npm - alepha - Versions diffs - 0.15.3 → 0.15.5 - Mend

alepha 0.15.3 → 0.15.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (318) hide show

package/README.md +26 -11
package/dist/api/audits/index.d.ts +335 -335
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +11 -3
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.d.ts +3 -3
package/dist/api/files/index.js +4 -3
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +198 -155
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js +103 -5
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/keys/index.d.ts +198 -198
package/dist/api/keys/index.d.ts.map +1 -1
package/dist/api/keys/index.js +3 -3
package/dist/api/keys/index.js.map +1 -1
package/dist/api/notifications/index.browser.js +1 -0
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +3 -3
package/dist/api/notifications/index.js +4 -3
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.d.ts +263 -263
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +41 -30
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/users/index.d.ts +383 -77
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +284 -72
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +131 -131
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +3 -3
package/dist/api/verifications/index.js.map +1 -1
package/dist/batch/index.d.ts +3 -3
package/dist/batch/index.js +3 -3
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +3 -3
package/dist/bucket/index.js +6 -6
package/dist/bucket/index.js.map +1 -1
package/dist/cache/core/index.d.ts +3 -3
package/dist/cache/core/index.js +3 -3
package/dist/cache/core/index.js.map +1 -1
package/dist/cli/index.d.ts +5612 -20
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +122 -91
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +11 -4
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +8 -6
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +4 -8
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +3 -3
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +3 -3
package/dist/datetime/index.js +3 -3
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +16 -16
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +10562 -10
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +3 -3
package/dist/fake/index.js +3 -3
package/dist/fake/index.js.map +1 -1
package/dist/lock/core/index.d.ts +9 -4
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/core/index.js +12 -4
package/dist/lock/core/index.js.map +1 -1
package/dist/logger/index.d.ts +3 -3
package/dist/logger/index.js +6 -3
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +3 -3
package/dist/mcp/index.js +3 -3
package/dist/mcp/index.js.map +1 -1
package/dist/orm/index.d.ts +12 -12
package/dist/orm/index.js +4 -4
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +3 -3
package/dist/queue/core/index.js +3 -3
package/dist/queue/core/index.js.map +1 -1
package/dist/react/auth/index.browser.js +2 -1
package/dist/react/auth/index.browser.js.map +1 -1
package/dist/react/auth/index.d.ts +3 -3
package/dist/react/auth/index.js +5 -4
package/dist/react/auth/index.js.map +1 -1
package/dist/react/core/index.d.ts +6 -6
package/dist/react/core/index.js +3 -3
package/dist/react/core/index.js.map +1 -1
package/dist/react/form/index.d.ts +3 -3
package/dist/react/form/index.js +3 -3
package/dist/react/form/index.js.map +1 -1
package/dist/react/head/index.d.ts +3 -3
package/dist/react/head/index.js +3 -3
package/dist/react/head/index.js.map +1 -1
package/dist/react/i18n/index.d.ts +3 -3
package/dist/react/i18n/index.js +3 -3
package/dist/react/i18n/index.js.map +1 -1
package/dist/react/intro/index.css +337 -0
package/dist/react/intro/index.css.map +1 -0
package/dist/react/intro/index.d.ts +10 -0
package/dist/react/intro/index.d.ts.map +1 -0
package/dist/react/intro/index.js +222 -0
package/dist/react/intro/index.js.map +1 -0
package/dist/react/router/index.browser.js +2 -2
package/dist/react/router/index.browser.js.map +1 -1
package/dist/react/router/index.d.ts +11 -1
package/dist/react/router/index.d.ts.map +1 -1
package/dist/react/router/index.js +21 -11
package/dist/react/router/index.js.map +1 -1
package/dist/redis/index.d.ts +22 -22
package/dist/redis/index.js +3 -3
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +3 -3
package/dist/retry/index.js +3 -3
package/dist/retry/index.js.map +1 -1
package/dist/scheduler/index.d.ts +16 -4
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/scheduler/index.js +45 -7
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.d.ts +3 -3
package/dist/security/index.js +5 -5
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +3 -3
package/dist/server/auth/index.js +3 -3
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +3 -3
package/dist/server/cache/index.js +3 -3
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +3 -3
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +4 -3
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.d.ts +3 -3
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.d.ts +14 -25
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +13 -29
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +3 -3
package/dist/server/cors/index.js +3 -3
package/dist/server/cors/index.js.map +1 -1
package/dist/server/health/index.d.ts +20 -20
package/dist/server/health/index.js +3 -3
package/dist/server/health/index.js.map +1 -1
package/dist/server/helmet/index.d.ts +3 -3
package/dist/server/helmet/index.js +3 -3
package/dist/server/helmet/index.js.map +1 -1
package/dist/server/links/index.d.ts +42 -42
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +4 -4
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts +3 -3
package/dist/server/metrics/index.js +3 -3
package/dist/server/metrics/index.js.map +1 -1
package/dist/server/multipart/index.d.ts +3 -3
package/dist/server/multipart/index.js +3 -3
package/dist/server/multipart/index.js.map +1 -1
package/dist/server/proxy/index.d.ts +3 -3
package/dist/server/proxy/index.js +3 -3
package/dist/server/proxy/index.js.map +1 -1
package/dist/server/rate-limit/index.d.ts +3 -3
package/dist/server/rate-limit/index.js +3 -3
package/dist/server/rate-limit/index.js.map +1 -1
package/dist/server/static/index.d.ts +3 -3
package/dist/server/static/index.js +6 -6
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +3 -3
package/dist/server/swagger/index.js +6 -6
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +3 -3
package/dist/sms/index.js +6 -6
package/dist/sms/index.js.map +1 -1
package/dist/system/index.d.ts +3 -3
package/dist/system/index.js +3 -3
package/dist/system/index.js.map +1 -1
package/dist/thread/index.d.ts +3 -3
package/dist/thread/index.js +3 -3
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.d.ts +3 -3
package/dist/topic/core/index.js +3 -3
package/dist/topic/core/index.js.map +1 -1
package/dist/vite/index.d.ts +6286 -4
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +28 -2
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.d.ts +37 -37
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +3 -3
package/dist/websocket/index.js.map +1 -1
package/package.json +12 -4
package/src/api/audits/controllers/AdminAuditController.ts +8 -0
package/src/api/audits/index.ts +3 -3
package/src/api/files/controllers/AdminFileStatsController.ts +1 -0
package/src/api/files/index.ts +3 -3
package/src/api/jobs/controllers/AdminJobController.ts +18 -2
package/src/api/jobs/index.ts +4 -3
package/src/api/jobs/services/JobAudits.spec.ts +89 -0
package/src/api/jobs/services/JobAudits.ts +101 -0
package/src/api/keys/index.ts +3 -3
package/src/api/notifications/controllers/AdminNotificationController.ts +1 -0
package/src/api/notifications/index.ts +3 -3
package/src/api/parameters/controllers/AdminConfigController.ts +10 -0
package/src/api/parameters/index.ts +5 -3
package/src/api/users/__tests__/ApiKeys-integration.spec.ts +1 -1
package/src/api/users/__tests__/ApiKeys.spec.ts +1 -1
package/src/api/users/__tests__/EmailVerification.spec.ts +16 -1
package/src/api/users/__tests__/PasswordReset.spec.ts +11 -0
package/src/api/users/atoms/realmAuthSettingsAtom.ts +10 -0
package/src/api/users/controllers/AdminIdentityController.ts +3 -0
package/src/api/users/controllers/AdminSessionController.ts +3 -0
package/src/api/users/controllers/AdminUserController.ts +5 -0
package/src/api/users/index.ts +8 -9
package/src/api/users/primitives/$realm.ts +117 -19
package/src/api/users/providers/RealmProvider.ts +15 -7
package/src/api/users/services/CredentialService.spec.ts +11 -0
package/src/api/users/services/CredentialService.ts +47 -24
package/src/api/users/services/IdentityService.ts +12 -4
package/src/api/users/services/RegistrationService.spec.ts +11 -0
package/src/api/users/services/RegistrationService.ts +33 -12
package/src/api/users/services/SessionService.ts +83 -12
package/src/api/users/services/UserAudits.ts +47 -0
package/src/api/users/services/UserFiles.ts +19 -0
package/src/api/users/services/UserJobs.spec.ts +107 -0
package/src/api/users/services/UserJobs.ts +62 -0
package/src/api/users/services/UserParameters.ts +23 -0
package/src/api/users/services/UserService.ts +34 -17
package/src/api/verifications/index.ts +3 -3
package/src/batch/index.ts +3 -3
package/src/bucket/index.ts +3 -3
package/src/cache/core/index.ts +3 -3
package/src/cli/commands/build.ts +1 -0
package/src/cli/commands/db.ts +9 -0
package/src/cli/commands/init.spec.ts +2 -17
package/src/cli/commands/init.ts +37 -1
package/src/cli/providers/ViteDevServerProvider.ts +36 -2
package/src/cli/services/AlephaCliUtils.ts +17 -0
package/src/cli/services/PackageManagerUtils.ts +15 -1
package/src/cli/services/ProjectScaffolder.ts +8 -13
package/src/cli/templates/agentMd.ts +2 -25
package/src/cli/templates/apiAppSecurityTs.ts +37 -2
package/src/cli/templates/mainCss.ts +2 -32
package/src/cli/templates/webAppRouterTs.ts +5 -5
package/src/cli/templates/webHomeComponentTsx.ts +10 -0
package/src/command/helpers/Runner.ts +14 -1
package/src/command/index.ts +3 -3
package/src/core/helpers/primitive.ts +0 -5
package/src/core/index.ts +3 -3
package/src/datetime/index.ts +3 -3
package/src/email/index.ts +3 -3
package/src/email/index.workerd.ts +36 -0
package/src/email/providers/LocalEmailProvider.ts +2 -2
package/src/email/providers/WorkermailerEmailProvider.ts +221 -0
package/src/fake/index.ts +3 -3
package/src/lock/core/index.ts +3 -3
package/src/lock/core/primitives/$lock.ts +13 -1
package/src/logger/index.ts +3 -3
package/src/logger/providers/PrettyFormatterProvider.ts +7 -0
package/src/mcp/index.ts +3 -3
package/src/orm/index.ts +3 -3
package/src/orm/providers/drivers/NodeSqliteProvider.ts +1 -1
package/src/queue/core/index.ts +3 -3
package/src/react/auth/index.ts +3 -3
package/src/react/auth/services/ReactAuth.ts +3 -1
package/src/react/core/index.ts +3 -3
package/src/react/form/index.ts +3 -3
package/src/react/head/index.ts +3 -3
package/src/react/i18n/index.ts +3 -3
package/src/react/intro/components/GettingStarted.css +334 -0
package/src/react/intro/components/GettingStarted.tsx +276 -0
package/src/react/intro/index.ts +1 -0
package/src/react/router/atoms/ssrManifestAtom.ts +7 -0
package/src/react/router/index.browser.ts +2 -0
package/src/react/router/index.ts +2 -0
package/src/react/router/providers/ReactServerProvider.ts +14 -4
package/src/react/router/providers/SSRManifestProvider.ts +7 -0
package/src/redis/index.ts +3 -3
package/src/retry/index.ts +3 -3
package/src/router/index.ts +3 -3
package/src/scheduler/index.ts +3 -3
package/src/scheduler/index.workerd.ts +43 -0
package/src/scheduler/providers/CronProvider.ts +53 -6
package/src/scheduler/providers/WorkerdCronProvider.ts +102 -0
package/src/security/index.ts +3 -3
package/src/security/providers/JwtProvider.ts +2 -2
package/src/server/auth/index.ts +3 -3
package/src/server/cache/index.ts +3 -3
package/src/server/compress/index.ts +3 -3
package/src/server/compress/providers/ServerCompressProvider.ts +6 -0
package/src/server/cookies/index.ts +3 -3
package/src/server/core/index.ts +3 -3
package/src/server/core/primitives/$action.spec.ts +3 -2
package/src/server/core/primitives/$action.ts +6 -2
package/src/server/core/providers/NodeHttpServerProvider.ts +2 -15
package/src/server/core/providers/ServerProvider.ts +4 -2
package/src/server/core/providers/ServerRouterProvider.ts +5 -27
package/src/server/cors/index.ts +3 -3
package/src/server/health/index.ts +3 -3
package/src/server/helmet/index.ts +3 -3
package/src/server/links/index.ts +3 -3
package/src/server/links/providers/ServerLinksProvider.spec.ts +332 -0
package/src/server/links/providers/ServerLinksProvider.ts +1 -1
package/src/server/metrics/index.ts +3 -3
package/src/server/multipart/index.ts +3 -3
package/src/server/proxy/index.ts +3 -3
package/src/server/rate-limit/index.ts +3 -3
package/src/server/static/index.ts +3 -3
package/src/server/swagger/index.ts +3 -3
package/src/sms/index.ts +3 -3
package/src/system/index.ts +3 -3
package/src/thread/index.ts +3 -3
package/src/topic/core/index.ts +3 -3
package/src/vite/tasks/generateCloudflare.ts +38 -2
package/src/websocket/index.ts +3 -3
package/src/cli/templates/webHelloComponentTsx.ts +0 -30
/package/src/api/users/{notifications → services}/UserNotifications.ts +0 -0

package/dist/api/users/index.d.ts CHANGED Viewed

@@ -1,20 +1,21 @@
 import * as alepha23 from "alepha";
 import { Alepha, AlephaError, FileLike, Json, Page, PageQuery, Primitive, Static, StaticEncode, StreamLike, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
-import * as alepha_api_notifications0 from "alepha/api/notifications";
-import { VerificationController } from "alepha/api/verifications";
 import * as alepha_server0 from "alepha/server";
 import * as alepha_orm24 from "alepha/orm";
 import { Page as Page$1, Repository } from "alepha/orm";
-import { AuditService } from "alepha/api/audits";
-import * as alepha_logger5 from "alepha/logger";
-import * as alepha_bucket0 from "alepha/bucket";
+import * as alepha_logger6 from "alepha/logger";
+import { AuditService, CreateAudit } from "alepha/api/audits";
 import * as alepha_server_links0 from "alepha/server/links";
+import * as alepha_api_notifications0 from "alepha/api/notifications";
 import { OAuth2Profile, ServerAuthProvider, WithLinkFn, WithLoginFn } from "alepha/server/auth";
 import * as alepha_cache0 from "alepha/cache";
 import { DateTime, DateTimeProvider } from "alepha/datetime";
 import { CryptoProvider, IssuerPrimitive, IssuerPrimitiveOptions, UserAccount } from "alepha/security";
 import { Readable } from "node:stream";
-import { FileController } from "alepha/api/files";
+import { VerificationController } from "alepha/api/verifications";
+import * as alepha_bucket0 from "alepha/bucket";
+import * as alepha_api_jobs0 from "alepha/api/jobs";
+import * as alepha_api_parameters0 from "alepha/api/parameters";
 import "drizzle-orm/d1";
 import * as drizzle_orm0 from "drizzle-orm";
 import { BuildExtraConfigColumns, SQL, SQLWrapper } from "drizzle-orm";
@@ -23,7 +24,9 @@ import { LockConfig, LockStrength, PgColumn, PgColumnBuilderBase, PgDatabase, Pg
 import { PgTransactionConfig } from "drizzle-orm/pg-core/session";
 import * as DrizzleKit from "drizzle-kit/api";
 import "alepha/retry";
+import * as typebox0 from "typebox";
 import "drizzle-orm/sqlite-core";
+import { FileController } from "alepha/api/files";
 //#region ../../src/api/users/atoms/realmAuthSettingsAtom.d.ts
 declare const realmAuthSettingsAtom: alepha23.Atom<alepha23.TObject<{
@@ -43,6 +46,8 @@ declare const realmAuthSettingsAtom: alepha23.Atom<alepha23.TObject<{
   firstNameLastNameEnabled: alepha23.TBoolean;
   firstNameLastNameRequired: alepha23.TBoolean;
   resetPasswordAllowed: alepha23.TBoolean;
+  adminEmails: alepha23.TArray<alepha23.TString>;
+  adminUsernames: alepha23.TArray<alepha23.TString>;
   passwordPolicy: alepha23.TObject<{
     minLength: alepha23.TInteger;
     requireUppercase: alepha23.TBoolean;
@@ -904,7 +909,7 @@ declare abstract class ModelBuilder {
 //#endregion
 //#region ../../src/orm/providers/DrizzleKitProvider.d.ts
 declare class DrizzleKitProvider {
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly alepha: Alepha;
   /**
    * Synchronize database with current schema definitions.
@@ -952,7 +957,7 @@ type DevMigrations = Static<typeof devMigrationsSchema>;
 type SQLLike = SQLWrapper | string;
 declare abstract class DatabaseProvider {
   protected readonly alepha: Alepha;
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly log: alepha_logger6.Logger;
   protected abstract readonly builder: ModelBuilder;
   protected abstract readonly kit: DrizzleKitProvider;
   abstract readonly db: PgDatabase<any>;
@@ -1107,7 +1112,7 @@ declare class PgRelationManager {
 declare abstract class Repository$1<T extends TObject> {
   readonly entity: EntityPrimitive<T>;
   readonly provider: DatabaseProvider;
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly relationManager: PgRelationManager;
   protected readonly queryManager: QueryManager;
   protected readonly dateTimeProvider: DateTimeProvider;
@@ -1452,6 +1457,62 @@ type RealmPrimitive = IssuerPrimitive & WithLinkFn & WithLoginFn;
  * - `APP_SECRET`: Secret key for signing tokens (if not provided in options).
  */
 declare const $realm: (options?: RealmOptions) => RealmPrimitive;
+interface RealmFeatures {
+  /**
+   * Enable job execution tracking and purge functionality.
+   *
+   * @default false
+   */
+  jobs?: boolean;
+  /**
+   * Enable notification system for password reset, verification emails, etc.
+   *
+   * @default false
+   */
+  notifications?: boolean;
+  /**
+   * Enable API key authentication for programmatic access.
+   *
+   * When enabled, users can create API keys to access protected endpoints
+   * without using JWT tokens. API keys are useful for:
+   * - Programmatic access (CLI tools, scripts)
+   * - Long-lived authentication tokens
+   * - Third-party integrations (MCP servers)
+   *
+   * API keys can be passed via:
+   * - Query parameter: `?api_key=ak_xxx`
+   * - Bearer header: `Authorization: Bearer ak_xxx`
+   *
+   * @default false
+   */
+  apiKeys?: boolean;
+  /**
+   * Enable runtime configuration management.
+   *
+   * Allows configuring realm settings at runtime with versioning and scheduled activation.
+   *
+   * @default false
+   */
+  parameters?: boolean;
+  /**
+   * Enable file management for avatar uploads and attachments.
+   *
+   * @default false
+   */
+  files?: boolean;
+  /**
+   * Enable audit trail for compliance and event logging.
+   *
+   * @default false
+   */
+  audits?: boolean;
+  /**
+   * Enable organization management to group users.
+   *
+   * @default false
+   */
+  organizations?: boolean;
+}
 interface RealmOptions {
   /**
    * Secret key for signing tokens.
@@ -1480,19 +1541,11 @@ interface RealmOptions {
     github?: true;
   };
   /**
-   * Enable API key authentication.
-   *
-   * When enabled, users can create API keys to access protected endpoints
-   * without using JWT tokens. API keys are useful for:
-   * - Programmatic access (CLI tools, scripts)
-   * - Long-lived authentication tokens
-   * - Third-party integrations
+   * Enable or disable realm features.
    *
-   * API keys can be passed via:
-   * - Query parameter: `?api_key=ak_xxx`
-   * - Bearer header: `Authorization: Bearer ak_xxx`
+   * Features control which modules are loaded with the realm.
    */
-  apiKeys?: boolean;
+  features?: Partial<RealmFeatures>;
 }
 //#endregion
 //#region ../../src/api/users/providers/RealmProvider.d.ts
@@ -1505,6 +1558,7 @@ interface Realm {
   name: string;
   repositories: RealmRepositories;
   settings: RealmAuthSettings;
+  features: RealmFeatures;
 }
 declare class RealmProvider {
   protected readonly alepha: Alepha;
@@ -1551,7 +1605,6 @@ declare class RealmProvider {
     emailVerified: alepha_orm24.PgAttr<alepha23.TBoolean, typeof alepha_orm24.PG_DEFAULT>;
   }>>;
   protected realms: Map<string, Realm>;
-  avatars: alepha_bucket0.BucketPrimitive;
   register(realmName: string, realmOptions?: RealmOptions): Realm;
   /**
    * Gets a registered realm by name, auto-creating default if needed.
@@ -1572,11 +1625,150 @@ declare const identityQuerySchema: alepha23.TObject<{
 }>;
 type IdentityQuery = Static<typeof identityQuerySchema>;
 //#endregion
+//#region ../../src/api/users/services/UserAudits.d.ts
+type AuditContext = Omit<CreateAudit, "type" | "action">;
+/**
+ * User-specific audit wrapper service.
+ *
+ * This service wraps the core AuditService to provide user-related audit logging.
+ * It is lazy-loaded when the `audits` feature is enabled in the realm.
+ */
+declare class UserAudits {
+  protected readonly auditService: AuditService;
+  /**
+   * Record a user-related audit event.
+   */
+  recordUser(action: "create" | "update" | "delete" | "role_change" | "enable" | "disable", context: AuditContext): Promise<{
+    description?: string | undefined;
+    userId?: string | undefined;
+    userAgent?: string | undefined;
+    userRealm?: string | undefined;
+    userEmail?: string | undefined;
+    resourceType?: string | undefined;
+    resourceId?: string | undefined;
+    metadata?: typebox0.StaticRecord<[], "Decode", {}, {
+      id: PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+      createdAt: PgAttr<PgAttr<alepha23.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      type: alepha23.TString;
+      action: alepha23.TString;
+      severity: PgAttr<alepha23.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      userId: alepha23.TOptional<alepha23.TString>;
+      userRealm: alepha23.TOptional<alepha23.TString>;
+      userEmail: alepha23.TOptional<alepha23.TString>;
+      resourceType: alepha23.TOptional<alepha23.TString>;
+      resourceId: alepha23.TOptional<alepha23.TString>;
+      description: alepha23.TOptional<alepha23.TString>;
+      metadata: alepha23.TOptional<alepha23.TRecord<string, alepha23.TAny>>;
+      ipAddress: alepha23.TOptional<alepha23.TString>;
+      userAgent: alepha23.TOptional<alepha23.TString>;
+      sessionId: alepha23.TOptional<alepha23.TString>;
+      requestId: alepha23.TOptional<alepha23.TString>;
+      success: PgAttr<alepha23.TBoolean, typeof PG_DEFAULT>;
+      errorMessage: alepha23.TOptional<alepha23.TString>;
+    }, string, alepha23.TAny> | undefined;
+    ipAddress?: string | undefined;
+    sessionId?: string | undefined;
+    requestId?: string | undefined;
+    errorMessage?: string | undefined;
+    type: string;
+    id: string;
+    createdAt: string;
+    success: boolean;
+    action: string;
+    severity: "info" | "warning" | "critical";
+  }>;
+  /**
+   * Record an authentication-related audit event.
+   */
+  recordAuth(action: "login" | "logout" | "login_failed" | "token_refresh", context: AuditContext): Promise<{
+    description?: string | undefined;
+    userId?: string | undefined;
+    userAgent?: string | undefined;
+    userRealm?: string | undefined;
+    userEmail?: string | undefined;
+    resourceType?: string | undefined;
+    resourceId?: string | undefined;
+    metadata?: typebox0.StaticRecord<[], "Decode", {}, {
+      id: PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+      createdAt: PgAttr<PgAttr<alepha23.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      type: alepha23.TString;
+      action: alepha23.TString;
+      severity: PgAttr<alepha23.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      userId: alepha23.TOptional<alepha23.TString>;
+      userRealm: alepha23.TOptional<alepha23.TString>;
+      userEmail: alepha23.TOptional<alepha23.TString>;
+      resourceType: alepha23.TOptional<alepha23.TString>;
+      resourceId: alepha23.TOptional<alepha23.TString>;
+      description: alepha23.TOptional<alepha23.TString>;
+      metadata: alepha23.TOptional<alepha23.TRecord<string, alepha23.TAny>>;
+      ipAddress: alepha23.TOptional<alepha23.TString>;
+      userAgent: alepha23.TOptional<alepha23.TString>;
+      sessionId: alepha23.TOptional<alepha23.TString>;
+      requestId: alepha23.TOptional<alepha23.TString>;
+      success: PgAttr<alepha23.TBoolean, typeof PG_DEFAULT>;
+      errorMessage: alepha23.TOptional<alepha23.TString>;
+    }, string, alepha23.TAny> | undefined;
+    ipAddress?: string | undefined;
+    sessionId?: string | undefined;
+    requestId?: string | undefined;
+    errorMessage?: string | undefined;
+    type: string;
+    id: string;
+    createdAt: string;
+    success: boolean;
+    action: string;
+    severity: "info" | "warning" | "critical";
+  }>;
+  /**
+   * Record a generic audit event.
+   */
+  record(category: string, action: string, context: AuditContext): Promise<{
+    description?: string | undefined;
+    userId?: string | undefined;
+    userAgent?: string | undefined;
+    userRealm?: string | undefined;
+    userEmail?: string | undefined;
+    resourceType?: string | undefined;
+    resourceId?: string | undefined;
+    metadata?: typebox0.StaticRecord<[], "Decode", {}, {
+      id: PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+      createdAt: PgAttr<PgAttr<alepha23.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      type: alepha23.TString;
+      action: alepha23.TString;
+      severity: PgAttr<alepha23.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      userId: alepha23.TOptional<alepha23.TString>;
+      userRealm: alepha23.TOptional<alepha23.TString>;
+      userEmail: alepha23.TOptional<alepha23.TString>;
+      resourceType: alepha23.TOptional<alepha23.TString>;
+      resourceId: alepha23.TOptional<alepha23.TString>;
+      description: alepha23.TOptional<alepha23.TString>;
+      metadata: alepha23.TOptional<alepha23.TRecord<string, alepha23.TAny>>;
+      ipAddress: alepha23.TOptional<alepha23.TString>;
+      userAgent: alepha23.TOptional<alepha23.TString>;
+      sessionId: alepha23.TOptional<alepha23.TString>;
+      requestId: alepha23.TOptional<alepha23.TString>;
+      success: PgAttr<alepha23.TBoolean, typeof PG_DEFAULT>;
+      errorMessage: alepha23.TOptional<alepha23.TString>;
+    }, string, alepha23.TAny> | undefined;
+    ipAddress?: string | undefined;
+    sessionId?: string | undefined;
+    requestId?: string | undefined;
+    errorMessage?: string | undefined;
+    type: string;
+    id: string;
+    createdAt: string;
+    success: boolean;
+    action: string;
+    severity: "info" | "warning" | "critical";
+  }>;
+}
+//#endregion
 //#region ../../src/api/users/services/IdentityService.d.ts
 declare class IdentityService {
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly realmProvider: RealmProvider;
-  protected readonly auditService: AuditService;
+  protected userAudits(realmName?: string): UserAudits | undefined;
   identities(userRealmName?: string): alepha_orm24.Repository<alepha23.TObject<{
     id: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_PRIMARY_KEY>, typeof alepha_orm24.PG_DEFAULT>;
     version: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TInteger, typeof alepha_orm24.PG_VERSION>, typeof alepha_orm24.PG_DEFAULT>;
@@ -1680,7 +1872,7 @@ type SessionQuery = Static<typeof sessionQuerySchema>;
 //#endregion
 //#region ../../src/api/users/services/SessionCrudService.d.ts
 declare class SessionCrudService {
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly realmProvider: RealmProvider;
   sessions(userRealmName?: string): alepha_orm24.Repository<alepha23.TObject<{
     id: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_PRIMARY_KEY>, typeof alepha_orm24.PG_DEFAULT>;
@@ -1787,44 +1979,15 @@ declare class AdminSessionController {
   }>;
 }
 //#endregion
-//#region ../../src/api/users/notifications/UserNotifications.d.ts
-declare class UserNotifications {
-  readonly passwordReset: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
-    email: alepha23.TString;
-    code: alepha23.TString;
-    expiresInMinutes: alepha23.TNumber;
-  }>>;
-  readonly emailVerification: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
-    email: alepha23.TString;
-    code: alepha23.TString;
-    expiresInMinutes: alepha23.TNumber;
-  }>>;
-  readonly phoneVerification: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
-    phoneNumber: alepha23.TString;
-    code: alepha23.TString;
-    expiresInMinutes: alepha23.TNumber;
-  }>>;
-  readonly passwordResetLink: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
-    email: alepha23.TString;
-    resetUrl: alepha23.TString;
-    expiresInMinutes: alepha23.TNumber;
-  }>>;
-  readonly emailVerificationLink: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
-    email: alepha23.TString;
-    verifyUrl: alepha23.TString;
-    expiresInMinutes: alepha23.TNumber;
-  }>>;
-}
-//#endregion
 //#region ../../src/api/users/schemas/createUserSchema.d.ts
 declare const createUserSchema: alepha23.TObject<{
+  email: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
+  phoneNumber: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
   id: alepha23.TOptional<PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>>;
   version: alepha23.TOptional<PgAttr<PgAttr<alepha23.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>>;
-  email: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
   createdAt: alepha23.TOptional<PgAttr<PgAttr<alepha23.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
   updatedAt: alepha23.TOptional<PgAttr<PgAttr<alepha23.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
   username: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
-  phoneNumber: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
   roles: alepha23.TOptional<alepha23.TArray<alepha23.TString>>;
   firstName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
   lastName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
@@ -1837,8 +2000,8 @@ type CreateUser = Static<typeof createUserSchema>;
 //#region ../../src/api/users/schemas/updateUserSchema.d.ts
 declare const updateUserSchema: alepha23.TObject<{
   email: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
-  realm: alepha23.TOptional<PgAttr<alepha23.TString, typeof PG_DEFAULT>>;
   phoneNumber: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
+  realm: alepha23.TOptional<PgAttr<alepha23.TString, typeof PG_DEFAULT>>;
   roles: alepha23.TOptional<alepha23.TArray<alepha23.TString>>;
   firstName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
   lastName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
@@ -1860,13 +2023,43 @@ declare const userQuerySchema: alepha23.TObject<{
 }>;
 type UserQuery = Static<typeof userQuerySchema>;
 //#endregion
+//#region ../../src/api/users/services/UserNotifications.d.ts
+declare class UserNotifications {
+  readonly passwordReset: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
+    email: alepha23.TString;
+    code: alepha23.TString;
+    expiresInMinutes: alepha23.TNumber;
+  }>>;
+  readonly emailVerification: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
+    email: alepha23.TString;
+    code: alepha23.TString;
+    expiresInMinutes: alepha23.TNumber;
+  }>>;
+  readonly phoneVerification: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
+    phoneNumber: alepha23.TString;
+    code: alepha23.TString;
+    expiresInMinutes: alepha23.TNumber;
+  }>>;
+  readonly passwordResetLink: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
+    email: alepha23.TString;
+    resetUrl: alepha23.TString;
+    expiresInMinutes: alepha23.TNumber;
+  }>>;
+  readonly emailVerificationLink: alepha_api_notifications0.NotificationPrimitive<alepha23.TObject<{
+    email: alepha23.TString;
+    verifyUrl: alepha23.TString;
+    expiresInMinutes: alepha23.TNumber;
+  }>>;
+}
+//#endregion
 //#region ../../src/api/users/services/UserService.d.ts
 declare class UserService {
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly verificationController: alepha_server_links0.HttpVirtualClient<VerificationController>;
-  protected readonly userNotifications: UserNotifications;
   protected readonly realmProvider: RealmProvider;
-  protected readonly auditService: AuditService;
+  protected userAudits(realmName?: string): UserAudits | undefined;
+  protected userNotifications(realmName?: string): UserNotifications | undefined;
   users(userRealmName?: string): alepha_orm24.Repository<alepha23.TObject<{
     id: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_PRIMARY_KEY>, typeof alepha_orm24.PG_DEFAULT>;
     version: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TInteger, typeof alepha_orm24.PG_VERSION>, typeof alepha_orm24.PG_DEFAULT>;
@@ -1994,13 +2187,13 @@ declare class AdminUserController {
       userRealmName: alepha23.TOptional<alepha23.TString>;
     }>;
     body: alepha23.TObject<{
+      email: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
+      phoneNumber: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
       id: alepha23.TOptional<PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>>;
       version: alepha23.TOptional<PgAttr<PgAttr<alepha23.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>>;
-      email: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
       createdAt: alepha23.TOptional<PgAttr<PgAttr<alepha23.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
       updatedAt: alepha23.TOptional<PgAttr<PgAttr<alepha23.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
       username: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
-      phoneNumber: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
       roles: alepha23.TOptional<alepha23.TArray<alepha23.TString>>;
       firstName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
       lastName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
@@ -2037,8 +2230,8 @@ declare class AdminUserController {
     }>;
     body: alepha23.TObject<{
       email: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
-      realm: alepha23.TOptional<PgAttr<alepha23.TString, typeof PG_DEFAULT>>;
       phoneNumber: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
+      realm: alepha23.TOptional<PgAttr<alepha23.TString, typeof PG_DEFAULT>>;
       roles: alepha23.TOptional<alepha23.TArray<alepha23.TString>>;
       firstName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
       lastName: alepha23.TOptional<alepha23.TOptional<alepha23.TString>>;
@@ -2116,6 +2309,8 @@ declare class RealmController {
         firstNameLastNameEnabled: alepha23.TBoolean;
         firstNameLastNameRequired: alepha23.TBoolean;
         resetPasswordAllowed: alepha23.TBoolean;
+        adminEmails: alepha23.TArray<alepha23.TString>;
+        adminUsernames: alepha23.TArray<alepha23.TString>;
         passwordPolicy: alepha23.TObject<{
           minLength: alepha23.TInteger;
           requireUppercase: alepha23.TBoolean;
@@ -2183,13 +2378,14 @@ interface PasswordResetIntent {
   expiresAt: string;
 }
 declare class CredentialService {
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly cryptoProvider: CryptoProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly verificationController: alepha_server_links0.HttpVirtualClient<VerificationController>;
-  protected readonly userNotifications: UserNotifications;
   protected readonly realmProvider: RealmProvider;
-  protected readonly auditService: AuditService;
+  protected userAudits(realmName?: string): UserAudits | undefined;
+  protected userNotifications(realmName?: string): UserNotifications | undefined;
   protected readonly intentCache: alepha_cache0.CachePrimitiveFn<PasswordResetIntent, any[]>;
   users(userRealmName?: string): Repository$1<alepha23.TObject<{
     id: PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
@@ -2325,14 +2521,15 @@ interface RegistrationIntent {
   expiresAt: string;
 }
 declare class RegistrationService {
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly alepha: Alepha;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly cryptoProvider: CryptoProvider;
   protected readonly verificationController: alepha_server_links0.HttpVirtualClient<VerificationController>;
-  protected readonly userNotifications: UserNotifications;
   protected readonly realmProvider: RealmProvider;
-  protected readonly auditService: AuditService;
   protected readonly intentCache: alepha_cache0.CachePrimitiveFn<RegistrationIntent, any[]>;
+  protected userAudits(realmName?: string): UserAudits | undefined;
+  protected userNotifications(realmName?: string): UserNotifications | undefined;
   /**
    * Phase 1: Create a registration intent.
    *
@@ -2354,11 +2551,11 @@ declare class RegistrationService {
   /**
    * Send email verification code.
    */
-  protected sendEmailVerification(email: string): Promise<void>;
+  protected sendEmailVerification(email: string, realmName?: string): Promise<void>;
   /**
    * Send phone verification code.
    */
-  protected sendPhoneVerification(phoneNumber: string): Promise<void>;
+  protected sendPhoneVerification(phoneNumber: string, realmName?: string): Promise<void>;
   /**
    * Verify email code using verification service.
    */
@@ -2597,6 +2794,8 @@ declare const realmConfigSchema: alepha23.TObject<{
     firstNameLastNameEnabled: alepha23.TBoolean;
     firstNameLastNameRequired: alepha23.TBoolean;
     resetPasswordAllowed: alepha23.TBoolean;
+    adminEmails: alepha23.TArray<alepha23.TString>;
+    adminUsernames: alepha23.TArray<alepha23.TString>;
     passwordPolicy: alepha23.TObject<{
       minLength: alepha23.TInteger;
       requireUppercase: alepha23.TBoolean;
@@ -2977,10 +3176,10 @@ declare class SessionService {
   protected readonly fsp: FileSystemProvider;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly cryptoProvider: CryptoProvider;
-  protected readonly log: alepha_logger5.Logger;
+  protected readonly log: alepha_logger6.Logger;
   protected readonly realmProvider: RealmProvider;
   protected readonly fileController: alepha_server_links0.HttpVirtualClient<FileController>;
-  protected readonly auditService: AuditService;
+  protected userAudits(realmName?: string): UserAudits | undefined;
   users(userRealmName?: string): Repository$1<alepha23.TObject<{
     id: PgAttr<PgAttr<alepha23.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
     version: PgAttr<PgAttr<alepha23.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>;
@@ -3023,6 +3222,16 @@ declare class SessionService {
     providerUserId: alepha23.TOptional<alepha23.TString>;
     providerData: alepha23.TOptional<alepha23.TRecord<string, alepha23.TAny>>;
   }>>;
+  /**
+   * Check if user should be auto-promoted to admin based on adminEmails/adminUsernames settings.
+   * If user matches and doesn't have admin role, promote them.
+   */
+  protected ensureAdminRole(user: {
+    id: string;
+    email?: string | null;
+    username?: string | null;
+    roles: string[];
+  }, userRealmName?: string): Promise<boolean>;
   /**
    * Random delay to prevent timing attacks (50-200ms)
    * Uses cryptographically secure random number generation
@@ -3074,8 +3283,8 @@ declare class SessionService {
   deleteSession(refreshToken: string, userRealmName?: string): Promise<void>;
   link(provider: string, profile: OAuth2Profile, userRealmName?: string): Promise<{
     email?: string | undefined;
-    username?: string | undefined;
     phoneNumber?: string | undefined;
+    username?: string | undefined;
     firstName?: string | undefined;
     lastName?: string | undefined;
     picture?: string | undefined;
@@ -3119,11 +3328,108 @@ declare class SessionService {
   }>;
 }
 //#endregion
+//#region ../../src/api/users/services/UserFiles.d.ts
+/**
+ * User-specific file storage wrapper service.
+ *
+ * This service provides file storage for user-related files such as:
+ * - User avatars/profile pictures
+ *
+ * It is lazy-loaded when the `files` feature is enabled in the realm.
+ */
+declare class UserFiles {
+  /**
+   * Bucket for user avatar storage.
+   */
+  readonly avatars: alepha_bucket0.BucketPrimitive;
+}
+//#endregion
+//#region ../../src/api/users/services/UserJobs.d.ts
+/**
+ * User-specific jobs wrapper service.
+ *
+ * This service handles user-related scheduled jobs such as:
+ * - Session purge (cleaning up expired sessions)
+ * - Verification code cleanup
+ * - Inactive user notifications
+ *
+ * It is lazy-loaded when the `jobs` feature is enabled in the realm.
+ */
+declare class UserJobs {
+  protected readonly log: alepha_logger6.Logger;
+  protected readonly dateTimeProvider: DateTimeProvider;
+  protected readonly sessionRepository: alepha_orm24.Repository<alepha23.TObject<{
+    id: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_PRIMARY_KEY>, typeof alepha_orm24.PG_DEFAULT>;
+    version: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TInteger, typeof alepha_orm24.PG_VERSION>, typeof alepha_orm24.PG_DEFAULT>;
+    createdAt: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_CREATED_AT>, typeof alepha_orm24.PG_DEFAULT>;
+    updatedAt: alepha_orm24.PgAttr<alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_UPDATED_AT>, typeof alepha_orm24.PG_DEFAULT>;
+    refreshToken: alepha23.TString;
+    userId: alepha_orm24.PgAttr<alepha23.TString, typeof alepha_orm24.PG_REF>;
+    expiresAt: alepha23.TString;
+    ip: alepha23.TOptional<alepha23.TString>;
+    userAgent: alepha23.TOptional<alepha23.TObject<{
+      os: alepha23.TString;
+      browser: alepha23.TString;
+      device: alepha23.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
+    }>>;
+  }>>;
+  /**
+   * Purge expired sessions from the database.
+   *
+   * This job runs daily at 3:00 AM and removes all sessions
+   * where the `expiresAt` timestamp has passed.
+   */
+  readonly purgeExpiredSessions: alepha_api_jobs0.JobPrimitive;
+}
+//#endregion
+//#region ../../src/api/users/services/UserParameters.d.ts
+/**
+ * User-specific configuration service.
+ *
+ * This service wraps the core ConfigStore to provide realm settings management.
+ * It is lazy-loaded when the `parameters` feature is enabled in the realm.
+ */
+declare class UserParameters {
+  /**
+   * Realm authentication settings configuration.
+   *
+   * Controls user registration, login methods, verification requirements,
+   * and password policies for the realm.
+   */
+  readonly realmSettings: alepha_api_parameters0.ConfigPrimitive<typebox0.TObject<{
+    displayName: typebox0.TOptional<typebox0.TString>;
+    description: typebox0.TOptional<typebox0.TString>;
+    logoUrl: typebox0.TOptional<typebox0.TString>;
+    registrationAllowed: typebox0.TBoolean;
+    emailEnabled: typebox0.TBoolean;
+    emailRequired: typebox0.TBoolean;
+    usernameEnabled: typebox0.TBoolean;
+    usernameRequired: typebox0.TBoolean;
+    usernameRegExp: typebox0.TString;
+    phoneEnabled: typebox0.TBoolean;
+    phoneRequired: typebox0.TBoolean;
+    verifyEmailRequired: typebox0.TBoolean;
+    verifyPhoneRequired: typebox0.TBoolean;
+    firstNameLastNameEnabled: typebox0.TBoolean;
+    firstNameLastNameRequired: typebox0.TBoolean;
+    resetPasswordAllowed: typebox0.TBoolean;
+    adminEmails: typebox0.TArray<typebox0.TString>;
+    adminUsernames: typebox0.TArray<typebox0.TString>;
+    passwordPolicy: typebox0.TObject<{
+      minLength: typebox0.TInteger;
+      requireUppercase: typebox0.TBoolean;
+      requireLowercase: typebox0.TBoolean;
+      requireNumbers: typebox0.TBoolean;
+      requireSpecialCharacters: typebox0.TBoolean;
+    }>;
+  }>>;
+}
+//#endregion
 //#region ../../src/api/users/index.d.ts
 /**
- * | type | quality | stability |
- * |------|---------|-----------|
- * | backend | epic | stable |
+ * | Stability | Since | Runtime |
+ * |-----------|-------|---------|
+ * | 3 - stable | 0.5.0 | node, bun, workerd|
  *
  * Complete user management with multi-realm support for multi-tenant applications.
  *
@@ -3141,5 +3447,5 @@ declare class SessionService {
  */
 declare const AlephaApiUsers: alepha23.Service<alepha23.Module>;
 //#endregion
-export { $realm, AdminIdentityController, AdminSessionController, AdminUserController, AlephaApiUsers, CompletePasswordResetRequest, CompleteRegistrationRequest, CreateUser, CredentialService, DEFAULT_USER_REALM_NAME, IdentityEntity, IdentityQuery, IdentityResource, IdentityService, LoginInput, PasswordResetIntentResponse, Realm, RealmAuthSettings, RealmConfig, RealmController, RealmOptions, RealmPrimitive, RealmProvider, RealmRepositories, RegisterInput, RegistrationIntentResponse, RegistrationService, ResetPasswordInput, ResetPasswordRequest, SessionCrudService, SessionEntity, SessionQuery, SessionResource, SessionService, UpdateUser, UserController, UserEntity, UserQuery, UserResource, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, realmConfigSchema, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userResourceSchema, users };
+export { $realm, AdminIdentityController, AdminSessionController, AdminUserController, AlephaApiUsers, CompletePasswordResetRequest, CompleteRegistrationRequest, CreateUser, CredentialService, DEFAULT_USER_REALM_NAME, IdentityEntity, IdentityQuery, IdentityResource, IdentityService, LoginInput, PasswordResetIntentResponse, Realm, RealmAuthSettings, RealmConfig, RealmController, RealmFeatures, RealmOptions, RealmPrimitive, RealmProvider, RealmRepositories, RegisterInput, RegistrationIntentResponse, RegistrationService, ResetPasswordInput, ResetPasswordRequest, SessionCrudService, SessionEntity, SessionQuery, SessionResource, SessionService, UpdateUser, UserAudits, UserController, UserEntity, UserFiles, UserJobs, UserNotifications, UserParameters, UserQuery, UserResource, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, realmConfigSchema, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userResourceSchema, users };
 //# sourceMappingURL=index.d.ts.map