@fusebase/fusebase-gate-sdk 2.2.9 → 2.2.10-sdk.0

package/dist/apis/FilesApi.d.ts

@@ -23,7 +23,7 @@ export declare class FilesApi {
     }): Promise<CompleteMultipartFileUploadResponseContract>;
     /**
      * Delete file
-     * Deletes an org-scoped Azure Blob by the previously returned fileId.
+     * Deletes an org-scoped Azure Blob by the previously returned fileId. Public assets must resend their stored visibility so Gate can resolve the correct container without a DB record.
      */
     deleteFile(params: {
         path: {
@@ -33,8 +33,8 @@ export declare class FilesApi {
         body: DeleteFileRequestContract;
     }): Promise<DeleteFileResponseContract>;
     /**
-     * Get file download URL
-     * Creates a short-lived Azure Blob download URL for a previously uploaded org-scoped file. Gate never handles the file bytes.
+     * Get file read URL
+     * Creates either a short-lived Azure Blob read URL or a stable public URL for a previously uploaded org-scoped file, depending on the requested access mode. Gate never handles the file bytes.
      */
     getFileDownloadUrl(params: {
         path: {
@@ -45,7 +45,7 @@ export declare class FilesApi {
     }): Promise<GetFileDownloadUrlResponseContract>;
     /**
      * Prepare direct file upload
-     * Creates a short-lived Azure Blob upload URL for the organization. Gate never handles the file bytes.
+     * Creates a short-lived Azure Blob upload URL for the organization. Uploads default to private storage, but callers may request public visibility when the service is configured with a public container. Gate never handles the file bytes.
      */
     prepareFileUpload(params: {
         path: {
@@ -56,7 +56,7 @@ export declare class FilesApi {
     }): Promise<PrepareFileUploadResponseContract>;
     /**
      * Start multipart file upload
-     * Creates a short-lived Azure Blob upload URL for block staging and returns a signed, short-lived uploadId for later completion.
+     * Creates a short-lived Azure Blob upload URL for block staging and returns a signed, short-lived uploadId for later completion. Multipart uploads also support optional public visibility when the service is configured for public assets.
      */
     startMultipartFileUpload(params: {
         path: {

package/dist/apis/FilesApi.js

@@ -28,7 +28,7 @@ class FilesApi {
     }
     /**
      * Delete file
-     * Deletes an org-scoped Azure Blob by the previously returned fileId.
+     * Deletes an org-scoped Azure Blob by the previously returned fileId. Public assets must resend their stored visibility so Gate can resolve the correct container without a DB record.
      */
     async deleteFile(params) {
         return this.client.request({
@@ -42,8 +42,8 @@ class FilesApi {
         });
     }
     /**
-     * Get file download URL
-     * Creates a short-lived Azure Blob download URL for a previously uploaded org-scoped file. Gate never handles the file bytes.
+     * Get file read URL
+     * Creates either a short-lived Azure Blob read URL or a stable public URL for a previously uploaded org-scoped file, depending on the requested access mode. Gate never handles the file bytes.
      */
     async getFileDownloadUrl(params) {
         return this.client.request({
@@ -58,7 +58,7 @@ class FilesApi {
     }
     /**
      * Prepare direct file upload
-     * Creates a short-lived Azure Blob upload URL for the organization. Gate never handles the file bytes.
+     * Creates a short-lived Azure Blob upload URL for the organization. Uploads default to private storage, but callers may request public visibility when the service is configured with a public container. Gate never handles the file bytes.
      */
     async prepareFileUpload(params) {
         return this.client.request({
@@ -73,7 +73,7 @@ class FilesApi {
     }
     /**
      * Start multipart file upload
-     * Creates a short-lived Azure Blob upload URL for block staging and returns a signed, short-lived uploadId for later completion.
+     * Creates a short-lived Azure Blob upload URL for block staging and returns a signed, short-lived uploadId for later completion. Multipart uploads also support optional public visibility when the service is configured for public assets.
      */
     async startMultipartFileUpload(params) {
         return this.client.request({

package/dist/apis/IsolatedStoresApi.d.ts

@@ -5,7 +5,7 @@
  * Domain: isolated-stores
  */
 import type { Client } from "../runtime/transport";
-import type { AdoptIsolatedStoreSqlMigrationBaselineRequestContract, AdoptIsolatedStoreSqlMigrationBaselineResponseContract, ApplyIsolatedStoreSqlMigrationsRequestContract, ApplyIsolatedStoreSqlMigrationsResponseContract, CreateIsolatedStoreCheckpointRequestContract, CreateIsolatedStoreCheckpointResponseContract, CreateIsolatedStoreRequestContract, CreateIsolatedStoreResponseContract, DeleteIsolatedStoreResponseContract, DeleteIsolatedStoreStageResponseContract, GetIsolatedStoreSqlMigrationStatusRequestContract, InitIsolatedStoreStageRequestContract, InitIsolatedStoreStageResponseContract, IsolatedStoreIdInPathRequired, IsolatedStoreListResponseContract, IsolatedStoreResponseContract, IsolatedStoreRevisionIdInPathRequired, IsolatedStoreRevisionListResponseContract, IsolatedStoreSqlBatchInsertRequestContract, IsolatedStoreSqlBatchInsertResponseContract, IsolatedStoreSqlCountRequestContract, IsolatedStoreSqlCountResponseContract, IsolatedStoreSqlDeleteRequestContract, IsolatedStoreSqlDeleteResponseContract, IsolatedStoreSqlDescribeTableResponseContract, IsolatedStoreSqlExecuteRequestContract, IsolatedStoreSqlExecuteResponseContract, IsolatedStoreSqlImportRequestContract, IsolatedStoreSqlImportResponseContract, IsolatedStoreSqlInsertRequestContract, IsolatedStoreSqlInsertResponseContract, IsolatedStoreSqlListTablesResponseContract, IsolatedStoreSqlMigrationStatusContract, IsolatedStoreSqlQueryRequestContract, IsolatedStoreSqlQueryResponseContract, IsolatedStoreSqlSchemaNameInQueryOptional, IsolatedStoreSqlSelectRequestContract, IsolatedStoreSqlSelectResponseContract, IsolatedStoreSqlStatsResponseContract, IsolatedStoreSqlTableNameInPathRequired, IsolatedStoreSqlUpdateRequestContract, IsolatedStoreSqlUpdateResponseContract, IsolatedStoreStageInPathRequired, IsolatedStoreStageListResponseContract, ListIsolatedStoresClientIdInQueryOptional, orgIdInPathRequired, RestoreIsolatedStoreRevisionResponseContract } from "../types";
+import type { AdoptIsolatedStoreSqlMigrationBaselineRequestContract, AdoptIsolatedStoreSqlMigrationBaselineResponseContract, ApplyIsolatedStoreSqlMigrationsRequestContract, ApplyIsolatedStoreSqlMigrationsResponseContract, CreateIsolatedStoreCheckpointRequestContract, CreateIsolatedStoreCheckpointResponseContract, CreateIsolatedStoreRequestContract, CreateIsolatedStoreResponseContract, DeleteIsolatedStoreResponseContract, DeleteIsolatedStoreStageResponseContract, GetIsolatedStoreSqlMigrationStatusRequestContract, InitIsolatedStoreStageRequestContract, InitIsolatedStoreStageResponseContract, IsolatedStoreIdInPathRequired, IsolatedStoreListResponseContract, IsolatedStoreResponseContract, IsolatedStoreRevisionIdInPathRequired, IsolatedStoreRevisionListResponseContract, IsolatedStoreSqlBatchInsertRequestContract, IsolatedStoreSqlBatchInsertResponseContract, IsolatedStoreSqlCountRequestContract, IsolatedStoreSqlCountResponseContract, IsolatedStoreSqlDeleteRequestContract, IsolatedStoreSqlDeleteResponseContract, IsolatedStoreSqlDescribeTableResponseContract, IsolatedStoreSqlExecuteRequestContract, IsolatedStoreSqlExecuteResponseContract, IsolatedStoreSqlImportRequestContract, IsolatedStoreSqlImportResponseContract, IsolatedStoreSqlInsertRequestContract, IsolatedStoreSqlInsertResponseContract, IsolatedStoreSqlListTablesResponseContract, IsolatedStoreSqlMigrationStatusContract, IsolatedStoreSqlQueryRequestContract, IsolatedStoreSqlQueryResponseContract, IsolatedStoreSqlSchemaNameInQueryOptional, IsolatedStoreSqlSelectRequestContract, IsolatedStoreSqlSelectResponseContract, IsolatedStoreSqlStatsResponseContract, IsolatedStoreSqlTableNameInPathRequired, IsolatedStoreSqlUpdateRequestContract, IsolatedStoreSqlUpdateResponseContract, IsolatedStoreStageInPathRequired, IsolatedStoreStageListResponseContract, ListIsolatedStoresAliasLikeInQueryOptional, ListIsolatedStoresClientIdInQueryOptional, orgIdInPathRequired, RestoreIsolatedStoreRevisionResponseContract } from "../types";
 export declare class IsolatedStoresApi {
     private client;
     constructor(client: Client);
@@ -238,7 +238,7 @@ export declare class IsolatedStoresApi {
     }): Promise<IsolatedStoreRevisionListResponseContract>;
     /**
      * List isolated stores
-     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
+     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Optional query `aliasLike` supports either an exact alias or a glob pattern (`*`, `?`) against store alias. Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
      */
     listIsolatedStores(params: {
         path: {
@@ -246,6 +246,7 @@ export declare class IsolatedStoresApi {
         };
         query?: {
             clientId?: ListIsolatedStoresClientIdInQueryOptional;
+            aliasLike?: ListIsolatedStoresAliasLikeInQueryOptional;
         };
         headers?: Record<string, string>;
     }): Promise<IsolatedStoreListResponseContract>;

package/dist/apis/IsolatedStoresApi.js

@@ -278,7 +278,7 @@ class IsolatedStoresApi {
     }
     /**
      * List isolated stores
-     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
+     * Returns the isolated store registry for the organization. Optional query `clientId` limits results to stores whose `app` source scope `sourceId` matches (same identifier as the token `client` scope for app-owned stores). Optional query `aliasLike` supports either an exact alias or a glob pattern (`*`, `?`) against store alias. Omit or leave empty to list all org stores. This is a control-plane endpoint behind FEATURE_FLAGS=isolated_stores.
      */
     async listIsolatedStores(params) {
         return this.client.request({

package/dist/types/file/file.d.ts

@@ -2,16 +2,24 @@ export type FileIdInPathRequired = string;
 export type MultipartUploadIdInPathRequired = string;
 export type FileUploadMethodContract = "PUT";
 export type FileDownloadMethodContract = "GET";
+export type FileVisibilityContract = "private" | "public";
+export type FileReadAccessContract = "temporary" | "public";
+export type FileReadDispositionContract = "inline" | "attachment";
 export interface PrepareFileUploadRequestContract {
     filename: string;
     contentType?: string | null;
     folder?: string | null;
+    visibility?: FileVisibilityContract | null;
 }
 export interface DeleteFileRequestContract {
     fileId: string;
+    visibility?: FileVisibilityContract | null;
 }
 export interface GetFileDownloadUrlRequestContract {
     fileId: string;
+    visibility?: FileVisibilityContract | null;
+    access?: FileReadAccessContract | null;
+    disposition?: FileReadDispositionContract | null;
 }
 export interface FileUploadHeadersContract {
     "x-ms-blob-type": "BlockBlob";
@@ -19,9 +27,15 @@ export interface FileUploadHeadersContract {
 }
 export interface PrepareFileUploadResponseContract {
     /**
-     * Blob path in Azure Storage. Use this exact value as `fileId` for deletion.
+     * Opaque file identifier to persist for later read and deletion calls.
      */
     fileId: string;
+    visibility: FileVisibilityContract;
+    /**
+     * Stable public URL when `visibility` is `public`; otherwise `null`.
+     * @format uri
+     */
+    publicUrl: string | null;
     /**
      * @format uri
      */
@@ -35,10 +49,13 @@ export interface PrepareFileUploadResponseContract {
 }
 export interface DeleteFileResponseContract {
     fileId: string;
+    visibility: FileVisibilityContract;
     deleted: boolean;
 }
 export interface GetFileDownloadUrlResponseContract {
     fileId: string;
+    visibility: FileVisibilityContract;
+    access: FileReadAccessContract;
     /**
      * @format uri
      */
@@ -47,7 +64,7 @@ export interface GetFileDownloadUrlResponseContract {
     /**
      * @format date-time
      */
-    expiresAt: string;
+    expiresAt: string | null;
 }
 export interface StartMultipartFileUploadResponseContract {
     /**
@@ -55,6 +72,12 @@ export interface StartMultipartFileUploadResponseContract {
      */
     uploadId: string;
     fileId: string;
+    visibility: FileVisibilityContract;
+    /**
+     * Stable public URL when `visibility` is `public`; otherwise `null`.
+     * @format uri
+     */
+    publicUrl: string | null;
     /**
      * @format uri
      */
@@ -73,6 +96,12 @@ export interface CompleteMultipartFileUploadRequestContract {
 }
 export interface CompleteMultipartFileUploadResponseContract {
     fileId: string;
+    visibility: FileVisibilityContract;
+    /**
+     * Stable public URL when `visibility` is `public`; otherwise `null`.
+     * @format uri
+     */
+    publicUrl: string | null;
     committed: boolean;
     blockCount: number;
 }
@@ -82,3 +111,15 @@ export declare const FileUploadMethodContract: {
 export declare const FileDownloadMethodContract: {
     readonly Get: "GET";
 };
+export declare const FileVisibilityContract: {
+    readonly Private: "private";
+    readonly Public: "public";
+};
+export declare const FileReadAccessContract: {
+    readonly Temporary: "temporary";
+    readonly Public: "public";
+};
+export declare const FileReadDispositionContract: {
+    readonly Inline: "inline";
+    readonly Attachment: "attachment";
+};

package/dist/types/file/file.js

@@ -1,9 +1,21 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FileDownloadMethodContract = exports.FileUploadMethodContract = void 0;
+exports.FileReadDispositionContract = exports.FileReadAccessContract = exports.FileVisibilityContract = exports.FileDownloadMethodContract = exports.FileUploadMethodContract = void 0;
 exports.FileUploadMethodContract = {
     Put: "PUT"
 };
 exports.FileDownloadMethodContract = {
     Get: "GET"
 };
+exports.FileVisibilityContract = {
+    Private: "private",
+    Public: "public"
+};
+exports.FileReadAccessContract = {
+    Temporary: "temporary",
+    Public: "public"
+};
+exports.FileReadDispositionContract = {
+    Inline: "inline",
+    Attachment: "attachment"
+};

package/dist/types/isolated-store/isolated-store.d.ts

@@ -365,6 +365,8 @@ export interface IsolatedStoreListResponseContract {
 }
 /** Optional `clientId` query for `listIsolatedStores`; matches `app` source scope `sourceId`. */
 export type ListIsolatedStoresClientIdInQueryOptional = string | null;
+/** Optional `aliasLike` query for `listIsolatedStores`; exact alias or glob (`*`, `?`). */
+export type ListIsolatedStoresAliasLikeInQueryOptional = string | null;
 export interface IsolatedStoreResponseContract {
     store: IsolatedStoreContract;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fusebase/fusebase-gate-sdk",
-  "version": "2.2.9",
+  "version": "2.2.10-sdk.0",
   "description": "TypeScript SDK for Fusebase Gate APIs - Generated from contract introspection",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/release-notes/2.2.10-sdk.0.md

@@ -0,0 +1,71 @@
+# Release Notes 2.2.10-sdk.0
+
+- Current ref: `HEAD`
+- Previous tag: `v2.2.10-sdk.0`
+- Generated at: 2026-04-22T07:58:13.022Z
+
+## Included Drafts
+
+- `docs/release-notes/2026-04-20-azure-file-upload-api.md` - 2026-04-20-azure-file-upload-api
+
+## Summary
+
+### 2026-04-20-azure-file-upload-api
+
+Added org-scoped file upload, read-url, and deletion endpoints for Azure Blob Storage direct transfers, then hardened the multipart token flow, moved container creation out of per-request runtime handling, and introduced public-vs-private file visibility with stable public asset URLs.
+
+
+## API / SDK Changes
+
+### 2026-04-20-azure-file-upload-api
+
+- Added `POST /:orgId/files/prepare-upload` to generate a short-lived SAS upload URL, blob `fileId`, required upload headers, expiration time, `visibility`, and an optional stable `publicUrl`.
+- Added `POST /:orgId/files/uploads/start` to start an explicit Azure block-blob multipart upload and return an opaque `uploadId`.
+- Added `POST /:orgId/files/uploads/:uploadId/complete` to commit the staged Azure block ids for a multipart upload and return the final file `visibility` plus optional `publicUrl`.
+- Added `POST /:orgId/files/download-url` to generate either a short-lived read-only SAS URL or a stable public URL for a previously uploaded org-scoped blob.
+- Added `DELETE /:orgId/files` to delete a previously prepared org-scoped blob by `fileId` in the request body, with optional `visibility` for public assets.
+- Added the generated `FilesApi` SDK surface for these operations.
+- Hardened multipart `uploadId` values so they are signed and expiring instead of plain base64 payloads.
+- Removed container creation from the request path; upload preparation now performs only blob-level work.
+- Added optional startup-time container initialization through `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Added optional public file storage configuration through `AZURE_STORAGE_PUBLIC_CONTAINER` and `AZURE_STORAGE_PUBLIC_BASE_URL`.
+- Added Gate MCP guidance for file-upload flows and new `files.write` and `files.read` permissions.
+- Added Gate-side validation limits for file upload inputs and composed Azure blob paths so oversized names fail fast with clear `400` responses.
+
+
+## Consumer Impact
+
+### 2026-04-20-azure-file-upload-api
+
+- Clients should upload file bytes directly to Azure Blob Storage using the returned `uploadUrl`, `method`, and `headers`; Gate does not proxy file bytes.
+- Clients should download file bytes directly from Azure Blob Storage or the configured public asset origin using the returned `downloadUrl`; Gate does not proxy file bytes for reads either.
+- Multipart clients should stage blocks directly against the returned `uploadUrl`, keep the base64 block ids they used, and send those ids to `completeMultipartFileUpload`.
+- Treat multipart `uploadId` values as opaque short-lived server tokens. Clients must not decode, modify, or synthesize them.
+- Persist the returned `fileId` exactly as-is if the app needs to read or delete the blob later.
+- Persist the returned `visibility` as well when there is no separate file record yet; public reads and deletes rely on that value to resolve the correct storage container.
+- Use `visibility: "public"` on upload-start requests when the app needs a stable asset URL for long-lived embeds such as blog images or `<img src>` values.
+- Use `getFileDownloadUrl` with `access: "temporary"` for protected or expiring reads, and `access: "public"` for stable public URLs. `disposition: "attachment"` is only supported for temporary reads.
+- Upload preparation now rejects `filename` values longer than 255 characters, `folder` values longer than 512 characters, `contentType` values longer than 255 characters, and `fileId` values longer than Azure's 1,024-character blob-name limit.
+- Gate also rejects composed blob paths that exceed Azure naming limits or contain too many path segments for safe Azure Blob usage.
+- Runtime configuration now expects `AZURE_STORAGE_ACCOUNT_NAME` and can optionally use `AZURE_STORAGE_CONTAINER`, `AZURE_STORAGE_PUBLIC_CONTAINER`, `AZURE_STORAGE_PUBLIC_BASE_URL`, `AZURE_STORAGE_ACCOUNT_KEY`, `AZURE_STORAGE_UPLOAD_URL_TTL_SECONDS`, `AZURE_STORAGE_UPLOAD_ID_SECRET`, and `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Preferred deployment model is a pre-created container from infrastructure. Startup-time container creation is opt-in for environments that intentionally grant container-management permissions.
+- Stable public URLs only work when the configured public container or CDN-backed base URL is actually publicly reachable; Gate does not probe public reachability per request.
+
+
+## Verification
+
+### 2026-04-20-azure-file-upload-api
+
+- `npm run build:sdk`
+- `npm run mcp:skills:generate`
+- `npm run mcp:skills:validate`
+- `npm test`
+- `npm run lint`
+
+
+## Follow-ups
+
+### 2026-04-20-azure-file-upload-api
+
+- Wire the new Azure storage env vars into the active Fusebase Gate Helm chart values and secrets once the deployment chart path and environment-specific account values are confirmed.
+- If the production environment supports Microsoft Entra or managed identity, prefer user delegation SAS over account-key SAS.

package/release-notes/latest.md

@@ -1,9 +1,71 @@
-# Release Notes 2.2.9
+# Release Notes 2.2.10-sdk.0
 
 - Current ref: `HEAD`
-- Previous tag: `v2.2.9`
-- Generated at: 2026-04-21T08:52:18.461Z
+- Previous tag: `v2.2.10-sdk.0`
+- Generated at: 2026-04-22T07:58:13.022Z
 
 ## Included Drafts
 
-- None
+- `docs/release-notes/2026-04-20-azure-file-upload-api.md` - 2026-04-20-azure-file-upload-api
+
+## Summary
+
+### 2026-04-20-azure-file-upload-api
+
+Added org-scoped file upload, read-url, and deletion endpoints for Azure Blob Storage direct transfers, then hardened the multipart token flow, moved container creation out of per-request runtime handling, and introduced public-vs-private file visibility with stable public asset URLs.
+
+
+## API / SDK Changes
+
+### 2026-04-20-azure-file-upload-api
+
+- Added `POST /:orgId/files/prepare-upload` to generate a short-lived SAS upload URL, blob `fileId`, required upload headers, expiration time, `visibility`, and an optional stable `publicUrl`.
+- Added `POST /:orgId/files/uploads/start` to start an explicit Azure block-blob multipart upload and return an opaque `uploadId`.
+- Added `POST /:orgId/files/uploads/:uploadId/complete` to commit the staged Azure block ids for a multipart upload and return the final file `visibility` plus optional `publicUrl`.
+- Added `POST /:orgId/files/download-url` to generate either a short-lived read-only SAS URL or a stable public URL for a previously uploaded org-scoped blob.
+- Added `DELETE /:orgId/files` to delete a previously prepared org-scoped blob by `fileId` in the request body, with optional `visibility` for public assets.
+- Added the generated `FilesApi` SDK surface for these operations.
+- Hardened multipart `uploadId` values so they are signed and expiring instead of plain base64 payloads.
+- Removed container creation from the request path; upload preparation now performs only blob-level work.
+- Added optional startup-time container initialization through `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Added optional public file storage configuration through `AZURE_STORAGE_PUBLIC_CONTAINER` and `AZURE_STORAGE_PUBLIC_BASE_URL`.
+- Added Gate MCP guidance for file-upload flows and new `files.write` and `files.read` permissions.
+- Added Gate-side validation limits for file upload inputs and composed Azure blob paths so oversized names fail fast with clear `400` responses.
+
+
+## Consumer Impact
+
+### 2026-04-20-azure-file-upload-api
+
+- Clients should upload file bytes directly to Azure Blob Storage using the returned `uploadUrl`, `method`, and `headers`; Gate does not proxy file bytes.
+- Clients should download file bytes directly from Azure Blob Storage or the configured public asset origin using the returned `downloadUrl`; Gate does not proxy file bytes for reads either.
+- Multipart clients should stage blocks directly against the returned `uploadUrl`, keep the base64 block ids they used, and send those ids to `completeMultipartFileUpload`.
+- Treat multipart `uploadId` values as opaque short-lived server tokens. Clients must not decode, modify, or synthesize them.
+- Persist the returned `fileId` exactly as-is if the app needs to read or delete the blob later.
+- Persist the returned `visibility` as well when there is no separate file record yet; public reads and deletes rely on that value to resolve the correct storage container.
+- Use `visibility: "public"` on upload-start requests when the app needs a stable asset URL for long-lived embeds such as blog images or `<img src>` values.
+- Use `getFileDownloadUrl` with `access: "temporary"` for protected or expiring reads, and `access: "public"` for stable public URLs. `disposition: "attachment"` is only supported for temporary reads.
+- Upload preparation now rejects `filename` values longer than 255 characters, `folder` values longer than 512 characters, `contentType` values longer than 255 characters, and `fileId` values longer than Azure's 1,024-character blob-name limit.
+- Gate also rejects composed blob paths that exceed Azure naming limits or contain too many path segments for safe Azure Blob usage.
+- Runtime configuration now expects `AZURE_STORAGE_ACCOUNT_NAME` and can optionally use `AZURE_STORAGE_CONTAINER`, `AZURE_STORAGE_PUBLIC_CONTAINER`, `AZURE_STORAGE_PUBLIC_BASE_URL`, `AZURE_STORAGE_ACCOUNT_KEY`, `AZURE_STORAGE_UPLOAD_URL_TTL_SECONDS`, `AZURE_STORAGE_UPLOAD_ID_SECRET`, and `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
+- Preferred deployment model is a pre-created container from infrastructure. Startup-time container creation is opt-in for environments that intentionally grant container-management permissions.
+- Stable public URLs only work when the configured public container or CDN-backed base URL is actually publicly reachable; Gate does not probe public reachability per request.
+
+
+## Verification
+
+### 2026-04-20-azure-file-upload-api
+
+- `npm run build:sdk`
+- `npm run mcp:skills:generate`
+- `npm run mcp:skills:validate`
+- `npm test`
+- `npm run lint`
+
+
+## Follow-ups
+
+### 2026-04-20-azure-file-upload-api
+
+- Wire the new Azure storage env vars into the active Fusebase Gate Helm chart values and secrets once the deployment chart path and environment-specific account values are confirmed.
+- If the production environment supports Microsoft Entra or managed identity, prefer user delegation SAS over account-key SAS.

package/release-notes/2.2.6-sdk.4.md

@@ -1,63 +0,0 @@
-# Release Notes 2.2.6-sdk.4
-
-- Current ref: `HEAD`
-- Previous tag: `v2.2.6-sdk.4`
-- Generated at: 2026-04-21T08:19:38.558Z
-
-## Included Drafts
-
-- `docs/release-notes/2026-04-20-azure-file-upload-api.md` - 2026-04-20-azure-file-upload-api
-
-## Summary
-
-### 2026-04-20-azure-file-upload-api
-
-Added org-scoped file upload, download-url, and deletion endpoints for Azure Blob Storage direct transfers, then hardened the multipart token flow and moved container creation out of per-request runtime handling.
-
-
-## API / SDK Changes
-
-### 2026-04-20-azure-file-upload-api
-
-- Added `POST /:orgId/files/prepare-upload` to generate a short-lived SAS upload URL, blob `fileId`, required upload headers, and expiration time.
-- Added `POST /:orgId/files/uploads/start` to start an explicit Azure block-blob multipart upload and return an opaque `uploadId`.
-- Added `POST /:orgId/files/uploads/:uploadId/complete` to commit the staged Azure block ids for a multipart upload.
-- Added `POST /:orgId/files/download-url` to generate a short-lived read-only SAS URL for a previously uploaded org-scoped blob.
-- Added `DELETE /:orgId/files` to delete a previously prepared org-scoped blob by `fileId` in the request body.
-- Added the generated `FilesApi` SDK surface for these operations.
-- Hardened multipart `uploadId` values so they are signed and expiring instead of plain base64 payloads.
-- Removed container creation from the request path; upload preparation now performs only blob-level work.
-- Added optional startup-time container initialization through `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
-- Added Gate MCP guidance for file-upload flows and new `files.write` and `files.read` permissions.
-
-
-## Consumer Impact
-
-### 2026-04-20-azure-file-upload-api
-
-- Clients should upload file bytes directly to Azure Blob Storage using the returned `uploadUrl`, `method`, and `headers`; Gate does not proxy file bytes.
-- Clients should download file bytes directly from Azure Blob Storage using the returned `downloadUrl`; Gate does not proxy file bytes for reads either.
-- Multipart clients should stage blocks directly against the returned `uploadUrl`, keep the base64 block ids they used, and send those ids to `completeMultipartFileUpload`.
-- Treat multipart `uploadId` values as opaque short-lived server tokens. Clients must not decode, modify, or synthesize them.
-- Persist the returned `fileId` exactly as-is if the app needs to delete the blob later.
-- Runtime configuration now expects `AZURE_STORAGE_ACCOUNT_NAME` and can optionally use `AZURE_STORAGE_CONTAINER`, `AZURE_STORAGE_ACCOUNT_KEY`, `AZURE_STORAGE_UPLOAD_URL_TTL_SECONDS`, `AZURE_STORAGE_UPLOAD_ID_SECRET`, and `AZURE_STORAGE_CREATE_CONTAINER_ON_STARTUP`.
-- Preferred deployment model is a pre-created container from infrastructure. Startup-time container creation is opt-in for environments that intentionally grant container-management permissions.
-
-
-## Verification
-
-### 2026-04-20-azure-file-upload-api
-
-- `npm run build:sdk`
-- `npm run mcp:skills:generate`
-- `npm run mcp:skills:validate`
-- `npm test`
-- `npm run lint`
-
-
-## Follow-ups
-
-### 2026-04-20-azure-file-upload-api
-
-- Wire the new Azure storage env vars into the active Fusebase Gate Helm chart values and secrets once the deployment chart path and environment-specific account values are confirmed.
-- If the production environment supports Microsoft Entra or managed identity, prefer user delegation SAS over account-key SAS.

package/release-notes/2.2.9.md

@@ -1,9 +0,0 @@
-# Release Notes 2.2.9
-
-- Current ref: `HEAD`
-- Previous tag: `v2.2.9`
-- Generated at: 2026-04-21T08:52:18.461Z
-
-## Included Drafts
-
-- None