alepha 0.13.0 → 0.13.1

package/dist/api-users/index.d.cts

@@ -1,4740 +0,0 @@
-import * as alepha1 from "alepha";
-import { Alepha, AlephaError, Async, Descriptor, FileLike, Page, PageQuery, Static, StaticEncode, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
-import * as alepha_orm198 from "alepha/orm";
-import { Page as Page$1, Repository } from "alepha/orm";
-import * as alepha_server0 from "alepha/server";
-import { ActionDescriptor, ClientRequestEntry, ClientRequestOptions, ClientRequestResponse, FetchOptions, FetchResponse, HttpClient, Ok, RequestConfigSchema, ServerHandler, ServerRequest, ServerRequestConfigEntry, ServerResponseBody, ServerRouterProvider, ServerTimingProvider } from "alepha/server";
-import * as alepha_logger1 from "alepha/logger";
-import * as alepha_bucket0 from "alepha/bucket";
-import { BucketDescriptor } from "alepha/bucket";
-import { AccessTokenResponse, CryptoProvider, RealmDescriptor, RealmDescriptorOptions, SecurityProvider, ServiceAccountDescriptor, UserAccount, UserAccountToken } from "alepha/security";
-import * as alepha_retry0 from "alepha/retry";
-import * as alepha_cache0 from "alepha/cache";
-import * as drizzle_orm0 from "drizzle-orm";
-import { BuildExtraConfigColumns, SQL, SQLWrapper } from "drizzle-orm";
-import * as drizzle_orm_pg_core0 from "drizzle-orm/pg-core";
-import { LockConfig, LockStrength, PgColumn, PgColumnBuilderBase, PgDatabase, PgInsertValue, PgSelectBase, PgSequenceOptions, PgTableExtraConfigValue, PgTableWithColumns, PgTransaction, UpdateDeleteAction } from "drizzle-orm/pg-core";
-import { DateTime, DateTimeProvider, DurationLike } from "alepha/datetime";
-import { PgTransactionConfig } from "drizzle-orm/pg-core/session";
-import * as DrizzleKit from "drizzle-kit/api";
-import "alepha/lock";
-import * as alepha_batch0 from "alepha/batch";
-import { EmailProvider } from "alepha/email";
-import "alepha/queue";
-import { Configuration } from "openid-client";
-import { FileSystemProvider } from "alepha/file";
-
-//#region src/api-users/atoms/realmAuthSettingsAtom.d.ts
-declare const realmAuthSettingsAtom: alepha1.Atom<alepha1.TObject<{
-  registrationAllowed: alepha1.TBoolean;
-  emailEnabled: alepha1.TBoolean;
-  emailRequired: alepha1.TBoolean;
-  usernameEnabled: alepha1.TBoolean;
-  usernameRequired: alepha1.TBoolean;
-  phoneEnabled: alepha1.TBoolean;
-  phoneRequired: alepha1.TBoolean;
-  verifyEmailRequired: alepha1.TBoolean;
-  verifyPhoneRequired: alepha1.TBoolean;
-  firstNameLastNameEnabled: alepha1.TBoolean;
-  firstNameLastNameRequired: alepha1.TBoolean;
-  resetPasswordAllowed: alepha1.TBoolean;
-  passwordPolicy: alepha1.TObject<{
-    minLength: alepha1.TInteger;
-    requireUppercase: alepha1.TBoolean;
-    requireLowercase: alepha1.TBoolean;
-    requireNumbers: alepha1.TBoolean;
-    requireSpecialCharacters: alepha1.TBoolean;
-  }>;
-}>, "alepha.api.users.realmAuthSettings">;
-type RealmAuthSettings = Static<typeof realmAuthSettingsAtom.schema>;
-//#endregion
-//#region src/api-users/entities/identities.d.ts
-declare const identities: alepha_orm198.EntityDescriptor<alepha1.TObject<{
-  id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-  version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-  createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-  password: alepha1.TOptional<alepha1.TString>;
-  provider: alepha1.TString;
-  providerUserId: alepha1.TOptional<alepha1.TString>;
-  providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-}>>;
-type IdentityEntity = Static<typeof identities.schema>;
-//#endregion
-//#region src/api-users/entities/sessions.d.ts
-declare const sessions: alepha_orm198.EntityDescriptor<alepha1.TObject<{
-  id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-  version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-  createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  refreshToken: alepha1.TString;
-  userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-  expiresAt: alepha1.TString;
-  ip: alepha1.TOptional<alepha1.TString>;
-  userAgent: alepha1.TOptional<alepha1.TObject<{
-    os: alepha1.TString;
-    browser: alepha1.TString;
-    device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-  }>>;
-}>>;
-type SessionEntity = Static<typeof sessions.schema>;
-//#endregion
-//#region src/api-users/entities/users.d.ts
-declare const DEFAULT_USER_REALM_NAME = "default";
-declare const users: alepha_orm198.EntityDescriptor<alepha1.TObject<{
-  id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-  version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-  createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-  username: alepha1.TOptional<alepha1.TString>;
-  email: alepha1.TOptional<alepha1.TString>;
-  phoneNumber: alepha1.TOptional<alepha1.TString>;
-  roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-  firstName: alepha1.TOptional<alepha1.TString>;
-  lastName: alepha1.TOptional<alepha1.TString>;
-  picture: alepha1.TOptional<alepha1.TString>;
-  enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-  emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-}>>;
-type UserEntity = Static<typeof users.schema>;
-//#endregion
-//#region src/api-users/providers/UserRealmProvider.d.ts
-interface UserRealmRepositories {
-  identities: Repository<typeof identities.schema>;
-  sessions: Repository<typeof sessions.schema>;
-  users: Repository<typeof users.schema>;
-}
-interface UserRealm {
-  name: string;
-  repositories: UserRealmRepositories;
-  settings: RealmAuthSettings;
-}
-declare class UserRealmProvider {
-  protected readonly alepha: Alepha;
-  protected readonly defaultIdentities: Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-    password: alepha1.TOptional<alepha1.TString>;
-    provider: alepha1.TString;
-    providerUserId: alepha1.TOptional<alepha1.TString>;
-    providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-  }>>;
-  protected readonly defaultSessions: Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    refreshToken: alepha1.TString;
-    userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-    expiresAt: alepha1.TString;
-    ip: alepha1.TOptional<alepha1.TString>;
-    userAgent: alepha1.TOptional<alepha1.TObject<{
-      os: alepha1.TString;
-      browser: alepha1.TString;
-      device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-    }>>;
-  }>>;
-  protected readonly defaultUsers: Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-    username: alepha1.TOptional<alepha1.TString>;
-    email: alepha1.TOptional<alepha1.TString>;
-    phoneNumber: alepha1.TOptional<alepha1.TString>;
-    roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-    firstName: alepha1.TOptional<alepha1.TString>;
-    lastName: alepha1.TOptional<alepha1.TString>;
-    picture: alepha1.TOptional<alepha1.TString>;
-    enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-  }>>;
-  protected realms: Map<string, UserRealm>;
-  avatars: alepha_bucket0.BucketDescriptor;
-  protected readonly onConfigure: alepha1.HookDescriptor<"configure">;
-  register(userRealmName: string, userRealmOptions?: UserRealmOptions): void;
-  /**
-   * Gets a registered realm by name, auto-creating default if needed.
-   */
-  getRealm(userRealmName?: string): UserRealm;
-  identityRepository(userRealmName?: string): Repository<typeof identities.schema>;
-  sessionRepository(userRealmName?: string): Repository<typeof sessions.schema>;
-  userRepository(userRealmName?: string): Repository<typeof users.schema>;
-}
-//#endregion
-//#region src/api-users/schemas/identityQuerySchema.d.ts
-declare const identityQuerySchema: alepha1.TObject<{
-  page: alepha1.TOptional<alepha1.TInteger>;
-  size: alepha1.TOptional<alepha1.TInteger>;
-  sort: alepha1.TOptional<alepha1.TString>;
-  userId: alepha1.TOptional<alepha1.TString>;
-  provider: alepha1.TOptional<alepha1.TString>;
-}>;
-type IdentityQuery = Static<typeof identityQuerySchema>;
-//#endregion
-//#region src/api-users/services/IdentityService.d.ts
-declare class IdentityService {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly userRealmProvider: UserRealmProvider;
-  identities(userRealmName?: string): alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-    password: alepha1.TOptional<alepha1.TString>;
-    provider: alepha1.TString;
-    providerUserId: alepha1.TOptional<alepha1.TString>;
-    providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-  }>>;
-  /**
-   * Find identities with pagination and filtering.
-   */
-  findIdentities(q?: IdentityQuery, userRealmName?: string): Promise<Page$1<IdentityEntity>>;
-  /**
-   * Get an identity by ID.
-   */
-  getIdentityById(id: string, userRealmName?: string): Promise<IdentityEntity>;
-  /**
-   * Delete an identity by ID.
-   */
-  deleteIdentity(id: string, userRealmName?: string): Promise<void>;
-}
-//#endregion
-//#region src/api-users/controllers/IdentityController.d.ts
-declare class IdentityController {
-  protected readonly url = "/identities";
-  protected readonly group = "identities";
-  protected readonly identityService: IdentityService;
-  /**
-   * Find identities with pagination and filtering.
-   */
-  readonly findIdentities: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      page: alepha1.TOptional<alepha1.TInteger>;
-      size: alepha1.TOptional<alepha1.TInteger>;
-      sort: alepha1.TOptional<alepha1.TString>;
-      userId: alepha1.TOptional<alepha1.TString>;
-      provider: alepha1.TOptional<alepha1.TString>;
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TPage<alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-      provider: alepha1.TString;
-      providerUserId: alepha1.TOptional<alepha1.TString>;
-      providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-    }>>;
-  }>;
-  /**
-   * Get an identity by ID.
-   */
-  readonly getIdentity: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-      provider: alepha1.TString;
-      providerUserId: alepha1.TOptional<alepha1.TString>;
-      providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-    }>;
-  }>;
-  /**
-   * Delete an identity.
-   */
-  readonly deleteIdentity: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      ok: alepha1.TBoolean;
-      id: alepha1.TOptional<alepha1.TUnion<[alepha1.TString, alepha1.TInteger]>>;
-      count: alepha1.TOptional<alepha1.TNumber>;
-    }>;
-  }>;
-}
-//#endregion
-//#region src/api-users/schemas/sessionQuerySchema.d.ts
-declare const sessionQuerySchema: alepha1.TObject<{
-  page: alepha1.TOptional<alepha1.TInteger>;
-  size: alepha1.TOptional<alepha1.TInteger>;
-  sort: alepha1.TOptional<alepha1.TString>;
-  userId: alepha1.TOptional<alepha1.TString>;
-}>;
-type SessionQuery = Static<typeof sessionQuerySchema>;
-//#endregion
-//#region src/api-users/services/SessionCrudService.d.ts
-declare class SessionCrudService {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly userRealmProvider: UserRealmProvider;
-  sessions(userRealmName?: string): alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    refreshToken: alepha1.TString;
-    userId: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_REF>;
-    expiresAt: alepha1.TString;
-    ip: alepha1.TOptional<alepha1.TString>;
-    userAgent: alepha1.TOptional<alepha1.TObject<{
-      os: alepha1.TString;
-      browser: alepha1.TString;
-      device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-    }>>;
-  }>>;
-  /**
-   * Find sessions with pagination and filtering.
-   */
-  findSessions(q?: SessionQuery, userRealmName?: string): Promise<Page$1<SessionEntity>>;
-  /**
-   * Get a session by ID.
-   */
-  getSessionById(id: string, userRealmName?: string): Promise<SessionEntity>;
-  /**
-   * Delete a session by ID.
-   */
-  deleteSession(id: string, userRealmName?: string): Promise<void>;
-}
-//#endregion
-//#region src/api-users/controllers/SessionController.d.ts
-declare class SessionController {
-  protected readonly url = "/sessions";
-  protected readonly group = "sessions";
-  protected readonly sessionService: SessionCrudService;
-  /**
-   * Find sessions with pagination and filtering.
-   */
-  readonly findSessions: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      page: alepha1.TOptional<alepha1.TInteger>;
-      size: alepha1.TOptional<alepha1.TInteger>;
-      sort: alepha1.TOptional<alepha1.TString>;
-      userId: alepha1.TOptional<alepha1.TString>;
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TPage<alepha1.TObject<{
-      id: alepha1.TString;
-      version: alepha1.TNumber;
-      createdAt: alepha1.TString;
-      updatedAt: alepha1.TString;
-      refreshToken: alepha1.TString;
-      userId: alepha1.TString;
-      expiresAt: alepha1.TString;
-      ip: alepha1.TOptional<alepha1.TString>;
-      userAgent: alepha1.TOptional<alepha1.TObject<{
-        os: alepha1.TString;
-        browser: alepha1.TString;
-        device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-      }>>;
-    }>>;
-  }>;
-  /**
-   * Get a session by ID.
-   */
-  readonly getSession: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha1.TString;
-      version: alepha1.TNumber;
-      createdAt: alepha1.TString;
-      updatedAt: alepha1.TString;
-      refreshToken: alepha1.TString;
-      userId: alepha1.TString;
-      expiresAt: alepha1.TString;
-      ip: alepha1.TOptional<alepha1.TString>;
-      userAgent: alepha1.TOptional<alepha1.TObject<{
-        os: alepha1.TString;
-        browser: alepha1.TString;
-        device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-      }>>;
-    }>;
-  }>;
-  /**
-   * Delete a session.
-   */
-  readonly deleteSession: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      ok: alepha1.TBoolean;
-      id: alepha1.TOptional<alepha1.TUnion<[alepha1.TString, alepha1.TInteger]>>;
-      count: alepha1.TOptional<alepha1.TNumber>;
-    }>;
-  }>;
-}
-//#endregion
-//#region src/server-security/providers/ServerBasicAuthProvider.d.ts
-interface BasicAuthOptions {
-  username: string;
-  password: string;
-}
-//#endregion
-//#region src/server-security/providers/ServerSecurityProvider.d.ts
-type ServerRouteSecure = {
-  realm?: string;
-  basic?: BasicAuthOptions;
-};
-//#endregion
-//#region src/server-security/index.d.ts
-declare module "alepha" {
-  interface State {
-    /**
-     * Real (or fake) user account, used for internal actions.
-     *
-     * If you define this, you assume that all actions are executed by this user by default.
-     * > To force a different user, you need to pass it explicitly in the options.
-     */
-    "alepha.server.security.system.user"?: UserAccountToken;
-    /**
-     * The authenticated user account attached to the server request state.
-     *
-     * @internal
-     */
-    "alepha.server.request.user"?: UserAccount;
-  }
-}
-declare module "alepha/server" {
-  interface ServerRequest<TConfig> {
-    user?: UserAccountToken;
-  }
-  interface ServerActionRequest<TConfig> {
-    user: UserAccountToken;
-  }
-  interface ServerRoute {
-    /**
-     * If true, the route will be protected by the security provider.
-     * All actions are secure by default, but you can disable it for specific actions.
-     */
-    secure?: boolean | ServerRouteSecure;
-  }
-  interface ClientRequestOptions extends FetchOptions {
-    /**
-     * Forward user from the previous request.
-     * If "system", use system user. @see {ServerSecurityProvider.localSystemUser}
-     * If "context", use the user from the current context (e.g. request).
-     *
-     * @default "system" if provided, else "context" if available.
-     */
-    user?: UserAccountToken | "system" | "context";
-  }
-}
-/**
- * Plugin for Alepha Server that provides security features. Based on the Alepha Security module.
- *
- * By default, all $action will be guarded by a permission check.
- *
- * @see {@link ServerSecurityProvider}
- * @module alepha.server.security
- */
-//#endregion
-//#region src/server-links/schemas/apiLinksResponseSchema.d.ts
-declare const apiLinkSchema: alepha1.TObject<{
-  name: alepha1.TString;
-  group: alepha1.TOptional<alepha1.TString>;
-  path: alepha1.TString;
-  method: alepha1.TOptional<alepha1.TString>;
-  requestBodyType: alepha1.TOptional<alepha1.TString>;
-  service: alepha1.TOptional<alepha1.TString>;
-}>;
-declare const apiLinksResponseSchema: alepha1.TObject<{
-  prefix: alepha1.TOptional<alepha1.TString>;
-  links: alepha1.TArray<alepha1.TObject<{
-    name: alepha1.TString;
-    group: alepha1.TOptional<alepha1.TString>;
-    path: alepha1.TString;
-    method: alepha1.TOptional<alepha1.TString>;
-    requestBodyType: alepha1.TOptional<alepha1.TString>;
-    service: alepha1.TOptional<alepha1.TString>;
-  }>>;
-}>;
-type ApiLinksResponse = Static<typeof apiLinksResponseSchema>;
-type ApiLink = Static<typeof apiLinkSchema>;
-//#endregion
-//#region src/server-links/providers/LinkProvider.d.ts
-/**
- * Browser, SSR friendly, service to handle links.
- */
-declare class LinkProvider {
-  static path: {
-    apiLinks: string;
-    apiSchema: string;
-  };
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly alepha: Alepha;
-  protected readonly httpClient: HttpClient;
-  protected serverLinks: Array<HttpClientLink>;
-  /**
-   * Get applicative links registered on the server.
-   * This does not include lazy-loaded remote links.
-   */
-  getServerLinks(): HttpClientLink[];
-  /**
-   * Register a new link for the application.
-   */
-  registerLink(link: HttpClientLink): void;
-  get links(): HttpClientLink[];
-  /**
-   * Force browser to refresh links from the server.
-   */
-  fetchLinks(): Promise<HttpClientLink[]>;
-  /**
-   * Create a virtual client that can be used to call actions.
-   *
-   * Use js Proxy under the hood.
-   */
-  client<T extends object>(scope?: ClientScope): HttpVirtualClient<T>;
-  /**
-   * Check if a link with the given name exists.
-   * @param name
-   */
-  can(name: string): boolean;
-  /**
-   * Resolve a link by its name and call it.
-   * - If link is local, it will call the local handler.
-   * - If link is remote, it will make a fetch request to the remote server.
-   */
-  follow(name: string, config?: Partial<ServerRequestConfigEntry>, options?: ClientRequestOptions & ClientScope): Promise<any>;
-  protected createVirtualAction<T extends RequestConfigSchema>(name: string, scope?: ClientScope): VirtualAction<T>;
-  protected followRemote(link: HttpClientLink, config?: Partial<ServerRequestConfigEntry>, options?: ClientRequestOptions): Promise<FetchResponse>;
-  protected getLinkByName(name: string, options?: ClientScope): Promise<HttpClientLink>;
-}
-interface HttpClientLink extends ApiLink {
-  secured?: boolean | ServerRouteSecure;
-  prefix?: string;
-  host?: string;
-  service?: string;
-  schema?: RequestConfigSchema;
-  handler?: (request: ServerRequest, options: ClientRequestOptions) => Async<ServerResponseBody>;
-}
-interface ClientScope {
-  group?: string;
-  service?: string;
-  hostname?: string;
-}
-type HttpVirtualClient<T> = { [K in keyof T as T[K] extends ActionDescriptor<RequestConfigSchema> ? K : never]: T[K] extends ActionDescriptor<infer Schema> ? VirtualAction<Schema> : never };
-interface VirtualAction<T extends RequestConfigSchema> extends Pick<ActionDescriptor<T>, "name" | "run" | "fetch"> {
-  (config?: ClientRequestEntry<T>, opts?: ClientRequestOptions): Promise<ClientRequestResponse<T>>;
-  can: () => boolean;
-}
-//#endregion
-//#region src/server-proxy/descriptors/$proxy.d.ts
-type ProxyDescriptorOptions = {
-  /**
-   * Path pattern to match for proxying requests.
-   *
-   * Supports wildcards and path parameters:
-   * - `/api/*` - Matches all paths starting with `/api/`
-   * - `/api/v1/*` - Matches all paths starting with `/api/v1/`
-   * - `/users/:id` - Matches `/users/123`, `/users/abc`, etc.
-   *
-   * @example "/api/*"
-   * @example "/secure/admin/*"
-   * @example "/users/:id/posts"
-   */
-  path: string;
-  /**
-   * Target URL to which matching requests should be forwarded.
-   *
-   * Can be either:
-   * - **Static string**: A fixed URL like `"https://api.example.com"`
-   * - **Dynamic function**: A function that returns the URL, enabling runtime target resolution
-   *
-   * The target URL will be combined with the remaining path from the original request.
-   *
-   * @example "https://api.example.com"
-   * @example () => process.env.API_URL || "http://localhost:3001"
-   */
-  target: string | (() => string);
-  /**
-   * Whether this proxy is disabled.
-   *
-   * When `true`, requests matching the path will not be proxied and will be handled
-   * by other routes or return 404. Useful for feature toggles or conditional proxying.
-   *
-   * @default false
-   * @example !process.env.ENABLE_PROXY
-   */
-  disabled?: boolean;
-  /**
-   * Hook called before forwarding the request to the target server.
-   *
-   * Use this to:
-   * - Add authentication headers
-   * - Modify request headers or body
-   * - Add request tracking/logging
-   * - Transform the request before forwarding
-   *
-   * @param request - The original incoming server request
-   * @param proxyRequest - The request that will be sent to the target (modifiable)
-   *
-   * @example
-   * ```ts
-   * beforeRequest: async (request, proxyRequest) => {
-   *   proxyRequest.headers = {
-   *     ...proxyRequest.headers,
-   *     'Authorization': `Bearer ${await getToken()}`,
-   *     'X-Request-ID': generateRequestId()
-   *   };
-   * }
-   * ```
-   */
-  beforeRequest?: (request: ServerRequest, proxyRequest: RequestInit) => Async<void>;
-  /**
-   * Hook called after receiving the response from the target server.
-   *
-   * Use this to:
-   * - Log response details for monitoring
-   * - Add custom headers to the response
-   * - Transform response data
-   * - Handle error responses
-   *
-   * @param request - The original incoming server request
-   * @param proxyResponse - The response received from the target server
-   *
-   * @example
-   * ```ts
-   * afterResponse: async (request, proxyResponse) => {
-   *   console.log(`Proxy ${request.method} ${request.url} -> ${proxyResponse.status}`);
-   *
-   *   if (!proxyResponse.ok) {
-   *     await logError(`Proxy error: ${proxyResponse.status}`, { request, response: proxyResponse });
-   *   }
-   * }
-   * ```
-   */
-  afterResponse?: (request: ServerRequest, proxyResponse: Response) => Async<void>;
-  /**
-   * Function to rewrite the URL before sending to the target server.
-   *
-   * Use this to:
-   * - Remove or add path prefixes
-   * - Transform path parameters
-   * - Modify query parameters
-   * - Change the URL structure entirely
-   *
-   * The function receives a mutable URL object and should modify it in-place.
-   *
-   * @param url - The URL object to modify (mutable)
-   *
-   * @example
-   * ```ts
-   * // Remove /api prefix when forwarding
-   * rewrite: (url) => {
-   *   url.pathname = url.pathname.replace('/api', '');
-   * }
-   * ```
-   *
-   * @example
-   * ```ts
-   * // Add version prefix
-   * rewrite: (url) => {
-   *   url.pathname = `/v2${url.pathname}`;
-   * }
-   * ```
-   */
-  rewrite?: (url: URL) => void;
-};
-//#endregion
-//#region src/server-proxy/providers/ServerProxyProvider.d.ts
-declare class ServerProxyProvider {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly routerProvider: ServerRouterProvider;
-  protected readonly alepha: Alepha;
-  protected readonly configure: alepha1.HookDescriptor<"configure">;
-  createProxy(options: ProxyDescriptorOptions): void;
-  createProxyHandler(target: string, options: Omit<ProxyDescriptorOptions, "path">): ServerHandler;
-  private getRawRequestBody;
-}
-//#endregion
-//#region src/server-links/descriptors/$remote.d.ts
-interface RemoteDescriptorOptions {
-  /**
-   * The URL of the remote service.
-   * You can use a function to generate the URL dynamically.
-   * You probably should use $env(env) to get the URL from the environment.
-   *
-   * @example
-   * ```ts
-   * import { $remote } from "alepha/server";
-   * import { $inject, t } from "alepha";
-   *
-   * class App {
-   *   env = $env(t.object({
-   *     REMOTE_URL: t.text({default: "http://localhost:3000"}),
-   *   }));
-   *   remote = $remote({
-   *     url: this.env.REMOTE_URL,
-   *   });
-   * }
-   * ```
-   */
-  url: string | (() => string);
-  /**
-   * The name of the remote service.
-   *
-   * @default Member of the class containing the remote service.
-   */
-  name?: string;
-  /**
-   * If true, all methods of the remote service will be exposed as actions in this context.
-   * > Note: Proxy will never use the service account, it just... proxies the request.
-   */
-  proxy?: boolean | Partial<ProxyDescriptorOptions & {
-    /**
-     * If true, the remote service won't be available internally, only through the proxy.
-     */
-    noInternal: boolean;
-  }>;
-  /**
-   * For communication between the server and the remote service with a security layer.
-   * This will be used for internal communication and will not be exposed to the client.
-   */
-  serviceAccount?: ServiceAccountDescriptor;
-}
-declare class RemoteDescriptor extends Descriptor<RemoteDescriptorOptions> {
-  get name(): string;
-}
-//#endregion
-//#region src/server-links/providers/RemoteDescriptorProvider.d.ts
-declare class RemoteDescriptorProvider {
-  protected readonly env: {
-    SERVER_API_PREFIX: string;
-  };
-  protected readonly alepha: Alepha;
-  protected readonly proxyProvider: ServerProxyProvider;
-  protected readonly linkProvider: LinkProvider;
-  protected readonly remotes: Array<ServerRemote>;
-  protected readonly log: alepha_logger1.Logger;
-  getRemotes(): ServerRemote[];
-  readonly configure: alepha1.HookDescriptor<"configure">;
-  readonly start: alepha1.HookDescriptor<"start">;
-  registerRemote(value: RemoteDescriptor): Promise<void>;
-  protected readonly fetchLinks: alepha_retry0.RetryDescriptorFn<(opts: FetchLinksOptions) => Promise<ApiLinksResponse>>;
-}
-interface FetchLinksOptions {
-  /**
-   * Name of the remote service.
-   */
-  service: string;
-  /**
-   * URL to fetch links from.
-   */
-  url: string;
-  /**
-   * Authorization header containing access token.
-   */
-  authorization?: string;
-}
-interface ServerRemote {
-  /**
-   * URL of the remote service.
-   */
-  url: string;
-  /**
-   * Name of the remote service.
-   */
-  name: string;
-  /**
-   * Expose links as endpoint. It's not only internal.
-   */
-  proxy: boolean;
-  /**
-   * It's only used inside the application.
-   */
-  internal: boolean;
-  /**
-   * Links fetcher.
-   */
-  links: (args: {
-    authorization?: string;
-  }) => Promise<ApiLinksResponse>;
-  /**
-   * Fetches schema for the remote service.
-   */
-  schema: (args: {
-    name: string;
-    authorization?: string;
-  }) => Promise<any>;
-  /**
-   * Force a default access token provider when not provided.
-   */
-  serviceAccount?: ServiceAccountDescriptor;
-  /**
-   * Prefix for the remote service links.
-   */
-  prefix: string;
-}
-//#endregion
-//#region src/server-links/providers/ServerLinksProvider.d.ts
-declare class ServerLinksProvider {
-  protected readonly env: {
-    SERVER_API_PREFIX: string;
-  };
-  protected readonly alepha: Alepha;
-  protected readonly linkProvider: LinkProvider;
-  protected readonly remoteProvider: RemoteDescriptorProvider;
-  protected readonly serverTimingProvider: ServerTimingProvider;
-  get prefix(): string;
-  readonly onRoute: alepha1.HookDescriptor<"configure">;
-  /**
-   * First API - Get all API links for the user.
-   *
-   * This is based on the user's permissions.
-   */
-  readonly links: alepha_server0.RouteDescriptor<{
-    response: alepha1.TObject<{
-      prefix: alepha1.TOptional<alepha1.TString>;
-      links: alepha1.TArray<alepha1.TObject<{
-        name: alepha1.TString;
-        group: alepha1.TOptional<alepha1.TString>;
-        path: alepha1.TString;
-        method: alepha1.TOptional<alepha1.TString>;
-        requestBodyType: alepha1.TOptional<alepha1.TString>;
-        service: alepha1.TOptional<alepha1.TString>;
-      }>>;
-    }>;
-  }>;
-  /**
-   * Second API - Get schema for a specific API link.
-   *
-   * Note: Body/Response schema are not included in `links` API because it's TOO BIG.
-   * I mean for 150+ links, you got 50ms of serialization time.
-   */
-  readonly schema: alepha_server0.RouteDescriptor<{
-    params: alepha1.TObject<{
-      name: alepha1.TString;
-    }>;
-    response: alepha1.TRecord<string, alepha1.TAny>;
-  }>;
-  getSchemaByName(name: string, options?: GetApiLinksOptions): Promise<RequestConfigSchema>;
-  /**
-   * Retrieves API links for the user based on their permissions.
-   * Will check on local links and remote links.
-   */
-  getUserApiLinks(options: GetApiLinksOptions): Promise<ApiLinksResponse>;
-}
-interface GetApiLinksOptions {
-  user?: UserAccountToken;
-  authorization?: string;
-}
-//#endregion
-//#region src/server-links/index.d.ts
-declare module "alepha" {
-  interface State {
-    /**
-     * API links attached to the server request state.
-     *
-     * @see {@link ApiLinksResponse}
-     * @internal
-     */
-    "alepha.server.request.apiLinks"?: ApiLinksResponse;
-  }
-}
-/**
- * Provides server-side link management and remote capabilities for client-server interactions.
- *
- * The server-links module enables declarative link definitions using `$remote` and `$client` descriptors,
- * facilitating seamless API endpoint management and client-server communication. It integrates with server
- * security features to ensure safe and controlled access to resources.
- *
- * @see {@link $remote}
- * @see {@link $client}
- * @module alepha.server.links
- */
-//#endregion
-//#region src/orm/schemas/insertSchema.d.ts
-/**
- * Transforms a TObject schema for insert operations.
- * All default properties at the root level are made optional.
- *
- * @example
- * Before: { name: string; age: number(default=0); }
- * After:  { name: string; age?: number; }
- */
-type TObjectInsert<T extends TObject> = TObject<{ [K in keyof T["properties"]]: T["properties"][K] extends {
-  [PG_DEFAULT]: any;
-} | {
-  "~optional": true;
-} ? TOptional<T["properties"][K]> : T["properties"][K] }>;
-//#endregion
-//#region src/orm/schemas/updateSchema.d.ts
-/**
- * Transforms a TObject schema for update operations.
- * All optional properties at the root level are made nullable (i.e., `T | null`).
- * This allows an API endpoint to explicitly accept `null` to clear an optional field in the database.
- *
- * @example
- * Before: { name?: string; age: number; }
- * After:  { name?: string | null; age: number; }
- */
-type TObjectUpdate<T extends TObject> = TObject<{ [K in keyof T["properties"]]: T["properties"][K] extends TOptional<infer U> ? TOptional<TUnion<[U, TNull]>> : T["properties"][K] }>;
-//#endregion
-//#region src/orm/descriptors/$entity.d.ts
-interface EntityDescriptorOptions<T extends TObject, Keys = keyof Static<T>> {
-  /**
-   * The database table name that will be created for this entity.
-   * If not provided, name will be inferred from the $repository variable name.
-   */
-  name: string;
-  /**
-   * TypeBox schema defining the table structure and column types.
-   */
-  schema: T;
-  /**
-   * Database indexes to create for query optimization.
-   */
-  indexes?: (Keys | {
-    /**
-     * Single column to index.
-     */
-    column: Keys;
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name?: string;
-  } | {
-    /**
-     * Multiple columns for composite index (order matters for query optimization).
-     */
-    columns: Keys[];
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name?: string;
-  })[];
-  /**
-   * Foreign key constraints to maintain referential integrity.
-   */
-  foreignKeys?: Array<{
-    /**
-     * Optional name for the foreign key constraint.
-     */
-    name?: string;
-    /**
-     * Local columns that reference the foreign table.
-     */
-    columns: Array<keyof Static<T>>;
-    /**
-     * Referenced columns in the foreign table.
-     * Must be EntityColumn references from other entities.
-     */
-    foreignColumns: Array<() => EntityColumn<any>>;
-  }>;
-  /**
-   * Additional table constraints for data validation.
-   *
-   * Constraints enforce business rules at the database level, providing
-   * an additional layer of data integrity beyond application validation.
-   *
-   * **Constraint Types**:
-   * - **Unique constraints**: Prevent duplicate values across columns
-   * - **Check constraints**: Enforce custom validation rules with SQL expressions
-   *
-   * @example
-   * ```ts
-   * constraints: [
-   *   {
-   *     name: "unique_user_email",
-   *     columns: ["email"],
-   *     unique: true
-   *   },
-   *   {
-   *     name: "valid_age_range",
-   *     columns: ["age"],
-   *     check: sql`age >= 0 AND age <= 150`
-   *   },
-   *   {
-   *     name: "unique_user_username_per_tenant",
-   *     columns: ["tenantId", "username"],
-   *     unique: true
-   *   }
-   * ]
-   * ```
-   */
-  constraints?: Array<{
-    /**
-     * Columns involved in this constraint.
-     */
-    columns: Array<keyof Static<T>>;
-    /**
-     * Optional name for the constraint.
-     */
-    name?: string;
-    /**
-     * Whether this is a unique constraint.
-     */
-    unique?: boolean | {};
-    /**
-     * SQL expression for check constraint validation.
-     */
-    check?: SQL;
-  }>;
-  /**
-   * Advanced Drizzle ORM configuration for complex table setups.
-   */
-  config?: (self: BuildExtraConfigColumns<string, FromSchema<T>, "pg">) => PgTableExtraConfigValue[];
-}
-declare class EntityDescriptor<T extends TObject = TObject> {
-  readonly options: EntityDescriptorOptions<T>;
-  constructor(options: EntityDescriptorOptions<T>);
-  alias(alias: string): this;
-  get cols(): EntityColumns<T>;
-  get name(): string;
-  get schema(): T;
-  get insertSchema(): TObjectInsert<T>;
-  get updateSchema(): TObjectUpdate<T>;
-}
-/**
- * Convert a schema to columns.
- */
-type FromSchema<T extends TObject> = { [key in keyof T["properties"]]: PgColumnBuilderBase };
-type SchemaToTableConfig<T extends TObject> = {
-  name: string;
-  schema: string | undefined;
-  columns: { [key in keyof T["properties"]]: PgColumn };
-  dialect: string;
-};
-type EntityColumn<T extends TObject> = {
-  name: string;
-  entity: EntityDescriptor<T>;
-};
-type EntityColumns<T extends TObject> = { [key in keyof T["properties"]]: EntityColumn<T> };
-//#endregion
-//#region src/orm/constants/PG_SYMBOLS.d.ts
-declare const PG_DEFAULT: unique symbol;
-declare const PG_PRIMARY_KEY: unique symbol;
-declare const PG_CREATED_AT: unique symbol;
-declare const PG_UPDATED_AT: unique symbol;
-declare const PG_DELETED_AT: unique symbol;
-declare const PG_VERSION: unique symbol;
-declare const PG_IDENTITY: unique symbol;
-declare const PG_ENUM: unique symbol;
-declare const PG_REF: unique symbol;
-/**
- * @deprecated Use `PG_IDENTITY` instead.
- */
-declare const PG_SERIAL: unique symbol;
-type PgSymbols = {
-  [PG_DEFAULT]: {};
-  [PG_PRIMARY_KEY]: {};
-  [PG_CREATED_AT]: {};
-  [PG_UPDATED_AT]: {};
-  [PG_DELETED_AT]: {};
-  [PG_VERSION]: {};
-  [PG_IDENTITY]: PgIdentityOptions;
-  [PG_REF]: PgRefOptions;
-  [PG_ENUM]: PgEnumOptions;
-  /**
-   * @deprecated Use `PG_IDENTITY` instead.
-   */
-  [PG_SERIAL]: {};
-};
-type PgSymbolKeys = keyof PgSymbols;
-type PgIdentityOptions = {
-  mode: "always" | "byDefault";
-} & PgSequenceOptions & {
-  name?: string;
-};
-interface PgEnumOptions {
-  name?: string;
-  description?: string;
-}
-interface PgRefOptions {
-  ref: () => {
-    name: string;
-    entity: EntityDescriptor;
-  };
-  actions?: {
-    onUpdate?: UpdateDeleteAction;
-    onDelete?: UpdateDeleteAction;
-  };
-}
-//#endregion
-//#region src/orm/errors/DbError.d.ts
-declare class DbError extends AlephaError {
-  name: string;
-  constructor(message: string, cause?: unknown);
-}
-//#endregion
-//#region src/orm/helpers/pgAttr.d.ts
-/**
- * Type representation.
- */
-type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
-interface PgAttrField {
-  key: string;
-  type: TSchema;
-  data: any;
-  nested?: any[];
-  one?: boolean;
-}
-//#endregion
-//#region src/orm/interfaces/FilterOperators.d.ts
-interface FilterOperators<TValue> {
-  /**
-   * Test that two values are equal.
-   *
-   * Remember that the SQL standard dictates that
-   * two NULL values are not equal, so if you want to test
-   * whether a value is null, you may want to use
-   * `isNull` instead.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made by Ford
-   * db.select().from(cars)
-   *   .where(eq(cars.make, 'Ford'))
-   * ```
-   *
-   * @see isNull for a way to test equality to NULL.
-   */
-  eq?: TValue;
-  /**
-   * Test that two values are not equal.
-   *
-   * Remember that the SQL standard dictates that
-   * two NULL values are not equal, so if you want to test
-   * whether a value is not null, you may want to use
-   * `isNotNull` instead.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars not made by Ford
-   * db.select().from(cars)
-   *   .where(ne(cars.make, 'Ford'))
-   * ```
-   *
-   * @see isNotNull for a way to test whether a value is not null.
-   */
-  ne?: TValue;
-  /**
-   * Test that the first expression passed is greater than
-   * the second expression.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made after 2000.
-   * db.select().from(cars)
-   *   .where(gt(cars.year, 2000))
-   * ```
-   *
-   * @see gte for greater-than-or-equal
-   */
-  gt?: TValue;
-  /**
-   * Test that the first expression passed is greater than
-   * or equal to the second expression. Use `gt` to
-   * test whether an expression is strictly greater
-   * than another.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made on or after 2000.
-   * db.select().from(cars)
-   *   .where(gte(cars.year, 2000))
-   * ```
-   *
-   * @see gt for a strictly greater-than condition
-   */
-  gte?: TValue;
-  /**
-   * Test that the first expression passed is less than
-   * the second expression.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made before 2000.
-   * db.select().from(cars)
-   *   .where(lt(cars.year, 2000))
-   * ```
-   *
-   * @see lte for greater-than-or-equal
-   */
-  lt?: TValue;
-  /**
-   * Test that the first expression passed is less than
-   * or equal to the second expression.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made before 2000.
-   * db.select().from(cars)
-   *   .where(lte(cars.year, 2000))
-   * ```
-   *
-   * @see lt for a strictly less-than condition
-   */
-  lte?: TValue;
-  /**
-   * Test whether the first parameter, a column or expression,
-   * has a value from a list passed as the second argument.
-   *
-   * ## Throws
-   *
-   * The argument passed in the second array can't be empty:
-   * if an empty is provided, this method will throw.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made by Ford or GM.
-   * db.select().from(cars)
-   *   .where(inArray(cars.make, ['Ford', 'GM']))
-   * ```
-   *
-   * @see notInArray for the inverse of this test
-   */
-  inArray?: TValue[];
-  /**
-   * Test whether the first parameter, a column or expression,
-   * has a value that is not present in a list passed as the
-   * second argument.
-   *
-   * ## Throws
-   *
-   * The argument passed in the second array can't be empty:
-   * if an empty is provided, this method will throw.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made by any company except Ford or GM.
-   * db.select().from(cars)
-   *   .where(notInArray(cars.make, ['Ford', 'GM']))
-   * ```
-   *
-   * @see inArray for the inverse of this test
-   */
-  notInArray?: TValue[];
-  /**
-   * Test whether an expression is not NULL. By the SQL standard,
-   * NULL is neither equal nor not equal to itself, so
-   * it's recommended to use `isNull` and `notIsNull` for
-   * comparisons to NULL.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars that have been discontinued.
-   * db.select().from(cars)
-   *   .where(isNotNull(cars.discontinuedAt))
-   * ```
-   *
-   * @see isNull for the inverse of this test
-   */
-  isNotNull?: true;
-  /**
-   * Test whether an expression is NULL. By the SQL standard,
-   * NULL is neither equal nor not equal to itself, so
-   * it's recommended to use `isNull` and `notIsNull` for
-   * comparisons to NULL.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars that have no discontinuedAt date.
-   * db.select().from(cars)
-   *   .where(isNull(cars.discontinuedAt))
-   * ```
-   *
-   * @see isNotNull for the inverse of this test
-   */
-  isNull?: true;
-  /**
-   * Test whether an expression is between two values. This
-   * is an easier way to express range tests, which would be
-   * expressed mathematically as `x <= a <= y` but in SQL
-   * would have to be like `a >= x AND a <= y`.
-   *
-   * Between is inclusive of the endpoints: if `column`
-   * is equal to `min` or `max`, it will be TRUE.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars made between 1990 and 2000
-   * db.select().from(cars)
-   *   .where(between(cars.year, 1990, 2000))
-   * ```
-   *
-   * @see notBetween for the inverse of this test
-   */
-  between?: [number, number];
-  /**
-   * Test whether an expression is not between two values.
-   *
-   * This, like `between`, includes its endpoints, so if
-   * the `column` is equal to `min` or `max`, in this case
-   * it will evaluate to FALSE.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Exclude cars made in the 1970s
-   * db.select().from(cars)
-   *   .where(notBetween(cars.year, 1970, 1979))
-   * ```
-   *
-   * @see between for the inverse of this test
-   */
-  notBetween?: [number, number];
-  /**
-   * Compare a column to a pattern, which can include `%` and `_`
-   * characters to match multiple variations. Including `%`
-   * in the pattern matches zero or more characters, and including
-   * `_` will match a single character.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars with 'Turbo' in their names.
-   * db.select().from(cars)
-   *   .where(like(cars.name, '%Turbo%'))
-   * ```
-   *
-   * @see ilike for a case-insensitive version of this condition
-   */
-  like?: string;
-  /**
-   * The inverse of like - this tests that a given column
-   * does not match a pattern, which can include `%` and `_`
-   * characters to match multiple variations. Including `%`
-   * in the pattern matches zero or more characters, and including
-   * `_` will match a single character.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars that don't have "ROver" in their name.
-   * db.select().from(cars)
-   *   .where(notLike(cars.name, '%Rover%'))
-   * ```
-   *
-   * @see like for the inverse condition
-   * @see notIlike for a case-insensitive version of this condition
-   */
-  notLike?: string;
-  /**
-   * Case-insensitively compare a column to a pattern,
-   * which can include `%` and `_`
-   * characters to match multiple variations. Including `%`
-   * in the pattern matches zero or more characters, and including
-   * `_` will match a single character.
-   *
-   * Unlike like, this performs a case-insensitive comparison.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars with 'Turbo' in their names.
-   * db.select().from(cars)
-   *   .where(ilike(cars.name, '%Turbo%'))
-   * ```
-   *
-   * @see like for a case-sensitive version of this condition
-   */
-  ilike?: string;
-  /**
-   * The inverse of ilike - this case-insensitively tests that a given column
-   * does not match a pattern, which can include `%` and `_`
-   * characters to match multiple variations. Including `%`
-   * in the pattern matches zero or more characters, and including
-   * `_` will match a single character.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars that don't have "Rover" in their name.
-   * db.select().from(cars)
-   *   .where(notLike(cars.name, '%Rover%'))
-   * ```
-   *
-   * @see ilike for the inverse condition
-   * @see notLike for a case-sensitive version of this condition
-   */
-  notIlike?: string;
-  /**
-   * Syntactic sugar for case-insensitive substring matching.
-   * Automatically wraps the value with `%` wildcards on both sides.
-   *
-   * Equivalent to: `ilike: '%value%'`
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars with "Turbo" anywhere in their name.
-   * db.select().from(cars)
-   *   .where({ name: { contains: 'Turbo' } })
-   * // Same as: .where(ilike(cars.name, '%Turbo%'))
-   * ```
-   *
-   * @see ilike for manual pattern matching
-   * @see startsWith for prefix matching
-   * @see endsWith for suffix matching
-   */
-  contains?: string;
-  /**
-   * Syntactic sugar for case-insensitive prefix matching.
-   * Automatically appends a `%` wildcard to the end of the value.
-   *
-   * Equivalent to: `ilike: 'value%'`
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars whose names start with "Ford".
-   * db.select().from(cars)
-   *   .where({ name: { startsWith: 'Ford' } })
-   * // Same as: .where(ilike(cars.name, 'Ford%'))
-   * ```
-   *
-   * @see ilike for manual pattern matching
-   * @see contains for substring matching
-   * @see endsWith for suffix matching
-   */
-  startsWith?: string;
-  /**
-   * Syntactic sugar for case-insensitive suffix matching.
-   * Automatically prepends a `%` wildcard to the beginning of the value.
-   *
-   * Equivalent to: `ilike: '%value'`
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select all cars whose names end with "Turbo".
-   * db.select().from(cars)
-   *   .where({ name: { endsWith: 'Turbo' } })
-   * // Same as: .where(ilike(cars.name, '%Turbo'))
-   * ```
-   *
-   * @see ilike for manual pattern matching
-   * @see contains for substring matching
-   * @see startsWith for prefix matching
-   */
-  endsWith?: string;
-  /**
-   * Test that a column or expression contains all elements of
-   * the list passed as the second argument.
-   *
-   * ## Throws
-   *
-   * The argument passed in the second array can't be empty:
-   * if an empty is provided, this method will throw.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select posts where its tags contain "Typescript" and "ORM".
-   * db.select().from(posts)
-   *   .where(arrayContains(posts.tags, ['Typescript', 'ORM']))
-   * ```
-   *
-   * @see arrayContained to find if an array contains all elements of a column or expression
-   * @see arrayOverlaps to find if a column or expression contains any elements of an array
-   */
-  arrayContains?: TValue;
-  /**
-   * Test that the list passed as the second argument contains
-   * all elements of a column or expression.
-   *
-   * ## Throws
-   *
-   * The argument passed in the second array can't be empty:
-   * if an empty is provided, this method will throw.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select posts where its tags contain "Typescript", "ORM" or both,
-   * // but filtering posts that have additional tags.
-   * db.select().from(posts)
-   *   .where(arrayContained(posts.tags, ['Typescript', 'ORM']))
-   * ```
-   *
-   * @see arrayContains to find if a column or expression contains all elements of an array
-   * @see arrayOverlaps to find if a column or expression contains any elements of an array
-   */
-  arrayContained?: TValue;
-  /**
-   * Test that a column or expression contains any elements of
-   * the list passed as the second argument.
-   *
-   * ## Throws
-   *
-   * The argument passed in the second array can't be empty:
-   * if an empty is provided, this method will throw.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select posts where its tags contain "Typescript", "ORM" or both.
-   * db.select().from(posts)
-   *   .where(arrayOverlaps(posts.tags, ['Typescript', 'ORM']))
-   * ```
-   *
-   * @see arrayContains to find if a column or expression contains all elements of an array
-   * @see arrayContained to find if an array contains all elements of a column or expression
-   */
-  arrayOverlaps?: TValue;
-}
-//#endregion
-//#region src/orm/interfaces/PgQueryWhere.d.ts
-type PgQueryWhere<T extends TObject, Relations extends PgRelationMap<TObject> | undefined = undefined> = (PgQueryWhereOperators<T> & PgQueryWhereConditions<T>) | (PgQueryWhereRelations<Relations> & PgQueryWhereOperators<T> & PgQueryWhereConditions<T, Relations>);
-type PgQueryWhereOrSQL<T extends TObject, Relations extends PgRelationMap<TObject> | undefined = undefined> = SQLWrapper | PgQueryWhere<T, Relations>;
-type PgQueryWhereOperators<T extends TObject> = { [Key in keyof Static<T>]?: FilterOperators<Static<T>[Key]> | Static<T>[Key] | (Static<T>[Key] extends object ? NestedJsonbQuery<Static<T>[Key]> : never) };
-type PgQueryWhereConditions<T extends TObject, Relations extends PgRelationMap<TObject> | undefined = undefined> = {
-  /**
-   * Combine a list of conditions with the `and` operator. Conditions
-   * that are equal `undefined` are automatically ignored.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * db.select().from(cars)
-   *   .where(
-   *     and(
-   *       eq(cars.make, 'Volvo'),
-   *       eq(cars.year, 1950),
-   *     )
-   *   )
-   * ```
-   */
-  and?: Array<PgQueryWhereOrSQL<T, Relations>>;
-  /**
-   * Combine a list of conditions with the `or` operator. Conditions
-   * that are equal `undefined` are automatically ignored.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * db.select().from(cars)
-   *   .where(
-   *     or(
-   *       eq(cars.make, 'GM'),
-   *       eq(cars.make, 'Ford'),
-   *     )
-   *   )
-   * ```
-   */
-  or?: Array<PgQueryWhereOrSQL<T, Relations>>;
-  /**
-   * Negate the meaning of an expression using the `not` keyword.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Select cars _not_ made by GM or Ford.
-   * db.select().from(cars)
-   *   .where(not(inArray(cars.make, ['GM', 'Ford'])))
-   * ```
-   */
-  not?: PgQueryWhereOrSQL<T, Relations>;
-  /**
-   * Test whether a subquery evaluates to have any rows.
-   *
-   * ## Examples
-   *
-   * ```ts
-   * // Users whose `homeCity` column has a match in a cities
-   * // table.
-   * db
-   *   .select()
-   *   .from(users)
-   *   .where(
-   *     exists(db.select()
-   *       .from(cities)
-   *       .where(eq(users.homeCity, cities.id))),
-   *   );
-   * ```
-   *
-   * @see notExists for the inverse of this test
-   */
-  exists?: SQLWrapper;
-};
-type PgQueryWhereRelations<Relations extends PgRelationMap<TObject> | undefined = undefined> = Relations extends PgRelationMap<TObject> ? { [K in keyof Relations]?: PgQueryWhere<Relations[K]["join"]["schema"], Relations[K]["with"]> } : {};
-/**
- * Recursively allow nested queries for JSONB object/array types
- */
-type NestedJsonbQuery<T> = T extends object ? T extends Array<infer U> ? U extends object ? { [K in keyof U]?: FilterOperators<U[K]> | U[K] } : FilterOperators<U> | U : { [K in keyof T]?: FilterOperators<T[K]> | T[K] | (T[K] extends object ? NestedJsonbQuery<T[K]> : never) } : FilterOperators<T> | T;
-//#endregion
-//#region src/orm/interfaces/PgQuery.d.ts
-/**
- * Order direction for sorting
- */
-type OrderDirection = "asc" | "desc";
-/**
- * Single order by clause with column and direction
- */
-interface OrderByClause<T> {
-  column: keyof T;
-  direction?: OrderDirection;
-}
-/**
- * Order by parameter - supports 3 modes:
- * 1. String: orderBy: "name" (defaults to ASC)
- * 2. Single object: orderBy: { column: "name", direction: "desc" }
- * 3. Array: orderBy: [{ column: "name", direction: "asc" }, { column: "age", direction: "desc" }]
- */
-type OrderBy<T> = keyof T | OrderByClause<T> | Array<OrderByClause<T>>;
-/**
- * Generic query interface for PostgreSQL entities
- */
-interface PgQuery<T extends TObject = TObject> {
-  distinct?: (keyof Static<T>)[];
-  columns?: (keyof Static<T>)[];
-  where?: PgQueryWhereOrSQL<T>;
-  limit?: number;
-  offset?: number;
-  orderBy?: OrderBy<Static<T>>;
-  groupBy?: (keyof Static<T>)[];
-}
-type PgStatic<T extends TObject, Relations extends PgRelationMap<T>> = Static<T> & { [K in keyof Relations]: Static<Relations[K]["join"]["schema"]> & (Relations[K]["with"] extends PgRelationMap<TObject> ? PgStatic<Relations[K]["join"]["schema"], Relations[K]["with"]> : {}) };
-interface PgQueryRelations<T extends TObject = TObject, Relations extends PgRelationMap<T> | undefined = undefined> extends PgQuery<T> {
-  with?: Relations;
-  where?: PgQueryWhereOrSQL<T, Relations>;
-}
-type PgRelationMap<Base extends TObject> = Record<string, PgRelation<Base>>;
-type PgRelation<Base extends TObject> = {
-  type?: "left" | "inner" | "right";
-  join: {
-    schema: TObject;
-    name: string;
-  };
-  on: SQLWrapper | [keyof Static<Base>, {
-    name: string;
-  }];
-  with?: PgRelationMap<TObject>;
-};
-//#endregion
-//#region src/orm/descriptors/$sequence.d.ts
-interface SequenceDescriptorOptions extends PgSequenceOptions {
-  /**
-   * The name of the sequence. If not provided, the property key will be used.
-   */
-  name?: string;
-  provider?: DatabaseProvider;
-}
-declare class SequenceDescriptor extends Descriptor<SequenceDescriptorOptions> {
-  readonly provider: DatabaseProvider;
-  onInit(): void;
-  get name(): string;
-  next(): Promise<number>;
-  current(): Promise<number>;
-  protected $provider(): DatabaseProvider;
-}
-//#endregion
-//#region src/orm/services/ModelBuilder.d.ts
-/**
- * Database-specific table configuration functions
- */
-interface TableConfigBuilders<TConfig> {
-  index: (name: string) => {
-    on: (...columns: any[]) => TConfig;
-  };
-  uniqueIndex: (name: string) => {
-    on: (...columns: any[]) => TConfig;
-  };
-  unique: (name: string) => {
-    on: (...columns: any[]) => TConfig;
-  };
-  check: (name: string, sql: SQL) => TConfig;
-  foreignKey: (config: {
-    name: string;
-    columns: any[];
-    foreignColumns: any[];
-  }) => TConfig;
-}
-/**
- * Abstract base class for transforming Alepha Descriptors (Entity, Sequence, etc...)
- * into drizzle models (tables, enums, sequences, etc...).
- */
-declare abstract class ModelBuilder {
-  /**
-   * Build a table from an entity descriptor.
-   */
-  abstract buildTable(entity: EntityDescriptor, options: {
-    tables: Map<string, unknown>;
-    enums: Map<string, unknown>;
-    schema: string;
-  }): void;
-  /**
-   * Build a sequence from a sequence descriptor.
-   */
-  abstract buildSequence(sequence: SequenceDescriptor, options: {
-    sequences: Map<string, unknown>;
-    schema: string;
-  }): void;
-  /**
-   * Convert camelCase to snake_case for column names.
-   */
-  protected toColumnName(str: string): string;
-  /**
-   * Build the table configuration function for any database.
-   * This includes indexes, foreign keys, constraints, and custom config.
-   *
-   * @param entity - The entity descriptor
-   * @param builders - Database-specific builder functions
-   * @param tableResolver - Function to resolve entity references to table columns
-   * @param customConfigHandler - Optional handler for custom config
-   */
-  protected buildTableConfig<TConfig, TSelf>(entity: EntityDescriptor, builders: TableConfigBuilders<TConfig>, tableResolver?: (entityName: string) => any, customConfigHandler?: (config: any, self: TSelf) => TConfig[]): ((self: TSelf) => TConfig[]) | undefined;
-}
-//#endregion
-//#region src/orm/providers/DrizzleKitProvider.d.ts
-declare class DrizzleKitProvider {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly alepha: Alepha;
-  /**
-   * Synchronize database with current schema definitions.
-   *
-   * In development mode, it will generate and execute migrations based on the current state.
-   * In testing mode, it will generate migrations from scratch without applying them.
-   *
-   * Does nothing in production mode, you must handle migrations manually.
-   */
-  synchronize(provider: DatabaseProvider): Promise<void>;
-  /**
-   * Mostly used for testing purposes. You can generate SQL migration statements without executing them.
-   */
-  generateMigration(provider: DatabaseProvider, prevSnapshot?: any): Promise<{
-    statements: string[];
-    models: Record<string, unknown>;
-    snapshot?: any;
-  }>;
-  /**
-   * Load all tables, enums, sequences, etc. from the provider's repositories.
-   */
-  getModels(provider: DatabaseProvider): Record<string, unknown>;
-  /**
-   * Load the migration snapshot from the database.
-   */
-  protected loadDevMigrations(provider: DatabaseProvider): Promise<DevMigrations | undefined>;
-  protected saveDevMigrations(provider: DatabaseProvider, curr: Record<string, any>, devMigrations?: DevMigrations): Promise<void>;
-  protected executeStatements(statements: string[], provider: DatabaseProvider, catchErrors?: boolean): Promise<void>;
-  protected createSchemaIfNotExists(provider: DatabaseProvider, schemaName: string): Promise<void>;
-  /**
-   * Try to load the official Drizzle Kit API.
-   * If not available, fallback to the local kit import.
-   */
-  protected importDrizzleKit(): typeof DrizzleKit;
-}
-declare const devMigrationsSchema: alepha1.TObject<{
-  id: alepha1.TNumber;
-  name: alepha1.TString;
-  snapshot: alepha1.TString;
-  created_at: alepha1.TString;
-}>;
-type DevMigrations = Static<typeof devMigrationsSchema>;
-//#endregion
-//#region src/orm/providers/drivers/DatabaseProvider.d.ts
-type SQLLike = SQLWrapper | string;
-declare abstract class DatabaseProvider {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger1.Logger;
-  protected abstract readonly builder: ModelBuilder;
-  protected abstract readonly kit: DrizzleKitProvider;
-  abstract readonly db: PgDatabase<any>;
-  abstract readonly dialect: "postgresql" | "sqlite";
-  abstract readonly url: string;
-  readonly enums: Map<string, unknown>;
-  readonly tables: Map<string, unknown>;
-  readonly sequences: Map<string, unknown>;
-  get name(): string;
-  get schema(): string;
-  table<T extends TObject>(entity: EntityDescriptor<T>): PgTableWithColumns<SchemaToTableConfig<T>>;
-  registerEntity(entity: EntityDescriptor): void;
-  registerSequence(sequence: SequenceDescriptor): void;
-  abstract execute(statement: SQLLike): Promise<Record<string, unknown>[]>;
-  run<T extends TObject>(statement: SQLLike, schema: T): Promise<Array<Static<T>>>;
-  /**
-   * Get migrations folder path - can be overridden
-   */
-  protected getMigrationsFolder(): string;
-  /**
-   * Base migration orchestration - handles environment logic
-   */
-  protected migrateDatabase(): Promise<void>;
-  /**
-   * Production: run migrations from folder
-   */
-  protected runProductionMigration(migrationsFolder: string): Promise<void>;
-  /**
-   * Test: always synchronize
-   */
-  protected runTestMigration(): Promise<void>;
-  /**
-   * Development: default to synchronize (can be overridden)
-   */
-  protected runDevelopmentMigration(migrationsFolder: string): Promise<void>;
-  /**
-   * Common synchronization with error handling
-   */
-  protected synchronizeSchema(): Promise<void>;
-  /**
-   * Provider-specific migration execution
-   * MUST be implemented by each provider
-   */
-  protected abstract executeMigrations(migrationsFolder: string): Promise<void>;
-}
-//#endregion
-//#region src/orm/services/PgJsonQueryManager.d.ts
-/**
- * Manages JSONB query generation for nested object and array queries in PostgreSQL.
- * This class handles complex nested queries using PostgreSQL's JSONB operators.
- */
-declare class PgJsonQueryManager {
-  /**
-   * Check if a query contains nested JSONB queries.
-   * A nested query is when the value is an object with operator keys.
-   */
-  hasNestedQuery(where: PgQueryWhere<TObject>): boolean;
-  /**
-   * Build a JSONB query condition for nested object queries.
-   * Supports deep nesting like: { profile: { contact: { email: { eq: "test@example.com" } } } }
-   *
-   * @param column The JSONB column
-   * @param path The path to the nested property (e.g., ['profile', 'contact', 'email'])
-   * @param operator The filter operator (e.g., { eq: "test@example.com" })
-   * @param dialect Database dialect (postgresql or sqlite)
-   * @param columnSchema Optional schema of the JSON column for type inference
-   * @returns SQL condition
-   */
-  buildJsonbCondition(column: PgColumn, path: string[], operator: FilterOperators<any>, dialect: "postgresql" | "sqlite", columnSchema?: any): SQL | undefined;
-  /**
-   * Build JSONB array query conditions.
-   * Supports queries like: { addresses: { city: { eq: "Wonderland" } } }
-   * which translates to: EXISTS (SELECT 1 FROM jsonb_array_elements(addresses) elem WHERE elem->>'city' = 'Wonderland')
-   *
-   * @param dialect Database dialect (postgresql or sqlite)
-   * Note: SQLite array queries are not yet supported
-   */
-  buildJsonbArrayCondition(column: PgColumn, path: string[], arrayPath: string, operator: FilterOperators<any>, dialect: "postgresql" | "sqlite"): SQL | undefined;
-  /**
-   * Apply a filter operator to a JSONB value.
-   * @param dialect Database dialect for appropriate casting syntax
-   * @param fieldType Optional field type from schema for smart casting
-   */
-  private applyOperatorToJsonValue;
-  /**
-   * Parse a nested query object and extract the path and operator.
-   * For example: { profile: { contact: { email: { eq: "test@example.com" } } } }
-   * Returns: { path: ['profile', 'contact', 'email'], operator: { eq: "test@example.com" } }
-   */
-  parseNestedQuery(nestedQuery: any, currentPath?: string[]): Array<{
-    path: string[];
-    operator: FilterOperators<any>;
-  }>;
-  /**
-   * Determine if a property is a JSONB column based on the schema.
-   * A column is JSONB if it's defined as an object or array in the TypeBox schema.
-   */
-  isJsonbColumn(schema: TObject, columnName: string): boolean;
-  /**
-   * Check if an array property contains primitive types (string, number, boolean, etc.)
-   * rather than objects. Primitive arrays should use native Drizzle operators.
-   * @returns true if the array contains primitives, false if it contains objects
-   */
-  isPrimitiveArray(schema: TObject, columnName: string): boolean;
-  /**
-   * Get the type of a field by navigating through a schema path.
-   * Used for smart type casting in SQL queries.
-   *
-   * @param columnSchema The schema of the JSON column (e.g., t.object({ age: t.integer() }))
-   * @param path The path to navigate (e.g., ['contact', 'email'])
-   * @returns The type string (e.g., 'integer', 'number', 'string') or undefined if not found
-   */
-  private getFieldType;
-  /**
-   * Check if a nested path points to an array property.
-   */
-  isArrayProperty(schema: TObject, path: string[]): boolean;
-}
-//#endregion
-//#region src/orm/services/QueryManager.d.ts
-declare class QueryManager {
-  protected readonly jsonQueryManager: PgJsonQueryManager;
-  protected readonly alepha: Alepha;
-  /**
-   * Convert a query object to a SQL query.
-   */
-  toSQL(query: PgQueryWhereOrSQL<TObject>, options: {
-    schema: TObject;
-    col: (key: string) => PgColumn;
-    joins?: PgJoin[];
-    dialect: "postgresql" | "sqlite";
-  }): SQL | undefined;
-  /**
-   * Build a JSONB query for nested object/array queries.
-   */
-  protected buildJsonbQuery(column: PgColumn, nestedQuery: any, schema: TObject, columnName: string, dialect: "postgresql" | "sqlite"): SQL | undefined;
-  /**
-   * Check if an object has any filter operator properties.
-   */
-  protected hasFilterOperatorProperties(obj: any): boolean;
-  /**
-   * Map a filter operator to a SQL query.
-   */
-  mapOperatorToSql(operator: FilterOperators<any> | any, column: PgColumn, columnSchema?: TObject, columnName?: string, dialect?: "postgresql" | "sqlite"): SQL | undefined;
-  /**
-   * Parse pagination sort string to orderBy format.
-   * Format: "firstName,-lastName" -> [{ column: "firstName", direction: "asc" }, { column: "lastName", direction: "desc" }]
-   * - Columns separated by comma
-   * - Prefix with '-' for DESC direction
-   *
-   * @param sort Pagination sort string
-   * @returns OrderBy array or single object
-   */
-  parsePaginationSort(sort: string): Array<{
-    column: string;
-    direction: "asc" | "desc";
-  }> | {
-    column: string;
-    direction: "asc" | "desc";
-  };
-  /**
-   * Normalize orderBy parameter to array format.
-   * Supports 3 modes:
-   * 1. String: "name" -> [{ column: "name", direction: "asc" }]
-   * 2. Object: { column: "name", direction: "desc" } -> [{ column: "name", direction: "desc" }]
-   * 3. Array: [{ column: "name" }, { column: "age", direction: "desc" }] -> normalized array
-   *
-   * @param orderBy The orderBy parameter
-   * @returns Normalized array of order by clauses
-   */
-  normalizeOrderBy(orderBy: any): Array<{
-    column: string;
-    direction: "asc" | "desc";
-  }>;
-  /**
-   * Create a pagination object.
-   *
-   * @deprecated Use `createPagination` from alepha instead.
-   * This method now delegates to the framework-level helper.
-   *
-   * @param entities The entities to paginate.
-   * @param limit The limit of the pagination.
-   * @param offset The offset of the pagination.
-   * @param sort Optional sort metadata to include in response.
-   */
-  createPagination<T>(entities: T[], limit?: number, offset?: number, sort?: Array<{
-    column: string;
-    direction: "asc" | "desc";
-  }>): alepha1.Page<T>;
-}
-interface PgJoin {
-  table: string;
-  schema: TObject;
-  key: string;
-  col: (key: string) => PgColumn;
-  parent?: string;
-}
-//#endregion
-//#region src/orm/services/PgRelationManager.d.ts
-declare class PgRelationManager {
-  /**
-   * Recursively build joins for the query builder based on the relations map
-   */
-  buildJoins(provider: DatabaseProvider, builder: PgSelectBase<any, any, any>, joins: Array<PgJoin>, withRelations: PgRelationMap<TObject>, table: PgTableWithColumns<any>, parentKey?: string): void;
-  /**
-   * Map a row with its joined relations based on the joins definition
-   */
-  mapRowWithJoins(record: Record<string, unknown>, row: Record<string, unknown>, schema: TObject, joins: PgJoin[], parentKey?: string): Record<string, unknown>;
-  /**
-   * Check if all values in an object are null (indicates a left join with no match)
-   */
-  private isAllNull;
-  /**
-   * Build a schema that includes all join properties recursively
-   */
-  buildSchemaWithJoins(baseSchema: TObject, joins: PgJoin[], parentPath?: string): TObject;
-}
-//#endregion
-//#region src/orm/services/Repository.d.ts
-declare abstract class Repository$1<T extends TObject> {
-  readonly entity: EntityDescriptor<T>;
-  readonly provider: DatabaseProvider;
-  protected readonly relationManager: PgRelationManager;
-  protected readonly queryManager: QueryManager;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly alepha: Alepha;
-  constructor(entity: EntityDescriptor<T>, provider?: typeof DatabaseProvider);
-  /**
-   * Represents the primary key of the table.
-   * - Key is the name of the primary key column.
-   * - Type is the type (TypeBox) of the primary key column.
-   *
-   * ID is mandatory. If the table does not have a primary key, it will throw an error.
-   */
-  get id(): {
-    type: TSchema;
-    key: keyof T["properties"];
-    col: PgColumn;
-  };
-  /**
-   * Get Drizzle table object.
-   */
-  get table(): PgTableWithColumns<SchemaToTableConfig<T>>;
-  /**
-   * Get SQL table name. (from Drizzle table object)
-   */
-  get tableName(): string;
-  /**
-   * Getter for the database connection from the database provider.
-   */
-  protected get db(): PgDatabase<any>;
-  /**
-   * Execute a SQL query.
-   *
-   * This method allows executing raw SQL queries against the database.
-   * This is by far the easiest way to run custom queries that are not covered by the repository's built-in methods!
-   *
-   * You must use the `sql` tagged template function from Drizzle ORM to create the query. https://orm.drizzle.team/docs/sql
-   *
-   * @example
-   * ```ts
-   * class App {
-   *   repository = $repository({ ... });
-   *   async getAdults() {
-   *     const users = repository.table; // Drizzle table object
-   *     await repository.query(sql`SELECT * FROM ${users} WHERE ${users.age} > ${18}`);
-   *     // or better
-   *     await repository.query((users) => sql`SELECT * FROM ${users} WHERE ${users.age} > ${18}`);
-   *   }
-   * }
-   * ```
-   */
-  query<R extends TObject = T>(query: SQLLike | ((table: PgTableWithColumns<SchemaToTableConfig<T>>, db: PgDatabase<any>) => SQLLike), schema?: R): Promise<Static<R>[]>;
-  /**
-   * Map raw database fields to entity fields. (handles column name differences)
-   */
-  protected mapRawFieldsToEntity(row: Record<string, unknown>): any;
-  /**
-   * Get a Drizzle column from the table by his name.
-   */
-  protected col(name: keyof StaticEncode<T>): PgColumn;
-  /**
-   * Run a transaction.
-   */
-  transaction<T>(transaction: (tx: PgTransaction<any, Record<string, any>, any>) => Promise<T>, config?: PgTransactionConfig): Promise<T>;
-  /**
-   * Start a SELECT query on the table.
-   */
-  protected rawSelect(opts?: StatementOptions): drizzle_orm_pg_core0.PgSelectBase<string, Record<string, PgColumn<drizzle_orm0.ColumnBaseConfig<drizzle_orm0.ColumnDataType, string>, {}, {}>>, "single", Record<string, "not-null">, false, never, {
-    [x: string]: unknown;
-  }[], {
-    [x: string]: PgColumn<drizzle_orm0.ColumnBaseConfig<drizzle_orm0.ColumnDataType, string>, {}, {}>;
-  }>;
-  /**
-   * Start a SELECT DISTINCT query on the table.
-   */
-  protected rawSelectDistinct(opts?: StatementOptions, columns?: (keyof Static<T>)[]): drizzle_orm_pg_core0.PgSelectBase<string, Record<string, any>, "partial", Record<string, "not-null">, false, never, {
-    [x: string]: any;
-  }[], {
-    [x: string]: any;
-  }>;
-  /**
-   * Start an INSERT query on the table.
-   */
-  protected rawInsert(opts?: StatementOptions): drizzle_orm_pg_core0.PgInsertBuilder<PgTableWithColumns<SchemaToTableConfig<T>>, any, false>;
-  /**
-   * Start an UPDATE query on the table.
-   */
-  protected rawUpdate(opts?: StatementOptions): drizzle_orm_pg_core0.PgUpdateBuilder<PgTableWithColumns<SchemaToTableConfig<T>>, any>;
-  /**
-   * Start a DELETE query on the table.
-   */
-  protected rawDelete(opts?: StatementOptions): drizzle_orm_pg_core0.PgDeleteBase<PgTableWithColumns<SchemaToTableConfig<T>>, any, undefined, undefined, false, never>;
-  /**
-   * Create a Drizzle `select` query based on a JSON query object.
-   *
-   * > This method is the base for `find`, `findOne`, `findById`, and `paginate`.
-   */
-  findMany<R extends PgRelationMap<T>>(query?: PgQueryRelations<T, R>, opts?: StatementOptions): Promise<PgStatic<T, R>[]>;
-  /**
-   * Find a single entity.
-   */
-  findOne<R extends PgRelationMap<T>>(query: Pick<PgQueryRelations<T, R>, "with" | "where">, opts?: StatementOptions): Promise<PgStatic<T, R>>;
-  /**
-   * Find entities with pagination.
-   *
-   * It uses the same parameters as `find()`, but adds pagination metadata to the response.
-   *
-   * > Pagination CAN also do a count query to get the total number of elements.
-   */
-  paginate<R extends PgRelationMap<T>>(pagination?: PageQuery, query?: PgQueryRelations<T, R>, opts?: StatementOptions & {
-    count?: boolean;
-  }): Promise<Page<PgStatic<T, R>>>;
-  /**
-   * Find an entity by ID.
-   *
-   * This is a convenience method for `findOne` with a where clause on the primary key.
-   * If you need more complex queries, use `findOne` instead.
-   */
-  findById(id: string | number, opts?: StatementOptions): Promise<Static<T>>;
-  /**
-   * Helper to create a type-safe query object.
-   */
-  createQuery(): PgQuery<T>;
-  /**
-   * Helper to create a type-safe where clause.
-   */
-  createQueryWhere(): PgQueryWhere<T>;
-  /**
-   * Create an entity.
-   *
-   * @param data The entity to create.
-   * @param opts The options for creating the entity.
-   * @returns The ID of the created entity.
-   */
-  create(data: Static<TObjectInsert<T>>, opts?: StatementOptions): Promise<Static<T>>;
-  /**
-   * Create many entities.
-   *
-   * @param values The entities to create.
-   * @param opts The statement options.
-   * @returns The created entities.
-   */
-  createMany(values: Array<Static<TObjectInsert<T>>>, opts?: StatementOptions): Promise<Static<T>[]>;
-  /**
-   * Find an entity and update it.
-   */
-  updateOne(where: PgQueryWhereOrSQL<T>, data: Partial<Static<TObjectUpdate<T>>>, opts?: StatementOptions): Promise<Static<T>>;
-  /**
-   * Save a given entity.
-   *
-   * @example
-   * ```ts
-   * const entity = await repository.findById(1);
-   * entity.name = "New Name"; // update a field
-   * delete entity.description; // delete a field
-   * await repository.save(entity);
-   * ```
-   *
-   * Difference with `updateById/updateOne`:
-   *
-   * - requires the entity to be fetched first (whole object is expected)
-   * - check pg.version() if present -> optimistic locking
-   * - validate entity against schema
-   * - undefined values will be set to null, not ignored!
-   *
-   * @see {@link DbVersionMismatchError}
-   */
-  save(entity: Static<T>, opts?: StatementOptions): Promise<void>;
-  /**
-   * Find an entity by ID and update it.
-   */
-  updateById(id: string | number, data: Partial<Static<TObjectUpdate<T>>>, opts?: StatementOptions): Promise<Static<T>>;
-  /**
-   * Find many entities and update all of them.
-   */
-  updateMany(where: PgQueryWhereOrSQL<T>, data: Partial<Static<TObjectUpdate<T>>>, opts?: StatementOptions): Promise<Array<number | string>>;
-  /**
-   * Find many and delete all of them.
-   * @returns Array of deleted entity IDs
-   */
-  deleteMany(where?: PgQueryWhereOrSQL<T>, opts?: StatementOptions): Promise<Array<number | string>>;
-  /**
-   * Delete all entities.
-   * @returns Array of deleted entity IDs
-   */
-  clear(opts?: StatementOptions): Promise<Array<number | string>>;
-  /**
-   * Delete the given entity.
-   *
-   * You must fetch the entity first in order to delete it.
-   * @returns Array containing the deleted entity ID
-   */
-  destroy(entity: Static<T>, opts?: StatementOptions): Promise<Array<number | string>>;
-  /**
-   * Find an entity and delete it.
-   * @returns Array of deleted entity IDs (should contain at most one ID)
-   */
-  deleteOne(where?: PgQueryWhereOrSQL<T>, opts?: StatementOptions): Promise<Array<number | string>>;
-  /**
-   * Find an entity by ID and delete it.
-   * @returns Array containing the deleted entity ID
-   * @throws DbEntityNotFoundError if the entity is not found
-   */
-  deleteById(id: string | number, opts?: StatementOptions): Promise<Array<number | string>>;
-  /**
-   * Count entities.
-   */
-  count(where?: PgQueryWhereOrSQL<T>, opts?: StatementOptions): Promise<number>;
-  protected conflictMessagePattern: string;
-  protected handleError(error: unknown, message: string): DbError;
-  protected withDeletedAt(where: PgQueryWhereOrSQL<T>, opts?: {
-    force?: boolean;
-  }): PgQueryWhereOrSQL<T>;
-  protected deletedAt(): PgAttrField | undefined;
-  /**
-   * Convert something to valid Pg Insert Value.
-   */
-  protected cast(data: any, insert: boolean): PgInsertValue<PgTableWithColumns<SchemaToTableConfig<T>>>;
-  /**
-   * Transform a row from the database into a clean entity.
-   */
-  protected clean<T extends TObject>(row: Record<string, unknown>, schema: T): Static<T>;
-  /**
-   * Clean a row with joins recursively
-   */
-  protected cleanWithJoins<T extends TObject>(row: Record<string, unknown>, schema: T, joins: PgJoin[], parentPath?: string): Static<T>;
-  /**
-   * Convert a where clause to SQL.
-   */
-  protected toSQL(where: PgQueryWhereOrSQL<T>, joins?: PgJoin[]): SQL | undefined;
-  /**
-   * Get the where clause for an ID.
-   *
-   * @param id The ID to get the where clause for.
-   * @returns The where clause for the ID.
-   */
-  protected getWhereId(id: string | number): PgQueryWhere<T>;
-  /**
-   * Find a primary key in the schema.
-   */
-  protected getPrimaryKey(schema: TObject): {
-    key: string;
-    col: PgColumn<drizzle_orm0.ColumnBaseConfig<drizzle_orm0.ColumnDataType, string>, {}, {}>;
-    type: TSchema;
-  };
-}
-/**
- * The options for a statement.
- */
-interface StatementOptions {
-  /**
-   * Transaction to use.
-   */
-  tx?: PgTransaction<any, Record<string, any>>;
-  /**
-   * Lock strength.
-   */
-  for?: LockStrength | {
-    config: LockConfig;
-    strength: LockStrength;
-  };
-  /**
-   * If true, ignore soft delete.
-   */
-  force?: boolean;
-  /**
-   * Force the current time.
-   */
-  now?: DateTime | string;
-}
-//#endregion
-//#region src/orm/providers/drivers/NodePostgresProvider.d.ts
-declare module "alepha" {
-  interface Env extends Partial<Static<typeof envSchema>> {}
-}
-declare const envSchema: alepha1.TObject<{
-  /**
-   * Main configuration for database connection.
-   * Accept a string in the format of a Postgres connection URL.
-   * Example: postgres://user:password@localhost:5432/database
-   * or
-   * Example: postgres://user:password@localhost:5432/database?sslmode=require
-   */
-  DATABASE_URL: alepha1.TOptional<alepha1.TString>;
-  /**
-   * In addition to the DATABASE_URL, you can specify the postgres schema name.
-   *
-   * It will monkey patch drizzle tables.
-   */
-  POSTGRES_SCHEMA: alepha1.TOptional<alepha1.TString>;
-}>;
-//#endregion
-//#region src/orm/providers/drivers/NodeSqliteProvider.d.ts
-/**
- * Configuration options for the Node.js SQLite database provider.
- */
-declare const nodeSqliteOptions: alepha1.Atom<alepha1.TObject<{
-  path: alepha1.TOptional<alepha1.TString>;
-}>, "alepha.postgres.node-sqlite.options">;
-type NodeSqliteProviderOptions = Static<typeof nodeSqliteOptions.schema>;
-declare module "alepha" {
-  interface State {
-    [nodeSqliteOptions.key]: NodeSqliteProviderOptions;
-  }
-}
-/**
- * Add a fake support for SQLite in Node.js based on Postgres interfaces.
- *
- * This is NOT a real SQLite provider, it's a workaround to use SQLite with Drizzle ORM.
- * This is NOT recommended for production use.
- */
-//#endregion
-//#region src/orm/index.d.ts
-declare module "alepha" {
-  interface Hooks {
-    /**
-     * Fires before creating an entity in the repository.
-     */
-    "repository:create:before": {
-      tableName: string;
-      data: any;
-    };
-    /**
-     * Fires after creating an entity in the repository.
-     */
-    "repository:create:after": {
-      tableName: string;
-      data: any;
-      entity: any;
-    };
-    /**
-     * Fires before updating entities in the repository.
-     */
-    "repository:update:before": {
-      tableName: string;
-      where: any;
-      data: any;
-    };
-    /**
-     * Fires after updating entities in the repository.
-     */
-    "repository:update:after": {
-      tableName: string;
-      where: any;
-      data: any;
-      entities: any[];
-    };
-    /**
-     * Fires before deleting entities from the repository.
-     */
-    "repository:delete:before": {
-      tableName: string;
-      where: any;
-    };
-    /**
-     * Fires after deleting entities from the repository.
-     */
-    "repository:delete:after": {
-      tableName: string;
-      where: any;
-      ids: Array<string | number>;
-    };
-    /**
-     * Fires before reading entities from the repository.
-     */
-    "repository:read:before": {
-      tableName: string;
-      query: any;
-    };
-    /**
-     * Fires after reading entities from the repository.
-     */
-    "repository:read:after": {
-      tableName: string;
-      query: any;
-      entities: any[];
-    };
-  }
-}
-//#endregion
-//#region src/api-verifications/entities/verifications.d.ts
-declare const verifications: alepha_orm198.EntityDescriptor<alepha1.TObject<{
-  id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-  createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-  type: alepha1.TUnsafe<"link" | "code">;
-  target: alepha1.TString;
-  code: alepha1.TString;
-  verifiedAt: alepha1.TOptional<alepha1.TString>;
-  attempts: alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_DEFAULT>;
-}>>;
-type VerificationEntity = Static<typeof verifications.schema>;
-//#endregion
-//#region src/api-verifications/schemas/verificationSettingsSchema.d.ts
-declare const verificationSettingsSchema: alepha1.TObject<{
-  code: alepha1.TObject<{
-    maxAttempts: alepha1.TInteger;
-    codeLength: alepha1.TInteger;
-    codeExpiration: alepha1.TInteger;
-    verificationCooldown: alepha1.TInteger;
-    limitPerDay: alepha1.TInteger;
-  }>;
-  link: alepha1.TObject<{
-    maxAttempts: alepha1.TInteger;
-    codeExpiration: alepha1.TInteger;
-    verificationCooldown: alepha1.TInteger;
-    limitPerDay: alepha1.TInteger;
-  }>;
-  purgeDays: alepha1.TInteger;
-}>;
-type VerificationSettings = Static<typeof verificationSettingsSchema>;
-//#endregion
-//#region src/api-verifications/parameters/VerificationParameters.d.ts
-/**
- * Verification settings configuration atom
- */
-declare const verificationOptions: alepha1.Atom<alepha1.TObject<{
-  code: alepha1.TObject<{
-    maxAttempts: alepha1.TInteger;
-    codeLength: alepha1.TInteger;
-    codeExpiration: alepha1.TInteger;
-    verificationCooldown: alepha1.TInteger;
-    limitPerDay: alepha1.TInteger;
-  }>;
-  link: alepha1.TObject<{
-    maxAttempts: alepha1.TInteger;
-    codeExpiration: alepha1.TInteger;
-    verificationCooldown: alepha1.TInteger;
-    limitPerDay: alepha1.TInteger;
-  }>;
-  purgeDays: alepha1.TInteger;
-}>, "alepha.api.verifications.options">;
-type VerificationOptions = Static<typeof verificationOptions.schema>;
-declare module "alepha" {
-  interface State {
-    [verificationOptions.key]: VerificationOptions;
-  }
-}
-declare class VerificationParameters {
-  protected readonly options: Readonly<{
-    link: {
-      maxAttempts: number;
-      codeExpiration: number;
-      verificationCooldown: number;
-      limitPerDay: number;
-    };
-    code: {
-      maxAttempts: number;
-      codeLength: number;
-      codeExpiration: number;
-      verificationCooldown: number;
-      limitPerDay: number;
-    };
-    purgeDays: number;
-  }>;
-  get<K$1 extends keyof VerificationSettings>(key: K$1): VerificationSettings[K$1];
-}
-//#endregion
-//#region src/api-verifications/schemas/requestVerificationCodeResponseSchema.d.ts
-declare const requestVerificationCodeResponseSchema: alepha1.TObject<{
-  token: alepha1.TString;
-  codeExpiration: alepha1.TInteger;
-  verificationCooldown: alepha1.TInteger;
-  maxVerificationAttempts: alepha1.TInteger;
-}>;
-type RequestVerificationResponse = Static<typeof requestVerificationCodeResponseSchema>;
-//#endregion
-//#region src/api-verifications/schemas/validateVerificationCodeResponseSchema.d.ts
-declare const validateVerificationCodeResponseSchema: alepha1.TObject<{
-  ok: alepha1.TBoolean;
-  alreadyVerified: alepha1.TOptional<alepha1.TBoolean>;
-}>;
-type ValidateVerificationCodeResponse = Static<typeof validateVerificationCodeResponseSchema>;
-//#endregion
-//#region src/api-verifications/schemas/verificationTypeEnumSchema.d.ts
-declare const verificationTypeEnumSchema: alepha1.TUnsafe<"link" | "code">;
-type VerificationTypeEnum = Static<typeof verificationTypeEnumSchema>;
-//#endregion
-//#region src/api-verifications/services/VerificationService.d.ts
-declare class VerificationService {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly verificationParameters: VerificationParameters;
-  protected readonly verificationRepository: alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"link" | "code">;
-    target: alepha1.TString;
-    code: alepha1.TString;
-    verifiedAt: alepha1.TOptional<alepha1.TString>;
-    attempts: alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_DEFAULT>;
-  }>>;
-  findByEntry(entry: VerificationEntry): Promise<VerificationEntity>;
-  findRecentsByEntry(entry: VerificationEntry): Promise<alepha_orm198.PgStatic<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"link" | "code">;
-    target: alepha1.TString;
-    code: alepha1.TString;
-    verifiedAt: alepha1.TOptional<alepha1.TString>;
-    attempts: alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_DEFAULT>;
-  }>, alepha_orm198.PgRelationMap<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"link" | "code">;
-    target: alepha1.TString;
-    code: alepha1.TString;
-    verifiedAt: alepha1.TOptional<alepha1.TString>;
-    attempts: alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_DEFAULT>;
-  }>>>[]>;
-  /**
-   * Creates a verification entry and returns the token.
-   * The caller is responsible for sending notifications with the token.
-   * This allows for context-specific notifications (e.g., password reset vs email verification).
-   */
-  createVerification(entry: VerificationEntry): Promise<RequestVerificationResponse>;
-  verifyCode(entry: VerificationEntry, code: string): Promise<ValidateVerificationCodeResponse>;
-  hashCode(code: string): string;
-  generateToken(type: VerificationTypeEnum): string;
-}
-interface VerificationEntry {
-  type: VerificationTypeEnum;
-  target: string;
-}
-//#endregion
-//#region src/api-verifications/controllers/VerificationController.d.ts
-declare class VerificationController {
-  protected readonly verificationService: VerificationService;
-  readonly url = "/verifications";
-  readonly group = "verifications";
-  readonly requestVerificationCode: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      type: alepha1.TUnsafe<"link" | "code">;
-    }>;
-    body: alepha1.TObject<{
-      target: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      token: alepha1.TString;
-      codeExpiration: alepha1.TInteger;
-      verificationCooldown: alepha1.TInteger;
-      maxVerificationAttempts: alepha1.TInteger;
-    }>;
-  }>;
-  readonly validateVerificationCode: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      type: alepha1.TUnsafe<"link" | "code">;
-    }>;
-    body: alepha1.TObject<{
-      target: alepha1.TString;
-      token: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      ok: alepha1.TBoolean;
-      alreadyVerified: alepha1.TOptional<alepha1.TBoolean>;
-    }>;
-  }>;
-}
-//#endregion
-//#region src/api-notifications/schemas/notificationCreateSchema.d.ts
-declare const notificationCreateSchema: alepha1.TObject<{
-  type: alepha1.TUnsafe<"email" | "sms">;
-  template: alepha1.TString;
-  contact: alepha1.TString;
-  variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-}>;
-type NotificationCreate = Static<typeof notificationCreateSchema>;
-//#endregion
-//#region src/api-notifications/entities/notifications.d.ts
-declare const notifications: alepha_orm198.EntityDescriptor<alepha1.TObject<{
-  id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-  version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-  createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  type: alepha1.TUnsafe<"email" | "sms">;
-  template: alepha1.TString;
-  category: alepha1.TOptional<alepha1.TString>;
-  critical: alepha1.TOptional<alepha1.TBoolean>;
-  sensitive: alepha1.TOptional<alepha1.TBoolean>;
-  contact: alepha1.TString;
-  variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-  scheduledAt: alepha1.TOptional<alepha1.TString>;
-  sentAt: alepha1.TOptional<alepha1.TString>;
-  error: alepha1.TOptional<alepha1.TObject<{
-    at: alepha1.TString;
-    name: alepha1.TString;
-    message: alepha1.TString;
-  }>>;
-}>>;
-type NotificationEntity = Static<typeof notifications.schema>;
-//#endregion
-//#region src/api-notifications/providers/SmsProvider.d.ts
-declare abstract class SmsProvider {
-  abstract send(options: SmsSendOptions): Promise<void>;
-}
-interface SmsSendOptions {
-  to: string;
-  message: string;
-}
-//#endregion
-//#region src/api-notifications/services/NotificationSenderService.d.ts
-declare class NotificationSenderService {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly notificationRepository: alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"email" | "sms">;
-    template: alepha1.TString;
-    category: alepha1.TOptional<alepha1.TString>;
-    critical: alepha1.TOptional<alepha1.TBoolean>;
-    sensitive: alepha1.TOptional<alepha1.TBoolean>;
-    contact: alepha1.TString;
-    variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-    scheduledAt: alepha1.TOptional<alepha1.TString>;
-    sentAt: alepha1.TOptional<alepha1.TString>;
-    error: alepha1.TOptional<alepha1.TObject<{
-      at: alepha1.TString;
-      name: alepha1.TString;
-      message: alepha1.TString;
-    }>>;
-  }>>;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly emailProvider: EmailProvider;
-  protected readonly smsProvider: SmsProvider;
-  send(notificationId: string | NotificationEntity): Promise<void>;
-  renderSms(notification: NotificationEntity): {
-    to: string;
-    message: string;
-  };
-  renderEmail(notification: NotificationEntity): {
-    to: string;
-    subject: string;
-    body: string;
-  };
-  protected load(notification: NotificationEntity): {
-    template: NotificationDescriptor<alepha1.TObject<alepha1.TProperties>>;
-    variables: Record<string, any>;
-    contact: string;
-  };
-}
-//#endregion
-//#region src/api-notifications/services/NotificationService.d.ts
-declare const notificationServiceEnvSchema: alepha1.TObject<{
-  NOTIFICATION_QUEUE: alepha1.TOptional<alepha1.TBoolean>;
-}>;
-declare module "alepha" {
-  interface Env extends Partial<Static<typeof notificationServiceEnvSchema>> {}
-}
-declare class NotificationService {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly env: {
-    NOTIFICATION_QUEUE?: boolean | undefined;
-  };
-  protected readonly notificationRepository: alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"email" | "sms">;
-    template: alepha1.TString;
-    category: alepha1.TOptional<alepha1.TString>;
-    critical: alepha1.TOptional<alepha1.TBoolean>;
-    sensitive: alepha1.TOptional<alepha1.TBoolean>;
-    contact: alepha1.TString;
-    variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-    scheduledAt: alepha1.TOptional<alepha1.TString>;
-    sentAt: alepha1.TOptional<alepha1.TString>;
-    error: alepha1.TOptional<alepha1.TObject<{
-      at: alepha1.TString;
-      name: alepha1.TString;
-      message: alepha1.TString;
-    }>>;
-  }>>;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly notificationSenderService: NotificationSenderService;
-  readonly notificationBatch: alepha_batch0.BatchDescriptor<alepha1.TObject<{
-    type: alepha1.TUnsafe<"email" | "sms">;
-    template: alepha1.TString;
-    contact: alepha1.TString;
-    variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-  }>, Promise<void>>;
-  findNotificationById(id: string): Promise<alepha_orm198.PgStatic<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"email" | "sms">;
-    template: alepha1.TString;
-    category: alepha1.TOptional<alepha1.TString>;
-    critical: alepha1.TOptional<alepha1.TBoolean>;
-    sensitive: alepha1.TOptional<alepha1.TBoolean>;
-    contact: alepha1.TString;
-    variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-    scheduledAt: alepha1.TOptional<alepha1.TString>;
-    sentAt: alepha1.TOptional<alepha1.TString>;
-    error: alepha1.TOptional<alepha1.TObject<{
-      at: alepha1.TString;
-      name: alepha1.TString;
-      message: alepha1.TString;
-    }>>;
-  }>, alepha_orm198.PgRelationMap<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    type: alepha1.TUnsafe<"email" | "sms">;
-    template: alepha1.TString;
-    category: alepha1.TOptional<alepha1.TString>;
-    critical: alepha1.TOptional<alepha1.TBoolean>;
-    sensitive: alepha1.TOptional<alepha1.TBoolean>;
-    contact: alepha1.TString;
-    variables: alepha1.TOptional<alepha1.TRecord<"^.*$", alepha1.TAny>>;
-    scheduledAt: alepha1.TOptional<alepha1.TString>;
-    sentAt: alepha1.TOptional<alepha1.TString>;
-    error: alepha1.TOptional<alepha1.TObject<{
-      at: alepha1.TString;
-      name: alepha1.TString;
-      message: alepha1.TString;
-    }>>;
-  }>>>>;
-  /**
-   * Create a new notification.
-   */
-  createNotification(entry: NotificationCreate): Promise<void>;
-}
-//#endregion
-//#region src/api-notifications/descriptors/$notification.d.ts
-interface NotificationDescriptorOptions<T extends TObject> extends NotificationMessage<T> {
-  name?: string;
-  description?: string;
-  category?: string;
-  critical?: boolean;
-  sensitive?: boolean;
-  translations?: {
-    [lang: string]: NotificationMessage<T>;
-  };
-  schema: T;
-}
-declare class NotificationDescriptor<T extends TObject> extends Descriptor<NotificationDescriptorOptions<T>> {
-  protected readonly notificationService: NotificationService;
-  get name(): string;
-  push(options: NotificationPushOptions<T>): Promise<void>;
-  configure(options: Partial<NotificationDescriptorOptions<T>>): void;
-}
-interface NotificationPushOptions<T extends TObject> {
-  variables: StaticEncode<T>;
-  contact: string;
-}
-interface NotificationMessage<T extends TObject> {
-  email?: {
-    subject: string;
-    body: string | ((variables: Static<T>) => string);
-  };
-  sms?: {
-    message: string | ((variables: Static<T>) => string);
-  };
-}
-//#endregion
-//#region src/api-users/notifications/UserNotifications.d.ts
-declare class UserNotifications {
-  readonly passwordReset: NotificationDescriptor<alepha1.TObject<{
-    email: alepha1.TString;
-    code: alepha1.TString;
-    expiresInMinutes: alepha1.TNumber;
-  }>>;
-  readonly emailVerification: NotificationDescriptor<alepha1.TObject<{
-    email: alepha1.TString;
-    code: alepha1.TString;
-    expiresInMinutes: alepha1.TNumber;
-  }>>;
-  readonly phoneVerification: NotificationDescriptor<alepha1.TObject<{
-    phoneNumber: alepha1.TString;
-    code: alepha1.TString;
-    expiresInMinutes: alepha1.TNumber;
-  }>>;
-  readonly passwordResetLink: NotificationDescriptor<alepha1.TObject<{
-    email: alepha1.TString;
-    resetUrl: alepha1.TString;
-    expiresInMinutes: alepha1.TNumber;
-  }>>;
-  readonly emailVerificationLink: NotificationDescriptor<alepha1.TObject<{
-    email: alepha1.TString;
-    verifyUrl: alepha1.TString;
-    expiresInMinutes: alepha1.TNumber;
-  }>>;
-}
-//#endregion
-//#region src/api-users/schemas/completePasswordResetRequestSchema.d.ts
-/**
- * Request schema for completing a password reset.
- *
- * Requires the intent ID from Phase 1, the verification code,
- * and the new password.
- */
-declare const completePasswordResetRequestSchema: alepha1.TObject<{
-  intentId: alepha1.TString;
-  code: alepha1.TString;
-  newPassword: alepha1.TString;
-}>;
-type CompletePasswordResetRequest = Static<typeof completePasswordResetRequestSchema>;
-//#endregion
-//#region src/api-users/schemas/passwordResetIntentResponseSchema.d.ts
-/**
- * Response schema for password reset intent creation.
- *
- * Contains the intent ID needed for Phase 2 completion,
- * along with expiration time.
- */
-declare const passwordResetIntentResponseSchema: alepha1.TObject<{
-  intentId: alepha1.TString;
-  expiresAt: alepha1.TString;
-}>;
-type PasswordResetIntentResponse = Static<typeof passwordResetIntentResponseSchema>;
-//#endregion
-//#region src/api-users/services/CredentialService.d.ts
-/**
- * Intent stored in cache during the password reset flow.
- */
-interface PasswordResetIntent {
-  email: string;
-  userId: string;
-  identityId: string;
-  realmName?: string;
-  expiresAt: string;
-}
-declare class CredentialService {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly cryptoProvider: CryptoProvider;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly verificationController: HttpVirtualClient<VerificationController>;
-  protected readonly userNotifications: UserNotifications;
-  protected readonly userRealmProvider: UserRealmProvider;
-  protected readonly intentCache: alepha_cache0.CacheDescriptorFn<PasswordResetIntent, any[]>;
-  users(userRealmName?: string): Repository$1<alepha1.TObject<{
-    id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-    version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-    createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-    updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-    realm: PgAttr<alepha1.TString, typeof PG_DEFAULT>;
-    username: alepha1.TOptional<alepha1.TString>;
-    email: alepha1.TOptional<alepha1.TString>;
-    phoneNumber: alepha1.TOptional<alepha1.TString>;
-    roles: PgAttr<alepha1.TArray<alepha1.TString>, typeof PG_DEFAULT>;
-    firstName: alepha1.TOptional<alepha1.TString>;
-    lastName: alepha1.TOptional<alepha1.TString>;
-    picture: alepha1.TOptional<alepha1.TString>;
-    enabled: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-    emailVerified: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-  }>>;
-  sessions(userRealmName?: string): Repository$1<alepha1.TObject<{
-    id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-    version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-    createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-    updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-    refreshToken: alepha1.TString;
-    userId: PgAttr<alepha1.TString, typeof PG_REF>;
-    expiresAt: alepha1.TString;
-    ip: alepha1.TOptional<alepha1.TString>;
-    userAgent: alepha1.TOptional<alepha1.TObject<{
-      os: alepha1.TString;
-      browser: alepha1.TString;
-      device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-    }>>;
-  }>>;
-  identities(userRealmName?: string): Repository$1<alepha1.TObject<{
-    id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-    version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-    createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-    updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-    userId: PgAttr<alepha1.TString, typeof PG_REF>;
-    password: alepha1.TOptional<alepha1.TString>;
-    provider: alepha1.TString;
-    providerUserId: alepha1.TOptional<alepha1.TString>;
-    providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-  }>>;
-  /**
-   * Phase 1: Create a password reset intent.
-   *
-   * Validates the email, checks for existing user with credentials,
-   * sends verification code, and stores the intent in cache.
-   *
-   * @param email - User's email address
-   * @param userRealmName - Optional realm name
-   * @returns Intent response with intentId and expiration (always returns for security)
-   */
-  createPasswordResetIntent(email: string, userRealmName?: string): Promise<PasswordResetIntentResponse>;
-  /**
-   * Phase 2: Complete password reset using an intent.
-   *
-   * Validates the verification code, updates the password,
-   * and invalidates all existing sessions.
-   *
-   * @param body - Request body with intentId, code, and newPassword
-   */
-  completePasswordReset(body: CompletePasswordResetRequest): Promise<void>;
-  /**
-   * @deprecated Use createPasswordResetIntent instead
-   */
-  requestPasswordReset(email: string, userRealmName?: string): Promise<boolean>;
-  /**
-   * @deprecated Use completePasswordReset instead
-   */
-  validateResetToken(email: string, token: string, _userRealmName?: string): Promise<string>;
-  /**
-   * @deprecated Use completePasswordReset instead
-   */
-  resetPassword(email: string, token: string, newPassword: string, userRealmName?: string): Promise<void>;
-}
-//#endregion
-//#region src/api-users/schemas/completeRegistrationRequestSchema.d.ts
-declare const completeRegistrationRequestSchema: alepha1.TObject<{
-  intentId: alepha1.TString;
-  emailCode: alepha1.TOptional<alepha1.TString>;
-  phoneCode: alepha1.TOptional<alepha1.TString>;
-  captchaToken: alepha1.TOptional<alepha1.TString>;
-}>;
-type CompleteRegistrationRequest = Static<typeof completeRegistrationRequestSchema>;
-//#endregion
-//#region src/api-users/schemas/registerRequestSchema.d.ts
-/**
- * Schema for user registration request body.
- * Password is always required, other fields depend on realm settings.
- */
-declare const registerRequestSchema: alepha1.TObject<{
-  password: alepha1.TString;
-  username: alepha1.TOptional<alepha1.TString>;
-  email: alepha1.TOptional<alepha1.TString>;
-  phoneNumber: alepha1.TOptional<alepha1.TString>;
-  firstName: alepha1.TOptional<alepha1.TString>;
-  lastName: alepha1.TOptional<alepha1.TString>;
-  picture: alepha1.TOptional<alepha1.TString>;
-}>;
-type RegisterRequest = Static<typeof registerRequestSchema>;
-//#endregion
-//#region src/api-users/schemas/registrationIntentResponseSchema.d.ts
-declare const registrationIntentResponseSchema: alepha1.TObject<{
-  intentId: alepha1.TString;
-  expectCaptcha: alepha1.TBoolean;
-  expectEmailVerification: alepha1.TBoolean;
-  expectPhoneVerification: alepha1.TBoolean;
-  expiresAt: alepha1.TString;
-}>;
-type RegistrationIntentResponse = Static<typeof registrationIntentResponseSchema>;
-//#endregion
-//#region src/api-users/services/RegistrationService.d.ts
-/**
- * Intent stored in cache during the registration flow.
- */
-interface RegistrationIntent {
-  data: {
-    username?: string;
-    email?: string;
-    phoneNumber?: string;
-    firstName?: string;
-    lastName?: string;
-    picture?: string;
-    passwordHash: string;
-  };
-  requirements: {
-    email: boolean;
-    phone: boolean;
-    captcha: boolean;
-  };
-  realmName?: string;
-  expiresAt: string;
-}
-declare class RegistrationService {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly cryptoProvider: CryptoProvider;
-  protected readonly verificationController: HttpVirtualClient<VerificationController>;
-  protected readonly userNotifications: UserNotifications;
-  protected readonly userRealmProvider: UserRealmProvider;
-  protected readonly intentCache: alepha_cache0.CacheDescriptorFn<RegistrationIntent, any[]>;
-  /**
-   * Phase 1: Create a registration intent.
-   *
-   * Validates the registration data, checks for existing users,
-   * creates verification sessions, and stores the intent in cache.
-   */
-  createRegistrationIntent(body: RegisterRequest, userRealmName?: string): Promise<RegistrationIntentResponse>;
-  /**
-   * Phase 2: Complete registration using an intent.
-   *
-   * Validates all requirements (verification codes, captcha),
-   * creates the user and credentials, and returns the user.
-   */
-  completeRegistration(body: CompleteRegistrationRequest): Promise<UserEntity>;
-  /**
-   * Check if username, email, and phone are available.
-   */
-  protected checkUserAvailability(body: Pick<RegisterRequest, "username" | "email" | "phoneNumber">, userRealmName?: string): Promise<void>;
-  /**
-   * Send email verification code.
-   */
-  protected sendEmailVerification(email: string): Promise<void>;
-  /**
-   * Send phone verification code.
-   */
-  protected sendPhoneVerification(phoneNumber: string): Promise<void>;
-  /**
-   * Verify email code using verification service.
-   */
-  protected verifyEmailCode(email: string, code: string): Promise<void>;
-  /**
-   * Verify phone code using verification service.
-   */
-  protected verifyPhoneCode(phoneNumber: string, code: string): Promise<void>;
-}
-//#endregion
-//#region src/api-users/schemas/createUserSchema.d.ts
-declare const createUserSchema: alepha1.TObject<{
-  id: alepha1.TOptional<PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>>;
-  version: alepha1.TOptional<PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>>;
-  email: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  createdAt: alepha1.TOptional<PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
-  updatedAt: alepha1.TOptional<PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
-  username: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  phoneNumber: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-  firstName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  lastName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  picture: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  enabled: alepha1.TOptional<PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>>;
-  emailVerified: alepha1.TOptional<PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>>;
-}>;
-type CreateUser = Static<typeof createUserSchema>;
-//#endregion
-//#region src/api-users/schemas/updateUserSchema.d.ts
-declare const updateUserSchema: alepha1.TObject<{
-  email: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  realm: alepha1.TOptional<PgAttr<alepha1.TString, typeof PG_DEFAULT>>;
-  phoneNumber: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-  firstName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  lastName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  picture: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-  enabled: alepha1.TOptional<PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>>;
-}>;
-type UpdateUser = Static<typeof updateUserSchema>;
-//#endregion
-//#region src/api-users/schemas/userQuerySchema.d.ts
-declare const userQuerySchema: alepha1.TObject<{
-  page: alepha1.TOptional<alepha1.TInteger>;
-  size: alepha1.TOptional<alepha1.TInteger>;
-  sort: alepha1.TOptional<alepha1.TString>;
-  email: alepha1.TOptional<alepha1.TString>;
-  enabled: alepha1.TOptional<alepha1.TBoolean>;
-  emailVerified: alepha1.TOptional<alepha1.TBoolean>;
-  roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-  query: alepha1.TOptional<alepha1.TString>;
-}>;
-type UserQuery = Static<typeof userQuerySchema>;
-//#endregion
-//#region src/api-users/services/UserService.d.ts
-declare class UserService {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly verificationController: HttpVirtualClient<VerificationController>;
-  protected readonly userNotifications: UserNotifications;
-  protected readonly userRealmProvider: UserRealmProvider;
-  users(userRealmName?: string): alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-    username: alepha1.TOptional<alepha1.TString>;
-    email: alepha1.TOptional<alepha1.TString>;
-    phoneNumber: alepha1.TOptional<alepha1.TString>;
-    roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-    firstName: alepha1.TOptional<alepha1.TString>;
-    lastName: alepha1.TOptional<alepha1.TString>;
-    picture: alepha1.TOptional<alepha1.TString>;
-    enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-  }>>;
-  /**
-   * Request email verification for a user.
-   */
-  requestEmailVerification(email: string, userRealmName?: string): Promise<boolean>;
-  /**
-   * Verify a user's email using a valid verification token.
-   */
-  verifyEmail(email: string, token: string, userRealmName?: string): Promise<void>;
-  /**
-   * Check if an email is verified.
-   */
-  isEmailVerified(email: string, userRealmName?: string): Promise<boolean>;
-  /**
-   * Find users with pagination and filtering.
-   */
-  findUsers(q?: UserQuery, userRealmName?: string): Promise<Page$1<UserEntity>>;
-  /**
-   * Get a user by ID.
-   */
-  getUserById(id: string, userRealmName?: string): Promise<UserEntity>;
-  /**
-   * Create a new user.
-   */
-  createUser(data: CreateUser, userRealmName?: string): Promise<UserEntity>;
-  /**
-   * Update an existing user.
-   */
-  updateUser(id: string, data: UpdateUser, userRealmName?: string): Promise<UserEntity>;
-  /**
-   * Delete a user by ID.
-   */
-  deleteUser(id: string, userRealmName?: string): Promise<void>;
-}
-//#endregion
-//#region src/api-users/controllers/UserController.d.ts
-declare class UserController {
-  protected readonly url = "/users";
-  protected readonly group = "users";
-  protected readonly credentialService: CredentialService;
-  protected readonly userService: UserService;
-  protected readonly registrationService: RegistrationService;
-  /**
-   * Phase 1: Create a registration intent.
-   * Validates data, creates verification sessions, and stores intent in cache.
-   */
-  readonly createRegistrationIntent: alepha_server0.ActionDescriptorFn<{
-    body: alepha1.TObject<{
-      password: alepha1.TString;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      intentId: alepha1.TString;
-      expectCaptcha: alepha1.TBoolean;
-      expectEmailVerification: alepha1.TBoolean;
-      expectPhoneVerification: alepha1.TBoolean;
-      expiresAt: alepha1.TString;
-    }>;
-  }>;
-  /**
-   * Find users with pagination and filtering.
-   */
-  readonly findUsers: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      page: alepha1.TOptional<alepha1.TInteger>;
-      size: alepha1.TOptional<alepha1.TInteger>;
-      sort: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      enabled: alepha1.TOptional<alepha1.TBoolean>;
-      emailVerified: alepha1.TOptional<alepha1.TBoolean>;
-      roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      query: alepha1.TOptional<alepha1.TString>;
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TPage<alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-      emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    }>>;
-  }>;
-  /**
-   * Get a user by ID.
-   */
-  readonly getUser: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-      emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    }>;
-  }>;
-  /**
-   * Create a new user.
-   */
-  readonly createUser: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      id: alepha1.TOptional<alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>>;
-      version: alepha1.TOptional<alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>>;
-      email: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      createdAt: alepha1.TOptional<alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>>;
-      updatedAt: alepha1.TOptional<alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>>;
-      username: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      phoneNumber: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      firstName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      lastName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      picture: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      enabled: alepha1.TOptional<alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>>;
-      emailVerified: alepha1.TOptional<alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-      emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    }>;
-  }>;
-  /**
-   * Phase 2: Complete registration using an intent.
-   * Validates verification codes and creates the user.
-   */
-  readonly createUserFromIntent: alepha_server0.ActionDescriptorFn<{
-    body: alepha1.TObject<{
-      intentId: alepha1.TString;
-      emailCode: alepha1.TOptional<alepha1.TString>;
-      phoneCode: alepha1.TOptional<alepha1.TString>;
-      captchaToken: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-      emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    }>;
-  }>;
-  /**
-   * Update a user.
-   */
-  readonly updateUser: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      email: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      realm: alepha1.TOptional<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>>;
-      phoneNumber: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      firstName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      lastName: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      picture: alepha1.TOptional<alepha1.TOptional<alepha1.TString>>;
-      enabled: alepha1.TOptional<alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      realm: alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: alepha_orm198.PgAttr<alepha1.TArray<alepha1.TString>, typeof alepha_orm198.PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-      emailVerified: alepha_orm198.PgAttr<alepha1.TBoolean, typeof alepha_orm198.PG_DEFAULT>;
-    }>;
-  }>;
-  /**
-   * Delete a user.
-   */
-  readonly deleteUser: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      ok: alepha1.TBoolean;
-      id: alepha1.TOptional<alepha1.TUnion<[alepha1.TString, alepha1.TInteger]>>;
-      count: alepha1.TOptional<alepha1.TNumber>;
-    }>;
-  }>;
-  /**
-   * Phase 1: Create a password reset intent.
-   * Validates email, sends verification code, and stores intent in cache.
-   */
-  readonly createPasswordResetIntent: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      email: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      intentId: alepha1.TString;
-      expiresAt: alepha1.TString;
-    }>;
-  }>;
-  /**
-   * Phase 2: Complete password reset using an intent.
-   * Validates verification code, updates password, and invalidates sessions.
-   */
-  readonly completePasswordReset: alepha_server0.ActionDescriptorFn<{
-    body: alepha1.TObject<{
-      intentId: alepha1.TString;
-      code: alepha1.TString;
-      newPassword: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      ok: alepha1.TBoolean;
-      id: alepha1.TOptional<alepha1.TUnion<[alepha1.TString, alepha1.TInteger]>>;
-      count: alepha1.TOptional<alepha1.TNumber>;
-    }>;
-  }>;
-  /**
-   * @deprecated Use createPasswordResetIntent instead
-   */
-  requestPasswordReset: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      email: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      success: alepha1.TBoolean;
-      message: alepha1.TString;
-    }>;
-  }>;
-  /**
-   * @deprecated Use completePasswordReset instead
-   */
-  validateResetToken: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      email: alepha1.TString;
-      token: alepha1.TString;
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      valid: alepha1.TBoolean;
-      email: alepha1.TOptional<alepha1.TString>;
-    }>;
-  }>;
-  /**
-   * @deprecated Use completePasswordReset instead
-   */
-  resetPassword: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      email: alepha1.TString;
-      token: alepha1.TString;
-      newPassword: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      success: alepha1.TBoolean;
-      message: alepha1.TString;
-    }>;
-  }>;
-  /**
-   * Request email verification.
-   * Generates a verification token using verification service and sends an email to the user.
-   */
-  requestEmailVerification: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      email: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      success: alepha1.TBoolean;
-      message: alepha1.TString;
-    }>;
-  }>;
-  /**
-   * Verify email with a valid token.
-   * Updates the user's emailVerified status.
-   */
-  verifyEmail: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      email: alepha1.TString;
-      token: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      success: alepha1.TBoolean;
-      message: alepha1.TString;
-    }>;
-  }>;
-  /**
-   * Check if an email is verified.
-   */
-  checkEmailVerification: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      email: alepha1.TString;
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      verified: alepha1.TBoolean;
-    }>;
-  }>;
-}
-//#endregion
-//#region src/server-cookies/services/CookieParser.d.ts
-declare class CookieParser {
-  parseRequestCookies(header: string): Record<string, string>;
-  serializeResponseCookies(cookies: Record<string, Cookie | null>, isHttps: boolean): string[];
-  cookieToString(name: string, cookie: Cookie, isHttps?: boolean): string;
-}
-//#endregion
-//#region src/server-cookies/providers/ServerCookiesProvider.d.ts
-declare class ServerCookiesProvider {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly cookieParser: CookieParser;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly env: {
-    APP_SECRET: string;
-  };
-  protected readonly ALGORITHM = "aes-256-gcm";
-  protected readonly IV_LENGTH = 16;
-  protected readonly AUTH_TAG_LENGTH = 16;
-  protected readonly SIGNATURE_LENGTH = 32;
-  readonly onRequest: alepha1.HookDescriptor<"server:onRequest">;
-  readonly onAction: alepha1.HookDescriptor<"action:onRequest">;
-  readonly onSend: alepha1.HookDescriptor<"server:onSend">;
-  protected getCookiesFromContext(cookies?: Cookies): Cookies;
-  getCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, contextCookies?: Cookies): Static<T> | undefined;
-  setCookie<T extends TSchema>(name: string, options: CookieDescriptorOptions<T>, data: Static<T>, contextCookies?: Cookies): void;
-  deleteCookie<T extends TSchema>(name: string, contextCookies?: Cookies): void;
-  protected encrypt(text: string): string;
-  protected decrypt(encryptedText: string): string;
-  secretKey(): string;
-  protected sign(data: string): string;
-}
-//#endregion
-//#region src/server-cookies/descriptors/$cookie.d.ts
-interface CookieDescriptorOptions<T extends TSchema> {
-  /** The schema for the cookie's value, used for validation and type safety. */
-  schema: T;
-  /** The name of the cookie. */
-  name?: string;
-  /** The cookie's path. Defaults to "/". */
-  path?: string;
-  /** Time-to-live for the cookie. Maps to `Max-Age`. */
-  ttl?: DurationLike;
-  /** If true, the cookie is only sent over HTTPS. Defaults to true in production. */
-  secure?: boolean;
-  /** If true, the cookie cannot be accessed by client-side scripts. */
-  httpOnly?: boolean;
-  /** SameSite policy for the cookie. Defaults to "lax". */
-  sameSite?: "strict" | "lax" | "none";
-  /** The domain for the cookie. */
-  domain?: string;
-  /** If true, the cookie value will be compressed using zlib. */
-  compress?: boolean;
-  /** If true, the cookie value will be encrypted. Requires `COOKIE_SECRET` env var. */
-  encrypt?: boolean;
-  /** If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var. */
-  sign?: boolean;
-}
-interface AbstractCookieDescriptor<T extends TSchema> {
-  readonly name: string;
-  readonly options: CookieDescriptorOptions<T>;
-  set(value: Static<T>, options?: {
-    cookies?: Cookies;
-    ttl?: DurationLike;
-  }): void;
-  get(options?: {
-    cookies?: Cookies;
-  }): Static<T> | undefined;
-  del(options?: {
-    cookies?: Cookies;
-  }): void;
-}
-interface Cookies {
-  req: Record<string, string>;
-  res: Record<string, Cookie | null>;
-}
-interface Cookie {
-  value: string;
-  path?: string;
-  maxAge?: number;
-  secure?: boolean;
-  httpOnly?: boolean;
-  sameSite?: "strict" | "lax" | "none";
-  domain?: string;
-}
-//#endregion
-//#region src/server-cookies/index.d.ts
-declare module "alepha/server" {
-  interface ServerRequest {
-    cookies: Cookies;
-  }
-}
-/**
- * Provides HTTP cookie management capabilities for server requests and responses with type-safe cookie descriptors.
- *
- * The server-cookies module enables declarative cookie handling using the `$cookie` descriptor on class properties.
- * It offers automatic cookie parsing, secure cookie configuration, and seamless integration with server routes
- * for managing user sessions, preferences, and authentication tokens.
- *
- * @see {@link $cookie}
- * @module alepha.server.cookies
- */
-//#endregion
-//#region src/server-auth/schemas/authenticationProviderSchema.d.ts
-declare const authenticationProviderSchema: alepha1.TObject<{
-  name: alepha1.TString;
-  type: alepha1.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
-}>;
-type AuthenticationProvider = Static<typeof authenticationProviderSchema>;
-//#endregion
-//#region src/server-auth/schemas/tokensSchema.d.ts
-declare const tokensSchema: alepha1.TObject<{
-  provider: alepha1.TString;
-  access_token: alepha1.TString;
-  issued_at: alepha1.TNumber;
-  expires_in: alepha1.TOptional<alepha1.TNumber>;
-  refresh_token: alepha1.TOptional<alepha1.TString>;
-  refresh_token_expires_in: alepha1.TOptional<alepha1.TNumber>;
-  refresh_expires_in: alepha1.TOptional<alepha1.TNumber>;
-  id_token: alepha1.TOptional<alepha1.TString>;
-  scope: alepha1.TOptional<alepha1.TString>;
-}>;
-type Tokens = Static<typeof tokensSchema>;
-//#endregion
-//#region src/server-auth/providers/ServerAuthProvider.d.ts
-declare class ServerAuthProvider {
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly alepha: Alepha;
-  protected readonly serverCookiesProvider: ServerCookiesProvider;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly serverLinksProvider: ServerLinksProvider;
-  protected readonly authorizationCode: AbstractCookieDescriptor<alepha1.TObject<{
-    provider: alepha1.TString;
-    codeVerifier: alepha1.TOptional<alepha1.TString>;
-    redirectUri: alepha1.TOptional<alepha1.TString>;
-    state: alepha1.TOptional<alepha1.TString>;
-    nonce: alepha1.TOptional<alepha1.TString>;
-  }>>;
-  readonly tokens: AbstractCookieDescriptor<alepha1.TObject<{
-    provider: alepha1.TString;
-    access_token: alepha1.TString;
-    issued_at: alepha1.TNumber;
-    expires_in: alepha1.TOptional<alepha1.TNumber>;
-    refresh_token: alepha1.TOptional<alepha1.TString>;
-    refresh_token_expires_in: alepha1.TOptional<alepha1.TNumber>;
-    refresh_expires_in: alepha1.TOptional<alepha1.TNumber>;
-    id_token: alepha1.TOptional<alepha1.TString>;
-    scope: alepha1.TOptional<alepha1.TString>;
-  }>>;
-  get identities(): Array<AuthDescriptor>;
-  getAuthenticationProviders(filters?: {
-    realmName?: string;
-  }): AuthenticationProvider[];
-  protected readonly configure: alepha1.HookDescriptor<"configure">;
-  protected getAccessTokens(tokens: Tokens): string | undefined;
-  /**
-   * Fill request headers with access token from cookies or fallback to provider's fallback function.
-   */
-  protected readonly onRequest: alepha1.HookDescriptor<"server:onRequest">;
-  /**
-   * Convert cookies to tokens.
-   * If the tokens are expired, try to refresh them using the refresh token.
-   */
-  protected cookiesToTokens(cookies: Cookies): Promise<Tokens | undefined>;
-  protected refreshTokens(tokens: Tokens): Promise<Tokens | undefined>;
-  /**
-   * Get user information.
-   */
-  readonly userinfo: alepha_server0.RouteDescriptor<{
-    response: alepha1.TObject<{
-      user: alepha1.TOptional<alepha1.TObject<{
-        id: alepha1.TString;
-        name: alepha1.TOptional<alepha1.TString>;
-        email: alepha1.TOptional<alepha1.TString>;
-        username: alepha1.TOptional<alepha1.TString>;
-        picture: alepha1.TOptional<alepha1.TString>;
-        sessionId: alepha1.TOptional<alepha1.TString>;
-        organizations: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-        roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      }>>;
-      api: alepha1.TObject<{
-        prefix: alepha1.TOptional<alepha1.TString>;
-        links: alepha1.TArray<alepha1.TObject<{
-          name: alepha1.TString;
-          group: alepha1.TOptional<alepha1.TString>;
-          path: alepha1.TString;
-          method: alepha1.TOptional<alepha1.TString>;
-          requestBodyType: alepha1.TOptional<alepha1.TString>;
-          service: alepha1.TOptional<alepha1.TString>;
-        }>>;
-      }>;
-    }>;
-  }>;
-  /**
-   * Refresh a token for internal providers.
-   */
-  readonly refresh: alepha_server0.RouteDescriptor<{
-    query: alepha1.TObject<{
-      provider: alepha1.TString;
-    }>;
-    body: alepha1.TObject<{
-      refresh_token: alepha1.TString;
-      access_token: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      provider: alepha1.TString;
-      access_token: alepha1.TString;
-      issued_at: alepha1.TNumber;
-      expires_in: alepha1.TOptional<alepha1.TNumber>;
-      refresh_token: alepha1.TOptional<alepha1.TString>;
-      refresh_token_expires_in: alepha1.TOptional<alepha1.TNumber>;
-      refresh_expires_in: alepha1.TOptional<alepha1.TNumber>;
-      id_token: alepha1.TOptional<alepha1.TString>;
-      scope: alepha1.TOptional<alepha1.TString>;
-    }>;
-  }>;
-  /**
-   * Login for local password-based authentication.
-   */
-  readonly token: alepha_server0.RouteDescriptor<{
-    query: alepha1.TObject<{
-      provider: alepha1.TString;
-    }>;
-    body: alepha1.TObject<{
-      username: alepha1.TString;
-      password: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      provider: alepha1.TString;
-      access_token: alepha1.TString;
-      issued_at: alepha1.TNumber;
-      expires_in: alepha1.TOptional<alepha1.TNumber>;
-      refresh_token: alepha1.TOptional<alepha1.TString>;
-      refresh_token_expires_in: alepha1.TOptional<alepha1.TNumber>;
-      refresh_expires_in: alepha1.TOptional<alepha1.TNumber>;
-      id_token: alepha1.TOptional<alepha1.TString>;
-      scope: alepha1.TOptional<alepha1.TString>;
-      user: alepha1.TObject<{
-        id: alepha1.TString;
-        name: alepha1.TOptional<alepha1.TString>;
-        email: alepha1.TOptional<alepha1.TString>;
-        username: alepha1.TOptional<alepha1.TString>;
-        picture: alepha1.TOptional<alepha1.TString>;
-        sessionId: alepha1.TOptional<alepha1.TString>;
-        organizations: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-        roles: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      }>;
-      api: alepha1.TObject<{
-        prefix: alepha1.TOptional<alepha1.TString>;
-        links: alepha1.TArray<alepha1.TObject<{
-          name: alepha1.TString;
-          group: alepha1.TOptional<alepha1.TString>;
-          path: alepha1.TString;
-          method: alepha1.TOptional<alepha1.TString>;
-          requestBodyType: alepha1.TOptional<alepha1.TString>;
-          service: alepha1.TOptional<alepha1.TString>;
-        }>>;
-      }>;
-    }>;
-  }>;
-  /**
-   * Oauth2/OIDC login route.
-   */
-  readonly login: alepha_server0.RouteDescriptor<{
-    query: alepha1.TObject<{
-      provider: alepha1.TString;
-      redirect_uri: alepha1.TOptional<alepha1.TString>;
-    }>;
-  }>;
-  /**
-   * Callback for OAuth2/OIDC providers.
-   * It handles the authorization code flow and retrieves the access token.
-   */
-  readonly callback: alepha_server0.RouteDescriptor<alepha_server0.RequestConfigSchema>;
-  /**
-   * Logout route for OAuth2/OIDC providers.
-   */
-  readonly logout: alepha_server0.RouteDescriptor<{
-    query: alepha1.TObject<{
-      post_logout_redirect_uri: alepha1.TOptional<alepha1.TString>;
-    }>;
-  }>;
-  protected provider(opts: string | {
-    provider: string;
-  }): AuthDescriptor;
-  protected setTokens(tokens: Tokens, cookies?: Cookies): void;
-}
-interface OAuth2Profile {
-  sub: string;
-  email?: string;
-  name?: string;
-  given_name?: string;
-  family_name?: string;
-  middle_name?: string;
-  nickname?: string;
-  preferred_username?: string;
-  profile?: string;
-  picture?: string;
-  website?: string;
-  email_verified?: boolean;
-  gender?: string;
-  birthdate?: string;
-  zoneinfo?: string;
-  locale?: string;
-  phone_number?: string;
-  phone_number_verified?: boolean;
-  address?: {
-    formatted?: string;
-    street_address?: string;
-    locality?: string;
-    region?: string;
-    postal_code?: string;
-    country?: string;
-  };
-  updated_at?: number;
-  [key: string]: unknown;
-}
-//#endregion
-//#region src/server-auth/descriptors/$auth.d.ts
-type AuthDescriptorOptions = {
-  /**
-   * Name of the identity provider.
-   * If not provided, it will be derived from the property key.
-   */
-  name?: string;
-  /**
-   * If true, auth provider will be skipped.
-   */
-  disabled?: boolean;
-} & (AuthExternal | AuthInternal);
-/**
- * When you let an external service handle authentication. (e.g. Keycloak, Auth0, etc.)
- */
-type AuthExternal = {
-  /**
-   * Only OIDC is supported for external authentication.
-   */
-  oidc: OidcOptions;
-  /**
-   * For anonymous access, this will expect a service account access token.
-   *
-   * ```ts
-   * class App {
-   *   anonymous = $serviceAccount(...);
-   *   auth = $auth({
-   *     // ... config ...
-   *     fallback: this.anonymous,
-   *   })
-   * }
-   * ```
-   */
-  fallback?: () => Async<AccessToken>;
-};
-/**
- * When using your own authentication system, e.g. using a database to store user accounts.
- * This is usually used with a custom login form.
- *
- * This relies on the `realm`, which is used to create/verify the access token.
- */
-type AuthInternal = {
-  realm: RealmDescriptor;
-} & ({
-  /**
-   * The common username/password authentication.
-   *
-   * - It uses the OAuth2 Client Credentials flow to obtain an access token.
-   *
-   * This is usually used with a custom login form on your website or mobile app.
-   */
-  credentials: CredentialsOptions;
-} | {
-  /**
-   * OAuth2 authentication. Delegates authentication to an OAuth2 provider. (e.g. Google, GitHub, etc.)
-   *
-   * - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.
-   *
-   * This is usually used with a login button that redirects to the OAuth2 provider.
-   */
-  oauth: OAuth2Options;
-} | {
-  /**
-   * Like OAuth2, but uses OIDC (OpenID Connect) for authentication and user information retrieval.
-   * OIDC is an identity layer on top of OAuth2, providing user authentication and profile information.
-   *
-   * - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.
-   * - PCKE (Proof Key for Code Exchange) is recommended for security.
-   *
-   * This is usually used with a login button that redirects to the OIDC provider.
-   */
-  oidc: OidcOptions;
-});
-type CredentialsOptions = {
-  account: CredentialsFn;
-};
-type CredentialsFn = (credentials: Credentials) => Async<UserAccount | undefined>;
-interface Credentials {
-  username: string;
-  password: string;
-}
-interface OidcOptions {
-  /**
-   * URL of the OIDC issuer.
-   */
-  issuer: string;
-  /**
-   * Client ID for the OIDC client.
-   */
-  clientId: string;
-  /**
-   * Client secret for the OIDC client.
-   * Optional if PKCE (Proof Key for Code Exchange) is used.
-   */
-  clientSecret?: string;
-  /**
-   * Redirect URI for the OIDC client.
-   * This is where the user will be redirected after authentication.
-   */
-  redirectUri?: string;
-  /**
-   * For external auth providers only.
-   * Take the ID token instead of the access token for validation.
-   */
-  useIdToken?: boolean;
-  /**
-   * URI to redirect the user after logout.
-   */
-  logoutUri?: string;
-  /**
-   * Optional scope for the OIDC client.
-   * @default "openid profile email".
-   */
-  scope?: string;
-  account?: LinkAccountFn;
-}
-interface LinkAccountOptions {
-  access_token: string;
-  user: OAuth2Profile;
-  id_token?: string;
-  expires_in?: number;
-  scope?: string;
-}
-type LinkAccountFn = (tokens: LinkAccountOptions) => Async<UserAccount>;
-interface OAuth2Options {
-  /**
-   * URL of the OAuth2 authorization endpoint.
-   */
-  clientId: string;
-  /**
-   * Client secret for the OAuth2 client.
-   */
-  clientSecret: string;
-  /**
-   * URL of the OAuth2 authorization endpoint.
-   */
-  authorization: string;
-  /**
-   * URL of the OAuth2 token endpoint.
-   */
-  token: string;
-  /**
-   * Function to retrieve user profile information from the OAuth2 tokens.
-   */
-  userinfo: (tokens: Tokens) => Async<OAuth2Profile>;
-  account?: LinkAccountFn;
-  /**
-   * URL of the OAuth2 authorization endpoint.
-   */
-  redirectUri?: string;
-  /**
-   * URL of the OAuth2 authorization endpoint.
-   */
-  scope?: string;
-}
-declare class AuthDescriptor extends Descriptor<AuthDescriptorOptions> {
-  protected readonly securityProvider: SecurityProvider;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  oauth?: Configuration;
-  get name(): string;
-  get jwks_uri(): string;
-  get scope(): string | undefined;
-  get redirect_uri(): string | undefined;
-  /**
-   * Refreshes the access token using the refresh token.
-   * Can be used on oauth2, oidc or credentials auth providers.
-   */
-  refresh(refreshToken: string, accessToken?: string): Promise<AccessTokenResponse>;
-  /**
-   * Extracts user information from the access token.
-   * This is used to create a user account from the access token.
-   */
-  user(tokens: Tokens): Promise<UserAccount>;
-  protected getUserFromIdToken(idToken: string): OAuth2Profile;
-  prepare(): Promise<void>;
-}
-type AccessToken = string | {
-  token: () => Async<string>;
-};
-interface WithLinkFn {
-  link?: (name: string) => (opts: LinkAccountOptions) => Async<UserAccount>;
-}
-interface WithLoginFn {
-  login?: (provider: string) => (creds: Credentials) => Async<UserAccount | undefined>;
-}
-//#endregion
-//#region src/server-auth/index.d.ts
-declare module "alepha" {
-  interface State {
-    /**
-     * The authenticated user account attached to the server request state.
-     *
-     * @internal
-     */
-    "alepha.server.request.user"?: UserAccount;
-  }
-}
-/**
- * Allow authentication services for server applications.
- * It provides login and logout functionalities.
- *
- * There are multiple authentication providers available (e.g., Google, GitHub).
- * You can also delegate authentication to your own OIDC/OAuth2, for example using Keycloak or Auth0.
- *
- * It's cookie-based and SSR friendly.
- *
- * @see {@link $auth}
- * @see {@link ServerAuthProvider}
- * @module alepha.server.auth
- */
-//#endregion
-//#region src/api-users/controllers/UserRealmController.d.ts
-/**
- * Controller for exposing realm configuration.
- * Uses $route instead of $action to keep endpoints hidden from API documentation.
- */
-declare class UserRealmController {
-  protected readonly url = "/realms";
-  protected readonly userRealmProvider: UserRealmProvider;
-  protected readonly serverAuthProvider: ServerAuthProvider;
-  protected readonly cryptoProvider: CryptoProvider;
-  /**
-   * Get realm configuration settings.
-   * This endpoint is not exposed in the API documentation.
-   */
-  readonly getRealmConfig: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      settings: alepha1.TObject<{
-        registrationAllowed: alepha1.TBoolean;
-        emailEnabled: alepha1.TBoolean;
-        emailRequired: alepha1.TBoolean;
-        usernameEnabled: alepha1.TBoolean;
-        usernameRequired: alepha1.TBoolean;
-        phoneEnabled: alepha1.TBoolean;
-        phoneRequired: alepha1.TBoolean;
-        verifyEmailRequired: alepha1.TBoolean;
-        verifyPhoneRequired: alepha1.TBoolean;
-        firstNameLastNameEnabled: alepha1.TBoolean;
-        firstNameLastNameRequired: alepha1.TBoolean;
-        resetPasswordAllowed: alepha1.TBoolean;
-        passwordPolicy: alepha1.TObject<{
-          minLength: alepha1.TInteger;
-          requireUppercase: alepha1.TBoolean;
-          requireLowercase: alepha1.TBoolean;
-          requireNumbers: alepha1.TBoolean;
-          requireSpecialCharacters: alepha1.TBoolean;
-        }>;
-      }>;
-      realmName: alepha1.TString;
-      authenticationMethods: alepha1.TArray<alepha1.TObject<{
-        name: alepha1.TString;
-        type: alepha1.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
-      }>>;
-    }>;
-  }>;
-  readonly checkUsernameAvailability: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      userRealmName: alepha1.TOptional<alepha1.TString>;
-    }>;
-    body: alepha1.TObject<{
-      username: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      available: alepha1.TBoolean;
-    }>;
-  }>;
-}
-//#endregion
-//#region src/api-users/descriptors/$userRealm.d.ts
-type UserRealmDescriptor = RealmDescriptor & WithLinkFn & WithLoginFn;
-/**
- * Already configured realm for user management.
- *
- * Realm contains two roles: `admin` and `user`.
- *
- * - `admin`: Has full access to all resources and permissions.
- * - `user`: Has access to their own resources and permissions, but cannot access admin-level resources.
- *
- * Realm uses session management for handling user sessions.
- *
- * Environment Variables:
- * - `APP_SECRET`: Secret key for signing tokens (if not provided in options).
- */
-declare const $userRealm: (options?: UserRealmOptions) => UserRealmDescriptor;
-interface UserRealmOptions {
-  /**
-   * Secret key for signing tokens.
-   *
-   * If not provided, the secret from the SecurityProvider will be used (usually from the APP_SECRET environment variable).
-   */
-  secret?: string;
-  /**
-   * Realm configuration options.
-   *
-   * It's already pre-configured for user management with admin and user roles.
-   */
-  realm?: Partial<RealmDescriptorOptions>;
-  /**
-   * Override entities.
-   */
-  entities?: {
-    users?: Repository<typeof users.schema>;
-    identities?: Repository<typeof identities.schema>;
-    sessions?: Repository<typeof sessions.schema>;
-  };
-  settings?: Partial<RealmAuthSettings>;
-  identities?: {
-    credentials?: true;
-    google?: true;
-    github?: true;
-  };
-}
-//#endregion
-//#region src/api-users/schemas/identityResourceSchema.d.ts
-declare const identityResourceSchema: alepha1.TObject<{
-  id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-  version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-  createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-  updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-  userId: PgAttr<alepha1.TString, typeof PG_REF>;
-  provider: alepha1.TString;
-  providerUserId: alepha1.TOptional<alepha1.TString>;
-  providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-}>;
-type IdentityResource = Static<typeof identityResourceSchema>;
-//#endregion
-//#region src/api-users/schemas/loginSchema.d.ts
-declare const loginSchema: alepha1.TObject<{
-  username: alepha1.TString;
-  password: alepha1.TString;
-}>;
-type LoginInput = Static<typeof loginSchema>;
-//#endregion
-//#region src/api-users/schemas/registerSchema.d.ts
-declare const registerSchema: alepha1.TObject<{
-  username: alepha1.TString;
-  email: alepha1.TString;
-  password: alepha1.TString;
-  confirmPassword: alepha1.TString;
-  firstName: alepha1.TOptional<alepha1.TString>;
-  lastName: alepha1.TOptional<alepha1.TString>;
-}>;
-type RegisterInput = Static<typeof registerSchema>;
-//#endregion
-//#region src/api-users/schemas/resetPasswordSchema.d.ts
-declare const resetPasswordRequestSchema: alepha1.TObject<{
-  email: alepha1.TString;
-}>;
-declare const resetPasswordSchema: alepha1.TObject<{
-  token: alepha1.TString;
-  password: alepha1.TString;
-  confirmPassword: alepha1.TString;
-}>;
-type ResetPasswordRequest = Static<typeof resetPasswordRequestSchema>;
-type ResetPasswordInput = Static<typeof resetPasswordSchema>;
-//#endregion
-//#region src/api-users/schemas/sessionResourceSchema.d.ts
-declare const sessionResourceSchema: alepha1.TObject<{
-  id: alepha1.TString;
-  version: alepha1.TNumber;
-  createdAt: alepha1.TString;
-  updatedAt: alepha1.TString;
-  refreshToken: alepha1.TString;
-  userId: alepha1.TString;
-  expiresAt: alepha1.TString;
-  ip: alepha1.TOptional<alepha1.TString>;
-  userAgent: alepha1.TOptional<alepha1.TObject<{
-    os: alepha1.TString;
-    browser: alepha1.TString;
-    device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-  }>>;
-}>;
-type SessionResource = Static<typeof sessionResourceSchema>;
-//#endregion
-//#region src/api-users/schemas/userRealmConfigSchema.d.ts
-declare const userRealmConfigSchema: alepha1.TObject<{
-  settings: alepha1.TObject<{
-    registrationAllowed: alepha1.TBoolean;
-    emailEnabled: alepha1.TBoolean;
-    emailRequired: alepha1.TBoolean;
-    usernameEnabled: alepha1.TBoolean;
-    usernameRequired: alepha1.TBoolean;
-    phoneEnabled: alepha1.TBoolean;
-    phoneRequired: alepha1.TBoolean;
-    verifyEmailRequired: alepha1.TBoolean;
-    verifyPhoneRequired: alepha1.TBoolean;
-    firstNameLastNameEnabled: alepha1.TBoolean;
-    firstNameLastNameRequired: alepha1.TBoolean;
-    resetPasswordAllowed: alepha1.TBoolean;
-    passwordPolicy: alepha1.TObject<{
-      minLength: alepha1.TInteger;
-      requireUppercase: alepha1.TBoolean;
-      requireLowercase: alepha1.TBoolean;
-      requireNumbers: alepha1.TBoolean;
-      requireSpecialCharacters: alepha1.TBoolean;
-    }>;
-  }>;
-  realmName: alepha1.TString;
-  authenticationMethods: alepha1.TArray<alepha1.TObject<{
-    name: alepha1.TString;
-    type: alepha1.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
-  }>>;
-}>;
-type UserRealmConfig = Static<typeof userRealmConfigSchema>;
-//#endregion
-//#region src/api-users/schemas/userResourceSchema.d.ts
-declare const userResourceSchema: alepha1.TObject<{
-  id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-  version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-  createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-  updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-  realm: PgAttr<alepha1.TString, typeof PG_DEFAULT>;
-  username: alepha1.TOptional<alepha1.TString>;
-  email: alepha1.TOptional<alepha1.TString>;
-  phoneNumber: alepha1.TOptional<alepha1.TString>;
-  roles: PgAttr<alepha1.TArray<alepha1.TString>, typeof PG_DEFAULT>;
-  firstName: alepha1.TOptional<alepha1.TString>;
-  lastName: alepha1.TOptional<alepha1.TString>;
-  picture: alepha1.TOptional<alepha1.TString>;
-  enabled: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-  emailVerified: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-}>;
-type UserResource = Static<typeof userResourceSchema>;
-//#endregion
-//#region src/api-files/entities/files.d.ts
-declare const files: alepha_orm198.EntityDescriptor<alepha1.TObject<{
-  id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-  version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-  createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-  blobId: alepha1.TString;
-  creator: alepha1.TOptional<alepha1.TString>;
-  creatorRealm: alepha1.TOptional<alepha1.TString>;
-  creatorName: alepha1.TOptional<alepha1.TString>;
-  bucket: alepha1.TString;
-  expirationDate: alepha1.TOptional<alepha1.TString>;
-  name: alepha1.TString;
-  size: alepha1.TNumber;
-  mimeType: alepha1.TString;
-  tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-  checksum: alepha1.TOptional<alepha1.TString>;
-}>>;
-type FileEntity = Static<typeof files.schema>;
-//#endregion
-//#region src/api-files/schemas/fileQuerySchema.d.ts
-declare const fileQuerySchema: alepha1.TObject<{
-  page: alepha1.TOptional<alepha1.TInteger>;
-  size: alepha1.TOptional<alepha1.TInteger>;
-  sort: alepha1.TOptional<alepha1.TString>;
-  bucket: alepha1.TOptional<alepha1.TString>;
-  tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-  name: alepha1.TOptional<alepha1.TString>;
-  mimeType: alepha1.TOptional<alepha1.TString>;
-  creator: alepha1.TOptional<alepha1.TString>;
-  createdAfter: alepha1.TOptional<alepha1.TString>;
-  createdBefore: alepha1.TOptional<alepha1.TString>;
-}>;
-type FileQuery = Static<typeof fileQuerySchema>;
-//#endregion
-//#region src/api-files/schemas/fileResourceSchema.d.ts
-declare const fileResourceSchema: alepha1.TObject<{
-  id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-  version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-  createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-  updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-  blobId: alepha1.TString;
-  creator: alepha1.TOptional<alepha1.TString>;
-  creatorRealm: alepha1.TOptional<alepha1.TString>;
-  creatorName: alepha1.TOptional<alepha1.TString>;
-  bucket: alepha1.TString;
-  expirationDate: alepha1.TOptional<alepha1.TString>;
-  name: alepha1.TString;
-  size: alepha1.TNumber;
-  mimeType: alepha1.TString;
-  tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-  checksum: alepha1.TOptional<alepha1.TString>;
-}>;
-type FileResource = Static<typeof fileResourceSchema>;
-//#endregion
-//#region src/api-files/schemas/storageStatsSchema.d.ts
-declare const storageStatsSchema: alepha1.TObject<{
-  totalSize: alepha1.TNumber;
-  totalFiles: alepha1.TNumber;
-  byBucket: alepha1.TArray<alepha1.TObject<{
-    bucket: alepha1.TString;
-    totalSize: alepha1.TNumber;
-    fileCount: alepha1.TNumber;
-  }>>;
-  byMimeType: alepha1.TArray<alepha1.TObject<{
-    mimeType: alepha1.TString;
-    fileCount: alepha1.TNumber;
-  }>>;
-}>;
-type StorageStats = Static<typeof storageStatsSchema>;
-//#endregion
-//#region src/api-files/services/FileService.d.ts
-declare class FileService {
-  protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly fileRepository: alepha_orm198.Repository<alepha1.TObject<{
-    id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-    version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-    createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-    blobId: alepha1.TString;
-    creator: alepha1.TOptional<alepha1.TString>;
-    creatorRealm: alepha1.TOptional<alepha1.TString>;
-    creatorName: alepha1.TOptional<alepha1.TString>;
-    bucket: alepha1.TString;
-    expirationDate: alepha1.TOptional<alepha1.TString>;
-    name: alepha1.TString;
-    size: alepha1.TNumber;
-    mimeType: alepha1.TString;
-    tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-    checksum: alepha1.TOptional<alepha1.TString>;
-  }>>;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly defaultBucket: BucketDescriptor;
-  protected onUploadFile: alepha1.HookDescriptor<"bucket:file:uploaded">;
-  protected onDeleteBucketFile: alepha1.HookDescriptor<"bucket:file:deleted">;
-  /**
-   * Calculates SHA-256 checksum of a file.
-   *
-   * @param file - The file to calculate checksum for
-   * @returns Hexadecimal string representation of the SHA-256 hash
-   * @protected
-   */
-  protected calculateChecksum(file: FileLike): Promise<string>;
-  /**
-   * Gets a bucket descriptor by name.
-   *
-   * @param bucketName - The name of the bucket to retrieve (defaults to "default")
-   * @returns The bucket descriptor
-   * @throws {NotFoundError} If the bucket is not found
-   */
-  bucket(bucketName?: string): BucketDescriptor;
-  /**
-   * Finds files matching the given query criteria with pagination support.
-   * Supports filtering by bucket, tags, name, mimeType, creator, and date range.
-   *
-   * @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting
-   * @returns Paginated list of file entities
-   */
-  findFiles(q?: FileQuery): Promise<Page$1<FileEntity>>;
-  /**
-   * Finds files that have expired based on their expiration date.
-   * Limited to 1000 files per call to prevent memory issues.
-   *
-   * @returns Array of expired file entities
-   */
-  findExpiredFiles(): Promise<FileEntity[]>;
-  /**
-   * Calculates an expiration date based on a TTL (time to live) duration.
-   *
-   * @param ttl - Duration like "1 day", "2 hours", etc.
-   * @returns DateTime representation of the expiration date, or undefined if no TTL provided
-   * @protected
-   */
-  protected getExpirationDate(ttl?: DurationLike): string | undefined;
-  /**
-   * Uploads a file to a bucket and creates a database record with metadata.
-   * Automatically calculates and stores the file checksum (SHA-256).
-   *
-   * @param file - The file to upload
-   * @param options - Upload options including bucket, expiration, user, and tags
-   * @param options.bucket - Target bucket name (defaults to "default")
-   * @param options.expirationDate - When the file should expire
-   * @param options.user - User performing the upload (for audit trail)
-   * @param options.tags - Tags to associate with the file
-   * @returns The created file entity with all metadata
-   * @throws {NotFoundError} If the specified bucket doesn't exist
-   */
-  uploadFile(file: FileLike, options?: {
-    expirationDate?: string | DateTime;
-    bucket?: string;
-    user?: UserAccountToken;
-    tags?: string[];
-  }): Promise<FileEntity>;
-  /**
-   * Streams a file from storage by its database ID.
-   *
-   * @param id - The database ID (UUID) of the file to stream
-   * @returns The file object ready for streaming/downloading
-   * @throws {NotFoundError} If the file doesn't exist in the database
-   * @throws {FileNotFoundError} If the file exists in database but not in storage
-   */
-  streamFile(id: string): Promise<FileLike>;
-  /**
-   * Updates file metadata (name, tags, expiration date).
-   * Does not modify the actual file content in storage.
-   *
-   * @param id - The database ID (UUID) of the file to update
-   * @param data - Partial file data to update
-   * @param data.name - New file name
-   * @param data.tags - New tags array
-   * @param data.expirationDate - New expiration date
-   * @returns The updated file entity
-   * @throws {NotFoundError} If the file doesn't exist in the database
-   */
-  updateFile(id: string, data: {
-    name?: string;
-    tags?: string[];
-    expirationDate?: DateTime | string;
-  }): Promise<FileEntity>;
-  /**
-   * Deletes a file from both storage and database.
-   * Handles cases where file is already deleted from storage gracefully.
-   * Always ensures database record is removed even if storage deletion fails.
-   *
-   * @param id - The database ID (UUID) of the file to delete
-   * @returns Success response with the deleted file ID
-   * @throws {NotFoundError} If the file doesn't exist in the database
-   */
-  deleteFile(id: string): Promise<Ok>;
-  /**
-   * Retrieves a file entity by its ID.
-   * If already an entity object, returns it as-is (convenience method).
-   *
-   * @param id - Either a UUID string or an existing FileEntity object
-   * @returns The file entity
-   * @throws {NotFoundError} If the file doesn't exist in the database
-   */
-  getFileById(id: string | FileEntity): Promise<FileEntity>;
-  /**
-   * Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.
-   *
-   * @returns Storage statistics with aggregated data
-   */
-  getStorageStats(): Promise<StorageStats>;
-  /**
-   * Converts a file entity to a file resource (API response format).
-   * Currently a pass-through, but allows for future transformation logic.
-   *
-   * @param entity - The file entity to convert
-   * @returns The file resource for API responses
-   */
-  entityToResource(entity: FileEntity): FileResource;
-}
-//#endregion
-//#region src/api-files/controllers/FileController.d.ts
-/**
- * REST API controller for file management operations.
- * Provides endpoints for uploading, downloading, listing, and deleting files.
- */
-declare class FileController {
-  protected readonly url = "/files";
-  protected readonly group = "files";
-  protected readonly fileService: FileService;
-  /**
-   * GET /files - Lists files with optional filtering and pagination.
-   * Supports filtering by bucket and tags.
-   */
-  readonly findFiles: alepha_server0.ActionDescriptorFn<{
-    query: alepha1.TObject<{
-      page: alepha1.TOptional<alepha1.TInteger>;
-      size: alepha1.TOptional<alepha1.TInteger>;
-      sort: alepha1.TOptional<alepha1.TString>;
-      bucket: alepha1.TOptional<alepha1.TString>;
-      tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      name: alepha1.TOptional<alepha1.TString>;
-      mimeType: alepha1.TOptional<alepha1.TString>;
-      creator: alepha1.TOptional<alepha1.TString>;
-      createdAfter: alepha1.TOptional<alepha1.TString>;
-      createdBefore: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TPage<alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      blobId: alepha1.TString;
-      creator: alepha1.TOptional<alepha1.TString>;
-      creatorRealm: alepha1.TOptional<alepha1.TString>;
-      creatorName: alepha1.TOptional<alepha1.TString>;
-      bucket: alepha1.TString;
-      expirationDate: alepha1.TOptional<alepha1.TString>;
-      name: alepha1.TString;
-      size: alepha1.TNumber;
-      mimeType: alepha1.TString;
-      tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      checksum: alepha1.TOptional<alepha1.TString>;
-    }>>;
-  }>;
-  /**
-   * DELETE /files/:id - Deletes a file from both storage and database.
-   * Removes the file from the bucket and cleans up the database record.
-   */
-  readonly deleteFile: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    response: alepha1.TObject<{
-      ok: alepha1.TBoolean;
-      id: alepha1.TOptional<alepha1.TUnion<[alepha1.TString, alepha1.TInteger]>>;
-      count: alepha1.TOptional<alepha1.TNumber>;
-    }>;
-  }>;
-  /**
-   * POST /files - Uploads a new file to storage.
-   * Creates a database record with metadata and calculates checksum.
-   * Optionally specify bucket and expiration date.
-   */
-  readonly uploadFile: alepha_server0.ActionDescriptorFn<{
-    body: alepha1.TObject<{
-      file: alepha1.TFile;
-    }>;
-    query: alepha1.TObject<{
-      expirationDate: alepha1.TOptional<alepha1.TString>;
-      bucket: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      blobId: alepha1.TString;
-      creator: alepha1.TOptional<alepha1.TString>;
-      creatorRealm: alepha1.TOptional<alepha1.TString>;
-      creatorName: alepha1.TOptional<alepha1.TString>;
-      bucket: alepha1.TString;
-      expirationDate: alepha1.TOptional<alepha1.TString>;
-      name: alepha1.TString;
-      size: alepha1.TNumber;
-      mimeType: alepha1.TString;
-      tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      checksum: alepha1.TOptional<alepha1.TString>;
-    }>;
-  }>;
-  /**
-   * PATCH /files/:id - Updates file metadata.
-   * Allows updating name, tags, and expiration date without modifying file content.
-   */
-  readonly updateFile: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    body: alepha1.TObject<{
-      name: alepha1.TOptional<alepha1.TString>;
-      tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      expirationDate: alepha1.TOptional<alepha1.TString>;
-    }>;
-    response: alepha1.TObject<{
-      id: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_PRIMARY_KEY>, typeof alepha_orm198.PG_DEFAULT>;
-      version: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TInteger, typeof alepha_orm198.PG_VERSION>, typeof alepha_orm198.PG_DEFAULT>;
-      createdAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_CREATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      updatedAt: alepha_orm198.PgAttr<alepha_orm198.PgAttr<alepha1.TString, typeof alepha_orm198.PG_UPDATED_AT>, typeof alepha_orm198.PG_DEFAULT>;
-      blobId: alepha1.TString;
-      creator: alepha1.TOptional<alepha1.TString>;
-      creatorRealm: alepha1.TOptional<alepha1.TString>;
-      creatorName: alepha1.TOptional<alepha1.TString>;
-      bucket: alepha1.TString;
-      expirationDate: alepha1.TOptional<alepha1.TString>;
-      name: alepha1.TString;
-      size: alepha1.TNumber;
-      mimeType: alepha1.TString;
-      tags: alepha1.TOptional<alepha1.TArray<alepha1.TString>>;
-      checksum: alepha1.TOptional<alepha1.TString>;
-    }>;
-  }>;
-  /**
-   * GET /files/:id - Streams/downloads a file by its ID.
-   * Returns the file content with appropriate Content-Type header.
-   * Cached with ETag support for 1 year (immutable).
-   */
-  readonly streamFile: alepha_server0.ActionDescriptorFn<{
-    params: alepha1.TObject<{
-      id: alepha1.TString;
-    }>;
-    response: alepha1.TFile;
-  }>;
-}
-//#endregion
-//#region src/api-files/index.d.ts
-declare module "alepha/bucket" {
-  interface BucketFileOptions {
-    /**
-     * Time to live for the files in the bucket.
-     */
-    ttl?: DurationLike;
-    /**
-     * Tags for the bucket.
-     */
-    tags?: string[];
-    /**
-     * User performing the operation.
-     */
-    user?: UserAccountToken;
-    /**
-     * Whether to persist the file metadata in the database.
-     *
-     * @default true
-     */
-    persist?: boolean;
-  }
-}
-/**
- * Provides file management API endpoints for Alepha applications.
- *
- * This module includes file upload, download, storage management,
- * and file metadata operations.
- *
- * @module alepha.api.files
- */
-//#endregion
-//#region src/api-users/services/SessionService.d.ts
-declare class SessionService {
-  protected readonly alepha: Alepha;
-  protected readonly fsp: FileSystemProvider;
-  protected readonly dateTimeProvider: DateTimeProvider;
-  protected readonly cryptoProvider: CryptoProvider;
-  protected readonly log: alepha_logger1.Logger;
-  protected readonly userRealmProvider: UserRealmProvider;
-  protected readonly fileController: HttpVirtualClient<FileController>;
-  users(userRealmName?: string): Repository$1<alepha1.TObject<{
-    id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-    version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-    createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-    updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-    realm: PgAttr<alepha1.TString, typeof PG_DEFAULT>;
-    username: alepha1.TOptional<alepha1.TString>;
-    email: alepha1.TOptional<alepha1.TString>;
-    phoneNumber: alepha1.TOptional<alepha1.TString>;
-    roles: PgAttr<alepha1.TArray<alepha1.TString>, typeof PG_DEFAULT>;
-    firstName: alepha1.TOptional<alepha1.TString>;
-    lastName: alepha1.TOptional<alepha1.TString>;
-    picture: alepha1.TOptional<alepha1.TString>;
-    enabled: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-    emailVerified: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-  }>>;
-  sessions(userRealmName?: string): Repository$1<alepha1.TObject<{
-    id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-    version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-    createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-    updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-    refreshToken: alepha1.TString;
-    userId: PgAttr<alepha1.TString, typeof PG_REF>;
-    expiresAt: alepha1.TString;
-    ip: alepha1.TOptional<alepha1.TString>;
-    userAgent: alepha1.TOptional<alepha1.TObject<{
-      os: alepha1.TString;
-      browser: alepha1.TString;
-      device: alepha1.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
-    }>>;
-  }>>;
-  identities(userRealmName?: string): Repository$1<alepha1.TObject<{
-    id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-    version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-    createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-    updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-    userId: PgAttr<alepha1.TString, typeof PG_REF>;
-    password: alepha1.TOptional<alepha1.TString>;
-    provider: alepha1.TString;
-    providerUserId: alepha1.TOptional<alepha1.TString>;
-    providerData: alepha1.TOptional<alepha1.TRecord<string, alepha1.TAny>>;
-  }>>;
-  /**
-   * Random delay to prevent timing attacks (50-200ms)
-   * Uses cryptographically secure random number generation
-   */
-  protected randomDelay(): Promise<void>;
-  /**
-   * Validate user credentials and return the user if valid.
-   */
-  login(provider: string, username: string, password: string, userRealmName?: string): Promise<UserEntity>;
-  createSession(user: UserAccount, expiresIn: number, userRealmName?: string): Promise<{
-    refreshToken: string;
-    sessionId: string;
-  }>;
-  refreshSession(refreshToken: string, userRealmName?: string): Promise<{
-    user: PgStatic<alepha1.TObject<{
-      id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-      realm: PgAttr<alepha1.TString, typeof PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: PgAttr<alepha1.TArray<alepha1.TString>, typeof PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-      emailVerified: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-    }>, PgRelationMap<alepha1.TObject<{
-      id: PgAttr<PgAttr<alepha1.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      version: PgAttr<PgAttr<alepha1.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<alepha1.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      updatedAt: PgAttr<PgAttr<alepha1.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>;
-      realm: PgAttr<alepha1.TString, typeof PG_DEFAULT>;
-      username: alepha1.TOptional<alepha1.TString>;
-      email: alepha1.TOptional<alepha1.TString>;
-      phoneNumber: alepha1.TOptional<alepha1.TString>;
-      roles: PgAttr<alepha1.TArray<alepha1.TString>, typeof PG_DEFAULT>;
-      firstName: alepha1.TOptional<alepha1.TString>;
-      lastName: alepha1.TOptional<alepha1.TString>;
-      picture: alepha1.TOptional<alepha1.TString>;
-      enabled: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-      emailVerified: PgAttr<alepha1.TBoolean, typeof PG_DEFAULT>;
-    }>>>;
-    expiresIn: number;
-    sessionId: string;
-  }>;
-  deleteSession(refreshToken: string, userRealmName?: string): Promise<void>;
-  link(provider: string, profile: OAuth2Profile, userRealmName?: string): Promise<{
-    email?: string | undefined;
-    username?: string | undefined;
-    phoneNumber?: string | undefined;
-    firstName?: string | undefined;
-    lastName?: string | undefined;
-    picture?: string | undefined;
-    id: string;
-    version: number;
-    createdAt: string;
-    updatedAt: string;
-    realm: string;
-    roles: string[];
-    enabled: boolean;
-    emailVerified: boolean;
-  } | {
-    sub: string;
-    email?: string;
-    name?: string;
-    given_name?: string;
-    family_name?: string;
-    middle_name?: string;
-    nickname?: string;
-    preferred_username?: string;
-    profile?: string;
-    picture?: string;
-    website?: string;
-    email_verified?: boolean;
-    gender?: string;
-    birthdate?: string;
-    zoneinfo?: string;
-    locale?: string;
-    phone_number?: string;
-    phone_number_verified?: boolean;
-    address?: {
-      formatted?: string;
-      street_address?: string;
-      locality?: string;
-      region?: string;
-      postal_code?: string;
-      country?: string;
-    };
-    updated_at?: number;
-    id: string;
-  }>;
-}
-//#endregion
-//#region src/api-users/index.d.ts
-/**
- * Provides user management API endpoints for Alepha applications.
- *
- * This module includes user CRUD operations, authentication endpoints,
- * password reset functionality, and user profile management capabilities.
- *
- * @module alepha.api.users
- */
-declare const AlephaApiUsers: alepha1.Service<alepha1.Module>;
-//#endregion
-export { $userRealm, AlephaApiUsers, CompletePasswordResetRequest, CompleteRegistrationRequest, CreateUser, CredentialService, DEFAULT_USER_REALM_NAME, IdentityController, IdentityEntity, IdentityQuery, IdentityResource, IdentityService, LoginInput, PasswordResetIntentResponse, RealmAuthSettings, RegisterInput, RegistrationIntentResponse, RegistrationService, ResetPasswordInput, ResetPasswordRequest, SessionController, SessionCrudService, SessionEntity, SessionQuery, SessionResource, SessionService, UpdateUser, UserController, UserEntity, UserQuery, UserRealm, UserRealmConfig, UserRealmController, UserRealmDescriptor, UserRealmOptions, UserRealmProvider, UserRealmRepositories, UserResource, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userRealmConfigSchema, userResourceSchema, users };
-//# sourceMappingURL=index.d.cts.map