npm - alepha - Versions diffs - 0.20.2 → 0.20.4 - Mend

alepha 0.20.2 → 0.20.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (304) hide show

package/README.md +0 -1
package/assets/swagger-ui/swagger-ui-bundle.js +1 -1
package/assets/swagger-ui/swagger-ui.css +1 -1
package/dist/api/audits/index.browser.js +49 -0
package/dist/api/audits/index.browser.js.map +1 -1
package/dist/api/audits/index.js +49 -0
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +2 -61
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/keys/index.d.ts +4 -4
package/dist/api/keys/index.js.map +1 -1
package/dist/api/notifications/index.d.ts +1 -10
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/parameters/index.browser.js +37 -0
package/dist/api/parameters/index.browser.js.map +1 -1
package/dist/api/parameters/index.d.ts +12 -68
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +57 -4
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/payments/index.js.map +1 -1
package/dist/api/users/index.browser.js +6 -0
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +148 -227
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +60 -14
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +2 -1
package/dist/api/verifications/index.js.map +1 -1
package/dist/bucket/index.d.ts +77 -107
package/dist/bucket/index.d.ts.map +1 -1
package/dist/bucket/index.js +153 -5
package/dist/bucket/index.js.map +1 -1
package/dist/bucket/index.workerd.js +12 -2
package/dist/bucket/index.workerd.js.map +1 -1
package/dist/cache/core/index.d.ts +26 -0
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/core/index.js +11 -1
package/dist/cache/core/index.js.map +1 -1
package/dist/cache/core/index.workerd.js +11 -1
package/dist/cache/core/index.workerd.js.map +1 -1
package/dist/captcha/index.js.map +1 -1
package/dist/cli/config/index.d.ts +7 -5
package/dist/cli/config/index.d.ts.map +1 -1
package/dist/cli/config/index.js +2 -3
package/dist/cli/config/index.js.map +1 -1
package/dist/cli/core/index.d.ts +637 -11660
package/dist/cli/core/index.d.ts.map +1 -1
package/dist/cli/core/index.js +707 -532
package/dist/cli/core/index.js.map +1 -1
package/dist/cli/devtools/index.d.ts +4 -8
package/dist/cli/devtools/index.d.ts.map +1 -1
package/dist/cli/devtools/index.js +20 -16
package/dist/cli/devtools/index.js.map +1 -1
package/dist/cli/platform/index.d.ts +51 -77
package/dist/cli/platform/index.d.ts.map +1 -1
package/dist/cli/platform/index.js +65 -15
package/dist/cli/platform/index.js.map +1 -1
package/dist/cli/vendor/index.d.ts +10 -13
package/dist/cli/vendor/index.d.ts.map +1 -1
package/dist/cli/vendor/index.js +30 -12
package/dist/cli/vendor/index.js.map +1 -1
package/dist/command/index.js +1 -1
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +27 -3
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +8 -11
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +27 -3
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +27 -3
package/dist/core/index.native.js.map +1 -1
package/dist/core/index.workerd.js +27 -3
package/dist/core/index.workerd.js.map +1 -1
package/dist/crypto/index.js.map +1 -1
package/dist/datetime/index.d.ts +69 -10
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +135 -13
package/dist/datetime/index.js.map +1 -1
package/dist/email/core/index.js.map +1 -1
package/dist/email/smtp/index.js +130 -16
package/dist/email/smtp/index.js.map +1 -1
package/dist/fake/index.js.map +1 -1
package/dist/lock/core/index.d.ts +30 -2
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/core/index.js +35 -12
package/dist/lock/core/index.js.map +1 -1
package/dist/lock/redis/index.js.map +1 -1
package/dist/logger/index.js +32 -1
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +238 -31
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +198 -67
package/dist/mcp/index.js.map +1 -1
package/dist/orm/core/index.browser.js +2 -362
package/dist/orm/core/index.browser.js.map +1 -1
package/dist/orm/core/index.bun.js +18 -409
package/dist/orm/core/index.bun.js.map +1 -1
package/dist/orm/core/index.d.ts +41 -194
package/dist/orm/core/index.d.ts.map +1 -1
package/dist/orm/core/index.js +27 -422
package/dist/orm/core/index.js.map +1 -1
package/dist/orm/postgres/index.bun.js +17 -20
package/dist/orm/postgres/index.bun.js.map +1 -1
package/dist/orm/postgres/index.d.ts +1 -5
package/dist/orm/postgres/index.d.ts.map +1 -1
package/dist/orm/postgres/index.js +17 -20
package/dist/orm/postgres/index.js.map +1 -1
package/dist/react/core/index.d.ts +102 -1
package/dist/react/core/index.d.ts.map +1 -1
package/dist/react/core/index.js +65 -1
package/dist/react/core/index.js.map +1 -1
package/dist/react/form/index.d.ts +6 -0
package/dist/react/form/index.d.ts.map +1 -1
package/dist/react/form/index.js +7 -7
package/dist/react/form/index.js.map +1 -1
package/dist/react/i18n/index.d.ts +7 -1
package/dist/react/i18n/index.d.ts.map +1 -1
package/dist/react/i18n/index.js +6 -0
package/dist/react/i18n/index.js.map +1 -1
package/dist/react/intro/index.js +22 -17
package/dist/react/intro/index.js.map +1 -1
package/dist/react/router/index.browser.js +98 -4
package/dist/react/router/index.browser.js.map +1 -1
package/dist/react/router/index.d.ts +58 -5
package/dist/react/router/index.d.ts.map +1 -1
package/dist/react/router/index.js +122 -6
package/dist/react/router/index.js.map +1 -1
package/dist/react/testing/{chunk-DBEY4PJZ.js → chunk-6Ep1yQYe.js} +1 -1
package/dist/react/testing/index.js +1 -1
package/dist/react/testing/index.js.map +1 -1
package/dist/react/ui/index.d.ts +195 -1
package/dist/react/ui/index.d.ts.map +1 -1
package/dist/react/ui/index.js +64 -1
package/dist/react/ui/index.js.map +1 -1
package/dist/react/websocket/index.js.map +1 -1
package/dist/redis/index.js.map +1 -1
package/dist/scheduler/index.d.ts +1 -2
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/scheduler/index.js +1 -1
package/dist/scheduler/index.js.map +1 -1
package/dist/scheduler/index.workerd.js +1 -1
package/dist/scheduler/index.workerd.js.map +1 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +2 -2
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +24 -10
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.browser.js +10 -3
package/dist/server/core/index.browser.js.map +1 -1
package/dist/server/core/index.d.ts +1 -4
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +47 -9
package/dist/server/core/index.js.map +1 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.js +19 -1
package/dist/server/metrics/index.js.map +1 -1
package/dist/server/rate-limit/index.js.map +1 -1
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +4 -5
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.js.map +1 -1
package/dist/system/index.browser.js.map +1 -1
package/dist/system/index.js.map +1 -1
package/dist/system/index.workerd.js.map +1 -1
package/dist/topic/core/index.js.map +1 -1
package/dist/websocket/index.browser.js +32 -5
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +3 -1
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +42 -6
package/dist/websocket/index.js.map +1 -1
package/package.json +685 -274
package/src/api/files/__tests__/FileController.spec.ts +1 -1
package/src/api/jobs/__tests__/$job.spec.ts +5 -1
package/src/api/parameters/services/ParameterProvider.ts +21 -4
package/src/api/users/__tests__/SessionService.spec.ts +99 -0
package/src/api/users/__tests__/UserJobs.spec.ts +67 -0
package/src/api/users/atoms/realmAuthSettingsAtom.ts +15 -0
package/src/api/users/entities/sessions.ts +6 -0
package/src/api/users/jobs/UserJobs.ts +44 -17
package/src/api/users/providers/RealmProvider.ts +4 -0
package/src/api/users/schemas/userQuerySchema.ts +0 -1
package/src/api/users/services/SessionService.ts +27 -0
package/src/api/users/services/UserService.ts +1 -5
package/src/api/verifications/__tests__/CodeVerification.spec.ts +14 -0
package/src/api/verifications/__tests__/LinkVerification.spec.ts +14 -0
package/src/api/verifications/services/VerificationService.ts +1 -0
package/src/bucket/__tests__/NodeS3BucketProvider.spec.ts +74 -0
package/src/bucket/index.ts +19 -2
package/src/bucket/primitives/$bucket.ts +9 -1
package/src/bucket/providers/CloudflareR2Provider.ts +2 -137
package/src/bucket/providers/NodeS3BucketProvider.ts +218 -0
package/src/cache/core/index.ts +29 -0
package/src/cache/core/primitives/$cache.ts +14 -1
package/src/cli/config/defineConfig.ts +13 -15
package/src/cli/core/__tests__/init.spec.ts +214 -7
package/src/cli/core/commands/init.ts +12 -0
package/src/cli/core/services/PackageManagerUtils.ts +23 -6
package/src/cli/core/services/ProjectScaffolder.ts +315 -33
package/src/cli/core/tasks/BuildCloudflareTask.ts +5 -0
package/src/cli/core/tasks/BuildDockerTask.ts +9 -10
package/src/cli/core/tasks/BuildServerTask.ts +8 -0
package/src/cli/core/templates/agentMd.ts +2 -10
package/src/cli/core/templates/apiIndexTs.ts +23 -1
package/src/cli/core/templates/componentsJsonTs.ts +39 -0
package/src/cli/core/templates/mainCss.ts +1 -0
package/src/cli/core/templates/saasAdminLayoutTsx.ts +77 -0
package/src/cli/core/templates/saasAdminPagesTsx.ts +26 -0
package/src/cli/core/templates/saasAuthLayoutTsx.ts +20 -0
package/src/cli/core/templates/saasAuthPagesTsx.ts +62 -0
package/src/cli/core/templates/saasRealmProviderTs.ts +46 -0
package/src/cli/core/templates/webAppRouterTs.ts +104 -1
package/src/cli/core/templates/webIndexTs.ts +23 -1
package/src/cli/devtools/index.ts +12 -26
package/src/cli/platform/__tests__/SecretsCommand.spec.ts +2 -0
package/src/cli/platform/index.ts +15 -24
package/src/cli/vendor/atoms/vendorOptions.ts +1 -1
package/src/cli/vendor/index.ts +14 -23
package/src/command/providers/CliProvider.ts +1 -1
package/src/core/Alepha.ts +11 -1
package/src/core/helpers/ref.ts +18 -0
package/src/core/index.shared.ts +1 -0
package/src/core/interfaces/Service.ts +3 -1
package/src/core/providers/SchemaValidator.ts +9 -1
package/src/core/providers/TypeProvider.ts +2 -3
package/src/datetime/REFACTORING.md +118 -0
package/src/datetime/providers/DateTimeProvider.ts +203 -24
package/src/lock/core/index.ts +31 -0
package/src/lock/core/primitives/$lock.ts +14 -1
package/src/logger/services/Logger.ts +1 -1
package/src/mcp/__tests__/$resource.spec.ts +1 -1
package/src/mcp/__tests__/$tool.spec.ts +1 -1
package/src/mcp/__tests__/McpServerProvider.spec.ts +1 -1
package/src/mcp/__tests__/jsonrpc.spec.ts +1 -1
package/src/mcp/helpers/jsonrpc.ts +26 -1
package/src/mcp/index.ts +10 -5
package/src/mcp/interfaces/McpTypes.ts +83 -6
package/src/mcp/primitives/$prompt.ts +18 -1
package/src/mcp/primitives/$resource.ts +18 -1
package/src/mcp/primitives/$tool.ts +83 -7
package/src/mcp/providers/McpServerProvider.ts +74 -16
package/src/mcp/transports/StreamableHttpMcpTransport.ts +226 -0
package/src/orm/REFACTORING.md +330 -0
package/src/orm/__tests__/$repository-tests.ts +1 -0
package/src/orm/__tests__/orm-next-tests.ts +2 -67
package/src/orm/__tests__/orm-next.spec.ts +0 -21
package/src/orm/core/index.shared.ts +0 -2
package/src/orm/core/index.ts +1 -2
package/src/orm/core/primitives/$repository.ts +3 -6
package/src/orm/core/primitives/$transactional.ts +11 -0
package/src/orm/core/providers/drivers/DatabaseProvider.ts +0 -5
package/src/orm/core/providers/drivers/NodeSqliteProvider.ts +11 -13
package/src/orm/core/schemas/updateSchema.ts +1 -1
package/src/orm/core/services/ModelBuilder.ts +1 -13
package/src/orm/core/services/PgRelationManager.ts +4 -2
package/src/orm/core/services/Repository.ts +1 -42
package/src/orm/core/services/SqliteModelBuilder.ts +2 -33
package/src/orm/postgres/services/PostgresModelBuilder.ts +10 -45
package/src/react/core/__tests__/useQuery.browser.spec.tsx +86 -0
package/src/react/core/hooks/useQuery.ts +153 -0
package/src/react/core/index.ts +1 -0
package/src/react/form/services/FormModel.ts +15 -6
package/src/react/form/services/parseField.ts +8 -0
package/src/react/i18n/providers/I18nProvider.ts +8 -2
package/src/react/intro/components/GettingStartedAuthSlide.tsx +11 -4
package/src/react/router/__tests__/$page.spec.tsx +0 -16
package/src/react/router/__tests__/ReactBrowserProvider.browser.spec.ts +213 -2
package/src/react/router/__tests__/ssr.spec.tsx +339 -0
package/src/react/router/primitives/$page.ts +28 -4
package/src/react/router/providers/ReactBrowserProvider.ts +73 -0
package/src/react/router/providers/ReactBrowserRouterProvider.ts +1 -1
package/src/react/router/providers/ReactPageProvider.ts +27 -9
package/src/react/router/providers/ReactPreloadProvider.ts +1 -1
package/src/react/router/providers/ReactServerProvider.ts +1 -0
package/src/react/ui/atoms/uiThemeListAtom.ts +36 -0
package/src/react/ui/index.ts +6 -0
package/src/react/ui/services/SchemaControl.ts +209 -0
package/src/scheduler/providers/CronProvider.ts +1 -1
package/src/security/primitives/$basicAuth.ts +1 -1
package/src/security/primitives/$issuer.ts +6 -3
package/src/server/auth/providers/ServerAuthProvider.ts +5 -1
package/src/server/core/__tests__/ServerRouterProvider-serializationError.spec.ts +75 -0
package/src/server/core/__tests__/ServerRouterProvider-validationError.spec.ts +306 -0
package/src/server/core/errors/ValidationError.ts +13 -1
package/src/server/core/interfaces/ServerRequest.ts +1 -0
package/src/server/core/primitives/$action.ts +16 -5
package/src/server/core/providers/ServerProvider.ts +1 -1
package/src/server/core/providers/ServerRouterProvider.ts +28 -6
package/src/server/core/services/HttpClient.ts +1 -1
package/src/server/swagger/providers/ServerSwaggerProvider.ts +6 -8
package/src/websocket/providers/NodeWebSocketServerProvider.ts +10 -4
package/src/websocket/services/WebSocketClient.ts +11 -5
package/src/mcp/transports/SseMcpTransport.ts +0 -182
package/src/orm/core/__tests__/parseQueryString.spec.ts +0 -196
package/src/orm/core/helpers/parseQueryString.ts +0 -502
package/src/orm/core/primitives/$view.ts +0 -88

package/dist/api/users/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import * as _$alepha from "alepha";
-import { Alepha, AlephaError, Page, PageQuery, Primitive, Static, StaticEncode, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
+import { Alepha, AlephaError, Page, PageQuery, Primitive, SchemaValidator, Static, StaticEncode, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
 import { AuditService, CreateAudit } from "alepha/api/audits";
 import * as _$alepha_bucket0 from "alepha/bucket";
 import { CryptoProvider, IssuerPrimitive, IssuerPrimitiveOptions, UserAccount } from "alepha/security";
@@ -71,9 +71,112 @@ declare const realmAuthSettingsAtom: _$alepha.Atom<_$alepha.TObject<{
     accountMaxAttempts: _$alepha.TInteger;
     windowMs: _$alepha.TInteger;
   }>;
+  refreshToken: _$alepha.TObject<{
+    expirationIdle: _$alepha.TOptional<_$alepha.TInteger>;
+  }>;
 }>, "alepha.api.users.realmAuthSettings">;
 type RealmAuthSettings = Static<typeof realmAuthSettingsAtom.schema>;
 //#endregion
+//#region ../../src/api/users/audits/UserAudits.d.ts
+type AuditContext = Omit<CreateAudit, "type" | "action">;
+/**
+ * User-specific audit wrapper service.
+ *
+ * This service wraps the core AuditService to provide user-related audit logging.
+ *
+ * Declared as a module variant — not auto-injected. It is instantiated
+ * lazily the first time something calls `alepha.inject(UserAudits)`.
+ */
+declare class UserAudits {
+  protected readonly auditService: AuditService;
+  /**
+   * Record a user-related audit event.
+   */
+  recordUser(action: "create" | "update" | "delete" | "role_change" | "enable" | "disable", context: AuditContext): Promise<{
+    description?: string | undefined;
+    userId?: string | undefined;
+    userRealm?: string | undefined;
+    userEmail?: string | undefined;
+    resourceType?: string | undefined;
+    resourceId?: string | undefined;
+    metadata?: Record<string, any> | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+    sessionId?: string | undefined;
+    requestId?: string | undefined;
+    errorMessage?: string | undefined;
+    type: string;
+    id: string;
+    createdAt: string;
+    action: string;
+    severity: "info" | "warning" | "critical";
+    success: boolean;
+  }>;
+  /**
+   * Record an authentication-related audit event.
+   */
+  recordAuth(action: "login" | "logout" | "login_failed" | "token_refresh", context: AuditContext): Promise<{
+    description?: string | undefined;
+    userId?: string | undefined;
+    userRealm?: string | undefined;
+    userEmail?: string | undefined;
+    resourceType?: string | undefined;
+    resourceId?: string | undefined;
+    metadata?: Record<string, any> | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+    sessionId?: string | undefined;
+    requestId?: string | undefined;
+    errorMessage?: string | undefined;
+    type: string;
+    id: string;
+    createdAt: string;
+    action: string;
+    severity: "info" | "warning" | "critical";
+    success: boolean;
+  }>;
+  /**
+   * Record a generic audit event.
+   */
+  record(category: string, action: string, context: AuditContext): Promise<{
+    description?: string | undefined;
+    userId?: string | undefined;
+    userRealm?: string | undefined;
+    userEmail?: string | undefined;
+    resourceType?: string | undefined;
+    resourceId?: string | undefined;
+    metadata?: Record<string, any> | undefined;
+    ipAddress?: string | undefined;
+    userAgent?: string | undefined;
+    sessionId?: string | undefined;
+    requestId?: string | undefined;
+    errorMessage?: string | undefined;
+    type: string;
+    id: string;
+    createdAt: string;
+    action: string;
+    severity: "info" | "warning" | "critical";
+    success: boolean;
+  }>;
+}
+//#endregion
+//#region ../../src/api/users/buckets/UserBuckets.d.ts
+/**
+ * User-specific file storage wrapper service.
+ *
+ * This service provides file storage for user-related files such as:
+ * - User avatars/profile pictures
+ *
+ * Declared as a module variant — not auto-injected. It is instantiated
+ * lazily the first time something calls `alepha.inject(UserBuckets)`.
+ */
+declare class UserBuckets {
+  /**
+   * Bucket for user avatar storage.
+   */
+  readonly avatars: _$alepha_bucket0.BucketPrimitive;
+}
+//#endregion
 //#region ../../src/orm/core/schemas/insertSchema.d.ts
 /**
  * Transforms a TObject schema for insert operations.
@@ -355,6 +458,19 @@ declare class DbError extends AlephaError {
   constructor(message: string, cause?: unknown);
 }
 //#endregion
+//#region ../../src/orm/core/helpers/pgAttr.d.ts
+/**
+ * Type representation.
+ */
+type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
+interface PgAttrField {
+  key: string;
+  type: TSchema;
+  data: any;
+  nested?: any[];
+  one?: boolean;
+}
+//#endregion
 //#region ../../src/orm/core/interfaces/FilterOperators.d.ts
 interface FilterOperators<TValue> {
   /**
@@ -901,19 +1017,6 @@ type PgQueryWhereConditions<T extends TObject, Relations extends PgRelationMap<T
 };
 type PgQueryWhereRelations<Relations extends PgRelationMap<TObject> | undefined = undefined> = Relations extends PgRelationMap<TObject> ? { [K in keyof Relations]?: PgQueryWhere<Relations[K]["join"]["schema"], Relations[K]["with"]> } : {};
 //#endregion
-//#region ../../src/orm/core/helpers/pgAttr.d.ts
-/**
- * Type representation.
- */
-type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
-interface PgAttrField {
-  key: string;
-  type: TSchema;
-  data: any;
-  nested?: any[];
-  one?: boolean;
-}
-//#endregion
 //#region ../../src/orm/core/interfaces/AggregateQuery.d.ts
 type AggregateOp = "count" | "sum" | "avg" | "min" | "max";
 /**
@@ -985,35 +1088,6 @@ interface AggregateQuery<T extends TObject, S extends AggregateSelect<T>> {
   offset?: number;
 }
 //#endregion
-//#region ../../src/orm/core/primitives/$view.d.ts
-interface ViewPrimitiveOptions<T extends TObject> {
-  /**
-   * The database view name.
-   */
-  name: string;
-  /**
-   * TypeBox schema defining the view's columns.
-   */
-  schema: T;
-  /**
-   * SQL query that defines the view.
-   */
-  query: SQL;
-  /**
-   * Whether this is a materialized view (PostgreSQL only).
-   * Materialized views store results on disk and can be refreshed.
-   */
-  materialized?: boolean;
-}
-declare class ViewPrimitive<T extends TObject = TObject> {
-  readonly options: ViewPrimitiveOptions<T>;
-  readonly isView = true;
-  constructor(options: ViewPrimitiveOptions<T>);
-  get name(): string;
-  get schema(): T;
-  get materialized(): boolean;
-}
-//#endregion
 //#region ../../src/orm/core/providers/DbCacheProvider.d.ts
 /**
  * Database query cache using a simple in-memory Map.
@@ -1097,13 +1171,6 @@ declare abstract class ModelBuilder {
     schemas: Map<string, unknown>;
     schema: string;
   }): void;
-  /**
-   * Build a view from a view primitive.
-   */
-  abstract buildView(view: ViewPrimitive, options: {
-    tables: Map<string, unknown>;
-    schema: string;
-  }): void;
   /**
    * Build a sequence from a sequence primitive.
    */
@@ -6126,7 +6193,6 @@ declare abstract class DatabaseProvider {
   protected parseOperation(sql: string): string;
   table<T extends TObject>(entity: EntityPrimitive<T>): PgTableWithColumns<SchemaToTableConfig<T>>;
   registerEntity(entity: EntityPrimitive): void;
-  registerView(view: ViewPrimitive): void;
   registerSequence(sequence: SequencePrimitive): void;
   /**
    * Rebuild all models into fresh maps using a different schema.
@@ -6255,6 +6321,7 @@ interface PgJoin {
 //#endregion
 //#region ../../src/orm/core/services/PgRelationManager.d.ts
 declare class PgRelationManager {
+  protected readonly schemaValidator: SchemaValidator;
   /**
    * Recursively build joins for the query builder based on the relations map
    */
@@ -6305,10 +6372,6 @@ declare abstract class Repository$1<T extends TObject> {
    * Get SQL table name. (from Drizzle table object)
    */
   get tableName(): string;
-  /**
-   * Whether this repository is backed by a view (read-only).
-   */
-  get isReadOnly(): boolean;
   /**
    * Getter for the database connection from the database provider.
    *
@@ -6583,14 +6646,6 @@ declare abstract class Repository$1<T extends TObject> {
    * Clean a row with joins recursively
    */
   protected cleanWithJoins<T extends TObject>(row: Record<string, unknown>, schema: T, joins: PgJoin[], parentPath?: string): Static<T>;
-  /**
-   * Throw if this repository is read-only (backed by a view).
-   */
-  protected assertWritable(): void;
-  /**
-   * Refresh a materialized view. PostgreSQL only.
-   */
-  refresh(): Promise<void>;
   /**
    * Build a cache key from method name and query parameters.
    */
@@ -6695,163 +6750,6 @@ declare module "alepha" {
   interface Env extends Partial<Static<typeof databaseEnvSchema>> {}
 } //# sourceMappingURL=databaseEnvSchema.d.ts.map
 //#endregion
-//#region ../../src/api/users/audits/UserAudits.d.ts
-type AuditContext = Omit<CreateAudit, "type" | "action">;
-/**
- * User-specific audit wrapper service.
- *
- * This service wraps the core AuditService to provide user-related audit logging.
- *
- * Declared as a module variant — not auto-injected. It is instantiated
- * lazily the first time something calls `alepha.inject(UserAudits)`.
- */
-declare class UserAudits {
-  protected readonly auditService: AuditService;
-  /**
-   * Record a user-related audit event.
-   */
-  recordUser(action: "create" | "update" | "delete" | "role_change" | "enable" | "disable", context: AuditContext): Promise<{
-    description?: string | undefined;
-    userId?: string | undefined;
-    userRealm?: string | undefined;
-    userEmail?: string | undefined;
-    resourceType?: string | undefined;
-    resourceId?: string | undefined;
-    metadata?: _$typebox.StaticRecord<[], "Decode", {}, {
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
-    }, string, _$alepha.TAny> | undefined;
-    ipAddress?: string | undefined;
-    userAgent?: string | undefined;
-    sessionId?: string | undefined;
-    requestId?: string | undefined;
-    errorMessage?: string | undefined;
-    type: string;
-    id: string;
-    createdAt: string;
-    action: string;
-    severity: "info" | "warning" | "critical";
-    success: boolean;
-  }>;
-  /**
-   * Record an authentication-related audit event.
-   */
-  recordAuth(action: "login" | "logout" | "login_failed" | "token_refresh", context: AuditContext): Promise<{
-    description?: string | undefined;
-    userId?: string | undefined;
-    userRealm?: string | undefined;
-    userEmail?: string | undefined;
-    resourceType?: string | undefined;
-    resourceId?: string | undefined;
-    metadata?: _$typebox.StaticRecord<[], "Decode", {}, {
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
-    }, string, _$alepha.TAny> | undefined;
-    ipAddress?: string | undefined;
-    userAgent?: string | undefined;
-    sessionId?: string | undefined;
-    requestId?: string | undefined;
-    errorMessage?: string | undefined;
-    type: string;
-    id: string;
-    createdAt: string;
-    action: string;
-    severity: "info" | "warning" | "critical";
-    success: boolean;
-  }>;
-  /**
-   * Record a generic audit event.
-   */
-  record(category: string, action: string, context: AuditContext): Promise<{
-    description?: string | undefined;
-    userId?: string | undefined;
-    userRealm?: string | undefined;
-    userEmail?: string | undefined;
-    resourceType?: string | undefined;
-    resourceId?: string | undefined;
-    metadata?: _$typebox.StaticRecord<[], "Decode", {}, {
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
-    }, string, _$alepha.TAny> | undefined;
-    ipAddress?: string | undefined;
-    userAgent?: string | undefined;
-    sessionId?: string | undefined;
-    requestId?: string | undefined;
-    errorMessage?: string | undefined;
-    type: string;
-    id: string;
-    createdAt: string;
-    action: string;
-    severity: "info" | "warning" | "critical";
-    success: boolean;
-  }>;
-}
-//#endregion
-//#region ../../src/api/users/buckets/UserBuckets.d.ts
-/**
- * User-specific file storage wrapper service.
- *
- * This service provides file storage for user-related files such as:
- * - User avatars/profile pictures
- *
- * Declared as a module variant — not auto-injected. It is instantiated
- * lazily the first time something calls `alepha.inject(UserBuckets)`.
- */
-declare class UserBuckets {
-  /**
-   * Bucket for user avatar storage.
-   */
-  readonly avatars: _$alepha_bucket0.BucketPrimitive;
-}
-//#endregion
 //#region ../../src/api/users/entities/identities.d.ts
 declare const identities: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
   id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
@@ -6875,6 +6773,12 @@ declare const sessions: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
   refreshToken: _$alepha.TString;
   userId: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>;
   expiresAt: _$alepha.TString;
+  /**
+   * Last time the session was used to refresh an access token.
+   * Used by realm `refreshToken.expirationIdle` to invalidate idle sessions.
+   * `null` on existing rows pre-migration — falls back to `createdAt`.
+   */
+  lastUsedAt: _$alepha.TOptional<_$alepha.TString>;
   ip: _$alepha.TOptional<_$alepha.TString>;
   userAgent: _$alepha.TOptional<_$alepha.TObject<{
     os: _$alepha.TString;
@@ -7047,6 +6951,7 @@ declare class RealmProvider {
     refreshToken: _$alepha.TString;
     userId: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>;
     expiresAt: _$alepha.TString;
+    lastUsedAt: _$alepha.TOptional<_$alepha.TString>;
     ip: _$alepha.TOptional<_$alepha.TString>;
     userAgent: _$alepha.TOptional<_$alepha.TObject<{
       os: _$alepha.TString;
@@ -7211,6 +7116,7 @@ declare class SessionCrudService {
     refreshToken: _$alepha.TString;
     userId: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>;
     expiresAt: _$alepha.TString;
+    lastUsedAt: _$alepha.TOptional<_$alepha.TString>;
     ip: _$alepha.TOptional<_$alepha.TString>;
     userAgent: _$alepha.TOptional<_$alepha.TObject<{
       os: _$alepha.TString;
@@ -7351,7 +7257,7 @@ declare const createUserSchema: _$alepha.TObject<{
   createdAt: _$alepha.TOptional<PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
   updatedAt: _$alepha.TOptional<PgAttr<PgAttr<_$alepha.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
   username: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
-  roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+  roles: _$alepha.TOptional<PgAttr<_$alepha.TArray<_$alepha.TString>, typeof PG_DEFAULT>>;
   firstName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
   lastName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
   picture: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
@@ -7366,7 +7272,7 @@ declare const updateUserSchema: _$alepha.TObject<{
   email: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
   phoneNumber: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
   realm: _$alepha.TOptional<PgAttr<_$alepha.TString, typeof PG_DEFAULT>>;
-  roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+  roles: _$alepha.TOptional<PgAttr<_$alepha.TArray<_$alepha.TString>, typeof PG_DEFAULT>>;
   firstName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
   lastName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
   picture: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
@@ -7383,7 +7289,6 @@ declare const userQuerySchema: _$alepha.TObject<{
   enabled: _$alepha.TOptional<_$alepha.TBoolean>;
   emailVerified: _$alepha.TOptional<_$alepha.TBoolean>;
   roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
-  query: _$alepha.TOptional<_$alepha.TString>;
 }>;
 type UserQuery = Static<typeof userQuerySchema>;
 //#endregion
@@ -7468,7 +7373,6 @@ declare class AdminUserController {
       enabled: _$alepha.TOptional<_$alepha.TBoolean>;
       emailVerified: _$alepha.TOptional<_$alepha.TBoolean>;
       roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
-      query: _$alepha.TOptional<_$alepha.TString>;
       userRealmName: _$alepha.TOptional<_$alepha.TString>;
     }>;
     response: _$alepha.TPage<_$alepha.TObject<{
@@ -7533,7 +7437,7 @@ declare class AdminUserController {
       createdAt: _$alepha.TOptional<PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
       updatedAt: _$alepha.TOptional<PgAttr<PgAttr<_$alepha.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
       username: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
-      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      roles: _$alepha.TOptional<PgAttr<_$alepha.TArray<_$alepha.TString>, typeof PG_DEFAULT>>;
       firstName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
       lastName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
       picture: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
@@ -7573,7 +7477,7 @@ declare class AdminUserController {
       email: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
       phoneNumber: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
       realm: _$alepha.TOptional<PgAttr<_$alepha.TString, typeof PG_DEFAULT>>;
-      roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
+      roles: _$alepha.TOptional<PgAttr<_$alepha.TArray<_$alepha.TString>, typeof PG_DEFAULT>>;
       firstName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
       lastName: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
       picture: _$alepha.TOptional<_$alepha.TOptional<_$alepha.TString>>;
@@ -7665,6 +7569,9 @@ declare class RealmController {
           accountMaxAttempts: _$alepha.TInteger;
           windowMs: _$alepha.TInteger;
         }>;
+        refreshToken: _$alepha.TObject<{
+          expirationIdle: _$alepha.TOptional<_$alepha.TInteger>;
+        }>;
       }>;
       realmName: _$alepha.TString;
       authenticationMethods: _$alepha.TArray<_$alepha.TObject<{
@@ -7760,6 +7667,7 @@ declare class CredentialService {
     refreshToken: _$alepha.TString;
     userId: PgAttr<_$alepha.TString, typeof PG_REF>;
     expiresAt: _$alepha.TString;
+    lastUsedAt: _$alepha.TOptional<_$alepha.TString>;
     ip: _$alepha.TOptional<_$alepha.TString>;
     userAgent: _$alepha.TOptional<_$alepha.TObject<{
       os: _$alepha.TString;
@@ -8138,6 +8046,7 @@ declare class UserJobs {
     refreshToken: _$alepha.TString;
     userId: _$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_REF>;
     expiresAt: _$alepha.TString;
+    lastUsedAt: _$alepha.TOptional<_$alepha.TString>;
     ip: _$alepha.TOptional<_$alepha.TString>;
     userAgent: _$alepha.TOptional<_$alepha.TObject<{
       os: _$alepha.TString;
@@ -8145,10 +8054,18 @@ declare class UserJobs {
       device: _$alepha.TUnsafe<"MOBILE" | "DESKTOP" | "TABLET">;
     }>>;
   }>>;
+  protected readonly realmProvider: RealmProvider;
   /**
    * Purge expired sessions from the database.
    *
-   * Runs hourly (at :00) and deletes sessions whose `expiresAt` has passed.
+   * Runs hourly (at :00) and deletes:
+   * - sessions whose absolute `expiresAt` has passed
+   * - sessions whose `lastUsedAt` exceeds the realm's `refreshToken.expirationIdle`
+   *   (when configured). Falls back to `createdAt` for sessions without a
+   *   recorded `lastUsedAt`.
+   *
+   * The idle sweep is best-effort cleanup — runtime enforcement happens in
+   * `SessionService.refreshSession()`.
    */
   readonly purgeExpiredSessions: _$alepha_api_jobs0.JobPrimitive<_$alepha.TSchema>;
 }
@@ -8205,6 +8122,9 @@ declare const realmConfigSchema: _$alepha.TObject<{
       accountMaxAttempts: _$alepha.TInteger;
       windowMs: _$alepha.TInteger;
     }>;
+    refreshToken: _$alepha.TObject<{
+      expirationIdle: _$alepha.TOptional<_$alepha.TInteger>;
+    }>;
   }>;
   realmName: _$alepha.TString;
   authenticationMethods: _$alepha.TArray<_$alepha.TObject<{
@@ -8313,6 +8233,7 @@ declare class SessionService {
     refreshToken: _$alepha.TString;
     userId: PgAttr<_$alepha.TString, typeof PG_REF>;
     expiresAt: _$alepha.TString;
+    lastUsedAt: _$alepha.TOptional<_$alepha.TString>;
     ip: _$alepha.TOptional<_$alepha.TString>;
     userAgent: _$alepha.TOptional<_$alepha.TObject<{
       os: _$alepha.TString;