@maravilla-labs/platform 0.2.5 → 0.3.1

package/dist/config.d.ts

@@ -1,3 +1,6 @@
+import { T as TransformsConfig } from './transforms-KzpoYW43.js';
+export { a as TransformsPatternSpec } from './transforms-KzpoYW43.js';
+
 /**
  * @fileoverview Typed schema for `maravilla.config.{ts,yaml,json}` files.
  *
@@ -38,6 +41,7 @@
 type SecretRef = string | {
     env: string;
 };
+
 interface ResourceDefinition {
     /** URL-safe slug. Used as the resource key in code (e.g. the KV namespace). */
     name: string;
@@ -172,6 +176,13 @@ interface MaravillaConfig {
     auth?: AuthConfigBlock;
     /** Declarative database indexes (regular + vector). Reconciled upsert-only on deploy. */
     database?: DatabaseConfigBlock;
+    /**
+     * Declarative media transforms — each entry compiles into a synthetic
+     * `storage.put` event handler that fans out the declared
+     * `platform.media.transforms.*` calls (via `Promise.all`) for every
+     * matching upload. See {@link TransformsConfig}.
+     */
+    transforms?: TransformsConfig;
 }
 /** MongoDB-style key direction: `1` ascending, `-1` descending. */
 type IndexDirectionConfig = 1 | -1;
@@ -233,4 +244,4 @@ interface DatabaseConfigBlock {
  */
 declare function defineConfig(config: MaravillaConfig): MaravillaConfig;
 
-export { type AuthConfigBlock, type BrandingConfig, type DatabaseConfigBlock, type DocumentIndexDeclaration, type GroupDefinition, type GroupPermissionDefinition, type IndexDirectionConfig, type MaravillaConfig, type OAuthProviderDefinition, type OAuthProvidersConfig, type PasswordPolicyDefinition, type RegistrationConfig, type RegistrationFieldDefinition, type RelationTypeDefinition, type ResourceDefinition, type SecretRef, type SecurityConfig, type SessionConfigDefinition, type VectorIndexDeclaration, type VectorMetricConfig, type VectorStorageConfig, defineConfig };
+export { type AuthConfigBlock, type BrandingConfig, type DatabaseConfigBlock, type DocumentIndexDeclaration, type GroupDefinition, type GroupPermissionDefinition, type IndexDirectionConfig, type MaravillaConfig, type OAuthProviderDefinition, type OAuthProvidersConfig, type PasswordPolicyDefinition, type RegistrationConfig, type RegistrationFieldDefinition, type RelationTypeDefinition, type ResourceDefinition, type SecretRef, type SecurityConfig, type SessionConfigDefinition, TransformsConfig, type VectorIndexDeclaration, type VectorMetricConfig, type VectorStorageConfig, defineConfig };

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/config.ts"],"sourcesContent":["/**\n * @fileoverview Typed schema for `maravilla.config.{ts,yaml,json}` files.\n *\n * Declares your project's auth settings (resources, groups, relations,\n * registration fields, OAuth providers, security policy, branding) alongside\n * your code. The Maravilla adapter reads this at build time and reconciles\n * the settings into delivery on deploy.\n *\n * ```typescript\n * import { defineConfig } from '@maravilla-labs/platform/config';\n *\n * export default defineConfig({\n *   auth: {\n *     resources: [\n *       { name: 'todos', title: 'Todos', actions: ['read', 'write'],\n *         policy: 'auth.user_id == node.owner' },\n *     ],\n *   },\n * });\n * ```\n *\n * Omitted sections leave the DB alone — partial adoption is explicitly\n * supported. List-based sections (`resources`, `groups`, `relations`,\n * `oauth`) are upserted and never auto-delete DB-only entries. Singleton\n * sections (`registration`, `security`, `branding`) are replaced wholesale\n * when declared.\n */\n\n/**\n * String value that may either be a literal secret or a reference to an\n * environment variable on the **tenant** (resolved server-side at\n * reconcile time, never shipped plaintext in the manifest).\n *\n * Accepted forms:\n *   - `\"literal-value\"` — inline (not recommended for real secrets)\n *   - `\"${env.VAR_NAME}\"` — string-template form\n *   - `{ env: \"VAR_NAME\" }` — object form\n */\nexport type SecretRef = string | { env: string };\n\n// ── Resources + policies ──\n\nexport interface ResourceDefinition {\n  /** URL-safe slug. Used as the resource key in code (e.g. the KV namespace). */\n  name: string;\n  /** Human-readable title for the admin UI. */\n  title: string;\n  /** Optional longer description. */\n  description?: string;\n  /** Actions this resource supports, e.g. `['read', 'write', 'delete']`. */\n  actions: string[];\n  /**\n   * Optional raisin-rel policy expression. Evaluated on every KV/DB/\n   * realtime/media op that targets this resource. Leave empty to skip\n   * Layer 2 for this resource — tenant + owner isolation still applies.\n   */\n  policy?: string;\n}\n\n// ── Groups ──\n\nexport interface GroupPermissionDefinition {\n  /** Must match a `ResourceDefinition.name`. */\n  resource_name: string;\n  /** Actions this group is granted on the resource. */\n  actions: string[];\n}\n\nexport interface GroupDefinition {\n  /** Unique group name per tenant. */\n  name: string;\n  /** Optional description for the admin UI. */\n  description?: string;\n  /** Resource permissions granted to the group. Replaces the group's current permissions when declared. */\n  permissions?: GroupPermissionDefinition[];\n}\n\n// ── Relations ──\n\nexport interface RelationTypeDefinition {\n  /** Uppercase identifier used in policies (`... VIA 'STEWARDS'`). */\n  relation_name: string;\n  /** Human-readable title. */\n  title: string;\n  description?: string;\n  /** Grouping for the admin UI (e.g. `\"family\"`, `\"work\"`). */\n  category?: string;\n  icon?: string;\n  color?: string;\n  /** Name of the inverse relation type, if one exists. */\n  inverse_relation_name?: string;\n  /** When true, membership in this relation implies stewardship rights. */\n  implies_stewardship?: boolean;\n  /** When true, the relation can only target users flagged as minors. */\n  requires_minor?: boolean;\n  /** When true, the relation is symmetric (A→B implies B→A). */\n  bidirectional?: boolean;\n}\n\n// ── Registration fields ──\n\nexport interface RegistrationFieldDefinition {\n  /** Field key used as the form field name + in profile data. */\n  key: string;\n  /** Display label. */\n  label: string;\n  /** One of: text, email, phone, date, number, select, boolean, url, textarea. */\n  field_type: string;\n  required: boolean;\n  show_on_register: boolean;\n  /** Optional validation metadata — passed through to the UI. */\n  validation?: Record<string, unknown>;\n}\n\nexport interface RegistrationConfig {\n  /** Ordered list of custom registration fields. Declaring this replaces the full list. */\n  fields: RegistrationFieldDefinition[];\n}\n\n// ── OAuth providers ──\n\nexport interface OAuthProviderDefinition {\n  enabled: boolean;\n  client_id: string;\n  /** Prefer `{ env: \"VAR_NAME\" }` or `\"${env.VAR_NAME}\"`. */\n  client_secret: SecretRef;\n  scopes: string[];\n  /** Only for `custom_oidc`. */\n  discovery_url?: string;\n}\n\nexport interface OAuthProvidersConfig {\n  google?: OAuthProviderDefinition;\n  github?: OAuthProviderDefinition;\n  okta?: OAuthProviderDefinition;\n  custom_oidc?: OAuthProviderDefinition;\n}\n\n// ── Security ──\n\nexport interface PasswordPolicyDefinition {\n  min_length: number;\n  require_uppercase: boolean;\n  require_number: boolean;\n  require_special: boolean;\n}\n\nexport interface SessionConfigDefinition {\n  access_token_ttl_secs: number;\n  refresh_token_ttl_secs: number;\n  max_sessions_per_user: number;\n  require_email_verification: boolean;\n}\n\nexport interface SecurityConfig {\n  password_policy?: PasswordPolicyDefinition;\n  session?: SessionConfigDefinition;\n}\n\n// ── Branding ──\n\nexport interface BrandingConfig {\n  app_name?: string;\n  logo_url?: string;\n  primary_color?: string;\n  secondary_color?: string;\n  welcome_message?: string;\n  welcome_subtitle?: string;\n  /** `\"centered\"`, `\"split-left\"`, `\"split-right\"`, or `\"fullscreen\"`. */\n  layout?: string;\n  background_image_url?: string;\n  /** 0–100 percentage. */\n  background_focal_point?: { x: number; y: number };\n  background_gradient?: string;\n  /** `\"light\"`, `\"dark\"`, or `\"auto\"`. */\n  color_mode?: string;\n  font_family?: string;\n  terms_url?: string;\n  privacy_url?: string;\n  /** Raw CSS merged into the hosted auth pages. */\n  custom_css?: string;\n}\n\n// ── Top-level shape ──\n\nexport interface AuthConfigBlock {\n  resources?: ResourceDefinition[];\n  groups?: GroupDefinition[];\n  relations?: RelationTypeDefinition[];\n  registration?: RegistrationConfig;\n  oauth?: OAuthProvidersConfig;\n  security?: SecurityConfig;\n  branding?: BrandingConfig;\n}\n\nexport interface MaravillaConfig {\n  /** All project-level auth settings. Every field is optional — partial adoption is supported. */\n  auth?: AuthConfigBlock;\n  /** Declarative database indexes (regular + vector). Reconciled upsert-only on deploy. */\n  database?: DatabaseConfigBlock;\n}\n\n// ── Database block ──\n//\n// Regular indexes speed up document reads on frequently-queried fields.\n// Vector indexes back hybrid semantic search via sqlite-vec. Both are\n// upsert-only — declaring an index in config creates it if missing,\n// updates metadata when safe, and never auto-deletes DB-only indexes.\n\n/** MongoDB-style key direction: `1` ascending, `-1` descending. */\nexport type IndexDirectionConfig = 1 | -1;\n\nexport interface DocumentIndexDeclaration {\n  /** Collection the index lives on. */\n  collection: string;\n  /** Optional name; falls back to an auto-derived name. */\n  name?: string;\n  /**\n   * Compound-index key shape. Array of `[field, direction]` tuples\n   * preserves ordering, which matters for compound indexes.\n   */\n  keys: Array<[string, IndexDirectionConfig]> | Record<string, IndexDirectionConfig>;\n  unique?: boolean;\n  sparse?: boolean;\n  /**\n   * Partial-index predicate — restricted to inline-literal operators\n   * (`$eq`, `$ne`, `$gt`/`$gte`/`$lt`/`$lte`, `$in`/`$nin`, `$exists`,\n   * `$and`, `$or`). No `$regex` / `$where` / `$text`.\n   */\n  partial?: Record<string, unknown>;\n  /** TTL in seconds. Requires a single-field index on a unix-seconds field. */\n  expireAfterSeconds?: number;\n}\n\n/** Distance metric used by a vector index. */\nexport type VectorMetricConfig = 'cosine' | 'l2' | 'hamming';\n\n/** Storage precision for a vector index. */\nexport type VectorStorageConfig = 'float32' | 'int8' | 'bit';\n\nexport interface VectorIndexDeclaration {\n  collection: string;\n  field: string;\n  dimensions: number;\n  metric?: VectorMetricConfig;\n  storage?: VectorStorageConfig;\n  matryoshka?: boolean;\n  multiVector?: boolean;\n}\n\nexport interface DatabaseConfigBlock {\n  /** MongoDB-style secondary indexes. */\n  indexes?: DocumentIndexDeclaration[];\n  /** sqlite-vec-backed vector indexes. */\n  vectorIndexes?: VectorIndexDeclaration[];\n}\n\n/**\n * Identity function that returns the config unchanged — exists purely so the\n * TypeScript compiler can infer `MaravillaConfig` and give you IntelliSense\n * on every field.\n *\n * @example\n * ```typescript\n * import { defineConfig } from '@maravilla-labs/platform/config';\n *\n * export default defineConfig({\n *   auth: {\n *     resources: [{ name: 'todos', title: 'Todos', actions: ['read', 'write'] }],\n *   },\n * });\n * ```\n */\nexport function defineConfig(config: MaravillaConfig): MaravillaConfig {\n  return config;\n}\n"],"mappings":";AAiRO,SAAS,aAAa,QAA0C;AACrE,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../src/config.ts"],"sourcesContent":["/**\n * @fileoverview Typed schema for `maravilla.config.{ts,yaml,json}` files.\n *\n * Declares your project's auth settings (resources, groups, relations,\n * registration fields, OAuth providers, security policy, branding) alongside\n * your code. The Maravilla adapter reads this at build time and reconciles\n * the settings into delivery on deploy.\n *\n * ```typescript\n * import { defineConfig } from '@maravilla-labs/platform/config';\n *\n * export default defineConfig({\n *   auth: {\n *     resources: [\n *       { name: 'todos', title: 'Todos', actions: ['read', 'write'],\n *         policy: 'auth.user_id == node.owner' },\n *     ],\n *   },\n * });\n * ```\n *\n * Omitted sections leave the DB alone — partial adoption is explicitly\n * supported. List-based sections (`resources`, `groups`, `relations`,\n * `oauth`) are upserted and never auto-delete DB-only entries. Singleton\n * sections (`registration`, `security`, `branding`) are replaced wholesale\n * when declared.\n */\n\n/**\n * String value that may either be a literal secret or a reference to an\n * environment variable on the **tenant** (resolved server-side at\n * reconcile time, never shipped plaintext in the manifest).\n *\n * Accepted forms:\n *   - `\"literal-value\"` — inline (not recommended for real secrets)\n *   - `\"${env.VAR_NAME}\"` — string-template form\n *   - `{ env: \"VAR_NAME\" }` — object form\n */\nexport type SecretRef = string | { env: string };\n\nimport type { TransformsConfig } from './transforms.js';\nexport type { TransformsConfig, TransformsPatternSpec } from './transforms.js';\n\n// ── Resources + policies ──\n\nexport interface ResourceDefinition {\n  /** URL-safe slug. Used as the resource key in code (e.g. the KV namespace). */\n  name: string;\n  /** Human-readable title for the admin UI. */\n  title: string;\n  /** Optional longer description. */\n  description?: string;\n  /** Actions this resource supports, e.g. `['read', 'write', 'delete']`. */\n  actions: string[];\n  /**\n   * Optional raisin-rel policy expression. Evaluated on every KV/DB/\n   * realtime/media op that targets this resource. Leave empty to skip\n   * Layer 2 for this resource — tenant + owner isolation still applies.\n   */\n  policy?: string;\n}\n\n// ── Groups ──\n\nexport interface GroupPermissionDefinition {\n  /** Must match a `ResourceDefinition.name`. */\n  resource_name: string;\n  /** Actions this group is granted on the resource. */\n  actions: string[];\n}\n\nexport interface GroupDefinition {\n  /** Unique group name per tenant. */\n  name: string;\n  /** Optional description for the admin UI. */\n  description?: string;\n  /** Resource permissions granted to the group. Replaces the group's current permissions when declared. */\n  permissions?: GroupPermissionDefinition[];\n}\n\n// ── Relations ──\n\nexport interface RelationTypeDefinition {\n  /** Uppercase identifier used in policies (`... VIA 'STEWARDS'`). */\n  relation_name: string;\n  /** Human-readable title. */\n  title: string;\n  description?: string;\n  /** Grouping for the admin UI (e.g. `\"family\"`, `\"work\"`). */\n  category?: string;\n  icon?: string;\n  color?: string;\n  /** Name of the inverse relation type, if one exists. */\n  inverse_relation_name?: string;\n  /** When true, membership in this relation implies stewardship rights. */\n  implies_stewardship?: boolean;\n  /** When true, the relation can only target users flagged as minors. */\n  requires_minor?: boolean;\n  /** When true, the relation is symmetric (A→B implies B→A). */\n  bidirectional?: boolean;\n}\n\n// ── Registration fields ──\n\nexport interface RegistrationFieldDefinition {\n  /** Field key used as the form field name + in profile data. */\n  key: string;\n  /** Display label. */\n  label: string;\n  /** One of: text, email, phone, date, number, select, boolean, url, textarea. */\n  field_type: string;\n  required: boolean;\n  show_on_register: boolean;\n  /** Optional validation metadata — passed through to the UI. */\n  validation?: Record<string, unknown>;\n}\n\nexport interface RegistrationConfig {\n  /** Ordered list of custom registration fields. Declaring this replaces the full list. */\n  fields: RegistrationFieldDefinition[];\n}\n\n// ── OAuth providers ──\n\nexport interface OAuthProviderDefinition {\n  enabled: boolean;\n  client_id: string;\n  /** Prefer `{ env: \"VAR_NAME\" }` or `\"${env.VAR_NAME}\"`. */\n  client_secret: SecretRef;\n  scopes: string[];\n  /** Only for `custom_oidc`. */\n  discovery_url?: string;\n}\n\nexport interface OAuthProvidersConfig {\n  google?: OAuthProviderDefinition;\n  github?: OAuthProviderDefinition;\n  okta?: OAuthProviderDefinition;\n  custom_oidc?: OAuthProviderDefinition;\n}\n\n// ── Security ──\n\nexport interface PasswordPolicyDefinition {\n  min_length: number;\n  require_uppercase: boolean;\n  require_number: boolean;\n  require_special: boolean;\n}\n\nexport interface SessionConfigDefinition {\n  access_token_ttl_secs: number;\n  refresh_token_ttl_secs: number;\n  max_sessions_per_user: number;\n  require_email_verification: boolean;\n}\n\nexport interface SecurityConfig {\n  password_policy?: PasswordPolicyDefinition;\n  session?: SessionConfigDefinition;\n}\n\n// ── Branding ──\n\nexport interface BrandingConfig {\n  app_name?: string;\n  logo_url?: string;\n  primary_color?: string;\n  secondary_color?: string;\n  welcome_message?: string;\n  welcome_subtitle?: string;\n  /** `\"centered\"`, `\"split-left\"`, `\"split-right\"`, or `\"fullscreen\"`. */\n  layout?: string;\n  background_image_url?: string;\n  /** 0–100 percentage. */\n  background_focal_point?: { x: number; y: number };\n  background_gradient?: string;\n  /** `\"light\"`, `\"dark\"`, or `\"auto\"`. */\n  color_mode?: string;\n  font_family?: string;\n  terms_url?: string;\n  privacy_url?: string;\n  /** Raw CSS merged into the hosted auth pages. */\n  custom_css?: string;\n}\n\n// ── Top-level shape ──\n\nexport interface AuthConfigBlock {\n  resources?: ResourceDefinition[];\n  groups?: GroupDefinition[];\n  relations?: RelationTypeDefinition[];\n  registration?: RegistrationConfig;\n  oauth?: OAuthProvidersConfig;\n  security?: SecurityConfig;\n  branding?: BrandingConfig;\n}\n\nexport interface MaravillaConfig {\n  /** All project-level auth settings. Every field is optional — partial adoption is supported. */\n  auth?: AuthConfigBlock;\n  /** Declarative database indexes (regular + vector). Reconciled upsert-only on deploy. */\n  database?: DatabaseConfigBlock;\n  /**\n   * Declarative media transforms — each entry compiles into a synthetic\n   * `storage.put` event handler that fans out the declared\n   * `platform.media.transforms.*` calls (via `Promise.all`) for every\n   * matching upload. See {@link TransformsConfig}.\n   */\n  transforms?: TransformsConfig;\n}\n\n// ── Database block ──\n//\n// Regular indexes speed up document reads on frequently-queried fields.\n// Vector indexes back hybrid semantic search via sqlite-vec. Both are\n// upsert-only — declaring an index in config creates it if missing,\n// updates metadata when safe, and never auto-deletes DB-only indexes.\n\n/** MongoDB-style key direction: `1` ascending, `-1` descending. */\nexport type IndexDirectionConfig = 1 | -1;\n\nexport interface DocumentIndexDeclaration {\n  /** Collection the index lives on. */\n  collection: string;\n  /** Optional name; falls back to an auto-derived name. */\n  name?: string;\n  /**\n   * Compound-index key shape. Array of `[field, direction]` tuples\n   * preserves ordering, which matters for compound indexes.\n   */\n  keys: Array<[string, IndexDirectionConfig]> | Record<string, IndexDirectionConfig>;\n  unique?: boolean;\n  sparse?: boolean;\n  /**\n   * Partial-index predicate — restricted to inline-literal operators\n   * (`$eq`, `$ne`, `$gt`/`$gte`/`$lt`/`$lte`, `$in`/`$nin`, `$exists`,\n   * `$and`, `$or`). No `$regex` / `$where` / `$text`.\n   */\n  partial?: Record<string, unknown>;\n  /** TTL in seconds. Requires a single-field index on a unix-seconds field. */\n  expireAfterSeconds?: number;\n}\n\n/** Distance metric used by a vector index. */\nexport type VectorMetricConfig = 'cosine' | 'l2' | 'hamming';\n\n/** Storage precision for a vector index. */\nexport type VectorStorageConfig = 'float32' | 'int8' | 'bit';\n\nexport interface VectorIndexDeclaration {\n  collection: string;\n  field: string;\n  dimensions: number;\n  metric?: VectorMetricConfig;\n  storage?: VectorStorageConfig;\n  matryoshka?: boolean;\n  multiVector?: boolean;\n}\n\nexport interface DatabaseConfigBlock {\n  /** MongoDB-style secondary indexes. */\n  indexes?: DocumentIndexDeclaration[];\n  /** sqlite-vec-backed vector indexes. */\n  vectorIndexes?: VectorIndexDeclaration[];\n}\n\n/**\n * Identity function that returns the config unchanged — exists purely so the\n * TypeScript compiler can infer `MaravillaConfig` and give you IntelliSense\n * on every field.\n *\n * @example\n * ```typescript\n * import { defineConfig } from '@maravilla-labs/platform/config';\n *\n * export default defineConfig({\n *   auth: {\n *     resources: [{ name: 'todos', title: 'Todos', actions: ['read', 'write'] }],\n *   },\n * });\n * ```\n */\nexport function defineConfig(config: MaravillaConfig): MaravillaConfig {\n  return config;\n}\n"],"mappings":";AA2RO,SAAS,aAAa,QAA0C;AACrE,SAAO;AACT;","names":[]}

package/dist/events.d.ts

@@ -21,7 +21,7 @@ import { R as RenEvent } from './ren-D0DCQ0Fs.js';
  * and invokes the bundled handler via `globalThis.handleEvent(id, event)`.
  */
 
-type EventTrigger = EventTriggerKv | EventTriggerDb | EventTriggerAuth | EventTriggerSchedule | EventTriggerQueue | EventTriggerChannel | EventTriggerDeploy | EventTriggerRen;
+type EventTrigger = EventTriggerKv | EventTriggerDb | EventTriggerAuth | EventTriggerSchedule | EventTriggerQueue | EventTriggerChannel | EventTriggerDeploy | EventTriggerStorage | EventTriggerRen;
 interface EventTriggerKv {
     kind: 'kv';
     namespace?: string;
@@ -57,6 +57,19 @@ interface EventTriggerDeploy {
     kind: 'deploy';
     phase: 'ready' | 'draining' | 'stopped';
 }
+/**
+ * Object storage trigger — fires when an object is created or removed
+ * under the matching `keyPattern`. Used by both hand-written `onStorage`
+ * handlers and by the synthesized handlers that the adapter compiles
+ * from a `transforms` block in `maravilla.config.ts`.
+ */
+interface EventTriggerStorage {
+    kind: 'storage';
+    /** Glob-style storage key pattern (e.g. `"uploads/videos/**"`). Omit to match all objects. */
+    keyPattern?: string;
+    /** Operation filter; omit to match both `put` and `delete`. */
+    op?: 'put' | 'delete';
+}
 interface EventTriggerRen {
     kind: 'ren';
     match: {
@@ -124,6 +137,20 @@ interface DeployEvent {
     phase: 'ready' | 'draining' | 'stopped';
     ts: number;
 }
+/**
+ * Storage event payload — emitted by the dev-server / runtime when an
+ * object is put or deleted. The synthesized transforms handlers consume
+ * the `key` field to look up the source object.
+ */
+interface StorageEvent {
+    op: 'put' | 'delete';
+    key: string;
+    /** Present on `put` — content type from the upload metadata, when known. */
+    contentType?: string;
+    /** Present on `put` — size in bytes, when known. */
+    size?: number;
+    ts: number;
+}
 interface EventCtx {
     /** Per-tenant env vars. */
     env: Record<string, string>;
@@ -174,9 +201,25 @@ declare function onSchedule(cron: string, handler: (event: ScheduleEvent, ctx: E
 declare function onQueue<T = unknown>(name: string, config: Omit<EventTriggerQueue, 'kind' | 'name'>, handler: (messages: QueueMessage<T>[], ctx: EventCtx) => unknown | Promise<unknown>): RegisteredHandler<QueueMessage<T>[]>;
 declare function onChannel<T = unknown>(config: Omit<EventTriggerChannel, 'kind'>, handler: (event: ChannelEvent<T>, ctx: EventCtx) => unknown | Promise<unknown>): RegisteredHandler<ChannelEvent<T>>;
 declare function onDeploy(phase: EventTriggerDeploy['phase'], handler: (event: DeployEvent, ctx: EventCtx) => unknown | Promise<unknown>): RegisteredHandler<DeployEvent>;
+/**
+ * React to object-storage `put` / `delete` events. `keyPattern` is a
+ * glob (e.g. `"uploads/videos/**"`). Omit `op` to match both put and
+ * delete; omit `keyPattern` to match every object in the tenant's
+ * bucket.
+ *
+ * ```ts
+ * export const onUpload = onStorage(
+ *   { keyPattern: 'uploads/photos/**', op: 'put' },
+ *   async (event, ctx) => {
+ *     await ctx.platform.media.transforms.resize(event.key, { width: 1600, format: 'webp' });
+ *   },
+ * );
+ * ```
+ */
+declare function onStorage(config: Omit<EventTriggerStorage, 'kind'>, handler: (event: StorageEvent, ctx: EventCtx) => unknown | Promise<unknown>): RegisteredHandler<StorageEvent>;
 /** Escape hatch for arbitrary `RenEvent` matches. */
 declare function defineEvent(config: Omit<EventTriggerRen, 'kind'>, handler: (event: RenEvent, ctx: EventCtx) => unknown | Promise<unknown>): RegisteredHandler<RenEvent>;
 /** Type guard used by the build-time discoverer and the runtime registry. */
 declare function isRegisteredHandler(value: unknown): value is RegisteredHandler;
 
-export { type AuthEvent, type AuthOp, type ChannelEvent, type DbChangeEvent, type DeployEvent, type EventCtx, type EventTrigger, type EventTriggerAuth, type EventTriggerChannel, type EventTriggerDb, type EventTriggerDeploy, type EventTriggerKv, type EventTriggerQueue, type EventTriggerRen, type EventTriggerSchedule, type KvChangeEvent, type QueueMessage, type RegisteredHandler, type ScheduleEvent, TRIGGER_SYMBOL, defineEvent, isRegisteredHandler, onAuth, onChannel, onDbChange, onDeploy, onKvChange, onQueue, onSchedule };
+export { type AuthEvent, type AuthOp, type ChannelEvent, type DbChangeEvent, type DeployEvent, type EventCtx, type EventTrigger, type EventTriggerAuth, type EventTriggerChannel, type EventTriggerDb, type EventTriggerDeploy, type EventTriggerKv, type EventTriggerQueue, type EventTriggerRen, type EventTriggerSchedule, type EventTriggerStorage, type KvChangeEvent, type QueueMessage, type RegisteredHandler, type ScheduleEvent, type StorageEvent, TRIGGER_SYMBOL, defineEvent, isRegisteredHandler, onAuth, onChannel, onDbChange, onDeploy, onKvChange, onQueue, onSchedule, onStorage };

package/dist/events.js

@@ -24,6 +24,9 @@ function onChannel(config, handler) {
 function onDeploy(phase, handler) {
   return register({ kind: "deploy", phase }, handler);
 }
+function onStorage(config, handler) {
+  return register({ kind: "storage", ...config }, handler);
+}
 function defineEvent(config, handler) {
   return register({ kind: "ren", ...config }, handler);
 }
@@ -40,6 +43,7 @@ export {
   onDeploy,
   onKvChange,
   onQueue,
-  onSchedule
+  onSchedule,
+  onStorage
 };
 //# sourceMappingURL=events.js.map

package/dist/events.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/events.ts"],"sourcesContent":["/**\n * @fileoverview Event handler registration helpers for Maravilla.\n *\n * User apps declare event handlers in `events.ts` or `events/*.ts`:\n *\n * ```ts\n * import { onKvChange, defineEvent } from '@maravilla-labs/platform/events';\n *\n * export const invalidateCache = onKvChange(\n *   { namespace: 'config', keyPattern: 'feature:*' },\n *   async (event, ctx) => { await ctx.kv.delete('cache', event.key!); },\n * );\n * ```\n *\n * These helpers are pure factories. They produce a `RegisteredHandler`\n * marker object that the build pipeline (`@maravilla-labs/functions`\n * `discoverEvents`) detects by its `__maravilla_trigger` property.\n * The Rust event dispatcher uses the trigger config from the manifest\n * and invokes the bundled handler via `globalThis.handleEvent(id, event)`.\n */\n\nimport type { RenEvent } from './ren.js';\n\n// ============ Trigger descriptors ============\n// Kept structurally identical to adapter-core's `EventTrigger` — duplicated\n// here so the runtime SDK has no build-time dep on adapter-core. Keep in sync.\n\nexport type EventTrigger =\n  | EventTriggerKv\n  | EventTriggerDb\n  | EventTriggerAuth\n  | EventTriggerSchedule\n  | EventTriggerQueue\n  | EventTriggerChannel\n  | EventTriggerDeploy\n  | EventTriggerRen;\n\nexport interface EventTriggerKv {\n  kind: 'kv';\n  namespace?: string;\n  keyPattern?: string;\n  op?: 'put' | 'delete' | 'expired';\n}\n\nexport interface EventTriggerDb {\n  kind: 'db';\n  collection: string;\n  op?: 'insert' | 'update' | 'delete';\n}\n\nexport type AuthOp =\n  | 'registered'\n  | 'logged_in'\n  | 'logged_out'\n  | 'logged_out_all'\n  | 'deleted'\n  | 'updated';\n\nexport interface EventTriggerAuth {\n  kind: 'auth';\n  op?: AuthOp;\n}\n\nexport interface EventTriggerSchedule {\n  kind: 'schedule';\n  cron: string;\n}\n\nexport interface EventTriggerQueue {\n  kind: 'queue';\n  name: string;\n  batch?: number;\n  maxAttempts?: number;\n}\n\nexport interface EventTriggerChannel {\n  kind: 'channel';\n  channel: string;\n  type?: string;\n}\n\nexport interface EventTriggerDeploy {\n  kind: 'deploy';\n  phase: 'ready' | 'draining' | 'stopped';\n}\n\nexport interface EventTriggerRen {\n  kind: 'ren';\n  match: { r?: string; t?: string; ns?: string };\n}\n\n// ============ Event payload shapes ============\n\nexport interface KvChangeEvent {\n  op: 'put' | 'delete' | 'expired';\n  namespace: string;\n  key: string;\n  /** Present on `put`. */\n  value?: unknown;\n  ts: number;\n}\n\nexport interface DbChangeEvent {\n  op: 'insert' | 'update' | 'delete';\n  collection: string;\n  id: string;\n  doc?: unknown;\n  before?: unknown;\n  after?: unknown;\n  ts: number;\n}\n\nexport interface AuthEvent {\n  op: AuthOp;\n  userId: string;\n  /**\n   * Op-specific payload:\n   * - `registered` → `{ email, provider, profile }` where `profile` is the\n   *   app's custom fields passed to `platform.auth.register({ profile: {...} })`.\n   * - `logged_in` → `{ email }`\n   * - `logged_out` → `{ sessionId }`\n   * - `logged_out_all` / `deleted` / `updated` → null or empty.\n   */\n  data?: {\n    email?: string;\n    provider?: string;\n    profile?: Record<string, unknown> | null;\n    sessionId?: string;\n    [k: string]: unknown;\n  };\n  ts: number;\n}\n\nexport interface ScheduleEvent {\n  cron: string;\n  scheduledAt: number;\n  firedAt: number;\n}\n\nexport interface QueueMessage<T = unknown> {\n  id: string;\n  payload: T;\n  attempt: number;\n  enqueuedAt: number;\n}\n\nexport interface ChannelEvent<T = unknown> {\n  channel: string;\n  type: string;\n  data?: T;\n  uid?: string;\n  ts: number;\n}\n\nexport interface DeployEvent {\n  phase: 'ready' | 'draining' | 'stopped';\n  ts: number;\n}\n\n// ============ Handler context ============\n\nexport interface EventCtx {\n  /** Per-tenant env vars. */\n  env: Record<string, string>;\n  /** KV store — same shape as `getPlatform().env.KV` / `platform.kv`. */\n  kv?: unknown;\n  /** MongoDB-style database — same shape as `getPlatform().env.DB`. */\n  database?: unknown;\n  /** Object storage. */\n  storage?: unknown;\n  /** Durable queue producer (`.send(name, payload, opts?)`). */\n  queue?: { send: (name: string, payload: unknown, opts?: unknown) => Promise<string> };\n  /** Auth service — register/login/logout/user CRUD/etc. */\n  auth?: unknown;\n  /** Web Push service. */\n  push?: unknown;\n  /** Full platform object — escape hatch for services not surfaced above. */\n  platform?: unknown;\n  /** Trace correlation id — propagate through logs. */\n  traceId: string;\n  tenant: string;\n  handlerId: string;\n}\n\n// ============ Registered handler marker ============\n\nexport const TRIGGER_SYMBOL = '__maravilla_trigger' as const;\n\nexport interface RegisteredHandler<Event = unknown, Ctx = EventCtx> {\n  readonly [TRIGGER_SYMBOL]: EventTrigger;\n  readonly handler: (event: Event, ctx: Ctx) => unknown | Promise<unknown>;\n}\n\nfunction register<Event, Ctx = EventCtx>(\n  trigger: EventTrigger,\n  handler: (event: Event, ctx: Ctx) => unknown | Promise<unknown>,\n): RegisteredHandler<Event, Ctx> {\n  return { [TRIGGER_SYMBOL]: trigger, handler };\n}\n\n// ============ Public factory helpers ============\n\nexport function onKvChange(\n  config: Omit<EventTriggerKv, 'kind'>,\n  handler: (event: KvChangeEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<KvChangeEvent> {\n  return register({ kind: 'kv', ...config }, handler);\n}\n\nexport function onDbChange(\n  config: Omit<EventTriggerDb, 'kind'>,\n  handler: (event: DbChangeEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<DbChangeEvent> {\n  return register({ kind: 'db', ...config }, handler);\n}\n\n/**\n * React to user authentication events: registration, login, logout,\n * deletion, update. Omit `op` to match all auth events; set it to\n * narrow to a specific lifecycle transition.\n *\n * ```ts\n * export const welcomeEmail = onAuth(\n *   { op: 'registered' },\n *   async (event, ctx) => {\n *     await sendWelcomeEmail(event.data?.email);\n *   },\n * );\n * ```\n */\nexport function onAuth(\n  config: Omit<EventTriggerAuth, 'kind'>,\n  handler: (event: AuthEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<AuthEvent> {\n  return register({ kind: 'auth', ...config }, handler);\n}\n\nexport function onSchedule(\n  cron: string,\n  handler: (event: ScheduleEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<ScheduleEvent> {\n  return register({ kind: 'schedule', cron }, handler);\n}\n\nexport function onQueue<T = unknown>(\n  name: string,\n  config: Omit<EventTriggerQueue, 'kind' | 'name'>,\n  handler: (messages: QueueMessage<T>[], ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<QueueMessage<T>[]> {\n  return register({ kind: 'queue', name, ...config }, handler);\n}\n\nexport function onChannel<T = unknown>(\n  config: Omit<EventTriggerChannel, 'kind'>,\n  handler: (event: ChannelEvent<T>, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<ChannelEvent<T>> {\n  return register({ kind: 'channel', ...config }, handler);\n}\n\nexport function onDeploy(\n  phase: EventTriggerDeploy['phase'],\n  handler: (event: DeployEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<DeployEvent> {\n  return register({ kind: 'deploy', phase }, handler);\n}\n\n/** Escape hatch for arbitrary `RenEvent` matches. */\nexport function defineEvent(\n  config: Omit<EventTriggerRen, 'kind'>,\n  handler: (event: RenEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<RenEvent> {\n  return register({ kind: 'ren', ...config }, handler);\n}\n\n/** Type guard used by the build-time discoverer and the runtime registry. */\nexport function isRegisteredHandler(value: unknown): value is RegisteredHandler {\n  return (\n    typeof value === 'object' &&\n    value !== null &&\n    TRIGGER_SYMBOL in value &&\n    typeof (value as Record<string, unknown>).handler === 'function'\n  );\n}\n"],"mappings":";AA0LO,IAAM,iBAAiB;AAO9B,SAAS,SACP,SACA,SAC+B;AAC/B,SAAO,EAAE,CAAC,cAAc,GAAG,SAAS,QAAQ;AAC9C;AAIO,SAAS,WACd,QACA,SACkC;AAClC,SAAO,SAAS,EAAE,MAAM,MAAM,GAAG,OAAO,GAAG,OAAO;AACpD;AAEO,SAAS,WACd,QACA,SACkC;AAClC,SAAO,SAAS,EAAE,MAAM,MAAM,GAAG,OAAO,GAAG,OAAO;AACpD;AAgBO,SAAS,OACd,QACA,SAC8B;AAC9B,SAAO,SAAS,EAAE,MAAM,QAAQ,GAAG,OAAO,GAAG,OAAO;AACtD;AAEO,SAAS,WACd,MACA,SACkC;AAClC,SAAO,SAAS,EAAE,MAAM,YAAY,KAAK,GAAG,OAAO;AACrD;AAEO,SAAS,QACd,MACA,QACA,SACsC;AACtC,SAAO,SAAS,EAAE,MAAM,SAAS,MAAM,GAAG,OAAO,GAAG,OAAO;AAC7D;AAEO,SAAS,UACd,QACA,SACoC;AACpC,SAAO,SAAS,EAAE,MAAM,WAAW,GAAG,OAAO,GAAG,OAAO;AACzD;AAEO,SAAS,SACd,OACA,SACgC;AAChC,SAAO,SAAS,EAAE,MAAM,UAAU,MAAM,GAAG,OAAO;AACpD;AAGO,SAAS,YACd,QACA,SAC6B;AAC7B,SAAO,SAAS,EAAE,MAAM,OAAO,GAAG,OAAO,GAAG,OAAO;AACrD;AAGO,SAAS,oBAAoB,OAA4C;AAC9E,SACE,OAAO,UAAU,YACjB,UAAU,QACV,kBAAkB,SAClB,OAAQ,MAAkC,YAAY;AAE1D;","names":[]}
+{"version":3,"sources":["../src/events.ts"],"sourcesContent":["/**\n * @fileoverview Event handler registration helpers for Maravilla.\n *\n * User apps declare event handlers in `events.ts` or `events/*.ts`:\n *\n * ```ts\n * import { onKvChange, defineEvent } from '@maravilla-labs/platform/events';\n *\n * export const invalidateCache = onKvChange(\n *   { namespace: 'config', keyPattern: 'feature:*' },\n *   async (event, ctx) => { await ctx.kv.delete('cache', event.key!); },\n * );\n * ```\n *\n * These helpers are pure factories. They produce a `RegisteredHandler`\n * marker object that the build pipeline (`@maravilla-labs/functions`\n * `discoverEvents`) detects by its `__maravilla_trigger` property.\n * The Rust event dispatcher uses the trigger config from the manifest\n * and invokes the bundled handler via `globalThis.handleEvent(id, event)`.\n */\n\nimport type { RenEvent } from './ren.js';\n\n// ============ Trigger descriptors ============\n// Kept structurally identical to adapter-core's `EventTrigger` — duplicated\n// here so the runtime SDK has no build-time dep on adapter-core. Keep in sync.\n\nexport type EventTrigger =\n  | EventTriggerKv\n  | EventTriggerDb\n  | EventTriggerAuth\n  | EventTriggerSchedule\n  | EventTriggerQueue\n  | EventTriggerChannel\n  | EventTriggerDeploy\n  | EventTriggerStorage\n  | EventTriggerRen;\n\nexport interface EventTriggerKv {\n  kind: 'kv';\n  namespace?: string;\n  keyPattern?: string;\n  op?: 'put' | 'delete' | 'expired';\n}\n\nexport interface EventTriggerDb {\n  kind: 'db';\n  collection: string;\n  op?: 'insert' | 'update' | 'delete';\n}\n\nexport type AuthOp =\n  | 'registered'\n  | 'logged_in'\n  | 'logged_out'\n  | 'logged_out_all'\n  | 'deleted'\n  | 'updated';\n\nexport interface EventTriggerAuth {\n  kind: 'auth';\n  op?: AuthOp;\n}\n\nexport interface EventTriggerSchedule {\n  kind: 'schedule';\n  cron: string;\n}\n\nexport interface EventTriggerQueue {\n  kind: 'queue';\n  name: string;\n  batch?: number;\n  maxAttempts?: number;\n}\n\nexport interface EventTriggerChannel {\n  kind: 'channel';\n  channel: string;\n  type?: string;\n}\n\nexport interface EventTriggerDeploy {\n  kind: 'deploy';\n  phase: 'ready' | 'draining' | 'stopped';\n}\n\n/**\n * Object storage trigger — fires when an object is created or removed\n * under the matching `keyPattern`. Used by both hand-written `onStorage`\n * handlers and by the synthesized handlers that the adapter compiles\n * from a `transforms` block in `maravilla.config.ts`.\n */\nexport interface EventTriggerStorage {\n  kind: 'storage';\n  /** Glob-style storage key pattern (e.g. `\"uploads/videos/**\"`). Omit to match all objects. */\n  keyPattern?: string;\n  /** Operation filter; omit to match both `put` and `delete`. */\n  op?: 'put' | 'delete';\n}\n\nexport interface EventTriggerRen {\n  kind: 'ren';\n  match: { r?: string; t?: string; ns?: string };\n}\n\n// ============ Event payload shapes ============\n\nexport interface KvChangeEvent {\n  op: 'put' | 'delete' | 'expired';\n  namespace: string;\n  key: string;\n  /** Present on `put`. */\n  value?: unknown;\n  ts: number;\n}\n\nexport interface DbChangeEvent {\n  op: 'insert' | 'update' | 'delete';\n  collection: string;\n  id: string;\n  doc?: unknown;\n  before?: unknown;\n  after?: unknown;\n  ts: number;\n}\n\nexport interface AuthEvent {\n  op: AuthOp;\n  userId: string;\n  /**\n   * Op-specific payload:\n   * - `registered` → `{ email, provider, profile }` where `profile` is the\n   *   app's custom fields passed to `platform.auth.register({ profile: {...} })`.\n   * - `logged_in` → `{ email }`\n   * - `logged_out` → `{ sessionId }`\n   * - `logged_out_all` / `deleted` / `updated` → null or empty.\n   */\n  data?: {\n    email?: string;\n    provider?: string;\n    profile?: Record<string, unknown> | null;\n    sessionId?: string;\n    [k: string]: unknown;\n  };\n  ts: number;\n}\n\nexport interface ScheduleEvent {\n  cron: string;\n  scheduledAt: number;\n  firedAt: number;\n}\n\nexport interface QueueMessage<T = unknown> {\n  id: string;\n  payload: T;\n  attempt: number;\n  enqueuedAt: number;\n}\n\nexport interface ChannelEvent<T = unknown> {\n  channel: string;\n  type: string;\n  data?: T;\n  uid?: string;\n  ts: number;\n}\n\nexport interface DeployEvent {\n  phase: 'ready' | 'draining' | 'stopped';\n  ts: number;\n}\n\n/**\n * Storage event payload — emitted by the dev-server / runtime when an\n * object is put or deleted. The synthesized transforms handlers consume\n * the `key` field to look up the source object.\n */\nexport interface StorageEvent {\n  op: 'put' | 'delete';\n  key: string;\n  /** Present on `put` — content type from the upload metadata, when known. */\n  contentType?: string;\n  /** Present on `put` — size in bytes, when known. */\n  size?: number;\n  ts: number;\n}\n\n// ============ Handler context ============\n\nexport interface EventCtx {\n  /** Per-tenant env vars. */\n  env: Record<string, string>;\n  /** KV store — same shape as `getPlatform().env.KV` / `platform.kv`. */\n  kv?: unknown;\n  /** MongoDB-style database — same shape as `getPlatform().env.DB`. */\n  database?: unknown;\n  /** Object storage. */\n  storage?: unknown;\n  /** Durable queue producer (`.send(name, payload, opts?)`). */\n  queue?: { send: (name: string, payload: unknown, opts?: unknown) => Promise<string> };\n  /** Auth service — register/login/logout/user CRUD/etc. */\n  auth?: unknown;\n  /** Web Push service. */\n  push?: unknown;\n  /** Full platform object — escape hatch for services not surfaced above. */\n  platform?: unknown;\n  /** Trace correlation id — propagate through logs. */\n  traceId: string;\n  tenant: string;\n  handlerId: string;\n}\n\n// ============ Registered handler marker ============\n\nexport const TRIGGER_SYMBOL = '__maravilla_trigger' as const;\n\nexport interface RegisteredHandler<Event = unknown, Ctx = EventCtx> {\n  readonly [TRIGGER_SYMBOL]: EventTrigger;\n  readonly handler: (event: Event, ctx: Ctx) => unknown | Promise<unknown>;\n}\n\nfunction register<Event, Ctx = EventCtx>(\n  trigger: EventTrigger,\n  handler: (event: Event, ctx: Ctx) => unknown | Promise<unknown>,\n): RegisteredHandler<Event, Ctx> {\n  return { [TRIGGER_SYMBOL]: trigger, handler };\n}\n\n// ============ Public factory helpers ============\n\nexport function onKvChange(\n  config: Omit<EventTriggerKv, 'kind'>,\n  handler: (event: KvChangeEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<KvChangeEvent> {\n  return register({ kind: 'kv', ...config }, handler);\n}\n\nexport function onDbChange(\n  config: Omit<EventTriggerDb, 'kind'>,\n  handler: (event: DbChangeEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<DbChangeEvent> {\n  return register({ kind: 'db', ...config }, handler);\n}\n\n/**\n * React to user authentication events: registration, login, logout,\n * deletion, update. Omit `op` to match all auth events; set it to\n * narrow to a specific lifecycle transition.\n *\n * ```ts\n * export const welcomeEmail = onAuth(\n *   { op: 'registered' },\n *   async (event, ctx) => {\n *     await sendWelcomeEmail(event.data?.email);\n *   },\n * );\n * ```\n */\nexport function onAuth(\n  config: Omit<EventTriggerAuth, 'kind'>,\n  handler: (event: AuthEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<AuthEvent> {\n  return register({ kind: 'auth', ...config }, handler);\n}\n\nexport function onSchedule(\n  cron: string,\n  handler: (event: ScheduleEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<ScheduleEvent> {\n  return register({ kind: 'schedule', cron }, handler);\n}\n\nexport function onQueue<T = unknown>(\n  name: string,\n  config: Omit<EventTriggerQueue, 'kind' | 'name'>,\n  handler: (messages: QueueMessage<T>[], ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<QueueMessage<T>[]> {\n  return register({ kind: 'queue', name, ...config }, handler);\n}\n\nexport function onChannel<T = unknown>(\n  config: Omit<EventTriggerChannel, 'kind'>,\n  handler: (event: ChannelEvent<T>, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<ChannelEvent<T>> {\n  return register({ kind: 'channel', ...config }, handler);\n}\n\nexport function onDeploy(\n  phase: EventTriggerDeploy['phase'],\n  handler: (event: DeployEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<DeployEvent> {\n  return register({ kind: 'deploy', phase }, handler);\n}\n\n/**\n * React to object-storage `put` / `delete` events. `keyPattern` is a\n * glob (e.g. `\"uploads/videos/**\"`). Omit `op` to match both put and\n * delete; omit `keyPattern` to match every object in the tenant's\n * bucket.\n *\n * ```ts\n * export const onUpload = onStorage(\n *   { keyPattern: 'uploads/photos/**', op: 'put' },\n *   async (event, ctx) => {\n *     await ctx.platform.media.transforms.resize(event.key, { width: 1600, format: 'webp' });\n *   },\n * );\n * ```\n */\nexport function onStorage(\n  config: Omit<EventTriggerStorage, 'kind'>,\n  handler: (event: StorageEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<StorageEvent> {\n  return register({ kind: 'storage', ...config }, handler);\n}\n\n/** Escape hatch for arbitrary `RenEvent` matches. */\nexport function defineEvent(\n  config: Omit<EventTriggerRen, 'kind'>,\n  handler: (event: RenEvent, ctx: EventCtx) => unknown | Promise<unknown>,\n): RegisteredHandler<RenEvent> {\n  return register({ kind: 'ren', ...config }, handler);\n}\n\n/** Type guard used by the build-time discoverer and the runtime registry. */\nexport function isRegisteredHandler(value: unknown): value is RegisteredHandler {\n  return (\n    typeof value === 'object' &&\n    value !== null &&\n    TRIGGER_SYMBOL in value &&\n    typeof (value as Record<string, unknown>).handler === 'function'\n  );\n}\n"],"mappings":";AAwNO,IAAM,iBAAiB;AAO9B,SAAS,SACP,SACA,SAC+B;AAC/B,SAAO,EAAE,CAAC,cAAc,GAAG,SAAS,QAAQ;AAC9C;AAIO,SAAS,WACd,QACA,SACkC;AAClC,SAAO,SAAS,EAAE,MAAM,MAAM,GAAG,OAAO,GAAG,OAAO;AACpD;AAEO,SAAS,WACd,QACA,SACkC;AAClC,SAAO,SAAS,EAAE,MAAM,MAAM,GAAG,OAAO,GAAG,OAAO;AACpD;AAgBO,SAAS,OACd,QACA,SAC8B;AAC9B,SAAO,SAAS,EAAE,MAAM,QAAQ,GAAG,OAAO,GAAG,OAAO;AACtD;AAEO,SAAS,WACd,MACA,SACkC;AAClC,SAAO,SAAS,EAAE,MAAM,YAAY,KAAK,GAAG,OAAO;AACrD;AAEO,SAAS,QACd,MACA,QACA,SACsC;AACtC,SAAO,SAAS,EAAE,MAAM,SAAS,MAAM,GAAG,OAAO,GAAG,OAAO;AAC7D;AAEO,SAAS,UACd,QACA,SACoC;AACpC,SAAO,SAAS,EAAE,MAAM,WAAW,GAAG,OAAO,GAAG,OAAO;AACzD;AAEO,SAAS,SACd,OACA,SACgC;AAChC,SAAO,SAAS,EAAE,MAAM,UAAU,MAAM,GAAG,OAAO;AACpD;AAiBO,SAAS,UACd,QACA,SACiC;AACjC,SAAO,SAAS,EAAE,MAAM,WAAW,GAAG,OAAO,GAAG,OAAO;AACzD;AAGO,SAAS,YACd,QACA,SAC6B;AAC7B,SAAO,SAAS,EAAE,MAAM,OAAO,GAAG,OAAO,GAAG,OAAO;AACrD;AAGO,SAAS,oBAAoB,OAA4C;AAC9E,SACE,OAAO,UAAU,YACjB,UAAU,QACV,kBAAkB,SAClB,OAAQ,MAAkC,YAAY;AAE1D;","names":[]}

package/dist/index.d.ts

@@ -1,6 +1,7 @@
 export { a as RenClient, b as RenClientOptions, R as RenEvent, g as getOrCreateClientId, r as renFetch, s as storageDelete, c as storageUpload } from './ren-D0DCQ0Fs.js';
 import { LocalParticipant } from 'livekit-client';
 export { RegisterPushOptions, RegisterPushResult, offsetBefore, registerPush, unregisterPush } from './push.js';
+export { I as ImageFormat, J as JobHandle, b as JobStatus, c as JobStatusResponse, M as MediaInfo, O as OcrOpts, R as ResizeOpts, d as ThumbnailOpts, e as TranscodeOpts, f as TransformSpec, T as TransformsConfig, a as TransformsPatternSpec, g as TransformsService, V as VideoFormat, k as keyFor, t as transforms } from './transforms-KzpoYW43.js';
 
 /**
  * Media service for video/audio room management.
@@ -710,6 +711,25 @@ interface Storage {
         lastModified: string;
         metadata?: any;
     } | null>;
+    /**
+     * Notify the platform that a presigned-PUT upload completed at the given
+     * key. The bytes never crossed the server, so no `storage.put` event would
+     * fire automatically — call this from your form action right after the
+     * client's direct PUT succeeds. The platform looks up the object's
+     * metadata and publishes the matching `storage.put` event so any registered
+     * event handlers (including the synthesized handlers from a `transforms`
+     * config block) fire as if the upload had streamed through the server.
+     *
+     * Idempotent — safe to call more than once with the same key (the server
+     * dedupes by emitting at most one event per (tenant, key, mtime) tuple).
+     *
+     * @example
+     * ```ts
+     * await fetch(presignedUrl, { method: 'PUT', body: blob });
+     * await platform.env.STORAGE.confirm(key);
+     * ```
+     */
+    confirm(key: string): Promise<void>;
 }
 /**
  * Platform environment containing all available services.
@@ -1327,6 +1347,72 @@ interface PushService {
      */
     rotateVapidKeys(): Promise<PublicPushConfig>;
 }
+/** State of a workflow run. */
+type WorkflowRunStatus = 'queued' | 'running' | 'sleeping' | 'waiting_event' | 'completed' | 'failed' | 'cancelled';
+/** Kind of a recorded step. */
+type WorkflowStepKind = 'run' | 'sleep' | 'wait_event' | 'ai' | 'mcp' | 'invoke';
+/** A durable workflow run as stored in the ledger. */
+interface WorkflowRun {
+    runId: string;
+    workflowId: string;
+    projectId?: string;
+    deploymentId: string;
+    input: unknown;
+    status: WorkflowRunStatus;
+    attempt: number;
+    createdAt: number;
+    updatedAt: number;
+    completedAt?: number;
+    output?: unknown;
+    error?: unknown;
+}
+/** A single step in a run's history. */
+interface WorkflowStepRecord {
+    name: string;
+    kind: WorkflowStepKind;
+    status: 'pending' | 'completed' | 'failed';
+    output?: unknown;
+    error?: unknown;
+    startedAt: number;
+    completedAt?: number;
+    wakeAt?: number;
+}
+/**
+ * Handle returned by `platform.workflows.start()` — poll status, await
+ * the final result, cancel, or inspect step history.
+ */
+interface WorkflowHandle {
+    /** The run's unique id. */
+    readonly runId: string;
+    /** Current run record, or `null` if the run does not exist. */
+    status(): Promise<WorkflowRun | null>;
+    /** Full step history — useful for debugging. */
+    history(): Promise<WorkflowStepRecord[]>;
+    /**
+     * Wait for the run to reach a terminal state and return its output.
+     * Throws if the run ended `failed` or `cancelled`; the thrown error
+     * carries the run record on the `run` property.
+     */
+    result(options?: {
+        timeoutMs?: number;
+    }): Promise<unknown>;
+    /** Best-effort cancellation. Returns `true` if the run transitioned. */
+    cancel(): Promise<boolean>;
+}
+/** Durable multi-step workflow service. */
+interface Workflows {
+    /** Start a new run of the workflow with the given input. */
+    start(workflowId: string, input?: unknown): Promise<WorkflowHandle>;
+    /** Get a handle to an existing run without starting one. */
+    handle(runId: string): WorkflowHandle;
+    /**
+     * Signal an event to any runs paused on `step.waitForEvent`. Returns
+     * the number of runs resolved. Matching rules: `eventType` must equal
+     * the waiter's filter `type`; each key in the filter's `match` must
+     * be present in `payload` with an equal value.
+     */
+    sendEvent(eventType: string, payload?: unknown): Promise<number>;
+}
 interface Platform {
     /** Environment containing all available platform services */
     env: PlatformEnv;
@@ -1345,6 +1431,8 @@ interface Platform {
      * fallback that doesn't proxy to delivery.
      */
     push?: PushService;
+    /** Durable multi-step workflows — `start / handle / sendEvent`. */
+    workflows: Workflows;
 }
 
 interface RealtimeEvent {
@@ -1660,4 +1748,4 @@ declare function getPlatform(options?: {
  */
 declare function clearPlatformCache(): void;
 
-export { type AuthCaller, type AuthField, type AuthService, type AuthSession, type AuthUser, type Database, type DbFindOptions, type IndexDescriptor, type IndexDirection, type IndexKind, type IndexSpec, type KvListResult, type KvNamespace, type ListScheduledFilter, type LoginOptions, MediaLocalParticipant, type MediaParticipant, type MediaParticipantInfo, MediaRoom, MediaRoomEvent, type MediaRoomInfo, type MediaRoomInfoSettings, type MediaRoomOptions, type MediaService, type MediaTokenResult, type MediaTrackPublication, type NotificationPayload, type Platform, type PlatformEnv, type PolicyService, type PresenceMember, type PresenceService, type PublicPushConfig, type PushService, type PushTarget, type QueueStats, RealtimeClient, type RealtimeClientOptions, type RealtimeEvent, type RealtimeService, type RegisterOptions, RemoteMediaService, type ScheduleOptions, type ScheduledJob, type SendReport, type Storage, type StoragePutStreamSource, type StoredPushSubscription, type SubscriptionCounts, type TrackKind, type TrackSource, type UpdateUserOptions, type UserListFilter, type UserListResponse, type VectorAggregation, type VectorIndexDescriptor, type VectorIndexSpec, type VectorMetric, type VectorQuery, type VectorQueryMode, type VectorQueryWithFilter, type VectorSearchHit, type VectorStorage, type VideoResolution, attachTrack, clearPlatformCache, detachTrack, getPlatform };
+export { type AuthCaller, type AuthField, type AuthService, type AuthSession, type AuthUser, type Database, type DbFindOptions, type IndexDescriptor, type IndexDirection, type IndexKind, type IndexSpec, type KvListResult, type KvNamespace, type ListScheduledFilter, type LoginOptions, MediaLocalParticipant, type MediaParticipant, type MediaParticipantInfo, MediaRoom, MediaRoomEvent, type MediaRoomInfo, type MediaRoomInfoSettings, type MediaRoomOptions, type MediaService, type MediaTokenResult, type MediaTrackPublication, type NotificationPayload, type Platform, type PlatformEnv, type PolicyService, type PresenceMember, type PresenceService, type PublicPushConfig, type PushService, type PushTarget, type QueueStats, RealtimeClient, type RealtimeClientOptions, type RealtimeEvent, type RealtimeService, type RegisterOptions, RemoteMediaService, type ScheduleOptions, type ScheduledJob, type SendReport, type Storage, type StoragePutStreamSource, type StoredPushSubscription, type SubscriptionCounts, type TrackKind, type TrackSource, type UpdateUserOptions, type UserListFilter, type UserListResponse, type VectorAggregation, type VectorIndexDescriptor, type VectorIndexSpec, type VectorMetric, type VectorQuery, type VectorQueryMode, type VectorQueryWithFilter, type VectorSearchHit, type VectorStorage, type VideoResolution, type WorkflowHandle, type WorkflowRun, type WorkflowRunStatus, type WorkflowStepKind, type WorkflowStepRecord, type Workflows, attachTrack, clearPlatformCache, detachTrack, getPlatform };

package/dist/index.js

@@ -368,6 +368,13 @@ var RemoteStorage = class _RemoteStorage {
     if (response.status === 404) return null;
     return response.json();
   }
+  async confirm(key) {
+    await this.fetch(`${this.baseUrl}/api/storage/confirm`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ key })
+    });
+  }
 };
 var RemotePresenceService = class {
   constructor(baseUrl, headers) {
@@ -560,6 +567,108 @@ var RemotePolicyService = class {
     );
   }
 };
+var RemoteWorkflows = class {
+  constructor(baseUrl, headers) {
+    this.baseUrl = baseUrl;
+    this.headers = headers;
+  }
+  baseUrl;
+  headers;
+  async request(path, options = {}) {
+    const response = await fetch(`${this.baseUrl}${path}`, {
+      ...options,
+      headers: { ...this.headers, ...options.headers }
+    });
+    if (!response.ok && response.status !== 404) {
+      const error = await response.text();
+      throw new Error(`Platform API error: ${response.status} - ${error}`);
+    }
+    return response;
+  }
+  async start(workflowId, input = {}) {
+    if (typeof workflowId !== "string" || !workflowId) {
+      throw new Error("workflows.start: workflowId must be a non-empty string");
+    }
+    const res = await this.request(
+      `/api/workflows/${encodeURIComponent(workflowId)}/start`,
+      { method: "POST", body: JSON.stringify(input ?? {}) }
+    );
+    const { runId } = await res.json();
+    return makeRemoteWorkflowHandle(this.baseUrl, this.headers, runId);
+  }
+  handle(runId) {
+    if (typeof runId !== "string" || !runId) {
+      throw new Error("workflows.handle: runId must be a non-empty string");
+    }
+    return makeRemoteWorkflowHandle(this.baseUrl, this.headers, runId);
+  }
+  async sendEvent(eventType, payload = null) {
+    if (typeof eventType !== "string" || !eventType) {
+      throw new Error("workflows.sendEvent: eventType must be a non-empty string");
+    }
+    const res = await this.request(`/api/workflows/signal`, {
+      method: "POST",
+      body: JSON.stringify({ eventType, payload })
+    });
+    const data = await res.json();
+    return data.count;
+  }
+};
+function makeRemoteWorkflowHandle(baseUrl, headers, runId) {
+  const doFetch = async (path, init = {}) => {
+    const res = await fetch(`${baseUrl}${path}`, {
+      ...init,
+      headers: { ...headers, ...init.headers }
+    });
+    if (!res.ok && res.status !== 404) {
+      throw new Error(`Platform API error: ${res.status} - ${await res.text()}`);
+    }
+    return res;
+  };
+  const handle = {
+    runId,
+    async status() {
+      const res = await doFetch(`/api/workflows/runs/${encodeURIComponent(runId)}`);
+      if (res.status === 404) return null;
+      return await res.json();
+    },
+    async history() {
+      const res = await doFetch(
+        `/api/workflows/runs/${encodeURIComponent(runId)}/history`
+      );
+      return await res.json();
+    },
+    async cancel() {
+      const res = await doFetch(
+        `/api/workflows/runs/${encodeURIComponent(runId)}/cancel`,
+        { method: "POST" }
+      );
+      const data = await res.json();
+      return data.cancelled;
+    },
+    async result(options) {
+      const timeoutMs = options?.timeoutMs;
+      const deadline = typeof timeoutMs === "number" && Number.isFinite(timeoutMs) && timeoutMs > 0 ? Date.now() + timeoutMs : null;
+      let delay = 100;
+      while (true) {
+        const run = await handle.status();
+        if (!run) throw new Error(`workflow run not found: ${runId}`);
+        if (run.status === "completed") return run.output;
+        if (run.status === "failed" || run.status === "cancelled") {
+          const err = new Error(`workflow ${run.status}`);
+          err.run = run;
+          throw err;
+        }
+        if (deadline !== null && Date.now() >= deadline) {
+          throw new Error("workflow result timeout");
+        }
+        await new Promise((r) => setTimeout(r, delay));
+        delay = Math.min(delay * 2, 5e3);
+      }
+    }
+  };
+  return handle;
+}
 function createRemoteClient(baseUrl, tenant) {
   const headers = {
     "Content-Type": "application/json",
@@ -576,6 +685,7 @@ function createRemoteClient(baseUrl, tenant) {
   const realtime = new RemoteRealtimeService(baseUrl, headers);
   const auth = new RemoteAuthService(baseUrl, headers);
   const policy = new RemotePolicyService();
+  const workflows = new RemoteWorkflows(baseUrl, headers);
   return {
     env: {
       KV: kvProxy,
@@ -585,7 +695,8 @@ function createRemoteClient(baseUrl, tenant) {
     media,
     realtime,
     auth,
-    policy
+    policy,
+    workflows
   };
 }
 
@@ -669,6 +780,12 @@ var RenClient = class {
       "presence.join",
       "presence.leave",
       "presence.update",
+      // Media transform lifecycle (emitted by media-transforms-worker)
+      "transform.queued",
+      "transform.started",
+      "transform.progress",
+      "transform.complete",
+      "transform.failed",
       // Meta events
       "ren.meta"
     ];
@@ -1421,6 +1538,55 @@ function offsetBefore(anchor, offset) {
   return new Date(anchorDate.getTime() - amount * UNIT_MS[unit]);
 }
 
+// src/transforms.ts
+import { sha256 } from "@noble/hashes/sha2";
+function sortKeys(value) {
+  if (Array.isArray(value)) return value.map(sortKeys);
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const k of Object.keys(value).sort()) {
+      out[k] = sortKeys(value[k]);
+    }
+    return out;
+  }
+  return value;
+}
+function canonicalJson(value) {
+  return JSON.stringify(sortKeys(value));
+}
+function shortHexSha256(input) {
+  const bytes = new TextEncoder().encode(input);
+  const hash = sha256(bytes);
+  return Array.from(hash.slice(0, 8)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function outputExtension(spec) {
+  switch (spec.kind) {
+    case "transcode":
+      return spec.format;
+    // 'mp4' | 'webm'
+    case "thumbnail":
+    case "resize": {
+      const fmt = spec.format ?? "jpg";
+      return fmt;
+    }
+    case "ocr":
+      return "txt";
+    default: {
+      const _exhaust = spec;
+      throw new Error(`unknown transform kind: ${_exhaust.kind}`);
+    }
+  }
+}
+function keyFor(srcKey, spec) {
+  const srcHash = shortHexSha256(srcKey);
+  const variantHash = shortHexSha256(canonicalJson(spec));
+  const ext = outputExtension(spec);
+  return `__derived/${srcHash}/${variantHash}.${ext}`;
+}
+var transforms = {
+  keyFor
+};
+
 // src/index.ts
 var cachedPlatform = void 0;
 function getPlatform(options) {
@@ -1466,11 +1632,13 @@ export {
   detachTrack,
   getOrCreateClientId,
   getPlatform,
+  keyFor,
   offsetBefore,
   registerPush,
   renFetch,
   storageDelete,
   storageUpload,
+  transforms,
   unregisterPush
 };
 //# sourceMappingURL=index.js.map