@fusebase/fusebase-gate-sdk 2.2.6-sdk.4 → 2.2.10-sdk.0

package/dist/apis/FilesApi.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Files API
+ *
+ * Generated from contract introspection
+ * Domain: files
+ */
+import type { Client } from "../runtime/transport";
+import type { CompleteMultipartFileUploadRequestContract, CompleteMultipartFileUploadResponseContract, DeleteFileRequestContract, DeleteFileResponseContract, GetFileDownloadUrlRequestContract, GetFileDownloadUrlResponseContract, MultipartUploadIdInPathRequired, orgIdInPathRequired, PrepareFileUploadRequestContract, PrepareFileUploadResponseContract, StartMultipartFileUploadResponseContract } from "../types";
+export declare class FilesApi {
+    private client;
+    constructor(client: Client);
+    /**
+     * Complete multipart file upload
+     * Commits the provided Azure block ids for a previously started multipart upload.
+     */
+    completeMultipartFileUpload(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+            uploadId: MultipartUploadIdInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: CompleteMultipartFileUploadRequestContract;
+    }): Promise<CompleteMultipartFileUploadResponseContract>;
+    /**
+     * Delete file
+     * Deletes an org-scoped Azure Blob by the previously returned fileId. Public assets must resend their stored visibility so Gate can resolve the correct container without a DB record.
+     */
+    deleteFile(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: DeleteFileRequestContract;
+    }): Promise<DeleteFileResponseContract>;
+    /**
+     * Get file read URL
+     * Creates either a short-lived Azure Blob read URL or a stable public URL for a previously uploaded org-scoped file, depending on the requested access mode. Gate never handles the file bytes.
+     */
+    getFileDownloadUrl(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: GetFileDownloadUrlRequestContract;
+    }): Promise<GetFileDownloadUrlResponseContract>;
+    /**
+     * Prepare direct file upload
+     * Creates a short-lived Azure Blob upload URL for the organization. Uploads default to private storage, but callers may request public visibility when the service is configured with a public container. Gate never handles the file bytes.
+     */
+    prepareFileUpload(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: PrepareFileUploadRequestContract;
+    }): Promise<PrepareFileUploadResponseContract>;
+    /**
+     * Start multipart file upload
+     * Creates a short-lived Azure Blob upload URL for block staging and returns a signed, short-lived uploadId for later completion. Multipart uploads also support optional public visibility when the service is configured for public assets.
+     */
+    startMultipartFileUpload(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: PrepareFileUploadRequestContract;
+    }): Promise<StartMultipartFileUploadResponseContract>;
+}

package/dist/apis/FilesApi.js

@@ -0,0 +1,90 @@
+"use strict";
+/**
+ * Files API
+ *
+ * Generated from contract introspection
+ * Domain: files
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FilesApi = void 0;
+class FilesApi {
+    constructor(client) {
+        this.client = client;
+    }
+    /**
+     * Complete multipart file upload
+     * Commits the provided Azure block ids for a previously started multipart upload.
+     */
+    async completeMultipartFileUpload(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/files/uploads/:uploadId/complete",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "completeMultipartFileUpload",
+            expectedContentType: "application/json",
+        });
+    }
+    /**
+     * Delete file
+     * Deletes an org-scoped Azure Blob by the previously returned fileId. Public assets must resend their stored visibility so Gate can resolve the correct container without a DB record.
+     */
+    async deleteFile(params) {
+        return this.client.request({
+            method: "DELETE",
+            path: "/:orgId/files",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "deleteFile",
+            expectedContentType: "application/json",
+        });
+    }
+    /**
+     * Get file read URL
+     * Creates either a short-lived Azure Blob read URL or a stable public URL for a previously uploaded org-scoped file, depending on the requested access mode. Gate never handles the file bytes.
+     */
+    async getFileDownloadUrl(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/files/download-url",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "getFileDownloadUrl",
+            expectedContentType: "application/json",
+        });
+    }
+    /**
+     * Prepare direct file upload
+     * Creates a short-lived Azure Blob upload URL for the organization. Uploads default to private storage, but callers may request public visibility when the service is configured with a public container. Gate never handles the file bytes.
+     */
+    async prepareFileUpload(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/files/prepare-upload",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "prepareFileUpload",
+            expectedContentType: "application/json",
+        });
+    }
+    /**
+     * Start multipart file upload
+     * Creates a short-lived Azure Blob upload URL for block staging and returns a signed, short-lived uploadId for later completion. Multipart uploads also support optional public visibility when the service is configured for public assets.
+     */
+    async startMultipartFileUpload(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/files/uploads/start",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "startMultipartFileUpload",
+            expectedContentType: "application/json",
+        });
+    }
+}
+exports.FilesApi = FilesApi;

package/dist/apis/IsolatedStoresApi.d.ts

@@ -5,7 +5,7 @@
  * Domain: isolated-stores
  */
 import type { Client } from "../runtime/transport";
-import type { AdoptIsolatedStoreSqlMigrationBaselineRequestContract, AdoptIsolatedStoreSqlMigrationBaselineResponseContract, ApplyIsolatedStoreSqlMigrationsRequestContract, ApplyIsolatedStoreSqlMigrationsResponseContract, CreateIsolatedStoreCheckpointRequestContract, CreateIsolatedStoreCheckpointResponseContract, CreateIsolatedStoreRequestContract, CreateIsolatedStoreResponseContract, DeleteIsolatedStoreResponseContract, DeleteIsolatedStoreStageResponseContract, GetIsolatedStoreSqlMigrationStatusRequestContract, InitIsolatedStoreStageRequestContract, InitIsolatedStoreStageResponseContract, IsolatedStoreIdInPathRequired, IsolatedStoreListResponseContract, IsolatedStoreResponseContract, IsolatedStoreRevisionIdInPathRequired, IsolatedStoreRevisionListResponseContract, IsolatedStoreSqlBatchInsertRequestContract, IsolatedStoreSqlBatchInsertResponseContract, IsolatedStoreSqlCountRequestContract, IsolatedStoreSqlCountResponseContract, IsolatedStoreSqlDeleteRequestContract, IsolatedStoreSqlDeleteResponseContract, IsolatedStoreSqlDescribeTableResponseContract, IsolatedStoreSqlExecuteRequestContract, IsolatedStoreSqlExecuteResponseContract, IsolatedStoreSqlImportRequestContract, IsolatedStoreSqlImportResponseContract, IsolatedStoreSqlInsertRequestContract, IsolatedStoreSqlInsertResponseContract, IsolatedStoreSqlListTablesResponseContract, IsolatedStoreSqlMigrationStatusContract, IsolatedStoreSqlQueryRequestContract, IsolatedStoreSqlQueryResponseContract, IsolatedStoreSqlSchemaNameInQueryOptional, IsolatedStoreSqlSelectRequestContract, IsolatedStoreSqlSelectResponseContract, IsolatedStoreSqlStatsResponseContract, IsolatedStoreSqlTableNameInPathRequired, IsolatedStoreSqlUpdateRequestContract, IsolatedStoreSqlUpdateResponseContract, IsolatedStoreStageInPathRequired, IsolatedStoreStageListResponseContract, ListIsolatedStoresClientIdInQueryOptional, orgIdInPathRequired, RestoreIsolatedStoreRevisionResponseContract } from "../types";
+import type { AdoptIsolatedStoreSqlMigrationBaselineRequestContract, AdoptIsolatedStoreSqlMigrationBaselineResponseContract, ApplyIsolatedStoreSqlMigrationsRequestContract, ApplyIsolatedStoreSqlMigrationsResponseContract, CreateIsolatedStoreCheckpointRequestContract, CreateIsolatedStoreCheckpointResponseContract, CreateIsolatedStoreRequestContract, CreateIsolatedStoreResponseContract, DeleteIsolatedStoreResponseContract, DeleteIsolatedStoreStageResponseContract, GetIsolatedStoreSqlMigrationStatusRequestContract, InitIsolatedStoreStageRequestContract, InitIsolatedStoreStageResponseContract, IsolatedStoreIdInPathRequired, IsolatedStoreListResponseContract, IsolatedStoreResponseContract, IsolatedStoreRevisionIdInPathRequired, IsolatedStoreRevisionListResponseContract, IsolatedStoreSqlBatchInsertRequestContract, IsolatedStoreSqlBatchInsertResponseContract, IsolatedStoreSqlCountRequestContract, IsolatedStoreSqlCountResponseContract, IsolatedStoreSqlDeleteRequestContract, IsolatedStoreSqlDeleteResponseContract, IsolatedStoreSqlDescribeTableResponseContract, IsolatedStoreSqlExecuteRequestContract, IsolatedStoreSqlExecuteResponseContract, IsolatedStoreSqlImportRequestContract, IsolatedStoreSqlImportResponseContract, IsolatedStoreSqlInsertRequestContract, IsolatedStoreSqlInsertResponseContract, IsolatedStoreSqlListTablesResponseContract, IsolatedStoreSqlMigrationStatusContract, IsolatedStoreSqlQueryRequestContract, IsolatedStoreSqlQueryResponseContract, IsolatedStoreSqlSchemaNameInQueryOptional, IsolatedStoreSqlSelectRequestContract, IsolatedStoreSqlSelectResponseContract, IsolatedStoreSqlStatsResponseContract, IsolatedStoreSqlTableNameInPathRequired, IsolatedStoreSqlUpdateRequestContract, IsolatedStoreSqlUpdateResponseContract, IsolatedStoreStageInPathRequired, IsolatedStoreStageListResponseContract, ListIsolatedStoresAliasLikeInQueryOptional, ListIsolatedStoresClientIdInQueryOptional, orgIdInPathRequired, RestoreIsolatedStoreRevisionResponseContract } from "../types";
 export declare class IsolatedStoresApi {
     private client;
     constructor(client: Client);
@@ -238,7 +238,7 @@ export declare class IsolatedStoresApi {
     }): Promise<IsolatedStoreRevisionListResponseContract>;
     /**
      * List isolated stores
-     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
+     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Optional query `aliasLike` supports either an exact alias or a glob pattern (`*`, `?`) against store alias. Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
      */
     listIsolatedStores(params: {
         path: {
@@ -246,6 +246,7 @@ export declare class IsolatedStoresApi {
         };
         query?: {
             clientId?: ListIsolatedStoresClientIdInQueryOptional;
+            aliasLike?: ListIsolatedStoresAliasLikeInQueryOptional;
         };
         headers?: Record<string, string>;
     }): Promise<IsolatedStoreListResponseContract>;

package/dist/apis/IsolatedStoresApi.js

@@ -278,7 +278,7 @@ class IsolatedStoresApi {
     }
     /**
      * List isolated stores
-     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
+     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Optional query `aliasLike` supports either an exact alias or a glob pattern (`*`, `?`) against store alias. Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
      */
     async listIsolatedStores(params) {
         return this.client.request({

package/dist/index.d.ts

@@ -8,6 +8,7 @@ export * from "./types";
 export { AccessApi } from "./apis/AccessApi";
 export { BillingApi } from "./apis/BillingApi";
 export { EmailsApi } from "./apis/EmailsApi";
+export { FilesApi } from "./apis/FilesApi";
 export { HealthApi } from "./apis/HealthApi";
 export { IsolatedStoresApi } from "./apis/IsolatedStoresApi";
 export { NotesApi } from "./apis/NotesApi";

package/dist/index.js

@@ -19,7 +19,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WorkspacesApi = exports.TokensApi = exports.SystemApi = exports.PortalsApi = exports.OrgUsersApi = exports.OrgGroupsApi = exports.NotesApi = exports.IsolatedStoresApi = exports.HealthApi = exports.EmailsApi = exports.BillingApi = exports.AccessApi = void 0;
+exports.WorkspacesApi = exports.TokensApi = exports.SystemApi = exports.PortalsApi = exports.OrgUsersApi = exports.OrgGroupsApi = exports.NotesApi = exports.IsolatedStoresApi = exports.HealthApi = exports.FilesApi = exports.EmailsApi = exports.BillingApi = exports.AccessApi = void 0;
 __exportStar(require("./runtime"), exports);
 __exportStar(require("./types"), exports);
 var AccessApi_1 = require("./apis/AccessApi");
@@ -28,6 +28,8 @@ var BillingApi_1 = require("./apis/BillingApi");
 Object.defineProperty(exports, "BillingApi", { enumerable: true, get: function () { return BillingApi_1.BillingApi; } });
 var EmailsApi_1 = require("./apis/EmailsApi");
 Object.defineProperty(exports, "EmailsApi", { enumerable: true, get: function () { return EmailsApi_1.EmailsApi; } });
+var FilesApi_1 = require("./apis/FilesApi");
+Object.defineProperty(exports, "FilesApi", { enumerable: true, get: function () { return FilesApi_1.FilesApi; } });
 var HealthApi_1 = require("./apis/HealthApi");
 Object.defineProperty(exports, "HealthApi", { enumerable: true, get: function () { return HealthApi_1.HealthApi; } });
 var IsolatedStoresApi_1 = require("./apis/IsolatedStoresApi");

package/dist/types/file/file.d.ts

@@ -0,0 +1,125 @@
+export type FileIdInPathRequired = string;
+export type MultipartUploadIdInPathRequired = string;
+export type FileUploadMethodContract = "PUT";
+export type FileDownloadMethodContract = "GET";
+export type FileVisibilityContract = "private" | "public";
+export type FileReadAccessContract = "temporary" | "public";
+export type FileReadDispositionContract = "inline" | "attachment";
+export interface PrepareFileUploadRequestContract {
+    filename: string;
+    contentType?: string | null;
+    folder?: string | null;
+    visibility?: FileVisibilityContract | null;
+}
+export interface DeleteFileRequestContract {
+    fileId: string;
+    visibility?: FileVisibilityContract | null;
+}
+export interface GetFileDownloadUrlRequestContract {
+    fileId: string;
+    visibility?: FileVisibilityContract | null;
+    access?: FileReadAccessContract | null;
+    disposition?: FileReadDispositionContract | null;
+}
+export interface FileUploadHeadersContract {
+    "x-ms-blob-type": "BlockBlob";
+    "Content-Type": string;
+}
+export interface PrepareFileUploadResponseContract {
+    /**
+     * Opaque file identifier to persist for later read and deletion calls.
+     */
+    fileId: string;
+    visibility: FileVisibilityContract;
+    /**
+     * Stable public URL when `visibility` is `public`; otherwise `null`.
+     * @format uri
+     */
+    publicUrl: string | null;
+    /**
+     * @format uri
+     */
+    uploadUrl: string;
+    method: FileUploadMethodContract;
+    headers: FileUploadHeadersContract;
+    /**
+     * @format date-time
+     */
+    expiresAt: string;
+}
+export interface DeleteFileResponseContract {
+    fileId: string;
+    visibility: FileVisibilityContract;
+    deleted: boolean;
+}
+export interface GetFileDownloadUrlResponseContract {
+    fileId: string;
+    visibility: FileVisibilityContract;
+    access: FileReadAccessContract;
+    /**
+     * @format uri
+     */
+    downloadUrl: string;
+    method: FileDownloadMethodContract;
+    /**
+     * @format date-time
+     */
+    expiresAt: string | null;
+}
+export interface StartMultipartFileUploadResponseContract {
+    /**
+     * Signed short-lived multipart token. Treat as opaque and send it back unchanged.
+     */
+    uploadId: string;
+    fileId: string;
+    visibility: FileVisibilityContract;
+    /**
+     * Stable public URL when `visibility` is `public`; otherwise `null`.
+     * @format uri
+     */
+    publicUrl: string | null;
+    /**
+     * @format uri
+     */
+    uploadUrl: string;
+    method: FileUploadMethodContract;
+    /**
+     * @format date-time
+     */
+    expiresAt: string;
+}
+export interface CompleteMultipartFileUploadRequestContract {
+    /**
+     * Base64-encoded block ids in the exact order they should be committed.
+     */
+    blockIds: string[];
+}
+export interface CompleteMultipartFileUploadResponseContract {
+    fileId: string;
+    visibility: FileVisibilityContract;
+    /**
+     * Stable public URL when `visibility` is `public`; otherwise `null`.
+     * @format uri
+     */
+    publicUrl: string | null;
+    committed: boolean;
+    blockCount: number;
+}
+export declare const FileUploadMethodContract: {
+    readonly Put: "PUT";
+};
+export declare const FileDownloadMethodContract: {
+    readonly Get: "GET";
+};
+export declare const FileVisibilityContract: {
+    readonly Private: "private";
+    readonly Public: "public";
+};
+export declare const FileReadAccessContract: {
+    readonly Temporary: "temporary";
+    readonly Public: "public";
+};
+export declare const FileReadDispositionContract: {
+    readonly Inline: "inline";
+    readonly Attachment: "attachment";
+};

package/dist/types/file/file.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FileReadDispositionContract = exports.FileReadAccessContract = exports.FileVisibilityContract = exports.FileDownloadMethodContract = exports.FileUploadMethodContract = void 0;
+exports.FileUploadMethodContract = {
+    Put: "PUT"
+};
+exports.FileDownloadMethodContract = {
+    Get: "GET"
+};
+exports.FileVisibilityContract = {
+    Private: "private",
+    Public: "public"
+};
+exports.FileReadAccessContract = {
+    Temporary: "temporary",
+    Public: "public"
+};
+exports.FileReadDispositionContract = {
+    Inline: "inline",
+    Attachment: "attachment"
+};

package/dist/types/index.d.ts

@@ -7,6 +7,7 @@
 export type { AuthenticatedUserSummaryContract, MyOrgAccessResponseContract } from "./access/access";
 export * from "./billing/billing";
 export type { OrgEmailSendRequestContract, OrgEmailSendResponseContract } from "./email/email";
+export * from "./file/file";
 export * from "./isolated-store/isolated-store";
 export type { MeAuthContract, MeOrgGroupContract, MeResponseContract, MeScopeContract, MeUserContract } from "./me/me";
 export * from "./note/note";

package/dist/types/index.js

@@ -21,6 +21,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./billing/billing"), exports);
+__exportStar(require("./file/file"), exports);
 __exportStar(require("./isolated-store/isolated-store"), exports);
 __exportStar(require("./note/note"), exports);
 __exportStar(require("./org-group/org-group"), exports);

package/dist/types/isolated-store/isolated-store.d.ts

@@ -365,6 +365,8 @@ export interface IsolatedStoreListResponseContract {
 }
 /** Optional `clientId` query for `listIsolatedStores`; matches `app` source scope `sourceId`. */
 export type ListIsolatedStoresClientIdInQueryOptional = string | null;
+/** Optional `aliasLike` query for `listIsolatedStores`; exact alias or glob (`*`, `?`). */
+export type ListIsolatedStoresAliasLikeInQueryOptional = string | null;
 export interface IsolatedStoreResponseContract {
     store: IsolatedStoreContract;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fusebase/fusebase-gate-sdk",
-  "version": "2.2.6-sdk.4",
+  "version": "2.2.10-sdk.0",
   "description": "TypeScript SDK for Fusebase Gate APIs - Generated from contract introspection",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/release-notes/2.2.10-sdk.0.md

@@ -0,0 +1,71 @@
+# Release Notes 2.2.10-sdk.0
+
+- Current ref: `HEAD`
+- Previous tag: `v2.2.10-sdk.0`
+- Generated at: 2026-04-22T07:58:13.022Z
+
+## Included Drafts
+
+- `docs/release-notes/2026-04-20-azure-file-upload-api.md` - 2026-04-20-azure-file-upload-api
+
+## Summary
+
+### 2026-04-20-azure-file-upload-api
+
+Added org-scoped file upload, read-url, and deletion endpoints for Azure Blob Storage direct transfers, then hardened the multipart token flow, moved container creation out of per-request runtime handling, and introduced public-vs-private file visibility with stable public asset URLs.
+
+
+## API / SDK Changes
+
+### 2026-04-20-azure-file-upload-api
+
+- Added `POST /:orgId/files/prepare-upload` to generate a short-lived SAS upload URL, blob `fileId`, required upload headers, expiration time, `visibility`, and an optional stable `publicUrl`.
+- Added `POST /:orgId/files/uploads/start` to start an explicit Azure block-blob multipart upload and return an opaque `uploadId`.
+- Added `POST /:orgId/files/uploads/:uploadId/complete` to commit the staged Azure block ids for a multipart upload and return the final file `visibility` plus optional `publicUrl`.
+- Added `POST /:orgId/files/download-url` to generate either a short-lived read-only SAS URL or a stable public URL for a previously uploaded org-scoped blob.
+- Added `DELETE /:orgId/files` to delete a previously prepared org-scoped blob by `fileId` in the request body, with optional `visibility` for public assets.
+- Added the generated `FilesApi` SDK surface for these operations.
+- Hardened multipart `uploadId` values so they are signed and expiring instead of plain base64 payloads.
+- Removed container creation from the request path; upload preparation now performs only blob-level work.
+- Added optional startup-time container initialization through `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Added optional public file storage configuration through `AZURE_STORAGE_PUBLIC_CONTAINER` and `AZURE_STORAGE_PUBLIC_BASE_URL`.
+- Added Gate MCP guidance for file-upload flows and new `files.write` and `files.read` permissions.
+- Added Gate-side validation limits for file upload inputs and composed Azure blob paths so oversized names fail fast with clear `400` responses.
+
+
+## Consumer Impact
+
+### 2026-04-20-azure-file-upload-api
+
+- Clients should upload file bytes directly to Azure Blob Storage using the returned `uploadUrl`, `method`, and `headers`; Gate does not proxy file bytes.
+- Clients should download file bytes directly from Azure Blob Storage or the configured public asset origin using the returned `downloadUrl`; Gate does not proxy file bytes for reads either.
+- Multipart clients should stage blocks directly against the returned `uploadUrl`, keep the base64 block ids they used, and send those ids to `completeMultipartFileUpload`.
+- Treat multipart `uploadId` values as opaque short-lived server tokens. Clients must not decode, modify, or synthesize them.
+- Persist the returned `fileId` exactly as-is if the app needs to read or delete the blob later.
+- Persist the returned `visibility` as well when there is no separate file record yet; public reads and deletes rely on that value to resolve the correct storage container.
+- Use `visibility: "public"` on upload-start requests when the app needs a stable asset URL for long-lived embeds such as blog images or `<img src>` values.
+- Use `getFileDownloadUrl` with `access: "temporary"` for protected or expiring reads, and `access: "public"` for stable public URLs. `disposition: "attachment"` is only supported for temporary reads.
+- Upload preparation now rejects `filename` values longer than 255 characters, `folder` values longer than 512 characters, `contentType` values longer than 255 characters, and `fileId` values longer than Azure's 1,024-character blob-name limit.
+- Gate also rejects composed blob paths that exceed Azure naming limits or contain too many path segments for safe Azure Blob usage.
+- Runtime configuration now expects `AZURE_STORAGE_ACCOUNT_NAME` and can optionally use `AZURE_STORAGE_CONTAINER`, `AZURE_STORAGE_PUBLIC_CONTAINER`, `AZURE_STORAGE_PUBLIC_BASE_URL`, `AZURE_STORAGE_ACCOUNT_KEY`, `AZURE_STORAGE_UPLOAD_URL_TTL_SECONDS`, `AZURE_STORAGE_UPLOAD_ID_SECRET`, and `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Preferred deployment model is a pre-created container from infrastructure. Startup-time container creation is opt-in for environments that intentionally grant container-management permissions.
+- Stable public URLs only work when the configured public container or CDN-backed base URL is actually publicly reachable; Gate does not probe public reachability per request.
+
+
+## Verification
+
+### 2026-04-20-azure-file-upload-api
+
+- `npm run build:sdk`
+- `npm run mcp:skills:generate`
+- `npm run mcp:skills:validate`
+- `npm test`
+- `npm run lint`
+
+
+## Follow-ups
+
+### 2026-04-20-azure-file-upload-api
+
+- Wire the new Azure storage env vars into the active Fusebase Gate Helm chart values and secrets once the deployment chart path and environment-specific account values are confirmed.
+- If the production environment supports Microsoft Entra or managed identity, prefer user delegation SAS over account-key SAS.

package/release-notes/latest.md

@@ -1,9 +1,71 @@
-# Release Notes 2.2.6-sdk.4
+# Release Notes 2.2.10-sdk.0
 
 - Current ref: `HEAD`
-- Previous tag: `v2.2.6-sdk.4`
-- Generated at: 2026-04-17T08:03:27.015Z
+- Previous tag: `v2.2.10-sdk.0`
+- Generated at: 2026-04-22T07:58:13.022Z
 
 ## Included Drafts
 
-- None
+- `docs/release-notes/2026-04-20-azure-file-upload-api.md` - 2026-04-20-azure-file-upload-api
+
+## Summary
+
+### 2026-04-20-azure-file-upload-api
+
+Added org-scoped file upload, read-url, and deletion endpoints for Azure Blob Storage direct transfers, then hardened the multipart token flow, moved container creation out of per-request runtime handling, and introduced public-vs-private file visibility with stable public asset URLs.
+
+
+## API / SDK Changes
+
+### 2026-04-20-azure-file-upload-api
+
+- Added `POST /:orgId/files/prepare-upload` to generate a short-lived SAS upload URL, blob `fileId`, required upload headers, expiration time, `visibility`, and an optional stable `publicUrl`.
+- Added `POST /:orgId/files/uploads/start` to start an explicit Azure block-blob multipart upload and return an opaque `uploadId`.
+- Added `POST /:orgId/files/uploads/:uploadId/complete` to commit the staged Azure block ids for a multipart upload and return the final file `visibility` plus optional `publicUrl`.
+- Added `POST /:orgId/files/download-url` to generate either a short-lived read-only SAS URL or a stable public URL for a previously uploaded org-scoped blob.
+- Added `DELETE /:orgId/files` to delete a previously prepared org-scoped blob by `fileId` in the request body, with optional `visibility` for public assets.
+- Added the generated `FilesApi` SDK surface for these operations.
+- Hardened multipart `uploadId` values so they are signed and expiring instead of plain base64 payloads.
+- Removed container creation from the request path; upload preparation now performs only blob-level work.
+- Added optional startup-time container initialization through `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Added optional public file storage configuration through `AZURE_STORAGE_PUBLIC_CONTAINER` and `AZURE_STORAGE_PUBLIC_BASE_URL`.
+- Added Gate MCP guidance for file-upload flows and new `files.write` and `files.read` permissions.
+- Added Gate-side validation limits for file upload inputs and composed Azure blob paths so oversized names fail fast with clear `400` responses.
+
+
+## Consumer Impact
+
+### 2026-04-20-azure-file-upload-api
+
+- Clients should upload file bytes directly to Azure Blob Storage using the returned `uploadUrl`, `method`, and `headers`; Gate does not proxy file bytes.
+- Clients should download file bytes directly from Azure Blob Storage or the configured public asset origin using the returned `downloadUrl`; Gate does not proxy file bytes for reads either.
+- Multipart clients should stage blocks directly against the returned `uploadUrl`, keep the base64 block ids they used, and send those ids to `completeMultipartFileUpload`.
+- Treat multipart `uploadId` values as opaque short-lived server tokens. Clients must not decode, modify, or synthesize them.
+- Persist the returned `fileId` exactly as-is if the app needs to read or delete the blob later.
+- Persist the returned `visibility` as well when there is no separate file record yet; public reads and deletes rely on that value to resolve the correct storage container.
+- Use `visibility: "public"` on upload-start requests when the app needs a stable asset URL for long-lived embeds such as blog images or `<img src>` values.
+- Use `getFileDownloadUrl` with `access: "temporary"` for protected or expiring reads, and `access: "public"` for stable public URLs. `disposition: "attachment"` is only supported for temporary reads.
+- Upload preparation now rejects `filename` values longer than 255 characters, `folder` values longer than 512 characters, `contentType` values longer than 255 characters, and `fileId` values longer than Azure's 1,024-character blob-name limit.
+- Gate also rejects composed blob paths that exceed Azure naming limits or contain too many path segments for safe Azure Blob usage.
+- Runtime configuration now expects `AZURE_STORAGE_ACCOUNT_NAME` and can optionally use `AZURE_STORAGE_CONTAINER`, `AZURE_STORAGE_PUBLIC_CONTAINER`, `AZURE_STORAGE_PUBLIC_BASE_URL`, `AZURE_STORAGE_ACCOUNT_KEY`, `AZURE_STORAGE_UPLOAD_URL_TTL_SECONDS`, `AZURE_STORAGE_UPLOAD_ID_SECRET`, and `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Preferred deployment model is a pre-created container from infrastructure. Startup-time container creation is opt-in for environments that intentionally grant container-management permissions.
+- Stable public URLs only work when the configured public container or CDN-backed base URL is actually publicly reachable; Gate does not probe public reachability per request.
+
+
+## Verification
+
+### 2026-04-20-azure-file-upload-api
+
+- `npm run build:sdk`
+- `npm run mcp:skills:generate`
+- `npm run mcp:skills:validate`
+- `npm test`
+- `npm run lint`
+
+
+## Follow-ups
+
+### 2026-04-20-azure-file-upload-api
+
+- Wire the new Azure storage env vars into the active Fusebase Gate Helm chart values and secrets once the deployment chart path and environment-specific account values are confirmed.
+- If the production environment supports Microsoft Entra or managed identity, prefer user delegation SAS over account-key SAS.

package/release-notes/2.2.6-sdk.4.md

@@ -1,9 +0,0 @@
-# Release Notes 2.2.6-sdk.4
-
-- Current ref: `HEAD`
-- Previous tag: `v2.2.6-sdk.4`
-- Generated at: 2026-04-17T08:03:27.015Z
-
-## Included Drafts
-
-- None