@palbase/backend 8.0.0 → 8.2.0

package/dist/index.d.cts

@@ -1,8 +1,8 @@
-import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-cDQyI6jH.cjs';
-export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCmsClient, V as PalbaseCmsFindOneOptions, W as PalbaseCmsFindOptions, X as PalbaseCohortQueryInput, Y as PalbaseCohortResult, Z as PalbaseCollectionRef, _ as PalbaseCountQueryInput, $ as PalbaseCountResult, a0 as PalbaseCreateLinkParams, a1 as PalbaseDeviceInfo, a2 as PalbaseDeviceTokenView, a3 as PalbaseDocumentRef, a4 as PalbaseDocumentSnapshot, a5 as PalbaseEmailClient, a6 as PalbaseEmailSendParams, a7 as PalbaseEmailSendResponse, a8 as PalbaseEventNamesResult, a9 as PalbaseEventsQueryInput, aa as PalbaseEventsResult, ab as PalbaseFileObject, ac as PalbaseFlag, ad as PalbaseFlagContext, ae as PalbaseFlagSource, af as PalbaseFlagValue, ag as PalbaseFlagVariant, ah as PalbaseFlagsServiceClient, ai as PalbaseFunctionsClient, aj as PalbaseFunnelQueryInput, ak as PalbaseFunnelResult, al as PalbaseIdentifyTraits, am as PalbaseInboxClient, an as PalbaseInboxListOptions, ao as PalbaseInboxListResult, ap as PalbaseInboxMessage, aq as PalbaseInboxSendParams, ar as PalbaseInboxSendResponse, as as PalbaseInitialLink, at as PalbaseInvokeOptions, au as PalbaseLink, av as PalbaseLinkAnalytics, aw as PalbaseLinkDetails, ax as PalbaseLinksClient, ay as PalbaseListLinksOptions, az as PalbaseListLinksResult, aA as PalbaseListOptions, aB as PalbaseMatchParams, aC as PalbaseMultiChannelResponse, aD as PalbaseOverviewResult, aE as PalbasePreferences, aF as PalbasePreferencesClient, aG as PalbasePublicUrlResponse, aH as PalbasePushClient, aI as PalbasePushSendParams, aJ as PalbasePushSendResponse, aK as PalbaseQrCodeOptions, aL as PalbaseQuerySnapshot, aM as PalbaseRegisterDeviceParams, aN as PalbaseResult, aO as PalbaseRetentionQueryInput, aP as PalbaseRetentionResult, aQ as PalbaseSession, aR as PalbaseSetOverrideResult, aS as PalbaseSetOverridesResult, aT as PalbaseSignedUrlResponse, aU as PalbaseSmsClient, aV as PalbaseSmsSendParams, aW as PalbaseSmsSendResponse, aX as PalbaseTransformOptions, aY as PalbaseUpdateLinkParams, aZ as PalbaseUploadOptions, a_ as PalbaseUser, a$ as PalbaseUserDetailResult, b0 as PalbaseUsersQueryInput, b1 as PalbaseUsersResult, b2 as PalbaseVerifyRequestSignatureParams, b3 as PalbaseWhereOperator, b4 as TooManyRequests, b5 as TxClient, b6 as Unauthorized, b7 as defineMiddleware } from './endpoint-cDQyI6jH.cjs';
+import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-fW9yWla0.cjs';
+export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCohortQueryInput, V as PalbaseCohortResult, W as PalbaseCollectionRef, X as PalbaseCountQueryInput, Y as PalbaseCountResult, Z as PalbaseCreateLinkParams, _ as PalbaseDeviceInfo, $ as PalbaseDeviceTokenView, a0 as PalbaseDocumentRef, a1 as PalbaseDocumentSnapshot, a2 as PalbaseEmailClient, a3 as PalbaseEmailSendParams, a4 as PalbaseEmailSendResponse, a5 as PalbaseEventNamesResult, a6 as PalbaseEventsQueryInput, a7 as PalbaseEventsResult, a8 as PalbaseFileObject, a9 as PalbaseFlag, aa as PalbaseFlagContext, ab as PalbaseFlagSource, ac as PalbaseFlagValue, ad as PalbaseFlagVariant, ae as PalbaseFlagsServiceClient, af as PalbaseFunctionsClient, ag as PalbaseFunnelQueryInput, ah as PalbaseFunnelResult, ai as PalbaseIdentifyTraits, aj as PalbaseInboxClient, ak as PalbaseInboxListOptions, al as PalbaseInboxListResult, am as PalbaseInboxMessage, an as PalbaseInboxSendParams, ao as PalbaseInboxSendResponse, ap as PalbaseInitialLink, aq as PalbaseInvokeOptions, ar as PalbaseLink, as as PalbaseLinkAnalytics, at as PalbaseLinkDetails, au as PalbaseLinksClient, av as PalbaseListLinksOptions, aw as PalbaseListLinksResult, ax as PalbaseListOptions, ay as PalbaseMatchParams, az as PalbaseMultiChannelResponse, aA as PalbaseOverviewResult, aB as PalbasePreferences, aC as PalbasePreferencesClient, aD as PalbasePublicUrlResponse, aE as PalbasePushClient, aF as PalbasePushSendParams, aG as PalbasePushSendResponse, aH as PalbaseQrCodeOptions, aI as PalbaseQuerySnapshot, aJ as PalbaseRegisterDeviceParams, aK as PalbaseResult, aL as PalbaseRetentionQueryInput, aM as PalbaseRetentionResult, aN as PalbaseSession, aO as PalbaseSetOverrideResult, aP as PalbaseSetOverridesResult, aQ as PalbaseSignedUrlResponse, aR as PalbaseSmsClient, aS as PalbaseSmsSendParams, aT as PalbaseSmsSendResponse, aU as PalbaseTransformOptions, aV as PalbaseUpdateLinkParams, aW as PalbaseUploadOptions, aX as PalbaseUser, aY as PalbaseUserDetailResult, aZ as PalbaseUsersQueryInput, a_ as PalbaseUsersResult, a$ as PalbaseVerifyRequestSignatureParams, b0 as PalbaseWhereOperator, b1 as TooManyRequests, b2 as TxClient, b3 as Unauthorized, b4 as defineMiddleware } from './endpoint-fW9yWla0.cjs';
 import { AsyncLocalStorage } from 'node:async_hooks';
-import { E as EnvTypedDatabase, S as SchemaDef } from './index-B-FNCK84.cjs';
-export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-B-FNCK84.cjs';
+import { E as EnvTypedDatabase, S as SchemaDef } from './index-BZdDJJIy.cjs';
+export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-BZdDJJIy.cjs';
 export { TableTypes, Tables } from './db/env.cjs';
 import { ZodTypeAny, z } from 'zod';
 export { z } from 'zod';
@@ -53,7 +53,7 @@ export { z } from 'zod';
  * Realtime is BROADCAST-ONLY here (a stateless handler can push an event but
  * cannot hold a subscription socket — `subscribe()` lives on the client SDK).
  *
- * EXCLUDED on purpose: Functions, CMS, Links, Analytics, Auth. They are not
+ * EXCLUDED on purpose: Functions, Links, Analytics, Auth. They are not
  * exposed as backend handler singletons (auth lives on the client SDK; the rest
  * are out of scope for backend endpoints). */
 interface RuntimeServices {
@@ -702,6 +702,92 @@ interface ControllerOptions {
  */
 declare function Controller(basePath: string, options?: ControllerOptions): <T extends abstract new (...args: never[]) => object>(ctor: T) => T;
 
+/** A legacy method decorator (`experimentalDecorators`): `(prototype, name,
+ * descriptor)`. */
+type MethodDecorator$1 = (target: object, propertyKey: string | symbol, descriptor: PropertyDescriptor) => void;
+/** A legacy parameter decorator: `(prototype, name, paramIndex)`. */
+type ParameterDecorator$1 = (target: object, propertyKey: string | symbol, parameterIndex: number) => void;
+/**
+ * Direct-storage upload settings for an `@Upload` route. The br-pod validates an
+ * authorize request against these (size/type), then mints a signed upload URL
+ * that PINS the limits so storage itself rejects an over-limit / wrong-type PUT
+ * — the client cannot exceed what it declared.
+ */
+interface UploadConfig {
+    /**
+     * Target bucket NAME. MUST exist in `config/storage.ts` `defineStorage(...)`.
+     *
+     * The bucket is the SINGLE SOURCE OF TRUTH for the size limit + MIME allowlist:
+     * `bucket({ fileSizeLimit, allowedMimeTypes })`. Storage enforces those at the
+     * actual PUT (the only guard a client cannot skip), so `@Upload` deliberately
+     * does NOT take its own `maxSize`/`allowedTypes` — duplicating them here would
+     * let a route declare a tighter limit than its bucket that storage would not
+     * enforce (a real bypass: declare 10 bytes at authorize, then PUT up to the
+     * bucket ceiling straight at the signed URL). One bucket, one limit, enforced.
+     */
+    bucket: string;
+    /**
+     * SERVER-side object key template. The client NEVER chooses the path. Tokens:
+     * `{userId}` (authenticated user id), `{uploadId}` (server-minted), and
+     * `{filename}` (the client-declared filename, sanitized). e.g.
+     * `"{userId}/{uploadId}-{filename}"`.
+     */
+    pathTemplate: string;
+}
+/**
+ * `@Upload(subpath, config)` — declare a direct-storage upload route. The method
+ * body is the completion handler; `config.uploadConfig` drives the authorize
+ * guard + signed-URL pinning.
+ *
+ * @example
+ * ＠Upload("/", { bucket: "docs", pathTemplate: "{userId}/{uploadId}-{filename}" })
+ * async upload(＠UploadedObject() obj: UploadedObject, ＠User() user): Promise<DocResult> { ... }
+ * // The size limit + MIME allowlist come from the "docs" bucket in
+ * // config/storage.ts — storage enforces them at the PUT.
+ */
+declare function Upload(subpath: string, config: UploadConfig & Pick<RouteOptions, "auth" | "rateLimit">): MethodDecorator$1;
+/**
+ * The uploaded object, injected into an `@Upload` method body by
+ * `@UploadedObject()` once storage confirms the upload. Bytes are NOT present
+ * (they went straight to storage) — this is the metadata the completion handler
+ * persists.
+ */
+interface UploadedObject {
+    /** Server-minted id correlating authorize ↔ completion (idempotency key). */
+    uploadId: string;
+    /** Final object key in the bucket (rendered from `pathTemplate`). */
+    path: string;
+    /** Bucket the object landed in. */
+    bucket: string;
+    /** Object size in bytes, as reported by storage. */
+    size: number;
+    /** Object MIME type, as reported by storage. */
+    contentType: string;
+}
+/**
+ * `@UploadedObject()` — inject the uploaded object (`: UploadedObject`) into an
+ * `@Upload` method body (the completion input). Only valid on an `@Upload`
+ * route; the bytes are NOT present (they went directly to storage), this is the
+ * confirmed object's metadata.
+ *
+ * Co-located with the {@link UploadedObject} TYPE so a single exported name
+ * `UploadedObject` carries BOTH the decorator value and the type annotation.
+ */
+declare function UploadedObject(): ParameterDecorator$1;
+/**
+ * Cross-check one `@Upload` route's uploadConfig against the project's
+ * {@link StorageConfig}: the named bucket MUST exist in `defineStorage(...)`.
+ * Throws a precise error so a typo fails at deploy, not at the first user upload.
+ *
+ * That is the ONLY cross-check: the size limit + MIME allowlist live on the
+ * bucket (`bucket({ fileSizeLimit, allowedMimeTypes })`) and are enforced by
+ * storage at the PUT. `@Upload` carries no `maxSize`/`allowedTypes` of its own,
+ * so there is nothing to compare — one bucket, one limit, no drift.
+ *
+ * `routeLabel` is used only for error messages (e.g. `docs.upload`).
+ */
+declare function validateUploadAgainstStorage(uploadConfig: UploadConfig, storage: StorageConfig, routeLabel: string): void;
+
 /** The HTTP verbs a route may declare, upper-cased (the runtime router +
  * OpenAPI lower-case on their own). */
 type HttpMethodUpper = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
@@ -711,6 +797,12 @@ interface RouteOptions {
     auth?: AuthSpec;
     /** Per-route rate limit. */
     rateLimit?: RateLimitConfig;
+    /** Direct-storage upload config — present ONLY on `@Upload` routes (the
+     * `@Get`/`@Post`/… decorators never set it). Its presence is what MARKS a
+     * route as an upload route through the whole pipeline (registry → flatten →
+     * openapi → codegen). The bytes go client→storage directly; the method body
+     * runs as the completion handler. See {@link UploadConfig} (decorators/upload.ts). */
+    uploadConfig?: UploadConfig;
 }
 /** One inferred throw site: the error CLASS name (e.g. "TodoLocked") and its
  * wire code (e.g. "todo_locked"). `status`, `hasData`, and the data JSON schema
@@ -1260,4 +1352,4 @@ declare const documents: {
     onDocumentDeleted(handler: HookHandler<DocumentDeletedEvent>): ResolvedHook<DocumentDeletedEvent>;
 };
 
-export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage };
+export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, Upload, type UploadConfig, UploadedObject, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage, validateUploadAgainstStorage };

package/dist/index.d.ts

@@ -1,8 +1,8 @@
-import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-cDQyI6jH.js';
-export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCmsClient, V as PalbaseCmsFindOneOptions, W as PalbaseCmsFindOptions, X as PalbaseCohortQueryInput, Y as PalbaseCohortResult, Z as PalbaseCollectionRef, _ as PalbaseCountQueryInput, $ as PalbaseCountResult, a0 as PalbaseCreateLinkParams, a1 as PalbaseDeviceInfo, a2 as PalbaseDeviceTokenView, a3 as PalbaseDocumentRef, a4 as PalbaseDocumentSnapshot, a5 as PalbaseEmailClient, a6 as PalbaseEmailSendParams, a7 as PalbaseEmailSendResponse, a8 as PalbaseEventNamesResult, a9 as PalbaseEventsQueryInput, aa as PalbaseEventsResult, ab as PalbaseFileObject, ac as PalbaseFlag, ad as PalbaseFlagContext, ae as PalbaseFlagSource, af as PalbaseFlagValue, ag as PalbaseFlagVariant, ah as PalbaseFlagsServiceClient, ai as PalbaseFunctionsClient, aj as PalbaseFunnelQueryInput, ak as PalbaseFunnelResult, al as PalbaseIdentifyTraits, am as PalbaseInboxClient, an as PalbaseInboxListOptions, ao as PalbaseInboxListResult, ap as PalbaseInboxMessage, aq as PalbaseInboxSendParams, ar as PalbaseInboxSendResponse, as as PalbaseInitialLink, at as PalbaseInvokeOptions, au as PalbaseLink, av as PalbaseLinkAnalytics, aw as PalbaseLinkDetails, ax as PalbaseLinksClient, ay as PalbaseListLinksOptions, az as PalbaseListLinksResult, aA as PalbaseListOptions, aB as PalbaseMatchParams, aC as PalbaseMultiChannelResponse, aD as PalbaseOverviewResult, aE as PalbasePreferences, aF as PalbasePreferencesClient, aG as PalbasePublicUrlResponse, aH as PalbasePushClient, aI as PalbasePushSendParams, aJ as PalbasePushSendResponse, aK as PalbaseQrCodeOptions, aL as PalbaseQuerySnapshot, aM as PalbaseRegisterDeviceParams, aN as PalbaseResult, aO as PalbaseRetentionQueryInput, aP as PalbaseRetentionResult, aQ as PalbaseSession, aR as PalbaseSetOverrideResult, aS as PalbaseSetOverridesResult, aT as PalbaseSignedUrlResponse, aU as PalbaseSmsClient, aV as PalbaseSmsSendParams, aW as PalbaseSmsSendResponse, aX as PalbaseTransformOptions, aY as PalbaseUpdateLinkParams, aZ as PalbaseUploadOptions, a_ as PalbaseUser, a$ as PalbaseUserDetailResult, b0 as PalbaseUsersQueryInput, b1 as PalbaseUsersResult, b2 as PalbaseVerifyRequestSignatureParams, b3 as PalbaseWhereOperator, b4 as TooManyRequests, b5 as TxClient, b6 as Unauthorized, b7 as defineMiddleware } from './endpoint-cDQyI6jH.js';
+import { C as CacheClient, b as PalbaseDocsClient, c as PalbaseFlagsClient, L as Logger, d as PalbaseNotificationsClient, Q as QueueClient, e as PalbaseRealtimeClient, D as DBClient, f as PalbaseStorageClient, A as AuthSpec, R as RateLimitConfig, H as HttpError, U as User$1 } from './endpoint-fW9yWla0.js';
+export { g as AuthConfig, B as BadRequest, h as ClientInfo, i as Conflict, j as DBOps, E as ErrorDef, k as ErrorMap, l as ErrorThrowers, F as FileContext, m as Forbidden, n as HttpMethod, M as Middleware, o as MiddlewareContext, p as MiddlewareHandler, N as NotFound, P as PBRequest, q as PalError, r as PalbaseAnalyticsClient, s as PalbaseAnalyticsManagementNamespace, t as PalbaseAnalyticsProperties, u as PalbaseAnalyticsQueryNamespace, v as PalbaseAttestAndroidParams, w as PalbaseAttestAndroidResult, x as PalbaseAttestiOSParams, y as PalbaseAttestiOSResult, z as PalbaseAuthClient, G as PalbaseBatchOverrideOperation, I as PalbaseBatchSetOverridesResult, J as PalbaseBindDeviceParams, K as PalbaseBucketClient, O as PalbaseClearAllOverridesResult, S as PalbaseClearOverrideResult, T as PalbaseCohortQueryInput, V as PalbaseCohortResult, W as PalbaseCollectionRef, X as PalbaseCountQueryInput, Y as PalbaseCountResult, Z as PalbaseCreateLinkParams, _ as PalbaseDeviceInfo, $ as PalbaseDeviceTokenView, a0 as PalbaseDocumentRef, a1 as PalbaseDocumentSnapshot, a2 as PalbaseEmailClient, a3 as PalbaseEmailSendParams, a4 as PalbaseEmailSendResponse, a5 as PalbaseEventNamesResult, a6 as PalbaseEventsQueryInput, a7 as PalbaseEventsResult, a8 as PalbaseFileObject, a9 as PalbaseFlag, aa as PalbaseFlagContext, ab as PalbaseFlagSource, ac as PalbaseFlagValue, ad as PalbaseFlagVariant, ae as PalbaseFlagsServiceClient, af as PalbaseFunctionsClient, ag as PalbaseFunnelQueryInput, ah as PalbaseFunnelResult, ai as PalbaseIdentifyTraits, aj as PalbaseInboxClient, ak as PalbaseInboxListOptions, al as PalbaseInboxListResult, am as PalbaseInboxMessage, an as PalbaseInboxSendParams, ao as PalbaseInboxSendResponse, ap as PalbaseInitialLink, aq as PalbaseInvokeOptions, ar as PalbaseLink, as as PalbaseLinkAnalytics, at as PalbaseLinkDetails, au as PalbaseLinksClient, av as PalbaseListLinksOptions, aw as PalbaseListLinksResult, ax as PalbaseListOptions, ay as PalbaseMatchParams, az as PalbaseMultiChannelResponse, aA as PalbaseOverviewResult, aB as PalbasePreferences, aC as PalbasePreferencesClient, aD as PalbasePublicUrlResponse, aE as PalbasePushClient, aF as PalbasePushSendParams, aG as PalbasePushSendResponse, aH as PalbaseQrCodeOptions, aI as PalbaseQuerySnapshot, aJ as PalbaseRegisterDeviceParams, aK as PalbaseResult, aL as PalbaseRetentionQueryInput, aM as PalbaseRetentionResult, aN as PalbaseSession, aO as PalbaseSetOverrideResult, aP as PalbaseSetOverridesResult, aQ as PalbaseSignedUrlResponse, aR as PalbaseSmsClient, aS as PalbaseSmsSendParams, aT as PalbaseSmsSendResponse, aU as PalbaseTransformOptions, aV as PalbaseUpdateLinkParams, aW as PalbaseUploadOptions, aX as PalbaseUser, aY as PalbaseUserDetailResult, aZ as PalbaseUsersQueryInput, a_ as PalbaseUsersResult, a$ as PalbaseVerifyRequestSignatureParams, b0 as PalbaseWhereOperator, b1 as TooManyRequests, b2 as TxClient, b3 as Unauthorized, b4 as defineMiddleware } from './endpoint-fW9yWla0.js';
 import { AsyncLocalStorage } from 'node:async_hooks';
-import { E as EnvTypedDatabase, S as SchemaDef } from './index-BfnIO5G-.js';
-export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-BfnIO5G-.js';
+import { E as EnvTypedDatabase, S as SchemaDef } from './index-CArW1VMq.js';
+export { C as ColumnBuilder, a as ColumnDef, b as ColumnMap, c as ColumnType, d as EXTENSION_DEPENDENCIES, e as EnvServiceDatabase, f as EnvTables, g as EnvTypedTable, h as EnvTypedTx, I as InsertShape, O as OnDeleteAction, P as PALBASE_EXTENSIONS, i as PalbaseExtension, j as PolicyBuilder, k as PolicyCommand, l as PolicyDef, m as PolicyMode, R as RowShape, n as SchemaInput, T as TableDef, o as TableInput, p as TypedDB, q as TypedTable, r as TypedTx, s as boolean, t as defineSchema, u as enumType, v as integer, w as isPalbaseExtension, x as jsonb, y as makeTypedDB, z as policy, A as text, B as timestamp, D as uuid } from './index-CArW1VMq.js';
 export { TableTypes, Tables } from './db/env.js';
 import { ZodTypeAny, z } from 'zod';
 export { z } from 'zod';
@@ -53,7 +53,7 @@ export { z } from 'zod';
  * Realtime is BROADCAST-ONLY here (a stateless handler can push an event but
  * cannot hold a subscription socket — `subscribe()` lives on the client SDK).
  *
- * EXCLUDED on purpose: Functions, CMS, Links, Analytics, Auth. They are not
+ * EXCLUDED on purpose: Functions, Links, Analytics, Auth. They are not
  * exposed as backend handler singletons (auth lives on the client SDK; the rest
  * are out of scope for backend endpoints). */
 interface RuntimeServices {
@@ -702,6 +702,92 @@ interface ControllerOptions {
  */
 declare function Controller(basePath: string, options?: ControllerOptions): <T extends abstract new (...args: never[]) => object>(ctor: T) => T;
 
+/** A legacy method decorator (`experimentalDecorators`): `(prototype, name,
+ * descriptor)`. */
+type MethodDecorator$1 = (target: object, propertyKey: string | symbol, descriptor: PropertyDescriptor) => void;
+/** A legacy parameter decorator: `(prototype, name, paramIndex)`. */
+type ParameterDecorator$1 = (target: object, propertyKey: string | symbol, parameterIndex: number) => void;
+/**
+ * Direct-storage upload settings for an `@Upload` route. The br-pod validates an
+ * authorize request against these (size/type), then mints a signed upload URL
+ * that PINS the limits so storage itself rejects an over-limit / wrong-type PUT
+ * — the client cannot exceed what it declared.
+ */
+interface UploadConfig {
+    /**
+     * Target bucket NAME. MUST exist in `config/storage.ts` `defineStorage(...)`.
+     *
+     * The bucket is the SINGLE SOURCE OF TRUTH for the size limit + MIME allowlist:
+     * `bucket({ fileSizeLimit, allowedMimeTypes })`. Storage enforces those at the
+     * actual PUT (the only guard a client cannot skip), so `@Upload` deliberately
+     * does NOT take its own `maxSize`/`allowedTypes` — duplicating them here would
+     * let a route declare a tighter limit than its bucket that storage would not
+     * enforce (a real bypass: declare 10 bytes at authorize, then PUT up to the
+     * bucket ceiling straight at the signed URL). One bucket, one limit, enforced.
+     */
+    bucket: string;
+    /**
+     * SERVER-side object key template. The client NEVER chooses the path. Tokens:
+     * `{userId}` (authenticated user id), `{uploadId}` (server-minted), and
+     * `{filename}` (the client-declared filename, sanitized). e.g.
+     * `"{userId}/{uploadId}-{filename}"`.
+     */
+    pathTemplate: string;
+}
+/**
+ * `@Upload(subpath, config)` — declare a direct-storage upload route. The method
+ * body is the completion handler; `config.uploadConfig` drives the authorize
+ * guard + signed-URL pinning.
+ *
+ * @example
+ * ＠Upload("/", { bucket: "docs", pathTemplate: "{userId}/{uploadId}-{filename}" })
+ * async upload(＠UploadedObject() obj: UploadedObject, ＠User() user): Promise<DocResult> { ... }
+ * // The size limit + MIME allowlist come from the "docs" bucket in
+ * // config/storage.ts — storage enforces them at the PUT.
+ */
+declare function Upload(subpath: string, config: UploadConfig & Pick<RouteOptions, "auth" | "rateLimit">): MethodDecorator$1;
+/**
+ * The uploaded object, injected into an `@Upload` method body by
+ * `@UploadedObject()` once storage confirms the upload. Bytes are NOT present
+ * (they went straight to storage) — this is the metadata the completion handler
+ * persists.
+ */
+interface UploadedObject {
+    /** Server-minted id correlating authorize ↔ completion (idempotency key). */
+    uploadId: string;
+    /** Final object key in the bucket (rendered from `pathTemplate`). */
+    path: string;
+    /** Bucket the object landed in. */
+    bucket: string;
+    /** Object size in bytes, as reported by storage. */
+    size: number;
+    /** Object MIME type, as reported by storage. */
+    contentType: string;
+}
+/**
+ * `@UploadedObject()` — inject the uploaded object (`: UploadedObject`) into an
+ * `@Upload` method body (the completion input). Only valid on an `@Upload`
+ * route; the bytes are NOT present (they went directly to storage), this is the
+ * confirmed object's metadata.
+ *
+ * Co-located with the {@link UploadedObject} TYPE so a single exported name
+ * `UploadedObject` carries BOTH the decorator value and the type annotation.
+ */
+declare function UploadedObject(): ParameterDecorator$1;
+/**
+ * Cross-check one `@Upload` route's uploadConfig against the project's
+ * {@link StorageConfig}: the named bucket MUST exist in `defineStorage(...)`.
+ * Throws a precise error so a typo fails at deploy, not at the first user upload.
+ *
+ * That is the ONLY cross-check: the size limit + MIME allowlist live on the
+ * bucket (`bucket({ fileSizeLimit, allowedMimeTypes })`) and are enforced by
+ * storage at the PUT. `@Upload` carries no `maxSize`/`allowedTypes` of its own,
+ * so there is nothing to compare — one bucket, one limit, no drift.
+ *
+ * `routeLabel` is used only for error messages (e.g. `docs.upload`).
+ */
+declare function validateUploadAgainstStorage(uploadConfig: UploadConfig, storage: StorageConfig, routeLabel: string): void;
+
 /** The HTTP verbs a route may declare, upper-cased (the runtime router +
  * OpenAPI lower-case on their own). */
 type HttpMethodUpper = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
@@ -711,6 +797,12 @@ interface RouteOptions {
     auth?: AuthSpec;
     /** Per-route rate limit. */
     rateLimit?: RateLimitConfig;
+    /** Direct-storage upload config — present ONLY on `@Upload` routes (the
+     * `@Get`/`@Post`/… decorators never set it). Its presence is what MARKS a
+     * route as an upload route through the whole pipeline (registry → flatten →
+     * openapi → codegen). The bytes go client→storage directly; the method body
+     * runs as the completion handler. See {@link UploadConfig} (decorators/upload.ts). */
+    uploadConfig?: UploadConfig;
 }
 /** One inferred throw site: the error CLASS name (e.g. "TodoLocked") and its
  * wire code (e.g. "todo_locked"). `status`, `hasData`, and the data JSON schema
@@ -1260,4 +1352,4 @@ declare const documents: {
     onDocumentDeleted(handler: HookHandler<DocumentDeletedEvent>): ResolvedHook<DocumentDeletedEvent>;
 };
 
-export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage };
+export { type AcsOptions, type ApnsOptions, type BackoffStrategy, Body, type BucketDef, type BucketOptions, Cache, CacheClient, Client, Controller, type ControllerOptions, type CustomWebhookConfig, DBClient, Database, type DefinedError, type DefinedErrorWithData, Delete, type DocumentCreatedEvent, type DocumentDeletedEvent, type DocumentUpdatedEvent, Documents, type EnvSecretRef, EnvTypedDatabase, FLAGS_CONFIG_KIND, type FcmOptions, type FileDeletedEvent, type FileUploadedEvent, type FlagDef, type FlagOptions, type FlagType, type FlagValue, Flags, type FlagsConfig, type FlagsInput, Get, Headers, type HookHandler, type HookMeta, HttpError, type HttpMethodUpper, type JobConfig, type JobMeta, Log, Logger, NOTIFICATIONS_CONFIG_KIND, Notifications, type NotificationsConfig, type NotificationsInput, OptionalUser, PROVIDER_CATALOG, PalbaseDocsClient, PalbaseFlagsClient, PalbaseNotificationsClient, PalbaseRealtimeClient, PalbaseStorageClient, Param, type PasswordResetEvent, Patch, Post, type ProviderCatalogEntry, type ProviderDef, type ProviderEventMap, type ProviderName, type ProviderOptions, type ProviderWebhookConfig, Put, Query, Queue, QueueClient, RESERVED_SECRET_PREFIX, RateLimitConfig, Realtime, type RegisteredError, Req, RequestId, type ResolvedCustomWebhook, type ResolvedHook, type ResolvedJobConfig, type ResolvedProviderWebhook, type ResolvedWebhookConfig, type ResolvedWorkerConfig, Resource, type ResourceEnv, type RouteOptions, type RuntimeServices, STORAGE_CONFIG_KIND, SchemaDef, type SendgridOptions, type SesOptions, type SignInEvent, type SignOutEvent, type SmtpOptions, Storage, type StorageConfig, type StorageInput, type ThrowDescriptor, TraceId, type TwilioOptions, Upload, type UploadConfig, UploadedObject, User, type UserCreatedEvent, User$1 as UserT, type WebhookEventHandler, type WebhookMeta, type WebhookProvider, type WebhookRequest, type WorkerConfig, type WorkerMeta, __getRuntime, __registerResource, __requestALS, __runResourceBoot, __runWithRuntime, __setRuntime, __shutdownResources, auth, bucket, buildProvider, defineError, defineFlags, defineJob, defineNotifications, defineStorage, defineWebhook, defineWorker, documents, flag, getErrorRegistry, makeEnvDts, parseFileSizeLimit, recordThrows, reservedSecretKey, storage, validateUploadAgainstStorage };

package/dist/index.js

@@ -12,7 +12,7 @@ import {
   __requestALS,
   __runWithRuntime,
   __setRuntime
-} from "./chunk-SWT2QR5F.js";
+} from "./chunk-RGQUB66H.js";
 import {
   EXTENSION_DEPENDENCIES,
   PALBASE_EXTENSIONS,
@@ -475,6 +475,48 @@ var Put = makeMethodDecorator("PUT");
 var Patch = makeMethodDecorator("PATCH");
 var Delete = makeMethodDecorator("DELETE");
 
+// src/decorators/upload.ts
+function Upload(subpath, config) {
+  const { auth: auth2, rateLimit, ...uploadConfig } = config;
+  validateUploadConfigShape(uploadConfig);
+  const options = {
+    uploadConfig,
+    ...auth2 !== void 0 ? { auth: auth2 } : {},
+    ...rateLimit !== void 0 ? { rateLimit } : {}
+  };
+  return function(target, propertyKey) {
+    recordRoute(target, String(propertyKey), "POST", subpath, options);
+  };
+}
+function UploadedObject() {
+  return function(target, propertyKey, parameterIndex) {
+    recordParam(target, String(propertyKey), {
+      index: parameterIndex,
+      kind: "uploadedObject"
+    });
+  };
+}
+function validateUploadConfigShape(c) {
+  if (c === null || typeof c !== "object") {
+    throw new Error("@Upload config must be an object { bucket, pathTemplate, ... }");
+  }
+  if (typeof c.bucket !== "string" || c.bucket.length === 0) {
+    throw new Error("@Upload config.bucket must be a non-empty bucket name");
+  }
+  if (typeof c.pathTemplate !== "string" || c.pathTemplate.length === 0) {
+    throw new Error("@Upload config.pathTemplate must be a non-empty key template");
+  }
+}
+function validateUploadAgainstStorage(uploadConfig, storage2, routeLabel) {
+  const def = storage2.buckets[uploadConfig.bucket];
+  if (def === void 0) {
+    const known = Object.keys(storage2.buckets);
+    throw new Error(
+      `@Upload route ${routeLabel} targets bucket "${uploadConfig.bucket}" which is not declared in defineStorage(...). ` + (known.length ? `Known buckets: ${known.join(", ")}.` : "No buckets are declared.")
+    );
+  }
+}
+
 // src/decorators/params.ts
 function makeParamDecorator(kind, extra) {
   return function(target, propertyKey, parameterIndex) {
@@ -1055,6 +1097,8 @@ export {
   TooManyRequests,
   TraceId,
   Unauthorized,
+  Upload,
+  UploadedObject,
   User,
   __getRuntime,
   __registerResource,
@@ -1093,6 +1137,7 @@ export {
   text,
   timestamp,
   uuid,
+  validateUploadAgainstStorage,
   z2 as z
 };
 //# sourceMappingURL=index.js.map