npm - alepha - Versions diffs - 0.15.4 → 0.15.5 - Mend

alepha 0.15.4 → 0.15.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (282) hide show

package/README.md +26 -11
package/dist/api/audits/index.d.ts +3 -3
package/dist/api/audits/index.js +3 -3
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.d.ts +3 -3
package/dist/api/files/index.js +3 -3
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +47 -4
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js +100 -5
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/keys/index.d.ts +3 -3
package/dist/api/keys/index.js +3 -3
package/dist/api/keys/index.js.map +1 -1
package/dist/api/notifications/index.d.ts +3 -3
package/dist/api/notifications/index.js +3 -3
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.d.ts +263 -263
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +31 -30
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/users/index.d.ts +373 -67
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +273 -72
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +3 -3
package/dist/api/verifications/index.js +3 -3
package/dist/api/verifications/index.js.map +1 -1
package/dist/batch/index.d.ts +7 -7
package/dist/batch/index.js +3 -3
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +3 -3
package/dist/bucket/index.js +6 -6
package/dist/bucket/index.js.map +1 -1
package/dist/cache/core/index.d.ts +3 -3
package/dist/cache/core/index.js +3 -3
package/dist/cache/core/index.js.map +1 -1
package/dist/cli/index.d.ts +5607 -20
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +103 -89
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +11 -4
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +8 -6
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +4 -8
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +3 -3
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +3 -3
package/dist/datetime/index.js +3 -3
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +3 -3
package/dist/email/index.js +8 -8
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +3 -3
package/dist/fake/index.js +3 -3
package/dist/fake/index.js.map +1 -1
package/dist/lock/core/index.d.ts +3 -3
package/dist/lock/core/index.js +3 -3
package/dist/lock/core/index.js.map +1 -1
package/dist/logger/index.d.ts +3 -3
package/dist/logger/index.js +6 -3
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +3 -3
package/dist/mcp/index.js +3 -3
package/dist/mcp/index.js.map +1 -1
package/dist/orm/index.d.ts +12 -12
package/dist/orm/index.js +4 -4
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +3 -3
package/dist/queue/core/index.js +3 -3
package/dist/queue/core/index.js.map +1 -1
package/dist/react/auth/index.d.ts +3 -3
package/dist/react/auth/index.js +3 -3
package/dist/react/auth/index.js.map +1 -1
package/dist/react/core/index.d.ts +3 -3
package/dist/react/core/index.js +3 -3
package/dist/react/core/index.js.map +1 -1
package/dist/react/form/index.d.ts +3 -3
package/dist/react/form/index.js +3 -3
package/dist/react/form/index.js.map +1 -1
package/dist/react/head/index.d.ts +3 -3
package/dist/react/head/index.js +3 -3
package/dist/react/head/index.js.map +1 -1
package/dist/react/i18n/index.d.ts +3 -3
package/dist/react/i18n/index.js +3 -3
package/dist/react/i18n/index.js.map +1 -1
package/dist/react/intro/index.css +337 -0
package/dist/react/intro/index.css.map +1 -0
package/dist/react/intro/index.d.ts +10 -0
package/dist/react/intro/index.d.ts.map +1 -0
package/dist/react/intro/index.js +222 -0
package/dist/react/intro/index.js.map +1 -0
package/dist/react/router/index.browser.js +2 -2
package/dist/react/router/index.browser.js.map +1 -1
package/dist/react/router/index.d.ts +1 -1
package/dist/react/router/index.d.ts.map +1 -1
package/dist/react/router/index.js +5 -5
package/dist/react/router/index.js.map +1 -1
package/dist/redis/index.d.ts +17 -17
package/dist/redis/index.js +3 -3
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +3 -3
package/dist/retry/index.js +3 -3
package/dist/retry/index.js.map +1 -1
package/dist/scheduler/index.d.ts +3 -3
package/dist/scheduler/index.js +3 -3
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.d.ts +3 -3
package/dist/security/index.js +5 -5
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +3 -3
package/dist/server/auth/index.js +3 -3
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +3 -3
package/dist/server/cache/index.js +3 -3
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +3 -3
package/dist/server/compress/index.js +3 -3
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.d.ts +3 -3
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.d.ts +5 -16
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +13 -29
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +3 -3
package/dist/server/cors/index.js +3 -3
package/dist/server/cors/index.js.map +1 -1
package/dist/server/health/index.d.ts +20 -20
package/dist/server/health/index.js +3 -3
package/dist/server/health/index.js.map +1 -1
package/dist/server/helmet/index.d.ts +3 -3
package/dist/server/helmet/index.js +3 -3
package/dist/server/helmet/index.js.map +1 -1
package/dist/server/links/index.d.ts +42 -42
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +3 -3
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts +3 -3
package/dist/server/metrics/index.js +3 -3
package/dist/server/metrics/index.js.map +1 -1
package/dist/server/multipart/index.d.ts +3 -3
package/dist/server/multipart/index.js +3 -3
package/dist/server/multipart/index.js.map +1 -1
package/dist/server/proxy/index.d.ts +3 -3
package/dist/server/proxy/index.js +3 -3
package/dist/server/proxy/index.js.map +1 -1
package/dist/server/rate-limit/index.d.ts +3 -3
package/dist/server/rate-limit/index.js +3 -3
package/dist/server/rate-limit/index.js.map +1 -1
package/dist/server/static/index.d.ts +3 -3
package/dist/server/static/index.js +6 -6
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +3 -3
package/dist/server/swagger/index.js +6 -6
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +3 -3
package/dist/sms/index.js +6 -6
package/dist/sms/index.js.map +1 -1
package/dist/system/index.d.ts +3 -3
package/dist/system/index.js +3 -3
package/dist/system/index.js.map +1 -1
package/dist/thread/index.d.ts +3 -3
package/dist/thread/index.js +3 -3
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.d.ts +3 -3
package/dist/topic/core/index.js +3 -3
package/dist/topic/core/index.js.map +1 -1
package/dist/vite/index.d.ts +6284 -3
package/dist/vite/index.d.ts.map +1 -1
package/dist/websocket/index.d.ts +3 -3
package/dist/websocket/index.js +3 -3
package/dist/websocket/index.js.map +1 -1
package/package.json +7 -2
package/src/api/audits/index.ts +3 -3
package/src/api/files/index.ts +3 -3
package/src/api/jobs/controllers/AdminJobController.ts +15 -2
package/src/api/jobs/index.ts +4 -3
package/src/api/jobs/services/JobAudits.spec.ts +89 -0
package/src/api/jobs/services/JobAudits.ts +101 -0
package/src/api/keys/index.ts +3 -3
package/src/api/notifications/index.ts +3 -3
package/src/api/parameters/index.ts +5 -3
package/src/api/users/__tests__/ApiKeys-integration.spec.ts +1 -1
package/src/api/users/__tests__/ApiKeys.spec.ts +1 -1
package/src/api/users/__tests__/EmailVerification.spec.ts +16 -1
package/src/api/users/__tests__/PasswordReset.spec.ts +11 -0
package/src/api/users/atoms/realmAuthSettingsAtom.ts +10 -0
package/src/api/users/index.ts +8 -9
package/src/api/users/primitives/$realm.ts +117 -19
package/src/api/users/providers/RealmProvider.ts +15 -7
package/src/api/users/services/CredentialService.spec.ts +11 -0
package/src/api/users/services/CredentialService.ts +47 -24
package/src/api/users/services/IdentityService.ts +12 -4
package/src/api/users/services/RegistrationService.spec.ts +11 -0
package/src/api/users/services/RegistrationService.ts +33 -12
package/src/api/users/services/SessionService.ts +83 -12
package/src/api/users/services/UserAudits.ts +47 -0
package/src/api/users/services/UserFiles.ts +19 -0
package/src/api/users/services/UserJobs.spec.ts +107 -0
package/src/api/users/services/UserJobs.ts +62 -0
package/src/api/users/services/UserParameters.ts +23 -0
package/src/api/users/services/UserService.ts +34 -17
package/src/api/verifications/index.ts +3 -3
package/src/batch/index.ts +3 -3
package/src/bucket/index.ts +3 -3
package/src/cache/core/index.ts +3 -3
package/src/cli/commands/db.ts +9 -0
package/src/cli/commands/init.spec.ts +2 -17
package/src/cli/commands/init.ts +37 -1
package/src/cli/providers/ViteDevServerProvider.ts +5 -2
package/src/cli/services/AlephaCliUtils.ts +17 -0
package/src/cli/services/PackageManagerUtils.ts +15 -1
package/src/cli/services/ProjectScaffolder.ts +8 -13
package/src/cli/templates/agentMd.ts +2 -25
package/src/cli/templates/apiAppSecurityTs.ts +37 -2
package/src/cli/templates/mainCss.ts +2 -32
package/src/cli/templates/webAppRouterTs.ts +5 -5
package/src/cli/templates/webHomeComponentTsx.ts +10 -0
package/src/command/helpers/Runner.ts +14 -1
package/src/command/index.ts +3 -3
package/src/core/helpers/primitive.ts +0 -5
package/src/core/index.ts +3 -3
package/src/datetime/index.ts +3 -3
package/src/email/index.ts +3 -3
package/src/email/providers/LocalEmailProvider.ts +2 -2
package/src/fake/index.ts +3 -3
package/src/lock/core/index.ts +3 -3
package/src/logger/index.ts +3 -3
package/src/logger/providers/PrettyFormatterProvider.ts +7 -0
package/src/mcp/index.ts +3 -3
package/src/orm/index.ts +3 -3
package/src/orm/providers/drivers/NodeSqliteProvider.ts +1 -1
package/src/queue/core/index.ts +3 -3
package/src/react/auth/index.ts +3 -3
package/src/react/core/index.ts +3 -3
package/src/react/form/index.ts +3 -3
package/src/react/head/index.ts +3 -3
package/src/react/i18n/index.ts +3 -3
package/src/react/intro/components/GettingStarted.css +334 -0
package/src/react/intro/components/GettingStarted.tsx +276 -0
package/src/react/intro/index.ts +1 -0
package/src/react/router/index.browser.ts +2 -0
package/src/react/router/index.ts +2 -0
package/src/redis/index.ts +3 -3
package/src/retry/index.ts +3 -3
package/src/router/index.ts +3 -3
package/src/scheduler/index.ts +3 -3
package/src/security/index.ts +3 -3
package/src/security/providers/JwtProvider.ts +2 -2
package/src/server/auth/index.ts +3 -3
package/src/server/cache/index.ts +3 -3
package/src/server/compress/index.ts +3 -3
package/src/server/cookies/index.ts +3 -3
package/src/server/core/index.ts +3 -3
package/src/server/core/primitives/$action.spec.ts +3 -2
package/src/server/core/primitives/$action.ts +6 -2
package/src/server/core/providers/NodeHttpServerProvider.ts +2 -15
package/src/server/core/providers/ServerProvider.ts +4 -2
package/src/server/core/providers/ServerRouterProvider.ts +5 -27
package/src/server/cors/index.ts +3 -3
package/src/server/health/index.ts +3 -3
package/src/server/helmet/index.ts +3 -3
package/src/server/links/index.ts +3 -3
package/src/server/metrics/index.ts +3 -3
package/src/server/multipart/index.ts +3 -3
package/src/server/proxy/index.ts +3 -3
package/src/server/rate-limit/index.ts +3 -3
package/src/server/static/index.ts +3 -3
package/src/server/swagger/index.ts +3 -3
package/src/sms/index.ts +3 -3
package/src/system/index.ts +3 -3
package/src/thread/index.ts +3 -3
package/src/topic/core/index.ts +3 -3
package/src/websocket/index.ts +3 -3
package/src/cli/templates/webHelloComponentTsx.ts +0 -30
/package/src/api/users/{notifications → services}/UserNotifications.ts +0 -0

package/dist/api/users/index.js CHANGED Viewed

@@ -1,15 +1,13 @@
 import { $atom, $context, $inject, $module, Alepha, AlephaError, Json, isFileLike, t } from "alepha";
-import { $notification, AlephaApiNotifications } from "alepha/api/notifications";
-import { AlephaApiVerification } from "alepha/api/verifications";
 import { AlephaEmail } from "alepha/email";
 import { AlephaServerCompress } from "alepha/server/compress";
 import { AlephaServerHelmet } from "alepha/server/helmet";
 import { $action, BadRequestError, ConflictError, ForbiddenError, HttpError, NotFoundError, UnauthorizedError, okSchema } from "alepha/server";
 import { $entity, $repository, db, pageQuerySchema, parseQueryString, sql } from "alepha/orm";
-import { AlephaApiAudits, AuditService } from "alepha/api/audits";
 import { $logger } from "alepha/logger";
-import { $bucket } from "alepha/bucket";
+import { AuditService } from "alepha/api/audits";
 import { $client } from "alepha/server/links";
+import { $notification } from "alepha/api/notifications";
 import { $authCredentials, $authGithub, $authGoogle, ServerAuthProvider, authenticationProviderSchema } from "alepha/server/auth";
 import { createHash, randomBytes, randomInt, randomUUID } from "node:crypto";
 import { $cache } from "alepha/cache";
@@ -21,8 +19,10 @@ import { access, copyFile, cp, mkdir, readFile, readdir, rename, rm, stat, write
 import { PassThrough, Readable } from "node:stream";
 import { fileURLToPath } from "node:url";
 import { exec, spawn } from "node:child_process";
-import { AlephaApiFiles } from "alepha/api/files";
-import { AlephaApiJobs } from "alepha/api/jobs";
+import { AlephaApiVerification } from "alepha/api/verifications";
+import { $bucket } from "alepha/bucket";
+import { $job } from "alepha/api/jobs";
+import { $config } from "alepha/api/parameters";
 //#region ../../src/api/users/schemas/identityQuerySchema.ts
 const identityQuerySchema = t.extend(pageQuerySchema, {
@@ -112,6 +112,8 @@ const realmAuthSettingsAtom = $atom({
 		firstNameLastNameEnabled: t.boolean({ description: "Enable first and last name for user accounts" }),
 		firstNameLastNameRequired: t.boolean({ description: "Require first and last name for user accounts" }),
 		resetPasswordAllowed: t.boolean({ description: "Enable forgot password functionality" }),
+		adminEmails: t.array(t.email(), { description: "List of email addresses that are automatically promoted to admin role on login" }),
+		adminUsernames: t.array(t.text(), { description: "List of usernames that are automatically promoted to admin role on login" }),
 		passwordPolicy: t.object({
 			minLength: t.integer({
 				description: "Minimum password length",
@@ -138,6 +140,8 @@ const realmAuthSettingsAtom = $atom({
 		resetPasswordAllowed: false,
 		firstNameLastNameEnabled: false,
 		firstNameLastNameRequired: false,
+		adminEmails: [],
+		adminUsernames: [],
 		passwordPolicy: {
 			minLength: 8,
 			requireUppercase: true,
@@ -181,16 +185,17 @@ var RealmProvider = class {
 	defaultSessions = $repository(sessions);
 	defaultUsers = $repository(users);
 	realms = /* @__PURE__ */ new Map();
-	avatars = $bucket({
-		maxSize: 5 * 1024 * 1024,
-		mimeTypes: [
-			"image/jpeg",
-			"image/png",
-			"image/gif",
-			"image/webp"
-		]
-	});
 	register(realmName, realmOptions = {}) {
+		const features = {
+			jobs: false,
+			notifications: false,
+			apiKeys: false,
+			parameters: false,
+			files: false,
+			audits: false,
+			organizations: false,
+			...realmOptions.features
+		};
 		this.realms.set(realmName, {
 			name: realmName,
 			repositories: {
@@ -205,7 +210,8 @@ var RealmProvider = class {
 					...realmAuthSettingsAtom.options.default.passwordPolicy,
 					...realmOptions.settings?.passwordPolicy
 				}
-			}
+			},
+			features
 		});
 		return this.getRealm(realmName);
 	}
@@ -233,12 +239,45 @@ var RealmProvider = class {
 	}
 };
+//#endregion
+//#region ../../src/api/users/services/UserAudits.ts
+/**
+* User-specific audit wrapper service.
+*
+* This service wraps the core AuditService to provide user-related audit logging.
+* It is lazy-loaded when the `audits` feature is enabled in the realm.
+*/
+var UserAudits = class {
+	auditService = $inject(AuditService);
+	/**
+	* Record a user-related audit event.
+	*/
+	recordUser(action, context) {
+		return this.auditService.recordUser(action, context);
+	}
+	/**
+	* Record an authentication-related audit event.
+	*/
+	recordAuth(action, context) {
+		return this.auditService.recordAuth(action, context);
+	}
+	/**
+	* Record a generic audit event.
+	*/
+	record(category, action, context) {
+		return this.auditService.record(category, action, context);
+	}
+};
 //#endregion
 //#region ../../src/api/users/services/IdentityService.ts
 var IdentityService = class {
+	alepha = $inject(Alepha);
 	log = $logger();
 	realmProvider = $inject(RealmProvider);
-	auditService = $inject(AuditService);
+	userAudits(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.audits) return this.alepha.inject(UserAudits);
+	}
 	identities(userRealmName) {
 		return this.realmProvider.identityRepository(userRealmName);
 	}
@@ -293,7 +332,7 @@ var IdentityService = class {
 			userId: identity.userId
 		});
 		const realm = this.realmProvider.getRealm(userRealmName);
-		await this.auditService.recordUser("update", {
+		await this.userAudits(userRealmName)?.recordUser("update", {
 			userRealm: realm.name,
 			resourceId: identity.userId,
 			description: `Identity provider disconnected: ${identity.provider}`,
@@ -541,7 +580,7 @@ const userQuerySchema = t.extend(pageQuerySchema, {
 const userResourceSchema = users.schema;
 //#endregion
-//#region ../../src/api/users/notifications/UserNotifications.ts
+//#region ../../src/api/users/services/UserNotifications.ts
 var UserNotifications = class {
 	passwordReset = $notification({
 		category: "security",
@@ -672,11 +711,16 @@ var UserNotifications = class {
 //#endregion
 //#region ../../src/api/users/services/UserService.ts
 var UserService = class {
+	alepha = $inject(Alepha);
 	log = $logger();
 	verificationController = $client();
-	userNotifications = $inject(UserNotifications);
 	realmProvider = $inject(RealmProvider);
-	auditService = $inject(AuditService);
+	userAudits(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.audits) return this.alepha.inject(UserAudits);
+	}
+	userNotifications(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.notifications) return this.alepha.inject(UserNotifications);
+	}
 	users(userRealmName) {
 		return this.realmProvider.userRepository(userRealmName);
 	}
@@ -715,7 +759,7 @@ var UserService = class {
 				url.searchParams.set("email", email);
 				url.searchParams.set("token", verification.token);
 				const fullVerifyUrl = verifyUrl ? `${verifyUrl}${url.search}` : url.pathname + url.search;
-				await this.userNotifications.emailVerificationLink.push({
+				await this.userNotifications(userRealmName)?.emailVerificationLink.push({
 					contact: email,
 					variables: {
 						email,
@@ -728,7 +772,7 @@ var UserService = class {
 					userId: user.id
 				});
 			} else {
-				await this.userNotifications.emailVerification.push({
+				await this.userNotifications(userRealmName)?.emailVerification.push({
 					contact: email,
 					variables: {
 						email,
@@ -783,7 +827,7 @@ var UserService = class {
 			type
 		});
 		const realm = this.realmProvider.getRealm(userRealmName);
-		await this.auditService.recordUser("update", {
+		await this.userAudits(userRealmName)?.recordUser("update", {
 			userId: user.id,
 			userEmail: email,
 			userRealm: realm.name,
@@ -875,7 +919,7 @@ var UserService = class {
 			username: user.username,
 			email: user.email
 		});
-		await this.auditService.recordUser("create", {
+		await this.userAudits(userRealmName)?.recordUser("create", {
 			userRealm: realm.name,
 			resourceId: user.id,
 			description: "User created",
@@ -905,7 +949,7 @@ var UserService = class {
 			to: data[key]
 		};
 		const isRoleChange = data.roles !== void 0 && JSON.stringify(before.roles) !== JSON.stringify(data.roles);
-		await this.auditService.recordUser(isRoleChange ? "role_change" : "update", {
+		await this.userAudits(userRealmName)?.recordUser(isRoleChange ? "role_change" : "update", {
 			userRealm: realm.name,
 			resourceId: user.id,
 			description: isRoleChange ? "User roles changed" : `User updated: ${Object.keys(changes).join(", ")}`,
@@ -925,7 +969,7 @@ var UserService = class {
 		await this.users(userRealmName).deleteById(id);
 		this.log.info("User deleted", { userId: id });
 		const realm = this.realmProvider.getRealm(userRealmName);
-		await this.auditService.recordUser("delete", {
+		await this.userAudits(userRealmName)?.recordUser("delete", {
 			userRealm: realm.name,
 			resourceId: id,
 			severity: "warning",
@@ -1180,13 +1224,18 @@ const registrationIntentResponseSchema = t.object({
 //#region ../../src/api/users/services/CredentialService.ts
 const INTENT_TTL_MINUTES$1 = 10;
 var CredentialService = class {
+	alepha = $inject(Alepha);
 	log = $logger();
 	cryptoProvider = $inject(CryptoProvider);
 	dateTimeProvider = $inject(DateTimeProvider);
 	verificationController = $client();
-	userNotifications = $inject(UserNotifications);
 	realmProvider = $inject(RealmProvider);
-	auditService = $inject(AuditService);
+	userAudits(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.audits) return this.alepha.inject(UserAudits);
+	}
+	userNotifications(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.notifications) return this.alepha.inject(UserNotifications);
+	}
 	intentCache = $cache({
 		name: "password-reset-intents",
 		ttl: [INTENT_TTL_MINUTES$1, "minutes"]
@@ -1241,7 +1290,7 @@ var CredentialService = class {
 				params: { type: "code" },
 				body: { target: email }
 			});
-			await this.userNotifications.passwordReset.push({
+			await this.userNotifications(userRealmName)?.passwordReset.push({
 				contact: email,
 				variables: {
 					email,
@@ -1316,7 +1365,7 @@ var CredentialService = class {
 			email: intent.email
 		});
 		const realm = this.realmProvider.getRealm(intent.realmName);
-		await this.auditService.recordUser("update", {
+		await this.userAudits(intent.realmName)?.recordUser("update", {
 			userId: intent.userId,
 			userEmail: intent.email,
 			userRealm: realm.name,
@@ -1324,7 +1373,7 @@ var CredentialService = class {
 			description: "Password reset completed",
 			metadata: { email: intent.email }
 		});
-		await this.auditService.record("security", "sessions_invalidated", {
+		await this.userAudits(intent.realmName)?.record("security", "sessions_invalidated", {
 			userId: intent.userId,
 			userEmail: intent.email,
 			userRealm: realm.name,
@@ -1375,7 +1424,7 @@ var CredentialService = class {
 		await this.identities(userRealmName).updateById(identity.id, { password: hashedPassword });
 		await this.sessions(userRealmName).deleteMany({ userId: { eq: user.id } });
 		const realm = this.realmProvider.getRealm(userRealmName);
-		await this.auditService.recordUser("update", {
+		await this.userAudits(userRealmName)?.recordUser("update", {
 			userId: user.id,
 			userEmail: email,
 			userRealm: realm.name,
@@ -1383,7 +1432,7 @@ var CredentialService = class {
 			description: "Password reset completed (legacy)",
 			metadata: { email }
 		});
-		await this.auditService.record("security", "sessions_invalidated", {
+		await this.userAudits(userRealmName)?.record("security", "sessions_invalidated", {
 			userId: user.id,
 			userEmail: email,
 			userRealm: realm.name,
@@ -1398,17 +1447,22 @@ var CredentialService = class {
 //#region ../../src/api/users/services/RegistrationService.ts
 const INTENT_TTL_MINUTES = 10;
 var RegistrationService = class {
+	alepha = $inject(Alepha);
 	log = $logger();
 	dateTimeProvider = $inject(DateTimeProvider);
 	cryptoProvider = $inject(CryptoProvider);
 	verificationController = $client();
-	userNotifications = $inject(UserNotifications);
 	realmProvider = $inject(RealmProvider);
-	auditService = $inject(AuditService);
 	intentCache = $cache({
 		name: "registration-intents",
 		ttl: [INTENT_TTL_MINUTES, "minutes"]
 	});
+	userAudits(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.audits) return this.alepha.inject(UserAudits);
+	}
+	userNotifications(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.notifications) return this.alepha.inject(UserNotifications);
+	}
 	/**
 	* Phase 1: Create a registration intent.
 	*
@@ -1457,8 +1511,8 @@ var RegistrationService = class {
 			phone: realmSettings?.verifyPhoneRequired === true && !!body.phoneNumber,
 			captcha: false
 		};
-		if (requirements.email && body.email) await this.sendEmailVerification(body.email);
-		if (requirements.phone && body.phoneNumber) await this.sendPhoneVerification(body.phoneNumber);
+		if (requirements.email && body.email) await this.sendEmailVerification(body.email, userRealmName);
+		if (requirements.phone && body.phoneNumber) await this.sendPhoneVerification(body.phoneNumber, userRealmName);
 		const intentId = randomUUID();
 		const expiresAt = this.dateTimeProvider.now().add(INTENT_TTL_MINUTES, "minutes").toISOString();
 		const intent = {
@@ -1558,7 +1612,7 @@ var RegistrationService = class {
 			username: user.username
 		});
 		const realm = this.realmProvider.getRealm(userRealmName);
-		await this.auditService.recordUser("create", {
+		await this.userAudits(userRealmName)?.recordUser("create", {
 			userId: user.id,
 			userEmail: user.email ?? void 0,
 			userRealm: realm.name,
@@ -1600,13 +1654,13 @@ var RegistrationService = class {
 	/**
 	* Send email verification code.
 	*/
-	async sendEmailVerification(email) {
+	async sendEmailVerification(email, realmName) {
 		this.log.debug("Sending email verification code", { email });
 		const verification = await this.verificationController.requestVerificationCode({
 			params: { type: "code" },
 			body: { target: email }
 		});
-		await this.userNotifications.emailVerification.push({
+		await this.userNotifications(realmName)?.emailVerification.push({
 			contact: email,
 			variables: {
 				email,
@@ -1619,14 +1673,14 @@ var RegistrationService = class {
 	/**
 	* Send phone verification code.
 	*/
-	async sendPhoneVerification(phoneNumber) {
+	async sendPhoneVerification(phoneNumber, realmName) {
 		this.log.debug("Sending phone verification code", { phoneNumber });
 		try {
 			const verification = await this.verificationController.requestVerificationCode({
 				params: { type: "code" },
 				body: { target: phoneNumber }
 			});
-			await this.userNotifications.phoneVerification.push({
+			await this.userNotifications(realmName)?.phoneVerification.push({
 				contact: phoneNumber,
 				variables: {
 					phoneNumber,
@@ -3710,9 +3764,9 @@ var ShellProvider = class {};
 //#endregion
 //#region ../../src/system/index.ts
 /**
-* | type | quality | stability |
-* |------|---------|-----------|
-* | tooling | standard | stable |
+* | Stability | Since | Runtime |
+* |-----------|-------|---------|
+* | 3 - stable | 0.14.0 | node, bun, browser|
 *
 * System-level abstractions for portable code across runtimes.
 *
@@ -3757,7 +3811,9 @@ var SessionService = class {
 	log = $logger();
 	realmProvider = $inject(RealmProvider);
 	fileController = $client();
-	auditService = $inject(AuditService);
+	userAudits(realmName) {
+		if (this.realmProvider.getRealm(realmName).features.audits) return this.alepha.inject(UserAudits);
+	}
 	users(userRealmName) {
 		return this.realmProvider.userRepository(userRealmName);
 	}
@@ -3768,6 +3824,40 @@ var SessionService = class {
 		return this.realmProvider.identityRepository(userRealmName);
 	}
 	/**
+	* Check if user should be auto-promoted to admin based on adminEmails/adminUsernames settings.
+	* If user matches and doesn't have admin role, promote them.
+	*/
+	async ensureAdminRole(user, userRealmName) {
+		if (user.roles.includes("admin")) return false;
+		const { settings, name } = this.realmProvider.getRealm(userRealmName);
+		const adminEmails = settings.adminEmails ?? [];
+		const adminUsernames = settings.adminUsernames ?? [];
+		const isAdminByEmail = user.email && adminEmails.includes(user.email);
+		const isAdminByUsername = user.username && adminUsernames.includes(user.username);
+		if (!isAdminByEmail && !isAdminByUsername) return false;
+		user.roles = [...user.roles.filter((r) => r !== "admin"), "admin"];
+		await this.users(userRealmName).updateById(user.id, { roles: user.roles });
+		const reason = isAdminByEmail ? "adminEmails" : "adminUsernames";
+		this.log.info(`User auto-promoted to admin via ${reason} setting`, {
+			userId: user.id,
+			email: user.email,
+			username: user.username,
+			realm: name
+		});
+		await this.userAudits(userRealmName)?.recordUser("role_change", {
+			userId: user.id,
+			userEmail: user.email ?? void 0,
+			userRealm: name,
+			resourceId: user.id,
+			description: `User auto-promoted to admin via ${reason} setting`,
+			metadata: {
+				addedRole: "admin",
+				reason
+			}
+		});
+		return true;
+	}
+	/**
 	* Random delay to prevent timing attacks (50-200ms)
 	* Uses cryptographically secure random number generation
 	*/
@@ -3796,7 +3886,7 @@ var SessionService = class {
 							username,
 							realm: name
 						});
-						await this.auditService.recordAuth("login_failed", {
+						await this.userAudits(userRealmName)?.recordAuth("login_failed", {
 							userRealm: name,
 							description: "Username does not match required format",
 							metadata: {
@@ -3816,7 +3906,7 @@ var SessionService = class {
 					username,
 					realm: name
 				});
-				await this.auditService.recordAuth("login_failed", {
+				await this.userAudits(userRealmName)?.recordAuth("login_failed", {
 					userRealm: name,
 					description: "Invalid login identifier format",
 					metadata: {
@@ -3833,7 +3923,7 @@ var SessionService = class {
 					username,
 					realm: name
 				});
-				await this.auditService.recordAuth("login_failed", {
+				await this.userAudits(userRealmName)?.recordAuth("login_failed", {
 					userRealm: name,
 					description: "User not found",
 					metadata: {
@@ -3863,7 +3953,7 @@ var SessionService = class {
 					username,
 					realm: name
 				});
-				await this.auditService.recordAuth("login_failed", {
+				await this.userAudits(userRealmName)?.recordAuth("login_failed", {
 					userRealm: name,
 					resourceId: user.id,
 					description: "Invalid password",
@@ -3874,7 +3964,7 @@ var SessionService = class {
 				});
 				throw new InvalidCredentialsError();
 			}
-			await this.auditService.recordAuth("login", {
+			await this.userAudits(userRealmName)?.recordAuth("login", {
 				userId: user.id,
 				userEmail: user.email ?? void 0,
 				userRealm: name,
@@ -3885,6 +3975,7 @@ var SessionService = class {
 					username
 				}
 			});
+			await this.ensureAdminRole(user, userRealmName);
 			return user;
 		} catch (error) {
 			if (error instanceof InvalidCredentialsError) throw error;
@@ -3931,6 +4022,7 @@ var SessionService = class {
 			throw new UnauthorizedError("Session expired");
 		}
 		const user = await this.users(userRealmName).findOne({ where: { id: { eq: session.userId } } });
+		await this.ensureAdminRole(user, userRealmName);
 		this.log.debug("Session refreshed", {
 			sessionId: session.id,
 			userId: session.userId
@@ -3948,7 +4040,7 @@ var SessionService = class {
 		this.log.debug("Session deleted");
 		if (session) {
 			const { name } = this.realmProvider.getRealm(userRealmName);
-			await this.auditService.recordAuth("logout", {
+			await this.userAudits(userRealmName)?.recordAuth("logout", {
 				userId: session.userId,
 				userRealm: name,
 				sessionId: session.id,
@@ -3976,7 +4068,7 @@ var SessionService = class {
 				userId: identity.userId
 			});
 			const user = await users.findById(identity.userId);
-			await this.auditService.recordAuth("login", {
+			await this.userAudits(userRealmName)?.recordAuth("login", {
 				userId: user.id,
 				userEmail: user.email ?? void 0,
 				userRealm: realm.name,
@@ -3987,6 +4079,7 @@ var SessionService = class {
 					providerUserId: profile.sub
 				}
 			});
+			await this.ensureAdminRole(user, userRealmName);
 			return user;
 		}
 		if (!profile.email) {
@@ -4012,7 +4105,7 @@ var SessionService = class {
 				providerUserId: profile.sub,
 				userId: existing.id
 			});
-			await this.auditService.recordAuth("login", {
+			await this.userAudits(userRealmName)?.recordAuth("login", {
 				userId: existing.id,
 				userEmail: existing.email ?? void 0,
 				userRealm: realm.name,
@@ -4024,6 +4117,7 @@ var SessionService = class {
 					linked: true
 				}
 			});
+			await this.ensureAdminRole(existing, userRealmName);
 			return existing;
 		}
 		const user = await users.create({
@@ -4060,7 +4154,7 @@ var SessionService = class {
 			email: user.email,
 			username: user.username
 		});
-		await this.auditService.recordUser("create", {
+		await this.userAudits(userRealmName)?.recordUser("create", {
 			userId: user.id,
 			userEmail: user.email ?? void 0,
 			userRealm: realm.name,
@@ -4073,7 +4167,7 @@ var SessionService = class {
 				email: user.email
 			}
 		});
-		await this.auditService.recordAuth("login", {
+		await this.userAudits(userRealmName)?.recordAuth("login", {
 			userId: user.id,
 			userEmail: user.email ?? void 0,
 			userRealm: realm.name,
@@ -4085,6 +4179,7 @@ var SessionService = class {
 				firstLogin: true
 			}
 		});
+		await this.ensureAdminRole(user, userRealmName);
 		return user;
 	}
 };
@@ -4519,9 +4614,9 @@ var ApiKeyController = class {
 //#endregion
 //#region ../../src/api/keys/index.ts
 /**
-* | type | quality | stability |
-* |------|---------|--------------|
-* | backend | good | experimental |
+* | Stability | Since | Runtime |
+* |-----------|-------|---------|
+* | 3 - stable | 0.11.0 | node, bun, workerd|
 *
 * API key management module for programmatic access.
 *
@@ -4555,6 +4650,95 @@ const AlephaApiKeys = $module({
 	]
 });
+//#endregion
+//#region ../../src/api/users/services/UserFiles.ts
+/**
+* User-specific file storage wrapper service.
+*
+* This service provides file storage for user-related files such as:
+* - User avatars/profile pictures
+*
+* It is lazy-loaded when the `files` feature is enabled in the realm.
+*/
+var UserFiles = class {
+	/**
+	* Bucket for user avatar storage.
+	*/
+	avatars = $bucket({
+		maxSize: 5 * 1024 * 1024,
+		mimeTypes: [
+			"image/jpeg",
+			"image/png",
+			"image/gif",
+			"image/webp"
+		]
+	});
+};
+//#endregion
+//#region ../../src/api/users/services/UserJobs.ts
+/**
+* User-specific jobs wrapper service.
+*
+* This service handles user-related scheduled jobs such as:
+* - Session purge (cleaning up expired sessions)
+* - Verification code cleanup
+* - Inactive user notifications
+*
+* It is lazy-loaded when the `jobs` feature is enabled in the realm.
+*/
+var UserJobs = class {
+	log = $logger();
+	dateTimeProvider = $inject(DateTimeProvider);
+	sessionRepository = $repository(sessions);
+	/**
+	* Purge expired sessions from the database.
+	*
+	* This job runs daily at 3:00 AM and removes all sessions
+	* where the `expiresAt` timestamp has passed.
+	*/
+	purgeExpiredSessions = $job({
+		name: "users.purgeExpiredSessions",
+		description: "Remove expired user sessions from the database",
+		cron: "0 3 * * *",
+		handler: async () => {
+			const now = this.dateTimeProvider.nowISOString();
+			this.log.info("Starting expired sessions purge", { cutoffTime: now });
+			const expiredSessions = await this.sessionRepository.findMany({ where: { expiresAt: { lt: now } } });
+			if (expiredSessions.length === 0) {
+				this.log.info("No expired sessions found");
+				return;
+			}
+			this.log.info("Found expired sessions", { count: expiredSessions.length });
+			const deletedIds = await this.sessionRepository.deleteMany({ expiresAt: { lt: now } });
+			this.log.info("Expired sessions purged successfully", { deletedCount: deletedIds.length });
+		}
+	});
+};
+//#endregion
+//#region ../../src/api/users/services/UserParameters.ts
+/**
+* User-specific configuration service.
+*
+* This service wraps the core ConfigStore to provide realm settings management.
+* It is lazy-loaded when the `parameters` feature is enabled in the realm.
+*/
+var UserParameters = class {
+	/**
+	* Realm authentication settings configuration.
+	*
+	* Controls user registration, login methods, verification requirements,
+	* and password policies for the realm.
+	*/
+	realmSettings = $config({
+		name: "alepha.api.users.realmSettings",
+		description: "Realm authentication and registration settings",
+		schema: realmAuthSettingsAtom.schema,
+		default: realmAuthSettingsAtom.options.default
+	});
+};
 //#endregion
 //#region ../../src/api/users/primitives/$realm.ts
 /**
@@ -4580,12 +4764,32 @@ const $realm = (options = {}) => {
 	if (options.settings.emailRequired) options.settings.emailEnabled = true;
 	if (options.settings.usernameRequired) options.settings.usernameEnabled = true;
 	if (options.settings.phoneRequired) options.settings.phoneEnabled = true;
+	const features = {
+		jobs: false,
+		notifications: false,
+		apiKeys: false,
+		parameters: false,
+		files: false,
+		audits: false,
+		organizations: false,
+		...options.features
+	};
+	if (!features.notifications) {
+		options.settings.verifyEmailRequired = false;
+		options.settings.verifyPhoneRequired = false;
+		options.settings.resetPasswordAllowed = false;
+	}
 	const realmRegistration = realmProvider.register(name, options);
-	alepha.with(AlephaApiFiles);
-	alepha.with(AlephaApiAudits);
-	alepha.with(AlephaApiJobs);
+	if (features.files) alepha.with(UserFiles);
+	if (features.audits) alepha.with(UserAudits);
+	if (features.jobs) alepha.with(UserJobs);
+	if (features.notifications) {
+		alepha.with(AlephaApiVerification);
+		alepha.with(UserNotifications);
+	}
+	if (features.parameters) alepha.with(UserParameters);
 	const customResolvers = [...options.issuer?.resolvers ?? []];
-	if (options.apiKeys) {
+	if (features.apiKeys) {
 		alepha.with(AlephaApiKeys);
 		const apiKeyService = alepha.inject(ApiKeyService);
 		customResolvers.push(apiKeyService.createResolver());
@@ -4701,9 +4905,9 @@ const resetPasswordSchema = t.object({
 //#endregion
 //#region ../../src/api/users/index.ts
 /**
-* | type | quality | stability |
-* |------|---------|-----------|
-* | backend | epic | stable |
+* | Stability | Since | Runtime |
+* |-----------|-------|---------|
+* | 3 - stable | 0.5.0 | node, bun, workerd|
 *
 * Complete user management with multi-realm support for multi-tenant applications.
 *
@@ -4722,8 +4926,6 @@ const resetPasswordSchema = t.object({
 const AlephaApiUsers = $module({
 	name: "alepha.api.users",
 	services: [
-		AlephaApiVerification,
-		AlephaApiNotifications,
 		AlephaServerHelmet,
 		AlephaServerCompress,
 		AlephaEmail,
@@ -4738,11 +4940,10 @@ const AlephaApiUsers = $module({
 		AdminUserController,
 		AdminSessionController,
 		AdminIdentityController,
-		RealmController,
-		UserNotifications
+		RealmController
 	]
 });
 //#endregion
-export { $realm, AdminIdentityController, AdminSessionController, AdminUserController, AlephaApiUsers, CredentialService, DEFAULT_USER_REALM_NAME, IdentityService, RealmController, RealmProvider, RegistrationService, SessionCrudService, SessionService, UserController, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, realmConfigSchema, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userResourceSchema, users };
+export { $realm, AdminIdentityController, AdminSessionController, AdminUserController, AlephaApiUsers, CredentialService, DEFAULT_USER_REALM_NAME, IdentityService, RealmController, RealmProvider, RegistrationService, SessionCrudService, SessionService, UserAudits, UserController, UserFiles, UserJobs, UserNotifications, UserParameters, UserService, completePasswordResetRequestSchema, completeRegistrationRequestSchema, createUserSchema, identities, identityQuerySchema, identityResourceSchema, loginSchema, passwordResetIntentResponseSchema, realmAuthSettingsAtom, realmConfigSchema, registerSchema, registrationIntentResponseSchema, resetPasswordRequestSchema, resetPasswordSchema, sessionQuerySchema, sessionResourceSchema, sessions, updateUserSchema, userQuerySchema, userResourceSchema, users };
 //# sourceMappingURL=index.js.map