@valbuild/server 0.72.3 → 0.73.0

package/dist/valbuild-server.esm.js

@@ -1,7 +1,7 @@
 import { newQuickJSWASMModule } from 'quickjs-emscripten';
 import ts from 'typescript';
 import { result, pipe } from '@valbuild/core/fp';
-import { FILE_REF_PROP, FILE_REF_SUBTYPE_TAG, derefPatch, Internal, Schema, ImageSchema, RichTextSchema, FileSchema, VAL_EXTENSION } from '@valbuild/core';
+import { FILE_REF_PROP, FILE_REF_SUBTYPE_TAG, VAL_EXTENSION, derefPatch, Internal, Schema, ImageSchema, RichTextSchema, FileSchema, DEFAULT_VAL_REMOTE_HOST } from '@valbuild/core';
 import { deepEqual, isNotRoot, PatchError, parseAndValidateArrayIndex, applyPatch, JSONOps, deepClone, sourceToPatchPath } from '@valbuild/core/patch';
 import * as fsPath from 'path';
 import fsPath__default from 'path';
@@ -14,6 +14,8 @@ import crypto$1 from 'crypto';
 import { z } from 'zod';
 import sizeOf from 'image-size';
 import { fromError, fromZodError } from 'zod-validation-error';
+import http from 'http';
+import https from 'https';
 
 class ValSyntaxError {
   constructor(message, node) {
@@ -65,7 +67,7 @@ function validateObjectProperties(nodes) {
  * validating its children.
  */
 function shallowValidateExpression(value) {
-  return ts.isStringLiteralLike(value) || ts.isNumericLiteral(value) || value.kind === ts.SyntaxKind.TrueKeyword || value.kind === ts.SyntaxKind.FalseKeyword || value.kind === ts.SyntaxKind.NullKeyword || ts.isArrayLiteralExpression(value) || ts.isObjectLiteralExpression(value) || isValFileMethodCall(value) || isValImageMethodCall(value) ? undefined : new ValSyntaxError("Expression must be a literal or call c.file", value);
+  return ts.isStringLiteralLike(value) || ts.isNumericLiteral(value) || value.kind === ts.SyntaxKind.TrueKeyword || value.kind === ts.SyntaxKind.FalseKeyword || value.kind === ts.SyntaxKind.NullKeyword || ts.isArrayLiteralExpression(value) || ts.isObjectLiteralExpression(value) || isValFileMethodCall(value) || isValImageMethodCall(value) || isValRemoteMethodCall(value) ? undefined : new ValSyntaxError("Expression must be a literal or call c.file / c.image / c.remote", value);
 }
 
 /**
@@ -123,8 +125,23 @@ function evaluateExpression(value) {
         });
       }
     }));
+  } else if (isValRemoteMethodCall(value)) {
+    return pipe(findValRemoteNodeArg(value), result.flatMap(ref => {
+      if (value.arguments.length === 2) {
+        return pipe(evaluateExpression(value.arguments[1]), result.map(metadata => ({
+          [FILE_REF_PROP]: ref.text,
+          _type: "remote",
+          metadata
+        })));
+      } else {
+        return result.ok({
+          [FILE_REF_PROP]: ref.text,
+          _type: "remote"
+        });
+      }
+    }));
   } else {
-    return result.err(new ValSyntaxError("Expression must be a literal or call c.file", value));
+    return result.err(new ValSyntaxError("Expression must be a literal or call c.file / c.image / c.remote", value));
   }
 }
 function findObjectPropertyAssignment(value, key) {
@@ -144,6 +161,9 @@ function isValFileMethodCall(node) {
 function isValImageMethodCall(node) {
   return ts.isCallExpression(node) && ts.isPropertyAccessExpression(node.expression) && ts.isIdentifier(node.expression.expression) && node.expression.expression.text === "c" && node.expression.name.text === "image";
 }
+function isValRemoteMethodCall(node) {
+  return ts.isCallExpression(node) && ts.isPropertyAccessExpression(node.expression) && ts.isIdentifier(node.expression.expression) && node.expression.expression.text === "c" && node.expression.name.text === "remote";
+}
 function findValFileNodeArg(node) {
   if (node.arguments.length === 0) {
     return result.err(new ValSyntaxError(`Invalid c.file() call: missing ref argument`, node));
@@ -155,6 +175,17 @@ function findValFileNodeArg(node) {
   const refNode = node.arguments[0];
   return result.ok(refNode);
 }
+function findValRemoteNodeArg(node) {
+  if (node.arguments.length === 0) {
+    return result.err(new ValSyntaxError(`Invalid c.remote() call: missing ref argument`, node));
+  } else if (node.arguments.length > 2) {
+    return result.err(new ValSyntaxError(`Invalid c.remote() call: too many arguments ${node.arguments.length}}`, node));
+  } else if (!ts.isStringLiteral(node.arguments[0])) {
+    return result.err(new ValSyntaxError(`Invalid c.remote() call: ref must be a string literal`, node));
+  }
+  const refNode = node.arguments[0];
+  return result.ok(refNode);
+}
 function findValImageNodeArg(node) {
   if (node.arguments.length === 0) {
     return result.err(new ValSyntaxError(`Invalid c.image() call: missing ref argument`, node));
@@ -192,6 +223,19 @@ function findValImageMetadataArg(node) {
   }
   return result.ok(undefined);
 }
+function findValRemoteMetadataArg(node) {
+  if (node.arguments.length === 0) {
+    return result.err(new ValSyntaxError(`Invalid c.remote() call: missing ref argument`, node));
+  } else if (node.arguments.length > 2) {
+    return result.err(new ValSyntaxError(`Invalid c.remote() call: too many arguments ${node.arguments.length}}`, node));
+  } else if (node.arguments.length === 2) {
+    if (!ts.isObjectLiteralExpression(node.arguments[1])) {
+      return result.err(new ValSyntaxError(`Invalid c.remote() call: metadata must be a object literal`, node));
+    }
+    return result.ok(node.arguments[1]);
+  }
+  return result.ok(undefined);
+}
 
 /**
  * Given a list of expressions, validates that all the expressions are not
@@ -293,6 +337,13 @@ function createValImageReference(value) {
   }
   return ts.factory.createCallExpression(ts.factory.createPropertyAccessExpression(ts.factory.createIdentifier("c"), ts.factory.createIdentifier("image")), undefined, args);
 }
+function createValRemoteReference(value) {
+  const args = [ts.factory.createStringLiteral(value[FILE_REF_PROP])];
+  if (value.metadata) {
+    args.push(toExpression(value.metadata));
+  }
+  return ts.factory.createCallExpression(ts.factory.createPropertyAccessExpression(ts.factory.createIdentifier("c"), ts.factory.createIdentifier("remote")), undefined, args);
+}
 function toExpression(value) {
   if (typeof value === "string") {
     // TODO: Use configuration/heuristics to determine use of single quote or double quote
@@ -325,6 +376,9 @@ function toExpression(value) {
     if (isValImageValue(value)) {
       return createValImageReference(value);
     }
+    if (isValRemoteValue(value)) {
+      return createValRemoteReference(value);
+    }
     return ts.factory.createObjectLiteralExpression(Object.entries(value).map(([key, value]) => createPropertyAssignment(key, value)));
   } else {
     return ts.factory.createStringLiteral(value);
@@ -496,6 +550,25 @@ function replaceInNode(document, node, key, value) {
         ts.factory.createObjectLiteralExpression([ts.factory.createPropertyAssignment(key, metadataArgNode)]), key, value);
       }));
     }
+  } else if (isValRemoteMethodCall(node)) {
+    if (key === FILE_REF_PROP) {
+      if (typeof value !== "string") {
+        return result.err(new PatchError("Cannot replace c.image reference with non-string value"));
+      }
+      return pipe(findValRemoteNodeArg(node), result.map(refNode => replaceNodeValue(document, refNode, value)));
+    } else {
+      return pipe(findValRemoteMetadataArg(node), result.flatMap(metadataArgNode => {
+        if (!metadataArgNode) {
+          return result.err(new PatchError("Cannot replace in c.remote metadata when it does not exist"));
+        }
+        if (key !== "metadata") {
+          return result.err(new PatchError(`Cannot replace c.remote metadata key ${key} when it does not exist`));
+        }
+        return replaceInNode(document,
+        // TODO: creating a fake object here might not be right - seems to work though
+        ts.factory.createObjectLiteralExpression([ts.factory.createPropertyAssignment(key, metadataArgNode)]), key, value);
+      }));
+    }
   } else {
     return result.err(shallowValidateExpression(node) ?? new PatchError("Cannot replace in non-object/array"));
   }
@@ -522,6 +595,11 @@ function getFromNode(node, key) {
       return findValImageNodeArg(node);
     }
     return findValImageMetadataArg(node);
+  } else if (isValRemoteMethodCall(node)) {
+    if (key === FILE_REF_PROP) {
+      return findValRemoteNodeArg(node);
+    }
+    return findValRemoteMetadataArg(node);
   } else {
     return result.err(shallowValidateExpression(node) ?? new PatchError("Cannot access non-object/array"));
   }
@@ -567,7 +645,7 @@ function removeFromNode(document, node, key) {
     }
   } else if (isValImageMethodCall(node)) {
     if (key === FILE_REF_PROP) {
-      return result.err(new PatchError("Cannot remove a ref from c.file"));
+      return result.err(new PatchError("Cannot remove a ref from c.image"));
     } else {
       return pipe(findValImageMetadataArg(node), result.flatMap(metadataArgNode => {
         if (!metadataArgNode) {
@@ -576,6 +654,17 @@ function removeFromNode(document, node, key) {
         return removeFromNode(document, metadataArgNode, key);
       }));
     }
+  } else if (isValRemoteMethodCall(node)) {
+    if (key === FILE_REF_PROP) {
+      return result.err(new PatchError("Cannot remove a ref from c.remote"));
+    } else {
+      return pipe(findValRemoteMetadataArg(node), result.flatMap(metadataArgNode => {
+        if (!metadataArgNode) {
+          return result.err(new PatchError("Cannot remove from c.remote metadata when it does not exist"));
+        }
+        return removeFromNode(document, metadataArgNode, key);
+      }));
+    }
   } else {
     return result.err(shallowValidateExpression(node) ?? new PatchError("Cannot remove from non-object/array"));
   }
@@ -584,18 +673,13 @@ function removeAtPath(document, rootNode, path) {
   return pipe(getPointerFromPath(rootNode, path), result.flatMap(([node, key]) => removeFromNode(document, node, key)));
 }
 function isValFileValue(value) {
-  return !!(typeof value === "object" && value &&
-  // TODO: replace the below with this:
-  // VAL_EXTENSION in value &&
-  // value[VAL_EXTENSION] === "file" &&
-  FILE_REF_PROP in value && typeof value[FILE_REF_PROP] === "string" && value[FILE_REF_SUBTYPE_TAG] !== "image");
+  return !!(typeof value === "object" && value && VAL_EXTENSION in value && value[VAL_EXTENSION] === "file" && FILE_REF_PROP in value && typeof value[FILE_REF_PROP] === "string" && value[FILE_REF_SUBTYPE_TAG] !== "image");
 }
 function isValImageValue(value) {
-  return !!(typeof value === "object" && value &&
-  // TODO: replace the below with this:
-  // VAL_EXTENSION in value &&
-  // value[VAL_EXTENSION] === "file" &&
-  FILE_REF_PROP in value && typeof value[FILE_REF_PROP] === "string" && value[FILE_REF_SUBTYPE_TAG] === "image");
+  return !!(typeof value === "object" && value && VAL_EXTENSION in value && value[VAL_EXTENSION] === "file" && FILE_REF_PROP in value && typeof value[FILE_REF_PROP] === "string" && value[FILE_REF_SUBTYPE_TAG] === "image");
+}
+function isValRemoteValue(value) {
+  return !!(typeof value === "object" && value && VAL_EXTENSION in value && value[VAL_EXTENSION] === "remote" && FILE_REF_PROP in value && typeof value[FILE_REF_PROP] === "string");
 }
 function addToNode(document, node, key, value) {
   if (ts.isArrayLiteralExpression(node)) {
@@ -645,6 +729,23 @@ function addToNode(document, node, key, value) {
         return result.ok([insertAt(document, node.arguments, node.arguments.length, toExpression(value))]);
       }));
     }
+  } else if (isValRemoteMethodCall(node)) {
+    if (key === FILE_REF_PROP) {
+      if (typeof value !== "string") {
+        return result.err(new PatchError(`Cannot add ${FILE_REF_PROP} key to c.remote with non-string value`));
+      }
+      return pipe(findValRemoteNodeArg(node), result.map(arg => replaceNodeValue(document, arg, value)));
+    } else {
+      return pipe(findValRemoteMetadataArg(node), result.flatMap(metadataArgNode => {
+        if (metadataArgNode) {
+          return result.err(new PatchError("Cannot add metadata to c.remote when it already exists"));
+        }
+        if (key !== "metadata") {
+          return result.err(new PatchError(`Cannot add ${key} key to c.remote: only metadata is allowed`));
+        }
+        return result.ok([insertAt(document, node.arguments, node.arguments.length, toExpression(value))]);
+      }));
+    }
   } else {
     return result.err(shallowValidateExpression(node) ?? new PatchError("Cannot add to non-object/array"));
   }
@@ -893,7 +994,7 @@ class ValSourceFileHandler {
       fs.mkdirSync(fsPath__default.dirname(fileName), {
         recursive: true
       });
-      fs.writeFileSync(fileName, data, encoding);
+      fs.writeFileSync(fileName, typeof data === "string" ? data : new Uint8Array(data), encoding);
     },
     rmFile: fs.rmSync
   }) {
@@ -943,7 +1044,7 @@ class ValModuleLoader {
       fs.mkdirSync(fsPath__default.dirname(fileName), {
         recursive: true
       });
-      fs.writeFileSync(fileName, data, encoding);
+      fs.writeFileSync(fileName, typeof data === "string" ? data : new Uint8Array(data), encoding);
     },
     rmFile: fs.rmSync
   }, disableCache = false) {
@@ -1235,7 +1336,7 @@ async function createService(projectRoot, opts, host = {
     fs.mkdirSync(fsPath__default.dirname(fileName), {
       recursive: true
     });
-    fs.writeFileSync(fileName, data, encoding);
+    fs.writeFileSync(fileName, typeof data === "string" ? data : new Uint8Array(data), encoding);
   },
   rmFile: fs.rmSync
 }, loader) {
@@ -1342,7 +1443,7 @@ function encodeJwt(payload, sessionKey) {
 }
 
 /* eslint-disable @typescript-eslint/no-unused-vars */
-const textEncoder$1 = new TextEncoder();
+const textEncoder$3 = new TextEncoder();
 const jsonOps = new JSONOps();
 const tsOps = new TSOps(document => {
   return pipe(analyzeValModule(document), result.map(({
@@ -1372,12 +1473,12 @@ class ValOps {
     if (typeof input === "object") {
       return this.hashObject(input);
     }
-    return Internal.getSHA256Hash(textEncoder$1.encode(input));
+    return Internal.getSHA256Hash(textEncoder$3.encode(input));
   }
   hashObject(obj) {
     const collector = [];
     this.collectObjectRecursive(obj, collector);
-    return Internal.getSHA256Hash(textEncoder$1.encode(collector.join("")));
+    return Internal.getSHA256Hash(textEncoder$3.encode(collector.join("")));
   }
   collectObjectRecursive(item, collector) {
     if (typeof item === "string") {
@@ -1546,7 +1647,10 @@ class ValOps {
       for (const op of patch.patch) {
         if (op.op === "file") {
           const filePath = op.filePath;
-          fileLastUpdatedByPatchId[filePath] = patch.patchId;
+          fileLastUpdatedByPatchId[filePath] = {
+            patchId: patch.patchId,
+            remote: op.remote
+          };
         }
         const path = patch.path;
         if (!patchesByModule[path]) {
@@ -1682,6 +1786,7 @@ class ValOps {
     };
     const errors = {};
     const files = {};
+    const remoteFiles = {};
     const entries = Object.entries(schemas);
     const modulePathsToValidate = patchesByModule && Object.keys(patchesByModule);
     for (const [pathS, schema] of entries) {
@@ -1723,7 +1828,7 @@ class ValOps {
         };
         if (validationErrors) {
           for (const validationError of validationErrors) {
-            var _validationError$fixe;
+            var _validationError$fixe, _validationError$fixe2, _validationError$fixe3;
             if (isOnlyFileCheckValidationError(validationError)) {
               if (files[sourcePath]) {
                 throw new Error("Cannot have multiple files with same path. Path: " + sourcePath + "; Module: " + path);
@@ -1732,7 +1837,9 @@ class ValOps {
               if (isFileSource(value)) {
                 files[sourcePath] = value;
               }
-            } else if ((_validationError$fixe = validationError.fixes) !== null && _validationError$fixe !== void 0 && _validationError$fixe.includes("keyof:check-keys")) {
+            } else if ((_validationError$fixe = validationError.fixes) !== null && _validationError$fixe !== void 0 && _validationError$fixe.includes("image:check-remote") || (_validationError$fixe2 = validationError.fixes) !== null && _validationError$fixe2 !== void 0 && _validationError$fixe2.includes("file:check-remote")) {
+              remoteFiles[sourcePath] = validationError.value;
+            } else if ((_validationError$fixe3 = validationError.fixes) !== null && _validationError$fixe3 !== void 0 && _validationError$fixe3.includes("keyof:check-keys")) {
               const TYPE_ERROR_MESSAGE = `This is most likely a Val version mismatch or Val bug.`;
               if (!validationError.value) {
                 addError({
@@ -1781,9 +1888,14 @@ class ValOps {
     }
     return {
       errors,
-      files
+      files,
+      remoteFiles
     };
   }
+  async validateRemoteFiles(schemas, sources, remoteFiles) {
+    // TODO: Implement
+    return {};
+  }
 
   // #region validateFiles
   async validateFiles(schemas, sources, files, fileLastUpdatedByPatchId) {
@@ -1831,13 +1943,13 @@ class ValOps {
       }
       const type = schemaAtPath instanceof ImageSchema ? "image" : "file";
       const filePath = value[FILE_REF_PROP];
-      const patchId = (fileLastUpdatedByPatchId === null || fileLastUpdatedByPatchId === void 0 ? void 0 : fileLastUpdatedByPatchId[filePath]) || null;
+      const fileData = (fileLastUpdatedByPatchId === null || fileLastUpdatedByPatchId === void 0 ? void 0 : fileLastUpdatedByPatchId[filePath]) || null;
       let metadata;
       let metadataErrors;
 
       // TODO: refactor so we call get metadata once instead of iterating like this. Reason: should be a lot faster
-      if (patchId) {
-        const patchFileMetadata = await this.getBase64EncodedBinaryFileMetadataFromPatch(filePath, type, patchId);
+      if (fileData) {
+        const patchFileMetadata = await this.getBase64EncodedBinaryFileMetadataFromPatch(filePath, type, fileData.patchId, fileData.remote);
         if (patchFileMetadata.errors) {
           metadataErrors = patchFileMetadata.errors;
         } else {
@@ -1857,7 +1969,7 @@ class ValOps {
             message: e.message,
             value: {
               filePath,
-              patchId
+              patchId: (fileData === null || fileData === void 0 ? void 0 : fileData.patchId) ?? null
             }
           }))
         };
@@ -2044,13 +2156,18 @@ class ValOps {
     }
     const patchedBinaryFilesDescriptors = {};
     const binaryFilePatchErrors = {};
-    await Promise.all(Object.entries(fileLastUpdatedByPatchId).map(async ([filePath, patchId]) => {
+    await Promise.all(Object.entries(fileLastUpdatedByPatchId).map(async ([filePath, patchData]) => {
+      const {
+        patchId,
+        remote
+      } = patchData;
       if (globalAppliedPatches.includes(patchId)) {
         // TODO: do we want to make sure the file is there? Then again, it should be rare that it happens (unless there's a Val bug) so it might be enough to fail later (at commit)
         // TODO: include sha256? This way we can make sure we pick the right file since theoretically there could be multiple files with the same path in the same patch
         // or is that the case? We are picking the latest file by path so, that should be enough?
         patchedBinaryFilesDescriptors[filePath] = {
-          patchId
+          patchId,
+          remote
         };
       } else {
         hasErrors = true;
@@ -2145,18 +2262,20 @@ class ValOps {
             error: new PatchError("Value is not a string")
           };
         } else {
-          const sha256 = Internal.getSHA256Hash(textEncoder$1.encode(value));
+          const sha256 = Internal.getSHA256Hash(textEncoder$3.encode(value));
           files[filePath] = {
             value,
             sha256,
-            path: op.path
+            path: op.path,
+            remote: op.remote
           };
           sourceFileOps.push({
             op: "file",
             path: op.path,
             filePath,
             nestedFilePath: op.nestedFilePath,
-            value: sha256
+            value: sha256,
+            remote: op.remote
           });
         }
       }
@@ -2239,7 +2358,7 @@ class ValOps {
         const MaxRetries = 3;
         let lastRes;
         for (let i = 0; i < MaxRetries; i++) {
-          lastRes = await this.saveBase64EncodedBinaryFileFromPatch(filePath, parentRef, patchId, data.value, type, metadataOps.metadata);
+          lastRes = await this.saveBase64EncodedBinaryFileFromPatch(filePath, parentRef, patchId, data.value, type, metadataOps.metadata, data.remote);
           if (!lastRes.error) {
             return {
               filePath
@@ -2271,8 +2390,8 @@ class ValOps {
   // #region abstract ops
 }
 function isOnlyFileCheckValidationError(validationError) {
-  var _validationError$fixe2;
-  if ((_validationError$fixe2 = validationError.fixes) !== null && _validationError$fixe2 !== void 0 && _validationError$fixe2.every(f => f === "file:check-metadata" || f === "image:check-metadata")) {
+  var _validationError$fixe4;
+  if ((_validationError$fixe4 = validationError.fixes) !== null && _validationError$fixe4 !== void 0 && _validationError$fixe4.every(f => f === "file:check-metadata" || f === "image:check-metadata")) {
     return true;
   }
   return false;
@@ -2299,7 +2418,7 @@ function createMetadataFromBuffer(type, mimeType, buffer) {
       width,
       height,
       type
-    } = sizeOf(buffer);
+    } = sizeOf(new Uint8Array(buffer));
     const normalizedType = type === "jpg" ? "jpeg" : type === "svg" ? "svg+xml" : type;
     if (type !== undefined && `image/${normalizedType}` !== mimeType) {
       return {
@@ -2408,6 +2527,74 @@ function computeChangedPatchParentRefs(currentPatches, deletePatchIds) {
   };
 }
 
+function getFileExt(filePath) {
+  // NOTE: We do not import the path module. This code is copied in different projects. We want the same implementation and which means that this might running in browser where path is not available).
+  return filePath.split(".").pop() || "";
+}
+
+const textEncoder$2 = new TextEncoder();
+async function uploadRemoteFile(remoteHost, fileBuffer, publicProjectId, bucket, filePath, schema, metadata, auth) {
+  const fileHash = Internal.remote.getFileHash(fileBuffer);
+  const coreVersion = Internal.VERSION.core || "unknown";
+  const fileExt = getFileExt(filePath);
+  const ref = Internal.remote.createRemoteRef(remoteHost, {
+    publicProjectId,
+    coreVersion,
+    bucket,
+    validationHash: Internal.remote.getValidationHash(coreVersion, schema, fileExt, metadata, fileHash, textEncoder$2),
+    fileHash,
+    filePath
+  });
+  return uploadRemoteRef(fileBuffer, ref, auth);
+}
+async function uploadRemoteRef(fileBuffer, ref, auth) {
+  const authHeader = "apiKey" in auth ? {
+    Authorization: `Bearer ${auth.apiKey}`
+  } : {
+    "x-val-pat": auth.pat
+  };
+  const res = await fetch(ref, {
+    method: "PUT",
+    headers: {
+      ...authHeader,
+      "Content-Type": "application/octet-stream"
+    },
+    body: fileBuffer
+  });
+  if (!res.ok) {
+    var _res$headers$get;
+    if (res.status === 409) {
+      // File already exists
+      return {
+        success: true,
+        ref
+      };
+    }
+    if ((_res$headers$get = res.headers.get("content-type")) !== null && _res$headers$get !== void 0 && _res$headers$get.includes("application/json")) {
+      const json = await res.json();
+      if (json.message) {
+        return {
+          success: false,
+          error: `${ref}. Failed to upload file: ${json.message}.`
+        };
+      } else {
+        return {
+          success: false,
+          error: `${ref}. Failed to upload file: ${JSON.stringify(json)}.`
+        };
+      }
+    }
+    return {
+      success: false,
+      error: `${ref}. Failed to upload file: ${await res.text()}.`
+    };
+  }
+  return {
+    success: true,
+    ref
+  };
+}
+
 class ValOpsFS extends ValOps {
   static VAL_DIR = ".val";
   constructor(rootDir, valModules, options) {
@@ -2849,10 +3036,10 @@ class ValOpsFS extends ValOps {
       };
     }
   }
-  async saveBase64EncodedBinaryFileFromPatch(filePath, parentRef, patchId, data, _type, metadata) {
+  async saveBase64EncodedBinaryFileFromPatch(filePath, parentRef, patchId, data, _type, metadata, remote) {
     const patchDir = this.getParentPatchIdFromParentRef(parentRef);
-    const patchFilePath = this.getBinaryFilePath(filePath, patchDir);
-    const metadataFilePath = this.getBinaryFileMetadataPath(filePath, patchDir);
+    const patchFilePath = this.getBinaryFilePath(filePath, patchDir, remote);
+    const metadataFilePath = this.getBinaryFileMetadataPath(filePath, patchDir, remote);
     try {
       const buffer = bufferFromDataUrl(data);
       if (!buffer) {
@@ -2883,7 +3070,7 @@ class ValOpsFS extends ValOps {
       };
     }
   }
-  async getBase64EncodedBinaryFileMetadataFromPatch(filePath, type, patchId) {
+  async getBase64EncodedBinaryFileMetadataFromPatch(filePath, type, patchId, remote) {
     const patchDirRes = await this.getParentPatchIdFromPatchId(patchId);
     if (result.isErr(patchDirRes)) {
       return {
@@ -2892,7 +3079,7 @@ class ValOpsFS extends ValOps {
         }]
       };
     }
-    const metadataFilePath = this.getBinaryFileMetadataPath(filePath, patchDirRes.value);
+    const metadataFilePath = this.getBinaryFileMetadataPath(filePath, patchDirRes.value, remote);
     if (!this.host.fileExists(metadataFilePath)) {
       return {
         errors: [{
@@ -2932,7 +3119,10 @@ class ValOpsFS extends ValOps {
     if (!result.isOk(patchDirRes)) {
       return null;
     }
-    const absPath = this.getBinaryFilePath(filePath, patchDirRes.value);
+    const absPath = this.getBinaryFilePath(filePath, patchDirRes.value,
+    // We save remote remote files using the filepath (so not the remote reference) and we also retrieve them using the filepath. Therefore remote is always false
+    false // remote = false
+    );
     if (!this.host.fileExists(absPath)) {
       return null;
     }
@@ -2996,43 +3186,90 @@ class ValOpsFS extends ValOps {
       }
     }
   }
-  async saveFiles(preparedCommit) {
+  async saveOrUploadFiles(preparedCommit, auth, testMode) {
     const updatedFiles = [];
+    const uploadedRemoteRefs = [];
     const errors = {};
-    for (const [filePath, data] of Object.entries(preparedCommit.patchedSourceFiles)) {
-      const absPath = fsPath__default.join(this.rootDir, ...filePath.split("/"));
-      try {
-        this.host.writeUf8File(absPath, data);
-        updatedFiles.push(absPath);
-      } catch (err) {
-        errors[absPath] = {
-          message: err instanceof Error ? err.message : "Unknown error",
-          filePath
+    const remoteFileDescriptors = Object.entries(preparedCommit.patchedBinaryFilesDescriptors).filter(([, {
+      remote
+    }]) => remote).map(([ref, {
+      patchId
+    }]) => [ref, {
+      patchId
+    }]);
+    const localFileDescriptors = Object.entries(preparedCommit.patchedBinaryFilesDescriptors).filter(([, {
+      remote
+    }]) => !remote).map(([ref, {
+      patchId
+    }]) => [ref, {
+      patchId
+    }]);
+    for (const [ref, {
+      patchId
+    }] of remoteFileDescriptors) {
+      const splitRemoteRefRes = Internal.remote.splitRemoteRef(ref);
+      if (splitRemoteRefRes.status === "error") {
+        errors[ref] = {
+          message: "Failed to split remote ref: " + ref
+        };
+        continue;
+      }
+      const fileBuffer = await this.getBase64EncodedBinaryFileFromPatch(splitRemoteRefRes.filePath, patchId);
+      if (!fileBuffer) {
+        errors[ref] = {
+          message: "Failed to get binary file from patch. Ref: " + ref + ". PatchId: " + patchId
         };
+        continue;
+      }
+      if (testMode === "test-skip-remote") {
+        console.log("Skip remote flag enabled. Skipping file upload", ref);
+        continue;
       }
+      console.log("Uploading remote file", ref);
+      const res = await uploadRemoteRef(fileBuffer, ref, auth);
+      if (!res.success) {
+        console.error("Failed to upload remote file", ref, res.error);
+        throw new Error(`Failed to upload remote file: ${ref}. ${res.error}`);
+      }
+      console.log("Completed remote file", ref);
+      uploadedRemoteRefs.push(ref);
     }
     const patchIdToPatchDirMapRes = await this.getParentPatchIdFromPatchIdMap();
     if (result.isErr(patchIdToPatchDirMapRes)) {
       return {
         updatedFiles,
+        uploadedRemoteRefs,
         errors
       };
     }
     const patchIdToPatchDirMap = patchIdToPatchDirMapRes.value;
-    for (const [filePath, {
+    for (const [ref, {
       patchId
-    }] of Object.entries(preparedCommit.patchedBinaryFilesDescriptors)) {
+    }] of localFileDescriptors) {
+      const filePath = ref;
       const absPath = fsPath__default.join(this.rootDir, ...filePath.split("/"));
       try {
         const patchDir = patchIdToPatchDirMap[patchId];
         if (!patchDir) {
           errors[absPath] = {
             message: "Failed to find PatchDir for PatchId " + patchId,
-            filePath
+            filePath: filePath
           };
           continue;
         }
-        this.host.copyFile(this.getBinaryFilePath(filePath, patchDir), absPath);
+        this.host.copyFile(this.getBinaryFilePath(filePath, patchDir, false), absPath);
+        updatedFiles.push(absPath);
+      } catch (err) {
+        errors[absPath] = {
+          message: err instanceof Error ? err.message : "Unknown error",
+          filePath: filePath
+        };
+      }
+    }
+    for (const [filePath, data] of Object.entries(preparedCommit.patchedSourceFiles)) {
+      const absPath = fsPath__default.join(this.rootDir, ...filePath.split("/"));
+      try {
+        this.host.writeUf8File(absPath, data);
         updatedFiles.push(absPath);
       } catch (err) {
         errors[absPath] = {
@@ -3065,6 +3302,7 @@ class ValOpsFS extends ValOps {
     }
     return {
       updatedFiles,
+      uploadedRemoteRefs,
       errors
     };
   }
@@ -3133,10 +3371,26 @@ class ValOpsFS extends ValOps {
   getFullPatchDir(patchDir) {
     return fsPath__default.join(this.getPatchesDir(), patchDir);
   }
-  getBinaryFilePath(filePath, patchDir) {
+  getBinaryFilePath(filePath, patchDir, remote) {
+    if (remote) {
+      const res = Internal.remote.splitRemoteRef(filePath);
+      if (res.status === "error") {
+        throw new Error("Failed to split remote ref: " + filePath);
+      }
+      const actualFilePath = res.filePath;
+      return fsPath__default.join(this.getFullPatchDir(patchDir), "files", actualFilePath, fsPath__default.basename(actualFilePath));
+    }
     return fsPath__default.join(this.getFullPatchDir(patchDir), "files", filePath, fsPath__default.basename(filePath));
   }
-  getBinaryFileMetadataPath(filePath, patchDir) {
+  getBinaryFileMetadataPath(filePath, patchDir, remote) {
+    if (remote) {
+      const res = Internal.remote.splitRemoteRef(filePath);
+      if (res.status === "error") {
+        throw new Error("Failed to split remote ref (in metadata path): " + filePath);
+      }
+      const actualFilePath = res.filePath;
+      return fsPath__default.join(this.getFullPatchDir(patchDir), "files", actualFilePath, fsPath__default.basename(actualFilePath));
+    }
     return fsPath__default.join(this.getFullPatchDir(patchDir), "files", filePath, "metadata.json");
   }
   getPatchFilePath(patchDir) {
@@ -3216,7 +3470,7 @@ class FSOpsHost {
     fs.mkdirSync(fsPath__default.dirname(path), {
       recursive: true
     });
-    fs.writeFileSync(path, data, "base64url");
+    fs.writeFileSync(path, new Uint8Array(data), "base64url");
   }
   copyFile(from, to) {
     fs.mkdirSync(fsPath__default.dirname(to), {
@@ -3240,7 +3494,7 @@ const FSPatchBase = z.object({
   timestamp: z.string().datetime()
 });
 
-const textEncoder = new TextEncoder();
+const textEncoder$1 = new TextEncoder();
 const PatchId = z.string().refine(s => !!s); // TODO: validate
 const CommitSha = z.string().refine(s => !!s); // TODO: validate
 z.string().refine(s => !!s); // TODO: validate
@@ -3287,7 +3541,8 @@ const FilesResponse = z.object({
     filePath: z.string(),
     location: z.literal("patch"),
     patchId: PatchId,
-    value: z.string()
+    value: z.string(),
+    remote: z.boolean()
   }), z.object({
     filePath: z.string(),
     location: z.literal("repo"),
@@ -3298,7 +3553,8 @@ const FilesResponse = z.object({
     filePath: z.string(),
     location: z.literal("patch"),
     patchId: PatchId,
-    message: z.string()
+    message: z.string(),
+    remote: z.boolean()
   }), z.object({
     filePath: z.string(),
     location: z.literal("repo"),
@@ -3734,7 +3990,23 @@ class ValOpsHttp extends ValOps {
       });
     });
   }
-  async saveBase64EncodedBinaryFileFromPatch(filePath, parentRef, patchId, data, type, metadata) {
+  async saveBase64EncodedBinaryFileFromPatch(filePathOrRef, _parentRef,
+  // this is required for the FS implementation, but not for the HTTP implementation (patchId is enough)
+  patchId, data, type, metadata, remote) {
+    let filePath;
+    if (remote) {
+      const splitRemoteRefDataRes = Internal.remote.splitRemoteRef(filePathOrRef);
+      if (splitRemoteRefDataRes.status === "error") {
+        return {
+          error: {
+            message: `Could not split remote ref: ${splitRemoteRefDataRes.error}`
+          }
+        };
+      }
+      filePath = "/" + splitRemoteRefDataRes.filePath;
+    } else {
+      filePath = filePathOrRef;
+    }
     return fetch(`${this.contentUrl}/v1/${this.project}/patches/${patchId}/files`, {
       method: "POST",
       headers: {
@@ -3742,10 +4014,11 @@ class ValOpsHttp extends ValOps {
         "Content-Type": "application/json"
       },
       body: JSON.stringify({
-        filePath: filePath,
+        filePath,
         data,
         type,
-        metadata
+        metadata,
+        remote
       })
     }).then(async res => {
       if (res.ok) {
@@ -3783,7 +4056,7 @@ class ValOpsHttp extends ValOps {
     });
     params.set("body_sha",
     // We use this for cache invalidation
-    Internal.getSHA256Hash(textEncoder.encode(stringifiedFiles)));
+    Internal.getSHA256Hash(textEncoder$1.encode(stringifiedFiles)));
     return fetch(`${this.contentUrl}/v1/${this.project}/files?${params}`, {
       method: "PUT",
       // Yes, PUT is weird. Weirder to have a body in a GET request.
@@ -3843,39 +4116,53 @@ class ValOpsHttp extends ValOps {
   }
   async getBinaryFile(filePath) {
     // We could also just get this from public/ on the running server. Current approach feels more clean, but will be slower / puts more server load... We might want to change this
-    const filesRes = await this.getHttpFiles([{
+    const requestFiles = [];
+    requestFiles.push({
       filePath: filePath,
       location: "repo",
       root: this.root,
       commitSha: this.commitSha
-    }]);
+    });
+    const filesRes = await this.getHttpFiles(requestFiles);
     if (filesRes.error) {
       return null;
     }
-    const file = filesRes.files.find(f => f.filePath === filePath);
+    const file = filesRes.files[0];
+    if (filesRes.files.length > 1) {
+      console.error("Expected 1 file, got more:", filesRes.files);
+    }
     if (!file) {
       return null;
     }
     return Buffer.from(file.value, "base64");
   }
-  async getBase64EncodedBinaryFileFromPatch(filePath, patchId) {
+  async getBase64EncodedBinaryFileFromPatch(filePath, patchId, remote) {
     const filesRes = await this.getHttpFiles([{
       filePath: filePath,
       location: "patch",
-      patchId
+      patchId,
+      remote
     }]);
     if (filesRes.error) {
+      console.error("Error getting file:", filePath, filesRes.error);
       return null;
     }
-    const file = filesRes.files.find(f => f.filePath === filePath);
+    if (filesRes.errors) {
+      console.error("Failed while retrieving files", filePath, filesRes.errors);
+    }
+    const file = filesRes.files[0];
+    if (filesRes.files.length > 1) {
+      console.error("Expected 1 file, got more:", filesRes.files);
+    }
     if (!file) {
       return null;
     }
     return bufferFromDataUrl(file.value) ?? null;
   }
-  async getBase64EncodedBinaryFileMetadataFromPatch(filePath, type, patchId) {
+  async getBase64EncodedBinaryFileMetadataFromPatch(filePath, type, patchId, remote) {
     const params = new URLSearchParams();
     params.set("file_path", filePath);
+    params.set("remote", remote.toString());
     try {
       const metadataRes = await fetch(`${this.contentUrl}/v1/${this.project}/patches/${patchId}/files?${params}`, {
         headers: {
@@ -4104,8 +4391,112 @@ class ValOpsHttp extends ValOps {
   }
 }
 
+const host = process.env.VAL_CONTENT_URL || "https://content.val.build";
+const SettingsSchema = z.object({
+  publicProjectId: z.string(),
+  remoteFileBuckets: z.array(z.object({
+    bucket: z.string()
+  }))
+});
+async function getSettings(projectName, auth) {
+  try {
+    const response = await fetch(`${host}/v1/${projectName}/settings`, {
+      headers: "pat" in auth ? {
+        "x-val-pat": auth.pat,
+        "Content-Type": "application/json"
+      } : {
+        Authorization: `Bearer ${auth.apiKey}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (response.status === 404) {
+      return {
+        success: false,
+        message: `Project ${projectName} not found. Verify that user has access to project and that it exists.`
+      };
+    }
+    if (response.status !== 200) {
+      return {
+        success: false,
+        message: `Failed to get project id: ${response.statusText}`
+      };
+    }
+    const json = await response.json();
+    const parseRes = SettingsSchema.safeParse(json);
+    if (!parseRes.success) {
+      return {
+        success: false,
+        message: `Failed to parse settings data: ${parseRes.error.message}`
+      };
+    }
+    return {
+      success: true,
+      data: parseRes.data
+    };
+  } catch (err) {
+    return {
+      success: false,
+      message: `Failed to get project id. Check network connection and try again.`
+    };
+  }
+}
+
+function getPersonalAccessTokenPath(root) {
+  return fsPath__default.join(fsPath__default.resolve(root), ".val", "pat.json");
+}
+function parsePersonalAccessTokenFile(content) {
+  if (!content) {
+    return {
+      success: false,
+      error: "Invalid content: undefined"
+    };
+  }
+  let patFileContent;
+  try {
+    patFileContent = JSON.parse(content);
+  } catch {
+    return {
+      success: false,
+      error: `Invalid content: file is not a valid JSON file`
+    };
+  }
+  if (typeof patFileContent !== "object") {
+    return {
+      success: false,
+      error: "Invalid content: not an object"
+    };
+  }
+  if (!patFileContent) {
+    return {
+      success: false,
+      error: "Invalid content: null"
+    };
+  }
+  if (!("pat" in patFileContent)) {
+    return {
+      success: false,
+      error: "Invalid content: key 'pat' is missing"
+    };
+  }
+  const patField = patFileContent.pat;
+  if (typeof patField === "string") {
+    return {
+      success: true,
+      data: {
+        pat: patField
+      }
+    };
+  } else {
+    return {
+      success: false,
+      error: "Invalid content: pat is not a string"
+    };
+  }
+}
+
 /* eslint-disable @typescript-eslint/no-unused-vars */
 const ValServer = (valModules, options, callbacks) => {
+  process.env.VAL_REMOTE_HOST || DEFAULT_VAL_REMOTE_HOST;
   let serverOps;
   if (options.mode === "fs") {
     serverOps = new ValOpsFS(options.cwd, valModules, {
@@ -4259,6 +4650,76 @@ const ValServer = (valModules, options, callbacks) => {
       redirectTo: appAuthorizeUrl
     };
   };
+  let remoteFileAuth = null;
+  const getRemoteFileAuth = async () => {
+    if (remoteFileAuth) {
+      return {
+        status: 200,
+        json: {
+          remoteFileAuth
+        }
+      };
+    }
+    if (options.apiKey) {
+      remoteFileAuth = {
+        apiKey: options.apiKey
+      };
+    } else if (serverOps instanceof ValOpsFS) {
+      const projectRootDir = options.config.root;
+      if (!projectRootDir) {
+        return {
+          status: 400,
+          json: {
+            errorCode: "project-not-configured",
+            message: "Root directory was empty"
+          }
+        };
+      }
+      const fs = await import('fs');
+      const patPath = getPersonalAccessTokenPath(fsPath__default.join(process.cwd()));
+      let patFile;
+      try {
+        patFile = await fs.promises.readFile(patPath, "utf-8");
+      } catch (err) {
+        return {
+          status: 400,
+          json: {
+            errorCode: "pat-error",
+            message: "Could not read personal access token file"
+          }
+        };
+      }
+      const patRes = parsePersonalAccessTokenFile(patFile);
+      if (patRes.success) {
+        remoteFileAuth = {
+          pat: patRes.data.pat
+        };
+      } else {
+        return {
+          status: 400,
+          json: {
+            errorCode: "pat-error",
+            message: "Could not parse personal access token file"
+          }
+        };
+      }
+    }
+    if (!remoteFileAuth) {
+      return {
+        status: 400,
+        json: {
+          errorCode: "project-not-configured",
+          message: "Remote file auth is not configured"
+        }
+      };
+    }
+    return {
+      status: 200,
+      json: {
+        remoteFileAuth
+      }
+    };
+  };
   return {
     "/draft/enable": {
       GET: async req => {
@@ -4572,6 +5033,63 @@ const ValServer = (valModules, options, callbacks) => {
         };
       }
     },
+    "/remote/settings": {
+      GET: async req => {
+        const cookies = req.cookies;
+        const auth = getAuth(cookies);
+        if (auth.error) {
+          return {
+            status: 401,
+            json: {
+              errorCode: "unauthorized",
+              message: auth.error
+            }
+          };
+        }
+        if (serverOps instanceof ValOpsHttp && !("id" in auth)) {
+          return {
+            status: 401,
+            json: {
+              errorCode: "unauthorized",
+              message: "Unauthorized"
+            }
+          };
+        }
+        if (!options.project) {
+          return {
+            status: 400,
+            json: {
+              errorCode: "project-not-configured",
+              message: "Project is not configured. Update your val.config file with a valid remote project"
+            }
+          };
+        }
+        const remoteFileAuthRes = await getRemoteFileAuth();
+        if (remoteFileAuthRes.status !== 200) {
+          return remoteFileAuthRes;
+        }
+        const remoteFileAuth = remoteFileAuthRes.json.remoteFileAuth;
+        const settingsRes = await getSettings(options.project, remoteFileAuth);
+        if (!settingsRes.success) {
+          console.warn("Could not get public project id: " + settingsRes.message);
+          return {
+            status: 400,
+            json: {
+              errorCode: "error-could-not-get-settings",
+              message: `Could not get settings: ${settingsRes.message}`
+            }
+          };
+        }
+        return {
+          status: 200,
+          json: {
+            publicProjectId: settingsRes.data.publicProjectId,
+            remoteFileBuckets: settingsRes.data.remoteFileBuckets,
+            coreVersion: Internal.VERSION.core || "unknown"
+          }
+        };
+      }
+    },
     //#region stat
     "/stat": {
       POST: async req => {
@@ -4931,7 +5449,8 @@ const ValServer = (valModules, options, callbacks) => {
         };
         let sourcesValidation = {
           errors: {},
-          files: {}
+          files: {},
+          remoteFiles: {}
         };
         if (query.validate_sources || query.validate_binary_files) {
           const schemas = await serverOps.getSchemas();
@@ -4940,6 +5459,8 @@ const ValServer = (valModules, options, callbacks) => {
           // TODO: send binary files validation errors
           if (query.validate_binary_files) {
             await serverOps.validateFiles(schemas, sourcesRes.sources, sourcesValidation.files);
+            // TODO : actually do something with this
+            await serverOps.validateRemoteFiles(schemas, sourcesRes.sources, sourcesValidation.remoteFiles);
           }
         }
         const schemaSha = await serverOps.getSchemaSha();
@@ -5111,7 +5632,12 @@ const ValServer = (valModules, options, callbacks) => {
           };
         }
         if (serverOps instanceof ValOpsFS) {
-          await serverOps.saveFiles(preparedCommit);
+          const remoteFileAuthRes = await getRemoteFileAuth();
+          if (remoteFileAuthRes.status !== 200) {
+            return remoteFileAuthRes;
+          }
+          const remoteFileAuth = remoteFileAuthRes.json.remoteFileAuth;
+          await serverOps.saveOrUploadFiles(preparedCommit, remoteFileAuth);
           await serverOps.deletePatches(patchIds);
           return {
             status: 200,
@@ -5187,11 +5713,16 @@ const ValServer = (valModules, options, callbacks) => {
         let cacheControl;
         let fileBuffer;
         let mimeType;
+        const remote = query.remote === "true";
         if (query.patch_id) {
-          fileBuffer = await serverOps.getBase64EncodedBinaryFileFromPatch(filePath, query.patch_id);
+          fileBuffer = await serverOps.getBase64EncodedBinaryFileFromPatch(filePath, query.patch_id, remote);
           mimeType = Internal.filenameToMimeType(filePath);
-          cacheControl = "public, max-age=20000, immutable";
+          // TODO: reenable this:
+          // cacheControl = "public, max-age=20000, immutable";
         } else {
+          if (serverOps instanceof ValOpsHttp && remote) {
+            console.error(`Remote file: ${filePath} requested without patch id. This is most likely a bug in Val.`);
+          }
           fileBuffer = await serverOps.getBinaryFile(filePath);
         }
         if (fileBuffer) {
@@ -5938,7 +6469,7 @@ class ValFSHost {
 }
 
 async function extractImageMetadata(filename, input) {
-  const imageSize = sizeOf(input);
+  const imageSize = sizeOf(new Uint8Array(input));
   let mimeType = null;
   if (imageSize.type) {
     const possibleMimeType = `image/${imageSize.type}`;
@@ -5988,33 +6519,189 @@ function getValidationErrorFileRef(validationError) {
   return maybeRef;
 }
 
-// TODO: find a better name? transformFixesToPatch?
-async function createFixPatch(config, apply, sourcePath, validationError) {
-  async function getImageMetadata() {
-    const fileRef = getValidationErrorFileRef(validationError);
-    if (!fileRef) {
-      // TODO:
-      throw Error("Cannot fix image without a file reference");
-    }
-    const filename = fsPath__default.join(config.projectRoot, fileRef);
-    const buffer = fs.readFileSync(filename);
-    return extractImageMetadata(filename, buffer);
-  }
-  async function getFileMetadata() {
-    const fileRef = getValidationErrorFileRef(validationError);
-    if (!fileRef) {
-      // TODO:
-      throw Error("Cannot fix file without a file reference");
-    }
-    const filename = fsPath__default.join(config.projectRoot, fileRef);
-    fs.readFileSync(filename);
-    return extractFileMetadata(fileRef);
+const textEncoder = new TextEncoder();
+async function checkRemoteRef(remoteHost, ref, projectRoot, schema, metadata) {
+  const remoteRefDataRes = Internal.remote.splitRemoteRef(ref);
+  if (remoteRefDataRes.status === "error") {
+    return remoteRefDataRes;
+  }
+  const fileHash = remoteRefDataRes.fileHash;
+  if (!fileHash) {
+    return {
+      status: "error",
+      error: `File hash is missing in remote ref: ${ref}`
+    };
+  }
+  const relativeFilePath = remoteRefDataRes.filePath;
+  if (!relativeFilePath) {
+    return {
+      status: "error",
+      error: `File path is missing in remote ref: ${ref}`
+    };
+  }
+  if (!relativeFilePath.startsWith("public/val/")) {
+    return {
+      status: "error",
+      error: `File path must be within the public/val/ directory (e.g. public/val/path/to/file.txt). Got: ${relativeFilePath}`
+    };
+  }
+  const coreVersion = Internal.VERSION.core || "unknown";
+  const fileExt = getFileExt(relativeFilePath);
+  const currentValidationHash = Internal.remote.getValidationHash(coreVersion, schema, fileExt, metadata,
+  // TODO: validate
+  fileHash, textEncoder);
+  const validationHashFromRemoteRefValues = Internal.remote.getValidationHash(remoteRefDataRes.version, schema, getFileExt(remoteRefDataRes.filePath), metadata,
+  // TODO: validate
+  fileHash, textEncoder);
+  if (
+  // Current validation hash is the same as the remote validation hash
+  // We assume the uploaded file exists and is correct
+  currentValidationHash === remoteRefDataRes.validationHash &&
+  // This can happen if the version or fileExt has been tampered with
+  // (or if the way it is computed has changed)
+  validationHashFromRemoteRefValues === remoteRefDataRes.validationHash) {
+    return {
+      status: "success"
+    };
+  }
+  // Validation hash does not match, so we need to re-validate the remote content
+  const fileBufferRes = await getFileBufferFromRemote(ref, fileExt, remoteRefDataRes.fileHash, projectRoot);
+
+  // We could not download the remote file for some reason (for example, the file hash is wrong)
+  if (fileBufferRes.status === "error") {
+    return fileBufferRes;
+  }
+
+  // At this point we have the file buffer and we know the correct file hash
+  // We must create a new ref since something has changed
+
+  let currentMetadata;
+  try {
+    if (schema.type === "image") {
+      currentMetadata = await extractImageMetadata(remoteRefDataRes.filePath, fileBufferRes.fileBuffer);
+    } else if (schema.type === "file") {
+      currentMetadata = await extractFileMetadata(remoteRefDataRes.filePath, fileBufferRes.fileBuffer);
+    } else {
+      const exhaustiveCheck = schema;
+      return {
+        status: "error",
+        error: `Unknown schema type: ${JSON.stringify(exhaustiveCheck)}`
+      };
+    }
+  } catch (err) {
+    return {
+      status: "error",
+      error: `Failed to extract metadata from remote file: ${err instanceof Error ? err.message : "Unknown error"}. Cached file: ${fileBufferRes.cachedFilePath}`
+    };
+  }
+  const updatedMetadata = {
+    ...metadata,
+    ...currentMetadata
+  };
+  const nextValidationHash = Internal.remote.getValidationHash(coreVersion, schema, fileExt, updatedMetadata, fileBufferRes.fileHash, textEncoder);
+  if (!updatedMetadata.mimeType) {
+    return {
+      status: "error",
+      error: `MIME type is missing in metadata: ${JSON.stringify(updatedMetadata)}`
+    };
+  }
+  const newFileExt = Internal.mimeTypeToFileExt(updatedMetadata.mimeType);
+  const newFilePath = relativeFilePath.slice(0, -fileExt.length) + newFileExt;
+  return {
+    status: "fix-required",
+    metadata: updatedMetadata,
+    ref: Internal.remote.createRemoteRef(remoteHost, {
+      publicProjectId: remoteRefDataRes.projectId,
+      coreVersion,
+      bucket: remoteRefDataRes.bucket,
+      validationHash: nextValidationHash,
+      fileHash: fileBufferRes.fileHash,
+      filePath: newFilePath
+    })
+  };
+}
+function getCachedRemoteFileDir(projectRoot) {
+  // store in projectRoot/.val/remote-file-cache
+  const remoteFileCacheDir = fsPath__default.join(projectRoot, ".val", "remote-file-cache");
+  return remoteFileCacheDir;
+}
+function getCachedRemoteFilePath(fileExt, currentFileHash, remoteFileCacheDir) {
+  const remoteFilePath = fsPath__default.join(remoteFileCacheDir, currentFileHash + "." + fileExt);
+  return remoteFilePath;
+}
+async function getFileBufferFromRemote(ref, fileExt, currentFileHash, projectRoot) {
+  const remoteFileCacheDir = getCachedRemoteFileDir(projectRoot);
+  const remoteFilePath = getCachedRemoteFilePath(fileExt, currentFileHash, remoteFileCacheDir);
+  try {
+    const fileBuffer = await fs.promises.readFile(remoteFilePath);
+    const computedFileHash = Internal.remote.getFileHash(fileBuffer);
+    if (computedFileHash !== currentFileHash) {
+      await fs.promises.unlink(remoteFilePath);
+      throw Error(`Cached file hash does not match the expected hash: ${computedFileHash} !== ${currentFileHash}`);
+    }
+  } catch (err) {
+    try {
+      await fs.promises.mkdir(remoteFileCacheDir, {
+        recursive: true
+      });
+      await downloadFileFromRemote(ref, remoteFilePath);
+    } catch (err) {
+      try {
+        // try to delete in case of partial download
+        await fs.promises.unlink(remoteFilePath);
+      } catch {
+        //
+      }
+      return {
+        status: "error",
+        error: `Failed to download remote file: ${err instanceof Error ? err.message : "Unknown error"}`
+      };
+    }
   }
+  const fileBuffer = await fs.promises.readFile(remoteFilePath);
+  const computedFileHash = Internal.remote.getFileHash(fileBuffer);
+  return {
+    status: "success",
+    fileBuffer,
+    fileHash: computedFileHash,
+    cachedFilePath: remoteFilePath
+  };
+}
+async function downloadFileFromRemote(ref, filePath) {
+  return new Promise((resolve, reject) => {
+    const url = new URL(ref);
+    const client = url.protocol === "https:" ? https : http;
+    const request = client.get(url, response => {
+      if (response.statusCode && response.statusCode >= 300 && response.statusCode < 400 && response.headers.location) {
+        // Handle redirects
+        return downloadFileFromRemote(response.headers.location, filePath).then(resolve).catch(reject);
+      }
+      if (response.statusCode == 404) {
+        return reject(new Error(`${ref}. File not found. The URL is most likely incorrect.`));
+      }
+      if (response.statusCode !== 200) {
+        return reject(new Error(`${ref}. Failed to download file. HTTP Status: ${response.statusCode}`));
+      }
+      const writeStream = fs.createWriteStream(filePath);
+      response.pipe(writeStream);
+      writeStream.on("finish", () => resolve({
+        status: "success",
+        filePath
+      }));
+      writeStream.on("error", err => reject(new Error(`${ref}. Error writing file: ${err.message}`)));
+    });
+    request.on("error", err => reject(new Error(`${ref}. Download error: ${err.message}`)));
+    request.end();
+  });
+}
+
+// TODO: find a better name? transformFixesToPatch?
+async function createFixPatch(config, apply, sourcePath, validationError, remoteFiles, moduleSource, moduleSchema) {
   const remainingErrors = [];
   const patch = [];
   for (const fix of validationError.fixes || []) {
     if (fix === "image:check-metadata" || fix === "image:add-metadata") {
-      const imageMetadata = await getImageMetadata();
+      const imageMetadata = await getImageMetadata(config.projectRoot, validationError);
       if (imageMetadata.width === undefined || imageMetadata.height === undefined) {
         remainingErrors.push({
           ...validationError,
@@ -6087,7 +6774,7 @@ async function createFixPatch(config, apply, sourcePath, validationError) {
         });
       }
     } else if (fix === "file:add-metadata" || fix === "file:check-metadata") {
-      const fileMetadata = await getFileMetadata();
+      const fileMetadata = await getFileMetadata(config.projectRoot, validationError);
       if (fileMetadata === undefined) {
         remainingErrors.push({
           ...validationError,
@@ -6144,6 +6831,161 @@ async function createFixPatch(config, apply, sourcePath, validationError) {
           }
         });
       }
+    } else if (fix === "image:upload-remote" || fix === "file:upload-remote") {
+      const remoteFile = remoteFiles[sourcePath];
+      if (!remoteFile) {
+        remainingErrors.push({
+          ...validationError,
+          message: "Cannot fix local to remote image: remote image was not uploaded",
+          fixes: undefined
+        });
+      } else {
+        patch.push({
+          op: "replace",
+          value: {
+            _type: "remote",
+            _ref: remoteFile.ref,
+            metadata: remoteFile.metadata
+          },
+          path: sourceToPatchPath(sourcePath)
+        });
+      }
+    } else if (fix === "image:download-remote" || fix === "file:download-remote") {
+      const v = getRemoteValueFromValidationError(validationError);
+      if (!v.success) {
+        remainingErrors.push({
+          ...validationError,
+          message: v.message,
+          fixes: undefined
+        });
+        continue;
+      }
+      const splitRemoteRefDataRes = Internal.remote.splitRemoteRef(v._ref);
+      if (splitRemoteRefDataRes.status === "error") {
+        remainingErrors.push({
+          ...validationError,
+          message: splitRemoteRefDataRes.error,
+          fixes: undefined
+        });
+        continue;
+      }
+      const url = v._ref;
+      const filePath = splitRemoteRefDataRes.filePath;
+      if (!filePath) {
+        remainingErrors.push({
+          ...validationError,
+          message: "Unexpected error while downloading remote (no filePath)",
+          fixes: undefined
+        });
+        continue;
+      }
+      if (!filePath.startsWith("public/val/")) {
+        remainingErrors.push({
+          ...validationError,
+          message: "Unexpected error while downloading remote (invalid file path - must start with public/val/)",
+          fixes: undefined
+        });
+        continue;
+      }
+      const absoluteFilePath = fsPath__default.join(config.projectRoot, splitRemoteRefDataRes.filePath);
+      await fs.promises.mkdir(fsPath__default.dirname(absoluteFilePath), {
+        recursive: true
+      });
+      const res = await downloadFileFromRemote(url, absoluteFilePath);
+      if (res.status === "error") {
+        remainingErrors.push({
+          ...validationError,
+          message: res.error,
+          fixes: undefined
+        });
+        continue;
+      }
+      const value = {
+        [VAL_EXTENSION]: "file",
+        [FILE_REF_PROP]: `/${filePath}`,
+        ...(fix === "image:download-remote" ? {
+          [FILE_REF_SUBTYPE_TAG]: "image"
+        } : {})
+      };
+      patch.push({
+        op: "replace",
+        path: sourceToPatchPath(sourcePath),
+        value: v.metadata ? {
+          ...value,
+          metadata: v.metadata
+        } : value
+      });
+    } else if (fix === "file:check-remote" || fix === "image:check-remote") {
+      const v = getRemoteValueFromValidationError(validationError);
+      if (!v.success) {
+        remainingErrors.push({
+          ...validationError,
+          message: v.message,
+          fixes: undefined
+        });
+        continue;
+      }
+      const [, modulePath] = Internal.splitModuleFilePathAndModulePath(sourcePath);
+      if (moduleSource === undefined) {
+        remainingErrors.push({
+          ...validationError,
+          message: "Unexpected error while checking remote (no moduleSource)",
+          fixes: undefined
+        });
+        continue;
+      }
+      if (moduleSchema === undefined) {
+        remainingErrors.push({
+          ...validationError,
+          message: "Unexpected error while checking remote (no moduleSchema)",
+          fixes: undefined
+        });
+        continue;
+      }
+      const {
+        schema: schemaAtPath
+      } = Internal.resolvePath(modulePath, moduleSource, moduleSchema);
+      if (schemaAtPath.type === "image" || schemaAtPath.type === "file") {
+        const res = await checkRemoteRef(config.remoteHost, v._ref, config.projectRoot, schemaAtPath, v.metadata);
+        if (res.status === "success") ; else if (res.status === "error") {
+          remainingErrors.push({
+            ...validationError,
+            message: res.error,
+            fixes: undefined
+          });
+        } else if (res.status === "fix-required") {
+          if (apply) {
+            patch.push({
+              op: "replace",
+              path: sourceToPatchPath(sourcePath),
+              value: {
+                _type: "remote",
+                _ref: res.ref,
+                metadata: res.metadata
+              }
+            });
+          } else {
+            remainingErrors.push({
+              ...validationError,
+              message: `Remote ref: ${res.ref} is not valid. Use the --fix flag to fix this issue.`,
+              fixes: undefined
+            });
+          }
+        } else {
+          const exhaustiveCheck = res;
+          remainingErrors.push({
+            ...validationError,
+            message: `Internal error found found unexpected status: ${JSON.stringify(exhaustiveCheck)}`,
+            fixes: undefined
+          });
+        }
+      } else {
+        remainingErrors.push({
+          ...validationError,
+          message: "Could not check remote ref: schema type is not image or file: " + (schemaAtPath === null || schemaAtPath === void 0 ? void 0 : schemaAtPath.type),
+          fixes: undefined
+        });
+      }
     }
   }
   if (!validationError.fixes || validationError.fixes.length === 0) {
@@ -6154,5 +6996,72 @@ async function createFixPatch(config, apply, sourcePath, validationError) {
     remainingErrors
   };
 }
+function getRemoteValueFromValidationError(v) {
+  if (v.value && typeof v.value !== "object") {
+    return {
+      success: false,
+      message: "Unexpected error while checking remote (not an object)"
+    };
+  }
+  if (!v.value) {
+    return {
+      success: false,
+      message: "Unexpected error while checking remote (no value)"
+    };
+  }
+  if (typeof v.value !== "object" || v.value === null || !(FILE_REF_PROP in v.value)) {
+    return {
+      success: false,
+      message: "Unexpected error while checking remote (no _ref in value)"
+    };
+  }
+  if (typeof v.value._ref !== "string") {
+    return {
+      success: false,
+      message: "Unexpected error while checking remote (_ref is not a string)"
+    };
+  }
+  let metadata;
+  if ("metadata" in v.value && typeof v.value.metadata === "object") {
+    if (v.value.metadata === null) {
+      return {
+        success: false,
+        message: "Unexpected error while checking remote (metadata is null)"
+      };
+    }
+    if (Array.isArray(v.value.metadata)) {
+      return {
+        success: false,
+        message: "Unexpected error while checking remote (metadata is an array)"
+      };
+    }
+    metadata = v.value.metadata;
+  }
+  return {
+    success: true,
+    _ref: v.value._ref,
+    metadata
+  };
+}
+async function getImageMetadata(projectRoot, validationError) {
+  const fileRef = getValidationErrorFileRef(validationError);
+  if (!fileRef) {
+    // TODO:
+    throw Error("Cannot fix image without a file reference");
+  }
+  const filename = fsPath__default.join(projectRoot, fileRef);
+  const buffer = fs.readFileSync(filename);
+  return extractImageMetadata(filename, buffer);
+}
+async function getFileMetadata(projectRoot, validationError) {
+  const fileRef = getValidationErrorFileRef(validationError);
+  if (!fileRef) {
+    // TODO:
+    throw Error("Cannot fix file without a file reference");
+  }
+  const filename = fsPath__default.join(projectRoot, fileRef);
+  fs.readFileSync(filename);
+  return extractFileMetadata(fileRef);
+}
 
-export { Service, ValFSHost, ValModuleLoader, ValSourceFileHandler, createFixPatch, createService, createValApiRouter, createValServer, decodeJwt, encodeJwt, formatSyntaxErrorTree, getCompilerOptions, getExpire, patchSourceFile, safeReadGit };
+export { Service, ValFSHost, ValModuleLoader, ValSourceFileHandler, createFixPatch, createService, createValApiRouter, createValServer, decodeJwt, encodeJwt, formatSyntaxErrorTree, getCompilerOptions, getExpire, getPersonalAccessTokenPath, getSettings, parsePersonalAccessTokenFile, patchSourceFile, safeReadGit, uploadRemoteFile };