@od-oneapp/storage 2026.1.1301

package/dist/vercel-blob-07Sx0Akn.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vercel-blob-07Sx0Akn.d.mts","names":[],"sources":["../providers/vercel-blob.ts"],"mappings":";;;cAsBa,kBAAA,YAA8B,eAAA;EAAA,QACjC,KAAA;cAEI,KAAA;EAON,MAAA,CAAO,GAAA,WAAc,OAAA;EAQrB,QAAA,CAAS,GAAA,WAAc,OAAA,CAAQ,IAAA;EAgC/B,MAAA,CAAO,GAAA,WAAc,OAAA;EAmBrB,WAAA,CAAY,GAAA,WAAc,OAAA,CAAQ,aAAA;EAmBlC,MAAA,CAAO,GAAA,UAAa,QAAA;IAAa,SAAA;EAAA,IAAuB,OAAA;EAWxD,IAAA,CAAK,OAAA,GAAU,WAAA,GAAc,OAAA,CAAQ,aAAA;EA6BrC,MAAA,CACJ,GAAA,UACA,IAAA,EAAM,WAAA,GAAc,IAAA,GAAO,MAAA,GAAS,IAAA,GAAO,cAAA,EAC3C,OAAA,GAAU,aAAA,GACT,OAAA,CAAQ,aAAA;EAgDL,qBAAA,CACJ,GAAA,UACA,QAAA,GAAW,aAAA,GACV,OAAA;IAAU,QAAA;IAAkB,GAAA;EAAA;EAKzB,UAAA,CAAA,GAAc,OAAA;IAAU,IAAA;IAAc,UAAA;EAAA;EAMtC,uBAAA,CAAA,GAA2B,OAAA,CAAQ,aAAA;EAMnC,oBAAA,CAAA,GAAwB,OAAA;EAMxB,qBAAA,CAAA,GAAyB,OAAA,CAAQ,kBAAA;EAMvC,eAAA,CAAA,GAAmB,mBAAA;AAAA"}

package/dist/vercel-blob-DA8HaYuw.mjs

@@ -0,0 +1,158 @@
+import { del, head, list, put } from "@vercel/blob";
+
+//#region providers/vercel-blob.ts
+/**
+* @fileoverview Vercel Blob storage provider
+*
+* Direct implementation (no @integrations/* dependency) to keep
+* @od-oneapp/storage publishable/portable.
+*/
+/** Default download timeout in ms */
+const DEFAULT_DOWNLOAD_TIMEOUT_MS = 3e4;
+var VercelBlobProvider = class {
+	token;
+	constructor(token) {
+		if (!token) throw new Error("Vercel Blob token is required");
+		this.token = token;
+	}
+	async delete(key) {
+		if (!key || key.trim() === "") throw new Error("Blob key cannot be empty");
+		await del(key, { token: this.token });
+	}
+	async download(key) {
+		if (!key || key.trim() === "") throw new Error("Blob key cannot be empty");
+		const controller = new AbortController();
+		const timeoutId = setTimeout(() => controller.abort(), DEFAULT_DOWNLOAD_TIMEOUT_MS);
+		try {
+			const response = await fetch(key, {
+				headers: { Authorization: `Bearer ${this.token}` },
+				signal: controller.signal
+			});
+			if (!response.ok) throw new Error(`Failed to download blob: ${response.statusText}`);
+			return response.blob();
+		} catch (error) {
+			if (error instanceof Error && error.name === "AbortError") throw new Error(`Download timeout: Request exceeded ${DEFAULT_DOWNLOAD_TIMEOUT_MS}ms`);
+			throw error;
+		} finally {
+			clearTimeout(timeoutId);
+		}
+	}
+	async exists(key) {
+		if (!key || key.trim() === "") throw new Error("Blob key cannot be empty");
+		try {
+			await head(key, { token: this.token });
+			return true;
+		} catch (error) {
+			const message = error instanceof Error ? error.message.toLowerCase() : String(error).toLowerCase();
+			if (error?.status === 404 || message.includes("not found") || message.includes("404")) return false;
+			throw error;
+		}
+	}
+	async getMetadata(key) {
+		if (!key || key.trim() === "") throw new Error("Blob key cannot be empty");
+		const blob = await head(key, { token: this.token });
+		return {
+			access: "public",
+			contentType: blob.contentType,
+			downloadUrl: blob.downloadUrl,
+			etag: void 0,
+			key: blob.pathname,
+			lastModified: new Date(blob.uploadedAt),
+			size: blob.size,
+			url: blob.url
+		};
+	}
+	async getUrl(key, _options) {
+		if (!key || key.trim() === "") throw new Error("Blob key cannot be empty");
+		return (await head(key, { token: this.token })).url;
+	}
+	async list(options) {
+		return (await list({
+			cursor: options?.cursor,
+			limit: options?.limit,
+			prefix: options?.prefix,
+			token: this.token
+		})).blobs.map((blob) => ({
+			contentType: blob.contentType ?? "application/octet-stream",
+			etag: void 0,
+			key: blob.pathname,
+			lastModified: new Date(blob.uploadedAt),
+			size: blob.size,
+			downloadUrl: void 0,
+			url: blob.url
+		}));
+	}
+	async upload(key, data, options) {
+		if (!key || key.trim() === "") throw new Error("Blob key cannot be empty");
+		const access = "public";
+		const onUploadProgress = options?.onProgress ? (event) => {
+			const total = event.total ?? event.loaded;
+			options.onProgress?.({
+				key,
+				loaded: event.loaded,
+				total,
+				percentage: event.percentage ?? (total ? event.loaded / total * 100 : void 0)
+			});
+		} : void 0;
+		const result = await put(key, data, {
+			access,
+			addRandomSuffix: options?.addRandomSuffix ?? false,
+			allowOverwrite: options?.allowOverwrite,
+			cacheControlMaxAge: options?.cacheControlMaxAge,
+			contentType: options?.contentType,
+			multipart: options?.multipart,
+			abortSignal: options?.abortSignal,
+			onUploadProgress,
+			...options?.clientPayload && { clientPayload: options.clientPayload },
+			token: this.token
+		});
+		const metadata = await head(result.url, { token: this.token });
+		return {
+			access,
+			contentType: metadata.contentType,
+			downloadUrl: metadata.downloadUrl,
+			etag: void 0,
+			key: result.pathname,
+			lastModified: new Date(metadata.uploadedAt),
+			metadata: options?.metadata,
+			size: metadata.size,
+			url: metadata.url ?? result.url
+		};
+	}
+	async createMultipartUpload(key, _options) {
+		return {
+			uploadId: `vercel-blob-${crypto.randomUUID()}`,
+			key
+		};
+	}
+	async uploadPart() {
+		throw new Error("Vercel Blob does not support manual multipart uploads. Use multipart: true in upload options instead.");
+	}
+	async completeMultipartUpload() {
+		throw new Error("Vercel Blob does not support manual multipart uploads. Use multipart: true in upload options instead.");
+	}
+	async abortMultipartUpload() {
+		throw new Error("Vercel Blob does not support manual multipart uploads. Use multipart: true in upload options instead.");
+	}
+	async getPresignedUploadUrl() {
+		throw new Error("Vercel Blob does not support presigned URLs. Use direct upload with handleUploadUrl instead.");
+	}
+	getCapabilities() {
+		return {
+			multipart: false,
+			presignedUrls: false,
+			progressTracking: true,
+			abortSignal: true,
+			metadata: true,
+			customDomains: false,
+			edgeCompatible: true,
+			versioning: false,
+			encryption: false,
+			directoryListing: true
+		};
+	}
+};
+
+//#endregion
+export { VercelBlobProvider as t };
+//# sourceMappingURL=vercel-blob-DA8HaYuw.mjs.map

package/dist/vercel-blob-DA8HaYuw.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"vercel-blob-DA8HaYuw.mjs","names":[],"sources":["../providers/vercel-blob.ts"],"sourcesContent":["/**\n * @fileoverview Vercel Blob storage provider\n *\n * Direct implementation (no @integrations/* dependency) to keep\n * @od-oneapp/storage publishable/portable.\n */\n\nimport { del, head, list, put } from '@vercel/blob';\n\nimport type { UploadProgressEvent } from '@vercel/blob';\nimport type {\n  ListOptions,\n  PresignedUploadUrl,\n  StorageCapabilities,\n  StorageObject,\n  StorageProvider,\n  UploadOptions,\n} from '../types';\n\n/** Default download timeout in ms */\nconst DEFAULT_DOWNLOAD_TIMEOUT_MS = 30_000;\n\nexport class VercelBlobProvider implements StorageProvider {\n  private token: string;\n\n  constructor(token: string) {\n    if (!token) {\n      throw new Error('Vercel Blob token is required');\n    }\n    this.token = token;\n  }\n\n  async delete(key: string): Promise<void> {\n    if (!key || key.trim() === '') {\n      throw new Error('Blob key cannot be empty');\n    }\n\n    await del(key, { token: this.token });\n  }\n\n  async download(key: string): Promise<Blob> {\n    if (!key || key.trim() === '') {\n      throw new Error('Blob key cannot be empty');\n    }\n\n    // Add timeout to prevent hanging requests\n    const controller = new AbortController();\n    const timeoutId = setTimeout(() => controller.abort(), DEFAULT_DOWNLOAD_TIMEOUT_MS);\n\n    try {\n      const response = await fetch(key, {\n        headers: {\n          Authorization: `Bearer ${this.token}`,\n        },\n        signal: controller.signal,\n      });\n\n      if (!response.ok) {\n        throw new Error(`Failed to download blob: ${response.statusText}`);\n      }\n\n      return response.blob();\n    } catch (error) {\n      if (error instanceof Error && error.name === 'AbortError') {\n        throw new Error(`Download timeout: Request exceeded ${DEFAULT_DOWNLOAD_TIMEOUT_MS}ms`);\n      }\n      throw error;\n    } finally {\n      clearTimeout(timeoutId);\n    }\n  }\n\n  async exists(key: string): Promise<boolean> {\n    if (!key || key.trim() === '') {\n      throw new Error('Blob key cannot be empty');\n    }\n\n    try {\n      await head(key, { token: this.token });\n      return true;\n    } catch (error) {\n      const message =\n        error instanceof Error ? error.message.toLowerCase() : String(error).toLowerCase();\n      const err = error as { status?: number };\n      if (err?.status === 404 || message.includes('not found') || message.includes('404')) {\n        return false;\n      }\n      throw error;\n    }\n  }\n\n  async getMetadata(key: string): Promise<StorageObject> {\n    if (!key || key.trim() === '') {\n      throw new Error('Blob key cannot be empty');\n    }\n\n    const blob = await head(key, { token: this.token });\n\n    return {\n      access: 'public', // Vercel Blob defaults to public; private access determined by URL auth\n      contentType: blob.contentType,\n      downloadUrl: blob.downloadUrl,\n      etag: undefined,\n      key: blob.pathname,\n      lastModified: new Date(blob.uploadedAt),\n      size: blob.size,\n      url: blob.url,\n    };\n  }\n\n  async getUrl(key: string, _options?: { expiresIn?: number }): Promise<string> {\n    if (!key || key.trim() === '') {\n      throw new Error('Blob key cannot be empty');\n    }\n\n    // Vercel Blob URLs are permanent for public files\n    // For private files, they include auth in the URL\n    const blob = await head(key, { token: this.token });\n    return blob.url;\n  }\n\n  async list(options?: ListOptions): Promise<StorageObject[]> {\n    const result = await list({\n      cursor: options?.cursor,\n      limit: options?.limit,\n      prefix: options?.prefix,\n      token: this.token,\n    });\n\n    // Avoid N+1 queries: Use data from list response when available\n    // Only make head() calls if content type is truly needed and not available\n    return result.blobs.map(\n      (blob: {\n        pathname: string;\n        url: string;\n        size: number;\n        uploadedAt: Date;\n        contentType?: string;\n      }) => ({\n        contentType: blob.contentType ?? 'application/octet-stream',\n        etag: undefined,\n        key: blob.pathname,\n        lastModified: new Date(blob.uploadedAt),\n        size: blob.size,\n        downloadUrl: undefined, // Not available from list response\n        url: blob.url,\n      }),\n    );\n  }\n\n  async upload(\n    key: string,\n    data: ArrayBuffer | Blob | Buffer | File | ReadableStream,\n    options?: UploadOptions,\n  ): Promise<StorageObject> {\n    if (!key || key.trim() === '') {\n      throw new Error('Blob key cannot be empty');\n    }\n\n    // Vercel Blob only supports public access; private uploads not yet available\n    const access = 'public';\n    const onUploadProgress: ((event: UploadProgressEvent) => void) | undefined = options?.onProgress\n      ? event => {\n          const total = event.total ?? event.loaded;\n          options.onProgress?.({\n            key,\n            loaded: event.loaded,\n            total,\n            percentage: event.percentage ?? (total ? (event.loaded / total) * 100 : undefined),\n          });\n        }\n      : undefined;\n\n    const result = await put(key, data, {\n      access,\n      addRandomSuffix: options?.addRandomSuffix ?? false,\n      allowOverwrite: options?.allowOverwrite,\n      cacheControlMaxAge: options?.cacheControlMaxAge,\n      contentType: options?.contentType,\n      multipart: options?.multipart,\n      abortSignal: options?.abortSignal,\n      onUploadProgress,\n      ...(options?.clientPayload && { clientPayload: options.clientPayload }),\n      token: this.token,\n    });\n\n    // Get metadata to retrieve size and download URL\n    const metadata = await head(result.url, { token: this.token });\n\n    return {\n      access,\n      contentType: metadata.contentType,\n      downloadUrl: metadata.downloadUrl,\n      etag: undefined,\n      key: result.pathname,\n      lastModified: new Date(metadata.uploadedAt),\n      metadata: options?.metadata,\n      size: metadata.size,\n      url: metadata.url ?? result.url,\n    };\n  }\n\n  async createMultipartUpload(\n    key: string,\n    _options?: UploadOptions,\n  ): Promise<{ uploadId: string; key: string }> {\n    const uploadId = `vercel-blob-${crypto.randomUUID()}`;\n    return { uploadId, key };\n  }\n\n  async uploadPart(): Promise<{ etag: string; partNumber: number }> {\n    throw new Error(\n      'Vercel Blob does not support manual multipart uploads. Use multipart: true in upload options instead.',\n    );\n  }\n\n  async completeMultipartUpload(): Promise<StorageObject> {\n    throw new Error(\n      'Vercel Blob does not support manual multipart uploads. Use multipart: true in upload options instead.',\n    );\n  }\n\n  async abortMultipartUpload(): Promise<void> {\n    throw new Error(\n      'Vercel Blob does not support manual multipart uploads. Use multipart: true in upload options instead.',\n    );\n  }\n\n  async getPresignedUploadUrl(): Promise<PresignedUploadUrl> {\n    throw new Error(\n      'Vercel Blob does not support presigned URLs. Use direct upload with handleUploadUrl instead.',\n    );\n  }\n\n  getCapabilities(): StorageCapabilities {\n    return {\n      multipart: false,\n      presignedUrls: false,\n      progressTracking: true,\n      abortSignal: true,\n      metadata: true,\n      customDomains: false,\n      edgeCompatible: true,\n      versioning: false,\n      encryption: false,\n      directoryListing: true,\n    };\n  }\n}\n"],"mappings":";;;;;;;;;;AAoBA,MAAM,8BAA8B;AAEpC,IAAa,qBAAb,MAA2D;CACzD,AAAQ;CAER,YAAY,OAAe;AACzB,MAAI,CAAC,MACH,OAAM,IAAI,MAAM,gCAAgC;AAElD,OAAK,QAAQ;;CAGf,MAAM,OAAO,KAA4B;AACvC,MAAI,CAAC,OAAO,IAAI,MAAM,KAAK,GACzB,OAAM,IAAI,MAAM,2BAA2B;AAG7C,QAAM,IAAI,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC;;CAGvC,MAAM,SAAS,KAA4B;AACzC,MAAI,CAAC,OAAO,IAAI,MAAM,KAAK,GACzB,OAAM,IAAI,MAAM,2BAA2B;EAI7C,MAAM,aAAa,IAAI,iBAAiB;EACxC,MAAM,YAAY,iBAAiB,WAAW,OAAO,EAAE,4BAA4B;AAEnF,MAAI;GACF,MAAM,WAAW,MAAM,MAAM,KAAK;IAChC,SAAS,EACP,eAAe,UAAU,KAAK,SAC/B;IACD,QAAQ,WAAW;IACpB,CAAC;AAEF,OAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,4BAA4B,SAAS,aAAa;AAGpE,UAAO,SAAS,MAAM;WACf,OAAO;AACd,OAAI,iBAAiB,SAAS,MAAM,SAAS,aAC3C,OAAM,IAAI,MAAM,sCAAsC,4BAA4B,IAAI;AAExF,SAAM;YACE;AACR,gBAAa,UAAU;;;CAI3B,MAAM,OAAO,KAA+B;AAC1C,MAAI,CAAC,OAAO,IAAI,MAAM,KAAK,GACzB,OAAM,IAAI,MAAM,2BAA2B;AAG7C,MAAI;AACF,SAAM,KAAK,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC;AACtC,UAAO;WACA,OAAO;GACd,MAAM,UACJ,iBAAiB,QAAQ,MAAM,QAAQ,aAAa,GAAG,OAAO,MAAM,CAAC,aAAa;AAEpF,OADY,OACH,WAAW,OAAO,QAAQ,SAAS,YAAY,IAAI,QAAQ,SAAS,MAAM,CACjF,QAAO;AAET,SAAM;;;CAIV,MAAM,YAAY,KAAqC;AACrD,MAAI,CAAC,OAAO,IAAI,MAAM,KAAK,GACzB,OAAM,IAAI,MAAM,2BAA2B;EAG7C,MAAM,OAAO,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC;AAEnD,SAAO;GACL,QAAQ;GACR,aAAa,KAAK;GAClB,aAAa,KAAK;GAClB,MAAM;GACN,KAAK,KAAK;GACV,cAAc,IAAI,KAAK,KAAK,WAAW;GACvC,MAAM,KAAK;GACX,KAAK,KAAK;GACX;;CAGH,MAAM,OAAO,KAAa,UAAoD;AAC5E,MAAI,CAAC,OAAO,IAAI,MAAM,KAAK,GACzB,OAAM,IAAI,MAAM,2BAA2B;AAM7C,UADa,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,EACvC;;CAGd,MAAM,KAAK,SAAiD;AAU1D,UATe,MAAM,KAAK;GACxB,QAAQ,SAAS;GACjB,OAAO,SAAS;GAChB,QAAQ,SAAS;GACjB,OAAO,KAAK;GACb,CAAC,EAIY,MAAM,KACjB,UAMM;GACL,aAAa,KAAK,eAAe;GACjC,MAAM;GACN,KAAK,KAAK;GACV,cAAc,IAAI,KAAK,KAAK,WAAW;GACvC,MAAM,KAAK;GACX,aAAa;GACb,KAAK,KAAK;GACX,EACF;;CAGH,MAAM,OACJ,KACA,MACA,SACwB;AACxB,MAAI,CAAC,OAAO,IAAI,MAAM,KAAK,GACzB,OAAM,IAAI,MAAM,2BAA2B;EAI7C,MAAM,SAAS;EACf,MAAM,mBAAuE,SAAS,cAClF,UAAS;GACP,MAAM,QAAQ,MAAM,SAAS,MAAM;AACnC,WAAQ,aAAa;IACnB;IACA,QAAQ,MAAM;IACd;IACA,YAAY,MAAM,eAAe,QAAS,MAAM,SAAS,QAAS,MAAM;IACzE,CAAC;MAEJ;EAEJ,MAAM,SAAS,MAAM,IAAI,KAAK,MAAM;GAClC;GACA,iBAAiB,SAAS,mBAAmB;GAC7C,gBAAgB,SAAS;GACzB,oBAAoB,SAAS;GAC7B,aAAa,SAAS;GACtB,WAAW,SAAS;GACpB,aAAa,SAAS;GACtB;GACA,GAAI,SAAS,iBAAiB,EAAE,eAAe,QAAQ,eAAe;GACtE,OAAO,KAAK;GACb,CAAC;EAGF,MAAM,WAAW,MAAM,KAAK,OAAO,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC;AAE9D,SAAO;GACL;GACA,aAAa,SAAS;GACtB,aAAa,SAAS;GACtB,MAAM;GACN,KAAK,OAAO;GACZ,cAAc,IAAI,KAAK,SAAS,WAAW;GAC3C,UAAU,SAAS;GACnB,MAAM,SAAS;GACf,KAAK,SAAS,OAAO,OAAO;GAC7B;;CAGH,MAAM,sBACJ,KACA,UAC4C;AAE5C,SAAO;GAAE,UADQ,eAAe,OAAO,YAAY;GAChC;GAAK;;CAG1B,MAAM,aAA4D;AAChE,QAAM,IAAI,MACR,wGACD;;CAGH,MAAM,0BAAkD;AACtD,QAAM,IAAI,MACR,wGACD;;CAGH,MAAM,uBAAsC;AAC1C,QAAM,IAAI,MACR,wGACD;;CAGH,MAAM,wBAAqD;AACzD,QAAM,IAAI,MACR,+FACD;;CAGH,kBAAuC;AACrC,SAAO;GACL,WAAW;GACX,eAAe;GACf,kBAAkB;GAClB,aAAa;GACb,UAAU;GACV,eAAe;GACf,gBAAgB;GAChB,YAAY;GACZ,YAAY;GACZ,kBAAkB;GACnB"}

package/package.json

@@ -0,0 +1,111 @@
+{
+  "name": "@od-oneapp/storage",
+  "version": "2026.1.1301",
+  "private": false,
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/OneDigital-Product/monorepo.git",
+    "directory": "platform/packages/storage"
+  },
+  "sideEffects": false,
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/env.d.mts",
+      "import": "./dist/env.mjs",
+      "default": "./dist/env.mjs"
+    },
+    "./client": {
+      "types": "./dist/client.d.mts",
+      "import": "./dist/client.mjs",
+      "default": "./dist/client.mjs"
+    },
+    "./server": {
+      "types": "./dist/server.d.mts",
+      "import": "./dist/server.mjs",
+      "default": "./dist/server.mjs"
+    },
+    "./client/next": {
+      "types": "./dist/client-next.d.mts",
+      "import": "./dist/client-next.mjs",
+      "default": "./dist/client-next.mjs"
+    },
+    "./server/next": {
+      "types": "./dist/server-next.d.mts",
+      "import": "./dist/server-next.mjs",
+      "default": "./dist/server-next.mjs"
+    },
+    "./server/edge": {
+      "types": "./dist/server-edge.d.mts",
+      "import": "./dist/server-edge.mjs",
+      "default": "./dist/server-edge.mjs"
+    },
+    "./env": {
+      "types": "./dist/env.d.mts",
+      "import": "./dist/env.mjs",
+      "default": "./dist/env.mjs"
+    },
+    "./keys": {
+      "types": "./dist/keys.d.mts",
+      "import": "./dist/keys.mjs",
+      "default": "./dist/keys.mjs"
+    },
+    "./types": {
+      "types": "./dist/types.d.mts",
+      "import": "./dist/types.mjs",
+      "default": "./dist/types.mjs"
+    },
+    "./validation": {
+      "types": "./dist/validation.d.mts",
+      "import": "./dist/validation.mjs",
+      "default": "./dist/validation.mjs"
+    }
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "dependencies": {
+    "@t3-oss/env-core": "^0.13.10",
+    "@vercel/blob": "^2.2.0",
+    "nanoid": "^5.1.6",
+    "tsdown": "^0.20.3",
+    "zod": "4.3.6",
+    "@integrations/cloudflare": "2026.1.1301",
+    "@repo/shared": "2026.1.1301"
+  },
+  "devDependencies": {
+    "@faker-js/faker": "^10.3.0",
+    "@types/react": "19.2.13",
+    "@types/react-dom": "19.2.3",
+    "@vitest/coverage-v8": "4.0.18",
+    "eslint": "9.39.2",
+    "knip": "^5.83.1",
+    "madge": "8.0.0",
+    "next": "16.1.6",
+    "typescript": "5.9.3",
+    "vitest": "4.0.18",
+    "@repo/config": "2026.1.1301",
+    "@od-oneapp/observability": "2026.1.1301",
+    "@od-oneapp/qa": "2026.1.1301"
+  },
+  "publishConfig": {
+    "access": "restricted",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "build:publish": "tsdown && node ../../../scripts/prepare-publish.mjs",
+    "circular": "madge --circular --extensions ts,tsx,js,jsx .",
+    "coverage:collect": "vitest run --coverage --reporter=json",
+    "format": "prettier --write --cache --ignore-unknown --ignore-path ../../../.prettierignore .",
+    "format:check": "prettier --check --cache --ignore-unknown --ignore-path ../../../.prettierignore .",
+    "knip": "knip --reporter json --exclude unlisted,exports,files,binaries,types,duplicates",
+    "lint": "eslint . --fix ",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "test:coverage:json": "vitest run --coverage --reporter=json",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit"
+  }
+}

package/src/actions/blob-upload.ts

@@ -0,0 +1,171 @@
+/**
+ * @fileoverview Blob upload server action
+ *
+ * Handles Vercel Blob uploads with authentication, validation, and callbacks.
+ * Provides secure upload handling for Next.js server actions.
+ *
+ * @module @od-oneapp/storage/actions/blob-upload
+ */
+
+'use server';
+
+import { handleUpload } from '@vercel/blob/client';
+import { logError } from '@repo/shared/logs';
+
+
+import { safeEnv } from '../../env';
+import { type HandleUploadConfig, type OnBeforeGenerateTokenResult } from '../../types';
+import { validateCSRFToken } from '../auth-helpers';
+
+import type { PutBlobResult } from '@vercel/blob';
+
+/**
+ * Callback invoked before processing an upload or token generation
+ * Allows validation and configuration of upload parameters
+ */
+export type OnBeforeGenerateToken = (
+  pathname: string,
+  clientPayload?: string,
+) => Promise<{
+  allowed: boolean;
+  token?: string;
+  allowedContentTypes?: string[];
+  maximumSizeInBytes?: number;
+  tokenPayload?: string | null;
+}>;
+
+/**
+ * Callback invoked after upload completes
+ * Allows processing of uploaded file metadata
+ */
+export type OnUploadCompleted = (
+  blob: {
+    url: string;
+    pathname: string;
+    contentType?: string;
+    contentDisposition?: string;
+    size: number;
+  },
+  clientPayload?: string,
+) => Promise<void>;
+
+/**
+ * Process a multipart/form-data upload via Vercel Blob, enforcing CSRF and environment token checks and invoking optional pre-token and post-upload hooks.
+ *
+ * @param request - Incoming HTTP Request expected to contain multipart/form-data for the upload.
+ * @param config - Optional handlers:
+ * - onBeforeGenerateToken(pathname, clientPayload): validate/configure a scoped client token and return `{ allowed, token?, allowedContentTypes?, maximumSizeInBytes?, tokenPayload? }`.
+ * - onUploadCompleted(blob, clientPayload): receive completed upload metadata `{ url, pathname, contentType?, contentDisposition?, size }` and the original clientPayload.
+ * @returns A Response with a JSON body. On success the body is the value returned by Vercel's `handleUpload`; on error the body is `{ error: string }` and the response status will be 403 for invalid CSRF or 500 for configuration/processing errors.
+ */
+export async function handleBlobUpload(
+  request: Request,
+  config?: HandleUploadConfig,
+): Promise<Response> {
+  try {
+    const blobEnv = safeEnv();
+
+    // CSRF protection (only when enforced)
+    if (blobEnv.STORAGE_ENFORCE_CSRF) {
+      const csrfToken = request.headers.get('x-csrf-token');
+      if (!csrfToken || !validateCSRFToken(csrfToken, request)) {
+        return new Response(JSON.stringify({ error: 'Invalid CSRF token' }), {
+          status: 403,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+    }
+    const token = blobEnv.VERCEL_BLOB_READ_WRITE_TOKEN;
+
+    if (!token) {
+      return new Response(
+        JSON.stringify({ error: 'VERCEL_BLOB_READ_WRITE_TOKEN not configured' }),
+        {
+          status: 500,
+          headers: { 'Content-Type': 'application/json' },
+        },
+      );
+    }
+
+    // Parse the request body for handleUpload (Vercel blob client sends JSON events)
+    const body = await request.json();
+
+    // Use Vercel's handleUpload to manage the full upload flow
+    const result = await handleUpload({
+      body,
+      token,
+      request,
+      onBeforeGenerateToken: async (
+        pathname: string,
+        clientPayload: string | null,
+        _multipart: boolean,
+      ) => {
+        if (config?.onBeforeGenerateToken) {
+          try {
+            const result: OnBeforeGenerateTokenResult = await config.onBeforeGenerateToken(
+              pathname,
+              clientPayload ?? undefined,
+            );
+            if (!result.allowed) {
+              throw new Error('Upload not allowed');
+            }
+            return {
+              allowedContentTypes: result.allowedContentTypes,
+              maximumSizeInBytes: result.maximumSizeInBytes,
+              tokenPayload: result.tokenPayload,
+            };
+          } catch (error) {
+            throw new Error(
+              `Upload validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            );
+          }
+        }
+        return {};
+      },
+
+      onUploadCompleted: async (payload: { blob: PutBlobResult; tokenPayload?: string | null }) => {
+        if (config?.onUploadCompleted) {
+          try {
+            const { blob, tokenPayload } = payload;
+            await config.onUploadCompleted(
+              {
+                url: blob.url,
+                pathname: blob.pathname,
+                contentType: blob.contentType,
+                contentDisposition: blob.contentDisposition,
+                size: (blob as PutBlobResult & { size?: number }).size ?? 0,
+              },
+              tokenPayload ?? undefined,
+            );
+          } catch (error) {
+            // Don't fail the upload if callback fails
+            // Use structured logging for better observability
+            logError('onUploadCompleted callback failed', {
+              error: error instanceof Error ? error.message : String(error),
+              blob: {
+                url: payload.blob.url,
+                pathname: payload.blob.pathname,
+                size: (payload.blob as PutBlobResult & { size?: number }).size,
+                contentType: payload.blob.contentType,
+              },
+              clientPayload: payload.tokenPayload,
+              timestamp: new Date().toISOString(),
+            });
+          }
+        }
+      },
+    });
+
+    return new Response(JSON.stringify(result), {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    return new Response(
+      JSON.stringify({
+        error: error instanceof Error ? error.message : 'Upload failed',
+      }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } },
+    );
+  }
+}

package/src/actions/index.ts

@@ -0,0 +1,23 @@
+/**
+ * @fileoverview Barrel exports for storage actions
+ *
+ * Re-exports all storage server actions for convenient importing.
+ *
+ * @module @repo/storage/actions
+ */
+
+// Barrel exports for storage actions
+
+// Media operations
+export * from './mediaActions';
+
+// Product media business logic
+export * from './productMediaActions';
+
+// Blob upload handling
+export * from './blob-upload';
+
+// Additional action files can be added here as needed:
+// export * from './imageActions'; // For image-specific operations
+// export * from './documentActions'; // For document-specific operations
+// export * from './migrationActions'; // For storage migration operations