requireEnv(`${prefix}BUCKET`);
+  const region = requireEnv(`${prefix}REGION`);
+  const accessKeyId = requireEnv(`${prefix}ACCESS_KEY`);
+  const secretAccessKey = requireEnv(`${prefix}SECRET_KEY`);
+  const endpoint = process.env[`${prefix}ENDPOINT`];
+  const forcePathStyleRaw = process.env[`${prefix}FORCE_PATH_STYLE`];
+  return {
+    bucket,
+    region,
+    accessKeyId,
+    secretAccessKey,
+    // Empty string treated as "not set" — otherwise a CI that exports
+    // FOO_ENDPOINT="" to unset it would accidentally send an empty
+    // endpoint to the SDK, which blows up deep in the signer.
+    ...(endpoint !== undefined && endpoint !== "" && { endpoint }),
+    ...(forcePathStyleRaw !== undefined && {
+      forcePathStyle: forcePathStyleRaw === "true",
+    }),
+  };
+}
+function requireEnv(name: string): string {
+  const value = process.env[name];
+  if (value === undefined || value === "") {
+    throw new Error(`missing_env: ${name} is required to construct the S3 file provider`);
+  }
+  return value;
+}

package/src/files-provider-s3/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { createS3ProviderFromEnv, parseS3EnvConfig } from "./env-helper";
+export type { S3ProviderConfig } from "./s3-provider";
+export { createS3Provider, resolveForcePathStyle } from "./s3-provider";

package/src/files-provider-s3/s3-provider.ts ADDED Viewed

@@ -0,0 +1,114 @@
+import {
+  DeleteObjectCommand,
+  GetObjectCommand,
+  HeadObjectCommand,
+  PutObjectCommand,
+  S3Client,
+} from "@aws-sdk/client-s3";
+import { getSignedUrl as presign } from "@aws-sdk/s3-request-presigner";
+import type { FileStorageProvider, SignedUrlOptions } from "@cosmicdrift/kumiko-framework/files";
+// Minimal config surface — everything the SDK needs, nothing framework-
+// specific. Apps wire this into `buildServer({ files: { storageProvider } })`
+// the same way they'd pass createLocalProvider in dev.
+//
+// `endpoint` + `forcePathStyle` are the R2/Minio knobs: AWS-S3 uses
+// virtual-host-style URLs (bucket.s3.region.amazonaws.com), Minio and many
+// S3-compat providers need path-style (endpoint/bucket/key). Default
+// forcePathStyle=true whenever a custom endpoint is set — that's the
+// expected shape for every non-AWS provider.
+export type S3ProviderConfig = {
+  readonly bucket: string;
+  readonly region: string;
+  readonly accessKeyId: string;
+  readonly secretAccessKey: string;
+  // Custom endpoint for R2/Minio/DigitalOcean Spaces/etc. Omit for AWS S3.
+  readonly endpoint?: string;
+  // Override auto-detection; mainly for explicit Minio-style tests.
+  readonly forcePathStyle?: boolean;
+};
+// Exported for unit testing — the branch logic (explicit override vs.
+// auto-detect from endpoint) is small but load-bearing: Minio/R2 break
+// silently if the virtual-host-style is picked. Keeping it testable
+// without constructing an S3Client means the rule stays honest.
+export function resolveForcePathStyle(config: S3ProviderConfig): boolean {
+  // Explicit override wins; otherwise: custom endpoint → path-style
+  // (that's the shape every non-AWS S3-compatible provider expects),
+  // no endpoint → AWS default virtual-host-style.
+  return config.forcePathStyle ?? config.endpoint !== undefined;
+}
+export function createS3Provider(config: S3ProviderConfig): FileStorageProvider {
+  const client = new S3Client({
+    region: config.region,
+    credentials: {
+      accessKeyId: config.accessKeyId,
+      secretAccessKey: config.secretAccessKey,
+    },
+    ...(config.endpoint !== undefined && { endpoint: config.endpoint }),
+    forcePathStyle: resolveForcePathStyle(config),
+  });
+  return {
+    async write(key, data, mimeType): Promise<void> {
+      await client.send(
+        new PutObjectCommand({
+          Bucket: config.bucket,
+          Key: key,
+          Body: data,
+          ...(mimeType !== undefined && { ContentType: mimeType }),
+        }),
+      );
+    },
+    async read(key): Promise<Uint8Array> {
+      const response = await client.send(new GetObjectCommand({ Bucket: config.bucket, Key: key }));
+      if (!response.Body) {
+        throw new Error(`s3_read_empty_body: ${key}`);
+      }
+      // transformToByteArray is the stream-to-bytes helper the v3 SDK ships
+      // with — avoids us reinventing a ReadableStream reader. Returns a
+      // Uint8Array, which is what FileStorageProvider.read() promises.
+      return response.Body.transformToByteArray();
+    },
+    async delete(key): Promise<void> {
+      await client.send(new DeleteObjectCommand({ Bucket: config.bucket, Key: key }));
+    },
+    async exists(key): Promise<boolean> {
+      try {
+        await client.send(new HeadObjectCommand({ Bucket: config.bucket, Key: key }));
+        return true;
+      } catch (error) {
+        // S3 SDK throws either NotFound or a generic 404. Check both the
+        // `.name` property (newer SDKs) and the `$metadata.httpStatusCode`
+        // (what the SDK guarantees on every error).
+        const err = error as { name?: string; $metadata?: { httpStatusCode?: number } };
+        if (err.name === "NotFound" || err.$metadata?.httpStatusCode === 404) {
+          return false;
+        }
+        throw error;
+      }
+    },
+    async getSignedUrl(
+      key: string,
+      expiresInSeconds: number,
+      options?: SignedUrlOptions,
+    ): Promise<string> {
+      // ResponseContentDisposition is the S3 mechanism for overriding the
+      // Content-Disposition header on the presigned GET — the browser sees
+      // the original filename instead of the UUID storage key.
+      const command = new GetObjectCommand({
+        Bucket: config.bucket,
+        Key: key,
+        ...(options?.contentDisposition !== undefined && {
+          ResponseContentDisposition: options.contentDisposition,
+        }),
+      });
+      return presign(client, command, { expiresIn: expiresInSeconds });
+    },
+  };
+}