@palbase/backend 8.0.0 → 8.1.0

package/dist/index.d.cts

@@ -1,8 +1,8 @@
-import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-cDQyI6jH.cjs';
-export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCmsClient, V as PalbaseCmsFindOneOptions, W as PalbaseCmsFindOptions, X as PalbaseCohortQueryInput, Y as PalbaseCohortResult, Z as PalbaseCollectionRef, _ as PalbaseCountQueryInput, $ as PalbaseCountResult, a0 as PalbaseCreateLinkParams, a1 as PalbaseDeviceInfo, a2 as PalbaseDeviceTokenView, a3 as PalbaseDocumentRef, a4 as PalbaseDocumentSnapshot, a5 as PalbaseEmailClient, a6 as PalbaseEmailSendParams, a7 as PalbaseEmailSendResponse, a8 as PalbaseEventNamesResult, a9 as PalbaseEventsQueryInput, aa as PalbaseEventsResult, ab as PalbaseFileObject, ac as PalbaseFlag, ad as PalbaseFlagContext, ae as PalbaseFlagSource, af as PalbaseFlagValue, ag as PalbaseFlagVariant, ah as PalbaseFlagsServiceClient, ai as PalbaseFunctionsClient, aj as PalbaseFunnelQueryInput, ak as PalbaseFunnelResult, al as PalbaseIdentifyTraits, am as PalbaseInboxClient, an as PalbaseInboxListOptions, ao as PalbaseInboxListResult, ap as PalbaseInboxMessage, aq as PalbaseInboxSendParams, ar as PalbaseInboxSendResponse, as as PalbaseInitialLink, at as PalbaseInvokeOptions, au as PalbaseLink, av as PalbaseLinkAnalytics, aw as PalbaseLinkDetails, ax as PalbaseLinksClient, ay as PalbaseListLinksOptions, az as PalbaseListLinksResult, aA as PalbaseListOptions, aB as PalbaseMatchParams, aC as PalbaseMultiChannelResponse, aD as PalbaseOverviewResult, aE as PalbasePreferences, aF as PalbasePreferencesClient, aG as PalbasePublicUrlResponse, aH as PalbasePushClient, aI as PalbasePushSendParams, aJ as PalbasePushSendResponse, aK as PalbaseQrCodeOptions, aL as PalbaseQuerySnapshot, aM as PalbaseRegisterDeviceParams, aN as PalbaseResult, aO as PalbaseRetentionQueryInput, aP as PalbaseRetentionResult, aQ as PalbaseSession, aR as PalbaseSetOverrideResult, aS as PalbaseSetOverridesResult, aT as PalbaseSignedUrlResponse, aU as PalbaseSmsClient, aV as PalbaseSmsSendParams, aW as PalbaseSmsSendResponse, aX as PalbaseTransformOptions, aY as PalbaseUpdateLinkParams, aZ as PalbaseUploadOptions, a_ as PalbaseUser, a$ as PalbaseUserDetailResult, b0 as PalbaseUsersQueryInput, b1 as PalbaseUsersResult, b2 as PalbaseVerifyRequestSignatureParams, b3 as PalbaseWhereOperator, b4 as TooManyRequests, b5 as TxClient, b6 as Unauthorized, b7 as defineMiddleware } from './endpoint-cDQyI6jH.cjs';
+import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-fW9yWla0.cjs';
+export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCohortQueryInput, V as PalbaseCohortResult, W as PalbaseCollectionRef, X as PalbaseCountQueryInput, Y as PalbaseCountResult, Z as PalbaseCreateLinkParams, _ as PalbaseDeviceInfo, $ as PalbaseDeviceTokenView, a0 as PalbaseDocumentRef, a1 as PalbaseDocumentSnapshot, a2 as PalbaseEmailClient, a3 as PalbaseEmailSendParams, a4 as PalbaseEmailSendResponse, a5 as PalbaseEventNamesResult, a6 as PalbaseEventsQueryInput, a7 as PalbaseEventsResult, a8 as PalbaseFileObject, a9 as PalbaseFlag, aa as PalbaseFlagContext, ab as PalbaseFlagSource, ac as PalbaseFlagValue, ad as PalbaseFlagVariant, ae as PalbaseFlagsServiceClient, af as PalbaseFunctionsClient, ag as PalbaseFunnelQueryInput, ah as PalbaseFunnelResult, ai as PalbaseIdentifyTraits, aj as PalbaseInboxClient, ak as PalbaseInboxListOptions, al as PalbaseInboxListResult, am as PalbaseInboxMessage, an as PalbaseInboxSendParams, ao as PalbaseInboxSendResponse, ap as PalbaseInitialLink, aq as PalbaseInvokeOptions, ar as PalbaseLink, as as PalbaseLinkAnalytics, at as PalbaseLinkDetails, au as PalbaseLinksClient, av as PalbaseListLinksOptions, aw as PalbaseListLinksResult, ax as PalbaseListOptions, ay as PalbaseMatchParams, az as PalbaseMultiChannelResponse, aA as PalbaseOverviewResult, aB as PalbasePreferences, aC as PalbasePreferencesClient, aD as PalbasePublicUrlResponse, aE as PalbasePushClient, aF as PalbasePushSendParams, aG as PalbasePushSendResponse, aH as PalbaseQrCodeOptions, aI as PalbaseQuerySnapshot, aJ as PalbaseRegisterDeviceParams, aK as PalbaseResult, aL as PalbaseRetentionQueryInput, aM as PalbaseRetentionResult, aN as PalbaseSession, aO as PalbaseSetOverrideResult, aP as PalbaseSetOverridesResult, aQ as PalbaseSignedUrlResponse, aR as PalbaseSmsClient, aS as PalbaseSmsSendParams, aT as PalbaseSmsSendResponse, aU as PalbaseTransformOptions, aV as PalbaseUpdateLinkParams, aW as PalbaseUploadOptions, aX as PalbaseUser, aY as PalbaseUserDetailResult, aZ as PalbaseUsersQueryInput, a_ as PalbaseUsersResult, a$ as PalbaseVerifyRequestSignatureParams, b0 as PalbaseWhereOperator, b1 as TooManyRequests, b2 as TxClient, b3 as Unauthorized, b4 as defineMiddleware } from './endpoint-fW9yWla0.cjs';
 import { AsyncLocalStorage } from 'node:async_hooks';
-import { E as EnvTypedDatabase, S as SchemaDef } from './index-B-FNCK84.cjs';
-export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-B-FNCK84.cjs';
+import { E as EnvTypedDatabase, S as SchemaDef } from './index-BZdDJJIy.cjs';
+export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-BZdDJJIy.cjs';
 export { TableTypes, Tables } from './db/env.cjs';
 import { ZodTypeAny, z } from 'zod';
 export { z } from 'zod';
@@ -53,7 +53,7 @@ export { z } from 'zod';
  * Realtime is BROADCAST-ONLY here (a stateless handler can push an event but
  * cannot hold a subscription socket — `subscribe()` lives on the client SDK).
  *
- * EXCLUDED on purpose: Functions, CMS, Links, Analytics, Auth. They are not
+ * EXCLUDED on purpose: Functions, Links, Analytics, Auth. They are not
  * exposed as backend handler singletons (auth lives on the client SDK; the rest
  * are out of scope for backend endpoints). */
 interface RuntimeServices {
@@ -702,6 +702,90 @@ interface ControllerOptions {
  */
 declare function Controller(basePath: string, options?: ControllerOptions): <T extends abstract new (...args: never[]) => object>(ctor: T) => T;
 
+/** A legacy method decorator (`experimentalDecorators`): `(prototype, name,
+ * descriptor)`. */
+type MethodDecorator$1 = (target: object, propertyKey: string | symbol, descriptor: PropertyDescriptor) => void;
+/** A legacy parameter decorator: `(prototype, name, paramIndex)`. */
+type ParameterDecorator$1 = (target: object, propertyKey: string | symbol, parameterIndex: number) => void;
+/**
+ * Direct-storage upload settings for an `@Upload` route. The br-pod validates an
+ * authorize request against these (size/type), then mints a signed upload URL
+ * that PINS the limits so storage itself rejects an over-limit / wrong-type PUT
+ * — the client cannot exceed what it declared.
+ */
+interface UploadConfig {
+    /** Target bucket NAME. MUST exist in `config/storage.ts` `defineStorage(...)`. */
+    bucket: string;
+    /**
+     * Max object size in BYTES. Enforced twice: the authorize pre-flight rejects a
+     * larger declared size, and the signed URL pins it so storage rejects a larger
+     * PUT. When omitted, the bucket's own `fileSizeLimit` applies.
+     */
+    maxSize?: number;
+    /**
+     * MIME allowlist for the object. The authorize pre-flight rejects a
+     * non-matching declared content-type, and the signed URL pins the exact type.
+     * When omitted, the bucket's own `allowedMimeTypes` applies (or any type).
+     */
+    allowedTypes?: string[];
+    /**
+     * SERVER-side object key template. The client NEVER chooses the path. Tokens:
+     * `{userId}` (authenticated user id), `{uploadId}` (server-minted), and
+     * `{filename}` (the client-declared filename, sanitized). e.g.
+     * `"{userId}/{uploadId}-{filename}"`.
+     */
+    pathTemplate: string;
+}
+/**
+ * `@Upload(subpath, config)` — declare a direct-storage upload route. The method
+ * body is the completion handler; `config.uploadConfig` drives the authorize
+ * guard + signed-URL pinning.
+ *
+ * @example
+ * ＠Upload("/", { bucket: "docs", maxSize: 25 * 1024 * 1024,
+ *                allowedTypes: ["application/pdf"], pathTemplate: "{userId}/{uploadId}-{filename}" })
+ * async upload(＠UploadedObject() obj: UploadedObject, ＠User() user): Promise<DocResult> { ... }
+ */
+declare function Upload(subpath: string, config: UploadConfig & Pick<RouteOptions, "auth" | "rateLimit">): MethodDecorator$1;
+/**
+ * The uploaded object, injected into an `@Upload` method body by
+ * `@UploadedObject()` once storage confirms the upload. Bytes are NOT present
+ * (they went straight to storage) — this is the metadata the completion handler
+ * persists.
+ */
+interface UploadedObject {
+    /** Server-minted id correlating authorize ↔ completion (idempotency key). */
+    uploadId: string;
+    /** Final object key in the bucket (rendered from `pathTemplate`). */
+    path: string;
+    /** Bucket the object landed in. */
+    bucket: string;
+    /** Object size in bytes, as reported by storage. */
+    size: number;
+    /** Object MIME type, as reported by storage. */
+    contentType: string;
+}
+/**
+ * `@UploadedObject()` — inject the uploaded object (`: UploadedObject`) into an
+ * `@Upload` method body (the completion input). Only valid on an `@Upload`
+ * route; the bytes are NOT present (they went directly to storage), this is the
+ * confirmed object's metadata.
+ *
+ * Co-located with the {@link UploadedObject} TYPE so a single exported name
+ * `UploadedObject` carries BOTH the decorator value and the type annotation.
+ */
+declare function UploadedObject(): ParameterDecorator$1;
+/**
+ * Cross-check one `@Upload` route's uploadConfig against the project's
+ * {@link StorageConfig}: the bucket must exist, the upload's `maxSize` must not
+ * exceed the bucket's `fileSizeLimit`, and the upload's `allowedTypes` must be a
+ * subset of the bucket's `allowedMimeTypes`. Throws a precise error so a
+ * mismatch fails at deploy, not at the first user upload.
+ *
+ * `routeLabel` is used only for error messages (e.g. `docs.upload`).
+ */
+declare function validateUploadAgainstStorage(uploadConfig: UploadConfig, storage: StorageConfig, routeLabel: string): void;
+
 /** The HTTP verbs a route may declare, upper-cased (the runtime router +
  * OpenAPI lower-case on their own). */
 type HttpMethodUpper = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
@@ -711,6 +795,12 @@ interface RouteOptions {
     auth?: AuthSpec;
     /** Per-route rate limit. */
     rateLimit?: RateLimitConfig;
+    /** Direct-storage upload config — present ONLY on `@Upload` routes (the
+     * `@Get`/`@Post`/… decorators never set it). Its presence is what MARKS a
+     * route as an upload route through the whole pipeline (registry → flatten →
+     * openapi → codegen). The bytes go client→storage directly; the method body
+     * runs as the completion handler. See {@link UploadConfig} (decorators/upload.ts). */
+    uploadConfig?: UploadConfig;
 }
 /** One inferred throw site: the error CLASS name (e.g. "TodoLocked") and its
  * wire code (e.g. "todo_locked"). `status`, `hasData`, and the data JSON schema
@@ -1260,4 +1350,4 @@ declare const documents: {
     onDocumentDeleted(handler: HookHandler<DocumentDeletedEvent>): ResolvedHook<DocumentDeletedEvent>;
 };
 
-export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage };
+export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, Upload, type UploadConfig, UploadedObject, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage, validateUploadAgainstStorage };

package/dist/index.d.ts

@@ -1,8 +1,8 @@
-import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-cDQyI6jH.js';
-export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCmsClient, V as PalbaseCmsFindOneOptions, W as PalbaseCmsFindOptions, X as PalbaseCohortQueryInput, Y as PalbaseCohortResult, Z as PalbaseCollectionRef, _ as PalbaseCountQueryInput, $ as PalbaseCountResult, a0 as PalbaseCreateLinkParams, a1 as PalbaseDeviceInfo, a2 as PalbaseDeviceTokenView, a3 as PalbaseDocumentRef, a4 as PalbaseDocumentSnapshot, a5 as PalbaseEmailClient, a6 as PalbaseEmailSendParams, a7 as PalbaseEmailSendResponse, a8 as PalbaseEventNamesResult, a9 as PalbaseEventsQueryInput, aa as PalbaseEventsResult, ab as PalbaseFileObject, ac as PalbaseFlag, ad as PalbaseFlagContext, ae as PalbaseFlagSource, af as PalbaseFlagValue, ag as PalbaseFlagVariant, ah as PalbaseFlagsServiceClient, ai as PalbaseFunctionsClient, aj as PalbaseFunnelQueryInput, ak as PalbaseFunnelResult, al as PalbaseIdentifyTraits, am as PalbaseInboxClient, an as PalbaseInboxListOptions, ao as PalbaseInboxListResult, ap as PalbaseInboxMessage, aq as PalbaseInboxSendParams, ar as PalbaseInboxSendResponse, as as PalbaseInitialLink, at as PalbaseInvokeOptions, au as PalbaseLink, av as PalbaseLinkAnalytics, aw as PalbaseLinkDetails, ax as PalbaseLinksClient, ay as PalbaseListLinksOptions, az as PalbaseListLinksResult, aA as PalbaseListOptions, aB as PalbaseMatchParams, aC as PalbaseMultiChannelResponse, aD as PalbaseOverviewResult, aE as PalbasePreferences, aF as PalbasePreferencesClient, aG as PalbasePublicUrlResponse, aH as PalbasePushClient, aI as PalbasePushSendParams, aJ as PalbasePushSendResponse, aK as PalbaseQrCodeOptions, aL as PalbaseQuerySnapshot, aM as PalbaseRegisterDeviceParams, aN as PalbaseResult, aO as PalbaseRetentionQueryInput, aP as PalbaseRetentionResult, aQ as PalbaseSession, aR as PalbaseSetOverrideResult, aS as PalbaseSetOverridesResult, aT as PalbaseSignedUrlResponse, aU as PalbaseSmsClient, aV as PalbaseSmsSendParams, aW as PalbaseSmsSendResponse, aX as PalbaseTransformOptions, aY as PalbaseUpdateLinkParams, aZ as PalbaseUploadOptions, a_ as PalbaseUser, a$ as PalbaseUserDetailResult, b0 as PalbaseUsersQueryInput, b1 as PalbaseUsersResult, b2 as PalbaseVerifyRequestSignatureParams, b3 as PalbaseWhereOperator, b4 as TooManyRequests, b5 as TxClient, b6 as Unauthorized, b7 as defineMiddleware } from './endpoint-cDQyI6jH.js';
+import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-fW9yWla0.js';
+export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCohortQueryInput, V as PalbaseCohortResult, W as PalbaseCollectionRef, X as PalbaseCountQueryInput, Y as PalbaseCountResult, Z as PalbaseCreateLinkParams, _ as PalbaseDeviceInfo, $ as PalbaseDeviceTokenView, a0 as PalbaseDocumentRef, a1 as PalbaseDocumentSnapshot, a2 as PalbaseEmailClient, a3 as PalbaseEmailSendParams, a4 as PalbaseEmailSendResponse, a5 as PalbaseEventNamesResult, a6 as PalbaseEventsQueryInput, a7 as PalbaseEventsResult, a8 as PalbaseFileObject, a9 as PalbaseFlag, aa as PalbaseFlagContext, ab as PalbaseFlagSource, ac as PalbaseFlagValue, ad as PalbaseFlagVariant, ae as PalbaseFlagsServiceClient, af as PalbaseFunctionsClient, ag as PalbaseFunnelQueryInput, ah as PalbaseFunnelResult, ai as PalbaseIdentifyTraits, aj as PalbaseInboxClient, ak as PalbaseInboxListOptions, al as PalbaseInboxListResult, am as PalbaseInboxMessage, an as PalbaseInboxSendParams, ao as PalbaseInboxSendResponse, ap as PalbaseInitialLink, aq as PalbaseInvokeOptions, ar as PalbaseLink, as as PalbaseLinkAnalytics, at as PalbaseLinkDetails, au as PalbaseLinksClient, av as PalbaseListLinksOptions, aw as PalbaseListLinksResult, ax as PalbaseListOptions, ay as PalbaseMatchParams, az as PalbaseMultiChannelResponse, aA as PalbaseOverviewResult, aB as PalbasePreferences, aC as PalbasePreferencesClient, aD as PalbasePublicUrlResponse, aE as PalbasePushClient, aF as PalbasePushSendParams, aG as PalbasePushSendResponse, aH as PalbaseQrCodeOptions, aI as PalbaseQuerySnapshot, aJ as PalbaseRegisterDeviceParams, aK as PalbaseResult, aL as PalbaseRetentionQueryInput, aM as PalbaseRetentionResult, aN as PalbaseSession, aO as PalbaseSetOverrideResult, aP as PalbaseSetOverridesResult, aQ as PalbaseSignedUrlResponse, aR as PalbaseSmsClient, aS as PalbaseSmsSendParams, aT as PalbaseSmsSendResponse, aU as PalbaseTransformOptions, aV as PalbaseUpdateLinkParams, aW as PalbaseUploadOptions, aX as PalbaseUser, aY as PalbaseUserDetailResult, aZ as PalbaseUsersQueryInput, a_ as PalbaseUsersResult, a$ as PalbaseVerifyRequestSignatureParams, b0 as PalbaseWhereOperator, b1 as TooManyRequests, b2 as TxClient, b3 as Unauthorized, b4 as defineMiddleware } from './endpoint-fW9yWla0.js';
 import { AsyncLocalStorage } from 'node:async_hooks';
-import { E as EnvTypedDatabase, S as SchemaDef } from './index-BfnIO5G-.js';
-export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-BfnIO5G-.js';
+import { E as EnvTypedDatabase, S as SchemaDef } from './index-CArW1VMq.js';
+export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-CArW1VMq.js';
 export { TableTypes, Tables } from './db/env.js';
 import { ZodTypeAny, z } from 'zod';
 export { z } from 'zod';
@@ -53,7 +53,7 @@ export { z } from 'zod';
  * Realtime is BROADCAST-ONLY here (a stateless handler can push an event but
  * cannot hold a subscription socket — `subscribe()` lives on the client SDK).
  *
- * EXCLUDED on purpose: Functions, CMS, Links, Analytics, Auth. They are not
+ * EXCLUDED on purpose: Functions, Links, Analytics, Auth. They are not
  * exposed as backend handler singletons (auth lives on the client SDK; the rest
  * are out of scope for backend endpoints). */
 interface RuntimeServices {
@@ -702,6 +702,90 @@ interface ControllerOptions {
  */
 declare function Controller(basePath: string, options?: ControllerOptions): <T extends abstract new (...args: never[]) => object>(ctor: T) => T;
 
+/** A legacy method decorator (`experimentalDecorators`): `(prototype, name,
+ * descriptor)`. */
+type MethodDecorator$1 = (target: object, propertyKey: string | symbol, descriptor: PropertyDescriptor) => void;
+/** A legacy parameter decorator: `(prototype, name, paramIndex)`. */
+type ParameterDecorator$1 = (target: object, propertyKey: string | symbol, parameterIndex: number) => void;
+/**
+ * Direct-storage upload settings for an `@Upload` route. The br-pod validates an
+ * authorize request against these (size/type), then mints a signed upload URL
+ * that PINS the limits so storage itself rejects an over-limit / wrong-type PUT
+ * — the client cannot exceed what it declared.
+ */
+interface UploadConfig {
+    /** Target bucket NAME. MUST exist in `config/storage.ts` `defineStorage(...)`. */
+    bucket: string;
+    /**
+     * Max object size in BYTES. Enforced twice: the authorize pre-flight rejects a
+     * larger declared size, and the signed URL pins it so storage rejects a larger
+     * PUT. When omitted, the bucket's own `fileSizeLimit` applies.
+     */
+    maxSize?: number;
+    /**
+     * MIME allowlist for the object. The authorize pre-flight rejects a
+     * non-matching declared content-type, and the signed URL pins the exact type.
+     * When omitted, the bucket's own `allowedMimeTypes` applies (or any type).
+     */
+    allowedTypes?: string[];
+    /**
+     * SERVER-side object key template. The client NEVER chooses the path. Tokens:
+     * `{userId}` (authenticated user id), `{uploadId}` (server-minted), and
+     * `{filename}` (the client-declared filename, sanitized). e.g.
+     * `"{userId}/{uploadId}-{filename}"`.
+     */
+    pathTemplate: string;
+}
+/**
+ * `@Upload(subpath, config)` — declare a direct-storage upload route. The method
+ * body is the completion handler; `config.uploadConfig` drives the authorize
+ * guard + signed-URL pinning.
+ *
+ * @example
+ * ＠Upload("/", { bucket: "docs", maxSize: 25 * 1024 * 1024,
+ *                allowedTypes: ["application/pdf"], pathTemplate: "{userId}/{uploadId}-{filename}" })
+ * async upload(＠UploadedObject() obj: UploadedObject, ＠User() user): Promise<DocResult> { ... }
+ */
+declare function Upload(subpath: string, config: UploadConfig & Pick<RouteOptions, "auth" | "rateLimit">): MethodDecorator$1;
+/**
+ * The uploaded object, injected into an `@Upload` method body by
+ * `@UploadedObject()` once storage confirms the upload. Bytes are NOT present
+ * (they went straight to storage) — this is the metadata the completion handler
+ * persists.
+ */
+interface UploadedObject {
+    /** Server-minted id correlating authorize ↔ completion (idempotency key). */
+    uploadId: string;
+    /** Final object key in the bucket (rendered from `pathTemplate`). */
+    path: string;
+    /** Bucket the object landed in. */
+    bucket: string;
+    /** Object size in bytes, as reported by storage. */
+    size: number;
+    /** Object MIME type, as reported by storage. */
+    contentType: string;
+}
+/**
+ * `@UploadedObject()` — inject the uploaded object (`: UploadedObject`) into an
+ * `@Upload` method body (the completion input). Only valid on an `@Upload`
+ * route; the bytes are NOT present (they went directly to storage), this is the
+ * confirmed object's metadata.
+ *
+ * Co-located with the {@link UploadedObject} TYPE so a single exported name
+ * `UploadedObject` carries BOTH the decorator value and the type annotation.
+ */
+declare function UploadedObject(): ParameterDecorator$1;
+/**
+ * Cross-check one `@Upload` route's uploadConfig against the project's
+ * {@link StorageConfig}: the bucket must exist, the upload's `maxSize` must not
+ * exceed the bucket's `fileSizeLimit`, and the upload's `allowedTypes` must be a
+ * subset of the bucket's `allowedMimeTypes`. Throws a precise error so a
+ * mismatch fails at deploy, not at the first user upload.
+ *
+ * `routeLabel` is used only for error messages (e.g. `docs.upload`).
+ */
+declare function validateUploadAgainstStorage(uploadConfig: UploadConfig, storage: StorageConfig, routeLabel: string): void;
+
 /** The HTTP verbs a route may declare, upper-cased (the runtime router +
  * OpenAPI lower-case on their own). */
 type HttpMethodUpper = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
@@ -711,6 +795,12 @@ interface RouteOptions {
     auth?: AuthSpec;
     /** Per-route rate limit. */
     rateLimit?: RateLimitConfig;
+    /** Direct-storage upload config — present ONLY on `@Upload` routes (the
+     * `@Get`/`@Post`/… decorators never set it). Its presence is what MARKS a
+     * route as an upload route through the whole pipeline (registry → flatten →
+     * openapi → codegen). The bytes go client→storage directly; the method body
+     * runs as the completion handler. See {@link UploadConfig} (decorators/upload.ts). */
+    uploadConfig?: UploadConfig;
 }
 /** One inferred throw site: the error CLASS name (e.g. "TodoLocked") and its
  * wire code (e.g. "todo_locked"). `status`, `hasData`, and the data JSON schema
@@ -1260,4 +1350,4 @@ declare const documents: {
     onDocumentDeleted(handler: HookHandler<DocumentDeletedEvent>): ResolvedHook<DocumentDeletedEvent>;
 };
 
-export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage };
+export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, Upload, type UploadConfig, UploadedObject, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage, validateUploadAgainstStorage };

package/dist/index.js

@@ -12,7 +12,7 @@ import {
   __requestALS,
   __runWithRuntime,
   __setRuntime
-} from "./chunk-SWT2QR5F.js";
+} from "./chunk-RGQUB66H.js";
 import {
   EXTENSION_DEPENDENCIES,
   PALBASE_EXTENSIONS,
@@ -475,6 +475,86 @@ var Put = makeMethodDecorator("PUT");
 var Patch = makeMethodDecorator("PATCH");
 var Delete = makeMethodDecorator("DELETE");
 
+// src/decorators/upload.ts
+var MIME_RE2 = /^[A-Za-z0-9][A-Za-z0-9!#$&^_.+-]*\/[A-Za-z0-9*][A-Za-z0-9!#$&^_.+-]*$/;
+function Upload(subpath, config) {
+  const { auth: auth2, rateLimit, ...uploadConfig } = config;
+  validateUploadConfigShape(uploadConfig);
+  const options = {
+    uploadConfig,
+    ...auth2 !== void 0 ? { auth: auth2 } : {},
+    ...rateLimit !== void 0 ? { rateLimit } : {}
+  };
+  return function(target, propertyKey) {
+    recordRoute(target, String(propertyKey), "POST", subpath, options);
+  };
+}
+function UploadedObject() {
+  return function(target, propertyKey, parameterIndex) {
+    recordParam(target, String(propertyKey), {
+      index: parameterIndex,
+      kind: "uploadedObject"
+    });
+  };
+}
+function validateUploadConfigShape(c) {
+  if (c === null || typeof c !== "object") {
+    throw new Error("@Upload config must be an object { bucket, pathTemplate, ... }");
+  }
+  if (typeof c.bucket !== "string" || c.bucket.length === 0) {
+    throw new Error("@Upload config.bucket must be a non-empty bucket name");
+  }
+  if (typeof c.pathTemplate !== "string" || c.pathTemplate.length === 0) {
+    throw new Error("@Upload config.pathTemplate must be a non-empty key template");
+  }
+  if (c.maxSize !== void 0) {
+    if (!Number.isInteger(c.maxSize) || c.maxSize <= 0) {
+      throw new Error(`@Upload config.maxSize must be a positive integer byte count, got ${c.maxSize}`);
+    }
+  }
+  if (c.allowedTypes !== void 0) {
+    if (!Array.isArray(c.allowedTypes) || c.allowedTypes.length === 0) {
+      throw new Error("@Upload config.allowedTypes must be a non-empty array of MIME types when present");
+    }
+    for (const t of c.allowedTypes) {
+      if (typeof t !== "string" || !MIME_RE2.test(t.trim())) {
+        throw new Error(`@Upload config.allowedTypes entry "${t}" is not a valid MIME type (e.g. "image/png")`);
+      }
+    }
+  }
+}
+function validateUploadAgainstStorage(uploadConfig, storage2, routeLabel) {
+  const def = storage2.buckets[uploadConfig.bucket];
+  if (def === void 0) {
+    const known = Object.keys(storage2.buckets);
+    throw new Error(
+      `@Upload route ${routeLabel} targets bucket "${uploadConfig.bucket}" which is not declared in defineStorage(...). ` + (known.length ? `Known buckets: ${known.join(", ")}.` : "No buckets are declared.")
+    );
+  }
+  if (uploadConfig.maxSize !== void 0 && def.fileSizeLimit !== null && uploadConfig.maxSize > def.fileSizeLimit) {
+    throw new Error(
+      `@Upload route ${routeLabel} maxSize (${uploadConfig.maxSize} bytes) exceeds bucket "${uploadConfig.bucket}" fileSizeLimit (${def.fileSizeLimit} bytes)`
+    );
+  }
+  if (uploadConfig.allowedTypes !== void 0 && def.allowedMimeTypes !== null) {
+    const bucketAllows = (mime) => def.allowedMimeTypes.some((b) => {
+      if (b === mime) return true;
+      const slash = b.indexOf("/");
+      if (slash > 0 && b.slice(slash + 1) === "*") {
+        return mime.startsWith(b.slice(0, slash + 1));
+      }
+      return false;
+    });
+    for (const t of uploadConfig.allowedTypes) {
+      if (!bucketAllows(t)) {
+        throw new Error(
+          `@Upload route ${routeLabel} allows MIME "${t}" which bucket "${uploadConfig.bucket}" does not (bucket allows: ${def.allowedMimeTypes.join(", ")})`
+        );
+      }
+    }
+  }
+}
+
 // src/decorators/params.ts
 function makeParamDecorator(kind, extra) {
   return function(target, propertyKey, parameterIndex) {
@@ -1055,6 +1135,8 @@ export {
   TooManyRequests,
   TraceId,
   Unauthorized,
+  Upload,
+  UploadedObject,
   User,
   __getRuntime,
   __registerResource,
@@ -1093,6 +1175,7 @@ export {
   text,
   timestamp,
   uuid,
+  validateUploadAgainstStorage,
   z2 as z
 };
 //# sourceMappingURL=index.js.map