@solidxai/core 0.1.8-beta.1 → 0.1.8-beta.10

package/src/entities/agent-session.entity.ts

@@ -1,71 +1,39 @@
-import { Column, Entity, Index, PrimaryGeneratedColumn } from 'typeorm';
-import { Expose, Exclude } from 'class-transformer';
+import { Column, Entity, Index } from 'typeorm';
+import { CommonEntity } from 'src/entities/common.entity';
+import { getColumnType } from 'src/helpers/typeorm-db-helper';
 
-@Exclude()
-@Entity({ name: 'ss_agent_sessions', synchronize: false })
-export class AgentSession {
-  @Expose()
-  @PrimaryGeneratedColumn({ type: 'integer' })
-  id: number;
-
-  @Expose()
+@Entity({ name: 'ss_agent_sessions' })
+export class AgentSession extends CommonEntity {
   @Index({ unique: true })
-  @Column({ type: 'varchar', length: 36, name: 'session_id' })
+  @Column({ })
   sessionId: string;
 
-  @Expose()
   @Index()
-  @Column({ type: 'integer', nullable: true, name: 'user_id' })
+  @Column({ nullable: true })
   userId: number;
 
-  @Expose()
-  @Column({ type: 'text', nullable: true, name: 'project_root' })
+  @Column({ nullable: true, ...getColumnType('longText') })
   projectRoot: string;
 
-  @Expose()
-  @Column({ type: 'varchar', length: 255, name: 'model_name' })
+  @Column({ })
   modelName: string;
 
-  @Expose()
   @Index()
-  @Column({ type: 'varchar', length: 32, name: 'status' })
+  @Column({ })
   status: string;
 
-  @Expose()
-  @Column({ type: 'double precision', name: 'total_cost', default: 0 })
+  @Column({ default: 0, ...getColumnType('decimal') })
   totalCost: number;
 
-  @Expose()
-  @Column({ type: 'integer', name: 'total_steps', default: 0 })
+  @Column({ default: 0 })
   totalSteps: number;
 
-  @Expose()
-  @Column({ type: 'integer', name: 'total_input_tokens', default: 0 })
+  @Column({ default: 0 })
   totalInputTokens: number;
 
-  @Expose()
-  @Column({ type: 'integer', name: 'total_output_tokens', default: 0 })
+  @Column({ default: 0 })
   totalOutputTokens: number;
 
-  @Expose()
-  @Column({ type: 'text', nullable: true, name: 'summary' })
+  @Column({ nullable: true, ...getColumnType('longText') })
   summary: string;
-
-  @Expose()
-  @Column({ type: 'timestamp without time zone', name: 'created_at' })
-  createdAt: Date;
-
-  @Expose()
-  @Column({ type: 'timestamp without time zone', name: 'updated_at' })
-  updatedAt: Date;
-
-  // The following properties satisfy CRUDService<T extends CommonEntity> structural typing
-  // They are not mapped to DB columns (synchronize: false ensures no schema changes)
-  deletedAt: Date;
-  deletedTracker: string;
-  publishedAt: Date;
-  localeName: string;
-  defaultEntityLocaleId: number;
-  createdBy: number;
-  updatedBy: number;
 }

package/src/entities/field-metadata.entity.ts

@@ -119,7 +119,7 @@ export class FieldMetadata extends CommonEntity {
     @Column({ name: 'selection_static_values', nullable: true, type: 'simple-array' })
     selectionStaticValues: string[];
 
-    @Column({ name: 'selection_value_type', nullable: true })
+    @Column({ name: 'selection_value_type', nullable: true, default: 'string' })
     selectionValueType: string = 'string';
 
     // @Column({ name: "computed", default: false })

package/src/entities/legacy-common.entity.ts

@@ -11,30 +11,30 @@ export abstract class LegacyCommonEntity {
     // @Generated("increment")
     // id: number
 
-    @CreateDateColumn({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_created_at`, transformer: LocalDateTimeTransformer })
-    createdAt: Date;
+    @CreateDateColumn({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_created_at`, transformer: LocalDateTimeTransformer, nullable: true })
+    createdAt: Date | null;
 
-    @UpdateDateColumn({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_updated_at`, transformer: LocalDateTimeTransformer })
-    updatedAt: Date;
+    @UpdateDateColumn({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_updated_at`, transformer: LocalDateTimeTransformer, nullable: true })
+    updatedAt: Date | null;
 
-    @DeleteDateColumn({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_deleted_at`, transformer: LocalDateTimeTransformer })
+    @DeleteDateColumn({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_deleted_at`, transformer: LocalDateTimeTransformer, nullable: true })
     @Index()
-    deletedAt: Date;
+    deletedAt: Date | null;
 
-    @Column({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_deleted_tracker`, default: "not-deleted" })
-    deletedTracker: string;
+    @Column({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_deleted_tracker`, default: "not-deleted", nullable: true })
+    deletedTracker: string | null;
 
     @Expose()
     @Column({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_published_at`, default: null, nullable: true, transformer: LocalDateTimeTransformer })
-    publishedAt: Date;
+    publishedAt: Date | null;
 
     @Expose()
-    @Column({ type: "varchar", name: `${LEGACY_TABLE_FIELDS_PREFIX}_locale_name`, default: null })
-    localeName: string;
+    @Column({ type: "varchar", name: `${LEGACY_TABLE_FIELDS_PREFIX}_locale_name`, default: null, nullable: true })
+    localeName: string | null;
 
     @Expose()
-    @Column({ type: "int", name: `${LEGACY_TABLE_FIELDS_PREFIX}_default_entity_locale_id`, default: null })
-    defaultEntityLocaleId: number;
+    @Column({ type: "int", name: `${LEGACY_TABLE_FIELDS_PREFIX}_default_entity_locale_id`, default: null, nullable: true })
+    defaultEntityLocaleId: number | null;
 
     // @Expose()
     // @Type( () => require('./user.entity').User?.default ?? require('./user.entity').User )
@@ -50,9 +50,9 @@ export abstract class LegacyCommonEntity {
 
     @Expose()
     @Column({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_created_by_id`, nullable: true })
-    createdBy: number;
+    createdBy: number | null;
 
     @Expose()
     @Column({ name: `${LEGACY_TABLE_FIELDS_PREFIX}_updated_by_id`, nullable: true })
-    updatedBy: number;
+    updatedBy: number | null;
 }

package/src/entities/sms-template.entity.ts

@@ -1,14 +1,15 @@
 import { CommonEntity } from 'src/entities/common.entity';
 import { Column, Entity, Index } from 'typeorm';
+import { getColumnType } from 'src/helpers/typeorm-db-helper';
 
 @Entity("ss_sms_template")
 export class SmsTemplate extends CommonEntity {
     @Index({ unique: true })
-    @Column({ name: "name", type: "varchar"})
+    @Column({ name: "name", type: "varchar" })
     name: string;
     @Column({ name: "display_name", type: "varchar" })
     displayName: string;
-    @Column({ name: "body", type: "varchar", nullable: true })
+    @Column({ name: "body", ...getColumnType('longText'), nullable: true })
     body: string;
     @Column({ type: "varchar", nullable: true })
     smsProviderTemplateId: string;

package/src/entities/user-api-key.entity.ts

@@ -0,0 +1,37 @@
+import { Exclude, Expose } from "class-transformer";
+import { CommonEntity } from "src/entities/common.entity";
+import { Column, Entity, Index, ManyToOne } from "typeorm";
+import { User } from "./user.entity";
+
+@Entity("ss_user_api_key")
+@Exclude()
+export class UserApiKey extends CommonEntity {
+
+    @Expose()
+    @Column()
+    name: string;
+
+    // SHA-256 hash of the raw key — never exposed, same treatment as User.password
+    @Index({ unique: true })
+    @Column()
+    hashedKey: string;
+
+    @Expose()
+    @Column()
+    maskedKey: string;
+
+    @Expose()
+    @Column({ default: true })
+    isActive: boolean;
+
+    @Expose()
+    @Column({ nullable: true })
+    expiresAt: Date;
+
+    @Expose()
+    @Column({ nullable: true })
+    lastUsedAt: Date;
+
+    @ManyToOne(() => User, user => user.apiKeys)
+    user: User;
+}

package/src/entities/user.entity.ts

@@ -2,6 +2,7 @@ import { CommonEntity } from "src/entities/common.entity"
 import { Entity, Column, Index, JoinTable, ManyToMany, OneToMany, TableInheritance } from "typeorm";
 import { RoleMetadata } from 'src/entities/role-metadata.entity';
 import { UserViewMetadata } from 'src/entities/user-view-metadata.entity'
+import { UserApiKey } from 'src/entities/user-api-key.entity'
 import { Exclude, Expose } from "class-transformer";
 
 @Entity("ss_user")
@@ -151,4 +152,11 @@ export class User extends CommonEntity {
     @Expose()
     _media: any;
 
+    @Column({ default: false })
+    @Expose()
+    isAllowedToGenerateApiKeys: boolean = false;
+
+    @OneToMany(() => UserApiKey, key => key.user)
+    apiKeys: UserApiKey[];
+
 }

package/src/enums/auth-type.enum.ts

@@ -1,4 +1,5 @@
 export enum AuthType {
     Bearer,
+    ApiKey,
     None,
 }

package/src/guards/api-key.guard.ts

@@ -0,0 +1,32 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { Request } from 'express';
+import { REQUEST_USER_KEY } from 'src/constants';
+import { ApiKeyService } from 'src/services/api-key.service';
+import { ClsService } from 'nestjs-cls';
+
+@Injectable()
+export class ApiKeyGuard implements CanActivate {
+    constructor(
+        private readonly apiKeyService: ApiKeyService,
+        private readonly cls: ClsService,
+    ) {}
+
+    async canActivate(context: ExecutionContext): Promise<boolean> {
+        const request = context.switchToHttp().getRequest<Request>();
+        const rawKey = this.extractKeyFromHeader(request);
+
+        if (!rawKey) {
+            throw new UnauthorizedException();
+        }
+
+        const activeUser = await this.apiKeyService.validate(rawKey);
+        request[REQUEST_USER_KEY] = activeUser;
+        this.cls.set(REQUEST_USER_KEY, activeUser);
+
+        return true;
+    }
+
+    private extractKeyFromHeader(request: Request): string | undefined {
+        return request.headers['solidx-api-key'] as string | undefined;
+    }
+}

package/src/guards/authentication.guard.ts

@@ -8,23 +8,26 @@ import { Reflector } from '@nestjs/core';
 import { AUTH_TYPE_KEY } from '../decorators/auth.decorator';
 import { AuthType } from '../enums/auth-type.enum';
 import { AccessTokenGuard } from './access-token.guard';
+import { ApiKeyGuard } from './api-key.guard';
 import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
 import { PermissionMetadataService } from '../services/permission-metadata.service';
 import { ClsService } from 'nestjs-cls';
 
 @Injectable()
 export class AuthenticationGuard implements CanActivate {
-  private static readonly defaultAuthType = AuthType.Bearer;
+  private static readonly defaultAuthTypes = [AuthType.Bearer, AuthType.ApiKey];
   private readonly authTypeGuardMap: Record<
     AuthType,
     CanActivate | CanActivate[]> = {
       [AuthType.Bearer]: this.accessTokenGuard,
+      [AuthType.ApiKey]: this.apiKeyGuard,
       [AuthType.None]: { canActivate: () => true },
     };
 
   constructor(
     private readonly reflector: Reflector,
     private readonly accessTokenGuard: AccessTokenGuard,
+    private readonly apiKeyGuard: ApiKeyGuard,
     private readonly permissionService: PermissionMetadataService,
     private readonly cls: ClsService,
   ) { }
@@ -49,7 +52,7 @@ export class AuthenticationGuard implements CanActivate {
       return true;
     }
 
-    // TODO: Check if this permission viz. contextPermission is listed in the Public role. 
+    // TODO: Check if this permission viz. contextPermission is listed in the Public role.
     const contextPermission = `${context.getClass().name}.${context.getHandler().name}`;
 
     const permissionExistsInRole = await this.permissionService.permissionExistsInRole('Public', contextPermission)
@@ -61,7 +64,7 @@ export class AuthenticationGuard implements CanActivate {
     const authTypes = this.reflector.getAllAndOverride<AuthType[]>(
       AUTH_TYPE_KEY,
       [context.getHandler(), context.getClass()],
-    ) ?? [AuthenticationGuard.defaultAuthType];
+    ) ?? AuthenticationGuard.defaultAuthTypes;
     const guards = authTypes.map((type) => this.authTypeGuardMap[type]).flat();
     let error = new UnauthorizedException();
 

package/src/helpers/bootstrap.helper.ts

@@ -90,6 +90,21 @@ export async function bootstrapSolidApp(
   // Security headers
   app.use(helmet(buildDefaultSecurityHeaderOptions()));
 
+  // Nest's Swagger UI HTML injects inline styles; keep CSP strict elsewhere.
+  const isSwaggerPath = (path: string) =>
+    path === '/docs' ||
+    path === '/docs/' ||
+    path.startsWith('/docs/') ||
+    path === '/docs-json' ||
+    path === '/docs-yaml';
+
+  app.use((req: Request, res: Response, next: NextFunction) => {
+    if (isSwaggerPath(req.path)) {
+      res.removeHeader('Content-Security-Policy');
+    }
+    next();
+  });
+
   // Permissions-Policy header
   app.use((_req: Request, res: Response, next: NextFunction) => {
     res.setHeader('Permissions-Policy', buildPermissionsPolicyHeader(permissionsPolicyOverrides));
@@ -127,7 +142,7 @@ export async function bootstrapSolidApp(
 
   // Swagger
   if (swagger !== false) {
-    const { title = 'Solid Starters', description = 'Solid Starters API', version = '1.0' } = swagger;
+    const { title = process.env.SOLID_APP_NAME, description = process.env.SOLID_APP_DESCRIPTION, version = '1.0' } = swagger;
     const swaggerConfig = new DocumentBuilder()
       .setTitle(title)
       .setDescription(description)

package/src/helpers/field-crud-managers/SelectionDynamicFieldCrudManager.ts

@@ -128,14 +128,25 @@ export class SelectionDynamicFieldCrudManager implements FieldCrudManager {
     }
 
     private providerInstance<T extends ISelectionProviderContext>(selectionDynamicProvider: string): ISelectionProvider<T> {
-        const provider = this.options.discoveryService
-            .getProviders()
-            .filter((provider) => provider.name === selectionDynamicProvider)
-            .pop();
-        if (!provider) {
+        const providers = this.options.discoveryService.getProviders();
+
+        const byToken = providers.find((p) => p.name === selectionDynamicProvider);
+        if (byToken) {
+            return byToken.instance as ISelectionProvider<T>;
+        }
+
+        const byName = providers.find((p) => {
+            try {
+                return typeof p.instance?.name === 'function' && p.instance.name() === selectionDynamicProvider;
+            } catch {
+                return false;
+            }
+        });
+
+        if (!byName) {
             throw new Error(`Provider for ${selectionDynamicProvider} not found`);
         }
-        return provider.instance as ISelectionProvider<T>;
+        return byName.instance as ISelectionProvider<T>;
     }
 
     private isApplyRequiredValidation(): boolean {

package/src/helpers/typeorm-db-helper.ts

@@ -32,6 +32,14 @@ const SIMPLE_JSON_LARGE_TEXT_MAP: Record<DatasourceType, ColumnOptions> = {
     [DatasourceType.oracle]: { type: "clob" },
 };
 
+const DECIMAL_MAP: Record<DatasourceType, ColumnOptions> = {
+    [DatasourceType.postgres]: { type: "float4" },
+    [DatasourceType.mssql]: { type: "float" },
+    [DatasourceType.mysql]: { type: "float" },
+    [DatasourceType.mariadb]: { type: "float" },
+    [DatasourceType.oracle]: { type: "float" },
+};
+
 const solidCoreDbType: DatasourceType =
     Object.values(DatasourceType).includes(process.env.SOLID_CORE_DB_TYPE as DatasourceType)
         ? (process.env.SOLID_CORE_DB_TYPE as DatasourceType)
@@ -46,6 +54,9 @@ export function getColumnType(solidType: string): ColumnOptions {
         case "simpleJsonLargeText":
             return SIMPLE_JSON_LARGE_TEXT_MAP[solidCoreDbType];
 
+        case "decimal":
+            return DECIMAL_MAP[solidCoreDbType];
+
         default:
             return {};
     }

package/src/index.ts

@@ -126,6 +126,7 @@ export * from './entities/permission-metadata.entity'
 export * from './entities/role-metadata.entity'
 export * from './entities/sms-template.entity'
 export * from './entities/user.entity'
+export * from './entities/user-api-key.entity'
 export * from './entities/view-metadata.entity'
 export * from './entities/setting.entity'
 export * from './entities/saved-filters.entity'

package/src/repository/user-api-key.repository.ts

@@ -0,0 +1,17 @@
+import { Injectable } from '@nestjs/common';
+import { UserApiKey } from 'src/entities/user-api-key.entity';
+import { RequestContextService } from 'src/services/request-context.service';
+import { DataSource } from 'typeorm';
+import { SecurityRuleRepository } from './security-rule.repository';
+import { SolidBaseRepository } from './solid-base.repository';
+
+@Injectable()
+export class UserApiKeyRepository extends SolidBaseRepository<UserApiKey> {
+    constructor(
+        readonly dataSource: DataSource,
+        readonly requestContextService: RequestContextService,
+        readonly securityRuleRepository: SecurityRuleRepository,
+    ) {
+        super(UserApiKey, dataSource, requestContextService, securityRuleRepository);
+    }
+}

package/src/seeders/module-test-data.service.ts

@@ -2,15 +2,19 @@ import { Injectable, Logger } from '@nestjs/common';
 import { DiscoveryService, ModuleRef } from '@nestjs/core';
 import { getDataSourceToken } from '@nestjs/typeorm';
 import { classify } from '@angular-devkit/core/src/utils/strings';
-import { DataSource } from 'typeorm';
+import { DataSource, EntityManager } from 'typeorm';
 import * as fs from 'fs';
 import * as path from 'path';
 
 import solidCoreMetadata from './seed-data/solid-core-metadata.json';
 import { CreateModuleMetadataDto } from 'src/dtos/create-module-metadata.dto';
 import { CreateModelMetadataDto } from 'src/dtos/create-model-metadata.dto';
+import { MediaStorageProviderType } from 'src/dtos/create-media-storage-provider-metadata.dto';
 import { getDynamicModuleNamesBasedOnMetadata } from 'src/helpers/module.helper';
 import { SolidRegistry } from 'src/helpers/solid-registry';
+import { MediaRepository } from 'src/repository/media.repository';
+import { ModelMetadataService } from 'src/services/model-metadata.service';
+import { getMediaStorageProvider } from 'src/services/mediaStorageProviders';
 
 @Injectable()
 export class ModuleTestDataService {
@@ -185,7 +189,7 @@ export class ModuleTestDataService {
       throw new Error('Module metadata missing from test data payload.');
     }
 
-    // console.log(JSON.stringify(moduleMetadata, null, 2));    
+    // console.log(JSON.stringify(moduleMetadata, null, 2));
 
     const testingData: Array<{ modelUserKey: string; data: Record<string, any> }> = overallMetadata?.testing?.data ?? [];
     if (testingData.length === 0) {
@@ -243,19 +247,174 @@ export class ModuleTestDataService {
         }
       }
 
+      // Strip media fields from entity payload — file paths cannot be saved as columns
+      const mediaPayload: Record<string, string> = {};
+      for (const field of modelDef.fields ?? []) {
+        if ((field.type === 'mediaSingle' || field.type === 'mediaMultiple') && payload[field.name] !== undefined) {
+          mediaPayload[field.name] = payload[field.name] as string;
+          delete payload[field.name];
+        }
+      }
+
+      // Strip many-to-many and one-to-many fields — these are resolved post-save via the relation builder
+      const multiRelationPayload: Array<{ field: any; userKeys: string[] }> = [];
+      for (const field of modelDef.fields ?? []) {
+        if (field.type !== 'relation') continue;
+        if (field.relationType !== 'many-to-many' && field.relationType !== 'one-to-many') continue;
+
+        const userKeysProp = `${field.name}UserKeys`;
+        if (userKeysProp in payload && Array.isArray(payload[userKeysProp])) {
+          multiRelationPayload.push({ field, userKeys: payload[userKeysProp] });
+          delete payload[userKeysProp];
+        }
+        // Remove raw field value if accidentally present
+        delete payload[field.name];
+      }
+
+      // Upsert entity, capturing the saved result for post-save steps
+      let savedEntity: any;
       const userKeyField = modelDef.userKeyFieldUserKey;
       if (userKeyField && payload[userKeyField] !== undefined) {
         const existing = await entityRepo.findOne({
           where: { [userKeyField]: payload[userKeyField] },
         });
         if (existing) {
-          await entityRepo.save(entityRepo.merge(existing, payload));
-          continue;
+          savedEntity = await entityRepo.save(entityRepo.merge(existing, payload));
+        } else {
+          savedEntity = await entityRepo.save(entityRepo.create(payload));
         }
+      } else {
+        savedEntity = await entityRepo.save(entityRepo.create(payload));
+      }
+
+      if (multiRelationPayload.length > 0) {
+        await this.seedMultiRelations(savedEntity.id, modelUserKey, multiRelationPayload, modelsByName);
+      }
+
+      if (Object.keys(mediaPayload).length > 0) {
+        await this.seedEntityMedia(savedEntity.id, modelUserKey, mediaPayload);
+      }
+    }
+  }
+
+  private async seedMultiRelations(
+    entityId: number,
+    modelUserKey: string,
+    relations: Array<{ field: any; userKeys: string[] }>,
+    modelsByName: Map<string, CreateModelMetadataDto>,
+  ): Promise<void> {
+    for (const { field, userKeys } of relations) {
+      if (!userKeys.length) continue;
+
+      const coModelName = field.relationCoModelSingularName;
+      const coModelDef = modelsByName.get(coModelName);
+      if (!coModelDef) {
+        throw new Error(`Relation model "${coModelName}" not found in metadata for field ${modelUserKey}.${field.name}`);
+      }
+      const coUserKeyField = coModelDef.userKeyFieldUserKey;
+      if (!coUserKeyField) {
+        throw new Error(`Relation model "${coModelName}" is missing userKeyFieldUserKey, needed to resolve ${modelUserKey}.${field.name}`);
+      }
+
+      const coRepo = this.resolveRepository(coModelName);
+      const resolvedIds: number[] = [];
+      for (const uk of userKeys) {
+        const related = typeof coRepo.findOneByUserKey === 'function'
+          ? await coRepo.findOneByUserKey(uk)
+          : await coRepo.findOne({ where: { [coUserKeyField]: uk } });
+        if (!related) {
+          throw new Error(`Related entity not found: ${coModelName}.${coUserKeyField}=${uk}`);
+        }
+        resolvedIds.push(related.id);
+      }
+
+      // Load currently associated entities to diff (set semantics — idempotent)
+      const existingRelated: any[] = await this.entityManager
+        .createQueryBuilder()
+        .relation(classify(modelUserKey), field.name)
+        .of(entityId)
+        .loadMany();
+      const existingIds: number[] = existingRelated.map((e) => e.id);
+
+      const toAdd = resolvedIds.filter((id) => !existingIds.includes(id));
+      const toRemove = existingIds.filter((id) => !resolvedIds.includes(id));
+
+      if (toAdd.length > 0 || toRemove.length > 0) {
+        await this.entityManager
+          .createQueryBuilder()
+          .relation(classify(modelUserKey), field.name)
+          .of(entityId)
+          .addAndRemove(toAdd, toRemove);
       }
 
-      await entityRepo.save(entityRepo.create(payload));
+      this.logger.debug(`Seeded ${field.relationType} relation ${modelUserKey}.${field.name} entityId=${entityId}: +${toAdd.length} -${toRemove.length}`);
+    }
+  }
+
+  private async seedEntityMedia(
+    entityId: number,
+    modelUserKey: string,
+    mediaPayload: Record<string, string>,
+  ): Promise<void> {
+    const mediaBasePath = process.env.TEST_UPLOADS_MEDIA_FILE_PATH;
+    if (!mediaBasePath) {
+      throw new Error('TEST_UPLOADS_MEDIA_FILE_PATH is not set. Cannot seed test media.');
     }
+
+    const modelMetadata = await this.modelMetadataService.findOneBySingularName(modelUserKey, {
+      fields: {
+        model: { userKeyField: true },
+        mediaStorageProvider: true,
+      },
+    });
+
+    for (const [fieldName, fileName] of Object.entries(mediaPayload)) {
+      if (!fileName) continue;
+
+      const fieldMetadata = modelMetadata.fields.find((f) => f.name === fieldName);
+      if (!fieldMetadata) {
+        throw new Error(`Media field "${fieldName}" not found in loaded metadata for model ${modelUserKey}`);
+      }
+      if (!fieldMetadata.mediaStorageProvider) {
+        throw new Error(`Media field "${fieldName}" in model ${modelUserKey} has no storage provider configured`);
+      }
+
+      const storageProviderType = fieldMetadata.mediaStorageProvider.type as MediaStorageProviderType;
+      if (storageProviderType !== MediaStorageProviderType.Filesystem) {
+        throw new Error(`Test media seeding supports filesystem storage only. Field "${fieldName}" uses "${storageProviderType}".`);
+      }
+
+      // Idempotency: skip if media already exists for this entity + field
+      const existing = await this.mediaRepository.findByEntityIdAndFieldIdAndModelMetadataId(
+        entityId, fieldMetadata.id, fieldMetadata.model.id,
+      );
+      if (existing.length > 0) {
+        this.logger.debug(`Media already seeded for ${modelUserKey}.${fieldName} entityId=${entityId}, skipping`);
+        continue;
+      }
+
+      const sourcePath = path.join(mediaBasePath, fileName);
+      if (!fs.existsSync(sourcePath)) {
+        throw new Error(`Test media file not found: ${sourcePath}`);
+      }
+
+      const storageProvider = await getMediaStorageProvider(this.moduleRef, storageProviderType);
+      const stream = fs.createReadStream(sourcePath);
+      await storageProvider.storeStreams([[stream, fileName]], { id: entityId }, fieldMetadata);
+      this.logger.debug(`Seeded media for ${modelUserKey}.${fieldName} entityId=${entityId} file=${fileName}`);
+    }
+  }
+
+  private get entityManager(): EntityManager {
+    return this.moduleRef.get(EntityManager, { strict: false });
+  }
+
+  private get modelMetadataService(): ModelMetadataService {
+    return this.moduleRef.get(ModelMetadataService, { strict: false });
+  }
+
+  private get mediaRepository(): MediaRepository {
+    return this.moduleRef.get(MediaRepository, { strict: false });
   }
 
   private resolveRepository(modelUserKey: string): any {
@@ -308,7 +467,7 @@ export class ModuleTestDataService {
         if (!trimmed || trimmed.startsWith('#') || !trimmed.includes('=')) {
           return line;
         }
-        const [rawKey, ...rest] = line.split('=');
+        const [rawKey] = line.split('=');
         const key = rawKey.trim();
         if (!key.endsWith('_DATABASE_NAME')) {
           return line;