alepha 0.20.5 → 0.20.6

package/dist/api/audits/index.d.ts

@@ -1,361 +1,57 @@
 import * as _$alepha from "alepha";
 import { Alepha, KIND, Primitive, Static, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
-import * as _$alepha_server0 from "alepha/server";
-import { ServerRequest } from "alepha/server";
 import * as _$alepha_orm0 from "alepha/orm";
 import { Page } from "alepha/orm";
+import * as _$alepha_server0 from "alepha/server";
+import { ServerRequest } from "alepha/server";
 import * as _$alepha_logger0 from "alepha/logger";
 import { BuildExtraConfigColumns, SQL } from "drizzle-orm";
 import { PgColumnBuilderBase, PgSequenceOptions, PgTableExtraConfigValue, UpdateDeleteAction } from "drizzle-orm/pg-core";
-//#region ../../src/orm/core/schemas/insertSchema.d.ts
+//#region ../../src/api/audits/entities/audits.d.ts
 /**
- * Transforms a TObject schema for insert operations.
- * All default properties at the root level are made optional.
- * Generated columns are excluded entirely.
- *
- * @example
- * Before: { name: string; age: number(default=0); fullName: generated }
- * After:  { name: string; age?: number; }
+ * Audit severity levels for categorizing events.
  */
-type TObjectInsert<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
-  [PG_GENERATED]: any;
-} ? never : K]: T["properties"][K] extends {
-  [PG_DEFAULT]: any;
-} | {
-  "~optional": true;
-} ? TOptional<T["properties"][K]> : T["properties"][K] }>;
-//#endregion
-//#region ../../src/orm/core/schemas/updateSchema.d.ts
+declare const auditSeveritySchema: _$alepha.TUnsafe<"info" | "warning" | "critical">;
+type AuditSeverity = Static<typeof auditSeveritySchema>;
 /**
- * Transforms a TObject schema for update operations.
- * All optional properties at the root level are made nullable (i.e., `T | null`).
- * Generated columns are excluded entirely.
+ * Audit log entity for tracking important system events.
  *
- * @example
- * Before: { name?: string; age: number; fullName: generated }
- * After:  { name?: string | null; age: number; }
+ * Stores comprehensive audit information including:
+ * - Who performed the action (userId, userRealm)
+ * - What happened (type, action, resource)
+ * - When it happened (createdAt)
+ * - Context and details (metadata, ipAddress, userAgent)
  */
-type TObjectUpdate<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
-  [PG_GENERATED]: any;
-} ? never : K]: T["properties"][K] extends TOptional<infer U> ? TOptional<TUnion<[U, TNull]>> : T["properties"][K] }>;
-//#endregion
-//#region ../../src/orm/core/primitives/$entity.d.ts
-interface EntityPrimitiveOptions<T extends TObject, Keys = keyof Static<T>> {
+declare const audits: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
+  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
-   * The database table name that will be created for this entity.
-   * If not provided, name will be inferred from the $repository variable name.
+   * Audit event type (e.g., "auth", "user", "payment", "system").
+   * Used for categorizing and filtering audit events.
    */
-  name: string;
+  type: _$alepha.TString;
   /**
-   * TypeBox schema defining the table structure and column types.
+   * Specific action performed (e.g., "login", "logout", "create", "update", "delete").
    */
-  schema: T;
+  action: _$alepha.TString;
   /**
-   * Database indexes to create for query optimization.
+   * Severity level of the event.
    */
-  indexes?: (Keys | {
-    /**
-     * Single column to index.
-     */
-    column: Keys;
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name?: string;
-    /**
-     * Partial index condition. Only rows matching this SQL expression are indexed.
-     */
-    where?: SQL;
-  } | {
-    /**
-     * Multiple columns for composite index (order matters for query optimization).
-     */
-    columns: Keys[];
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name?: string;
-    /**
-     * Partial index condition. Only rows matching this SQL expression are indexed.
-     */
-    where?: SQL;
-  } | {
-    /**
-     * SQL expressions for expression-based indexes.
-     *
-     * Can include column references and SQL functions like `LOWER()`, `UPPER()`, etc.
-     * Columns and expressions can be mixed together.
-     *
-     * @example
-     * ```ts
-     * // Case-insensitive unique username per realm
-     * indexes: [{
-     *   expressions: (self) => [self.realm, sql`LOWER(${self.username})`],
-     *   unique: true,
-     *   name: "users_realm_username_lower_idx",
-     * }]
-     * ```
-     */
-    expressions: (self: Record<Keys & string, any>) => (SQL | any)[];
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name: string;
-    /**
-     * Partial index condition. Only rows matching this SQL expression are indexed.
-     */
-    where?: SQL;
-  })[];
+  severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
-   * Foreign key constraints to maintain referential integrity.
+   * User ID who performed the action (null for system events).
    */
-  foreignKeys?: Array<{
-    /**
-     * Optional name for the foreign key constraint.
-     */
-    name?: string;
-    /**
-     * Local columns that reference the foreign table.
-     */
-    columns: Array<keyof Static<T>>;
-    /**
-     * Referenced columns in the foreign table.
-     * Must be EntityColumn references from other entities.
-     */
-    foreignColumns: Array<() => EntityColumn<any>>;
-  }>;
+  userId: _$alepha.TOptional<_$alepha.TString>;
   /**
-   * Additional table constraints for data validation.
-   *
-   * Constraints enforce business rules at the database level, providing
-   * an additional layer of data integrity beyond application validation.
-   *
-   * **Constraint Types**:
-   * - **Unique constraints**: Prevent duplicate values across columns
-   * - **Check constraints**: Enforce custom validation rules with SQL expressions
-   *
-   * @example
-   * ```ts
-   * constraints: [
-   *   {
-   *     name: "unique_user_email",
-   *     columns: ["email"],
-   *     unique: true
-   *   },
-   *   {
-   *     name: "valid_age_range",
-   *     columns: ["age"],
-   *     check: sql`age >= 0 AND age <= 150`
-   *   },
-   *   {
-   *     name: "unique_user_username_per_tenant",
-   *     columns: ["tenantId", "username"],
-   *     unique: true
-   *   }
-   * ]
-   * ```
+   * User realm for multi-tenant support.
    */
-  constraints?: Array<{
-    /**
-     * Columns involved in this constraint.
-     */
-    columns: Array<keyof Static<T>>;
-    /**
-     * Optional name for the constraint.
-     */
-    name?: string;
-    /**
-     * Whether this is a unique constraint.
-     */
-    unique?: boolean | {};
-    /**
-     * SQL expression for check constraint validation.
-     */
-    check?: SQL;
-  }>;
+  userRealm: _$alepha.TOptional<_$alepha.TString>;
   /**
-   * Advanced Drizzle ORM configuration for complex table setups.
+   * User email at the time of the event (denormalized for history).
    */
-  config?: (self: BuildExtraConfigColumns<string, FromSchema<T>, "pg">) => PgTableExtraConfigValue[];
-}
-declare class EntityPrimitive<T extends TObject = TObject> {
-  readonly options: EntityPrimitiveOptions<T>;
-  constructor(options: EntityPrimitiveOptions<T>);
-  alias(alias: string): this;
-  get cols(): EntityColumns<T>;
-  get name(): string;
-  get schema(): T;
-  get insertSchema(): TObjectInsert<T>;
-  get updateSchema(): TObjectUpdate<T>;
-}
-/**
- * Convert a schema to columns.
- */
-type FromSchema<T extends TObject> = { [key in keyof T["properties"]]: PgColumnBuilderBase };
-type EntityColumn<T extends TObject> = {
-  name: string;
-  entity: EntityPrimitive<T>;
-};
-type EntityColumns<T extends TObject> = { [key in keyof T["properties"]]: EntityColumn<T> };
-//#endregion
-//#region ../../src/orm/core/constants/PG_SYMBOLS.d.ts
-declare const PG_DEFAULT: unique symbol;
-declare const PG_PRIMARY_KEY: unique symbol;
-declare const PG_CREATED_AT: unique symbol;
-declare const PG_UPDATED_AT: unique symbol;
-declare const PG_DELETED_AT: unique symbol;
-declare const PG_VERSION: unique symbol;
-declare const PG_IDENTITY: unique symbol;
-declare const PG_ENUM: unique symbol;
-declare const PG_REF: unique symbol;
-declare const PG_GENERATED: unique symbol;
-declare const PG_ORGANIZATION: unique symbol;
-/**
- * @deprecated Use `PG_IDENTITY` instead.
- */
-declare const PG_SERIAL: unique symbol;
-type PgSymbols = {
-  [PG_DEFAULT]: {};
-  [PG_PRIMARY_KEY]: {};
-  [PG_CREATED_AT]: {};
-  [PG_UPDATED_AT]: {};
-  [PG_DELETED_AT]: {};
-  [PG_VERSION]: {};
-  [PG_IDENTITY]: PgIdentityOptions;
-  [PG_REF]: PgRefOptions;
-  [PG_ENUM]: PgEnumOptions;
-  [PG_GENERATED]: PgGeneratedOptions;
-  [PG_ORGANIZATION]: {};
+  userEmail: _$alepha.TOptional<_$alepha.TString>;
   /**
-   * @deprecated Use `PG_IDENTITY` instead.
-   */
-  [PG_SERIAL]: {};
-};
-type PgSymbolKeys = keyof PgSymbols;
-type PgIdentityOptions = {
-  mode: "always" | "byDefault";
-} & PgSequenceOptions & {
-  name?: string;
-};
-interface PgEnumOptions {
-  name?: string;
-  description?: string;
-}
-interface PgGeneratedOptions {
-  /**
-   * SQL expression for the generated column.
-   */
-  expression: SQL;
-  /**
-   * Storage mode for the generated column.
-   * - `"stored"` — value is computed on write and stored on disk (default for PostgreSQL).
-   * - `"virtual"` — value is computed on read (default for SQLite).
-   */
-  mode?: "stored" | "virtual";
-}
-interface PgRefOptions {
-  ref: () => {
-    name: string;
-    entity: EntityPrimitive;
-  };
-  actions?: {
-    onUpdate?: UpdateDeleteAction;
-    onDelete?: UpdateDeleteAction;
-  };
-}
-//#endregion
-//#region ../../src/orm/core/helpers/pgAttr.d.ts
-/**
- * Type representation.
- */
-type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
-//#endregion
-//#region ../../src/orm/core/schemas/databaseEnvSchema.d.ts
-/**
- * Base database environment schema.
- *
- * Defines the `DATABASE_URL` connection string used by all ORM providers
- * to determine the database driver and connection target.
- *
- * Supported URL formats:
- * - `sqlite://:memory:` or `sqlite://./path/to/db` — SQLite (Node.js or Bun)
- * - `postgres://user:password@host:port/database` — PostgreSQL (Node.js or Bun)
- * - `pglite://:memory:` or `pglite://./path` — PGlite (embedded Postgres)
- * - `d1://BINDING_NAME` — Cloudflare D1
- * - `hyperdrive://BINDING_NAME` — Cloudflare Hyperdrive
- */
-declare const databaseEnvSchema: _$alepha.TObject<{
-  DATABASE_URL: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * Enable or disable push-based schema synchronization (drizzle-kit push).
-   *
-   * Defaults to `true` in development and test, `false` in production.
-   * Set to `false` in development to skip automatic schema sync
-   * (e.g. when managing migrations manually).
-   */
-  DATABASE_SYNC: _$alepha.TOptional<_$alepha.TBoolean>;
-}>;
-declare module "alepha" {
-  interface Env extends Partial<Static<typeof databaseEnvSchema>> {}
-} //# sourceMappingURL=databaseEnvSchema.d.ts.map
-//#endregion
-//#region ../../src/api/audits/entities/audits.d.ts
-/**
- * Audit severity levels for categorizing events.
- */
-declare const auditSeveritySchema: _$alepha.TUnsafe<"info" | "warning" | "critical">;
-type AuditSeverity = Static<typeof auditSeveritySchema>;
-/**
- * Audit log entity for tracking important system events.
- *
- * Stores comprehensive audit information including:
- * - Who performed the action (userId, userRealm)
- * - What happened (type, action, resource)
- * - When it happened (createdAt)
- * - Context and details (metadata, ipAddress, userAgent)
- */
-declare const audits: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
-  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
-  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
-  /**
-   * Audit event type (e.g., "auth", "user", "payment", "system").
-   * Used for categorizing and filtering audit events.
-   */
-  type: _$alepha.TString;
-  /**
-   * Specific action performed (e.g., "login", "logout", "create", "update", "delete").
-   */
-  action: _$alepha.TString;
-  /**
-   * Severity level of the event.
-   */
-  severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
-  /**
-   * User ID who performed the action (null for system events).
-   */
-  userId: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * User realm for multi-tenant support.
-   */
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * User email at the time of the event (denormalized for history).
-   */
-  userEmail: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * Resource type affected (e.g., "user", "order", "file").
+   * Resource type affected (e.g., "user", "order", "file").
    */
   resourceType: _$alepha.TOptional<_$alepha.TString>;
   /**
@@ -721,6 +417,26 @@ declare class AdminAuditController {
   protected readonly url = "/audits";
   protected readonly group = "admin:audits";
   protected readonly auditService: AuditService;
+  protected readonly repo: _$alepha_orm0.Repository<_$alepha.TObject<{
+    id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+    createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    type: _$alepha.TString;
+    action: _$alepha.TString;
+    severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+    userId: _$alepha.TOptional<_$alepha.TString>;
+    userRealm: _$alepha.TOptional<_$alepha.TString>;
+    userEmail: _$alepha.TOptional<_$alepha.TString>;
+    resourceType: _$alepha.TOptional<_$alepha.TString>;
+    resourceId: _$alepha.TOptional<_$alepha.TString>;
+    description: _$alepha.TOptional<_$alepha.TString>;
+    metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
+    ipAddress: _$alepha.TOptional<_$alepha.TString>;
+    userAgent: _$alepha.TOptional<_$alepha.TString>;
+    sessionId: _$alepha.TOptional<_$alepha.TString>;
+    requestId: _$alepha.TOptional<_$alepha.TString>;
+    success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+    errorMessage: _$alepha.TOptional<_$alepha.TString>;
+  }>>;
   /**
    * Find audit entries with filtering and pagination.
    */
@@ -742,11 +458,11 @@ declare class AdminAuditController {
       search: _$alepha.TOptional<_$alepha.TString>;
     }>;
     response: _$alepha.TPage<_$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
       type: _$alepha.TString;
       action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
       userId: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
       userEmail: _$alepha.TOptional<_$alepha.TString>;
@@ -758,7 +474,7 @@ declare class AdminAuditController {
       userAgent: _$alepha.TOptional<_$alepha.TString>;
       sessionId: _$alepha.TOptional<_$alepha.TString>;
       requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
+      success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
       errorMessage: _$alepha.TOptional<_$alepha.TString>;
     }>>;
   }>;
@@ -770,11 +486,11 @@ declare class AdminAuditController {
       id: _$alepha.TString;
     }>;
     response: _$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
       type: _$alepha.TString;
       action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
       userId: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
       userEmail: _$alepha.TOptional<_$alepha.TString>;
@@ -786,10 +502,22 @@ declare class AdminAuditController {
       userAgent: _$alepha.TOptional<_$alepha.TString>;
       sessionId: _$alepha.TOptional<_$alepha.TString>;
       requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
+      success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
       errorMessage: _$alepha.TOptional<_$alepha.TString>;
     }>;
   }>;
+  /**
+   * Delete many audit entries by id in one repository call. Use with care —
+   * audit logs are usually retained for compliance reasons.
+   */
+  readonly deleteAudits: _$alepha_server0.ActionPrimitiveFn<{
+    body: _$alepha.TObject<{
+      ids: _$alepha.TArray<_$alepha.TString>;
+    }>;
+    response: _$alepha.TObject<{
+      deleted: _$alepha.TArray<_$alepha.TString>;
+    }>;
+  }>;
   /**
    * Create a new audit entry.
    * System-only — this permission should never be assigned to human roles.
@@ -814,11 +542,11 @@ declare class AdminAuditController {
       errorMessage: _$alepha.TOptional<_$alepha.TString>;
     }>;
     response: _$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
       type: _$alepha.TString;
       action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
       userId: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
       userEmail: _$alepha.TOptional<_$alepha.TString>;
@@ -830,7 +558,7 @@ declare class AdminAuditController {
       userAgent: _$alepha.TOptional<_$alepha.TString>;
       sessionId: _$alepha.TOptional<_$alepha.TString>;
       requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
+      success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
       errorMessage: _$alepha.TOptional<_$alepha.TString>;
     }>;
   }>;
@@ -843,9 +571,9 @@ declare class AdminAuditController {
     }>;
     query: _$alepha.TObject<{
       type: _$alepha.TOptional<_$alepha.TString>;
-      search: _$alepha.TOptional<_$alepha.TString>;
       action: _$alepha.TOptional<_$alepha.TString>;
       severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
+      search: _$alepha.TOptional<_$alepha.TString>;
       sort: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
       resourceType: _$alepha.TOptional<_$alepha.TString>;
@@ -857,11 +585,11 @@ declare class AdminAuditController {
       to: _$alepha.TOptional<_$alepha.TString>;
     }>;
     response: _$alepha.TPage<_$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
       type: _$alepha.TString;
       action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
       userId: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
       userEmail: _$alepha.TOptional<_$alepha.TString>;
@@ -873,7 +601,7 @@ declare class AdminAuditController {
       userAgent: _$alepha.TOptional<_$alepha.TString>;
       sessionId: _$alepha.TOptional<_$alepha.TString>;
       requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
+      success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
       errorMessage: _$alepha.TOptional<_$alepha.TString>;
     }>>;
   }>;
@@ -887,9 +615,9 @@ declare class AdminAuditController {
     }>;
     query: _$alepha.TObject<{
       type: _$alepha.TOptional<_$alepha.TString>;
-      search: _$alepha.TOptional<_$alepha.TString>;
       action: _$alepha.TOptional<_$alepha.TString>;
       severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
+      search: _$alepha.TOptional<_$alepha.TString>;
       sort: _$alepha.TOptional<_$alepha.TString>;
       userId: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
@@ -900,11 +628,11 @@ declare class AdminAuditController {
       to: _$alepha.TOptional<_$alepha.TString>;
     }>;
     response: _$alepha.TPage<_$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
       type: _$alepha.TString;
       action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+      severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
       userId: _$alepha.TOptional<_$alepha.TString>;
       userRealm: _$alepha.TOptional<_$alepha.TString>;
       userEmail: _$alepha.TOptional<_$alepha.TString>;
@@ -916,7 +644,7 @@ declare class AdminAuditController {
       userAgent: _$alepha.TOptional<_$alepha.TString>;
       sessionId: _$alepha.TOptional<_$alepha.TString>;
       requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
+      success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
       errorMessage: _$alepha.TOptional<_$alepha.TString>;
     }>>;
   }>;
@@ -939,11 +667,11 @@ declare class AdminAuditController {
       }>;
       successRate: _$alepha.TNumber;
       recentFailures: _$alepha.TArray<_$alepha.TObject<{
-        id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-        createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+        id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+        createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
         type: _$alepha.TString;
         action: _$alepha.TString;
-        severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+        severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
         userId: _$alepha.TOptional<_$alepha.TString>;
         userRealm: _$alepha.TOptional<_$alepha.TString>;
         userEmail: _$alepha.TOptional<_$alepha.TString>;
@@ -955,7 +683,7 @@ declare class AdminAuditController {
         userAgent: _$alepha.TOptional<_$alepha.TString>;
         sessionId: _$alepha.TOptional<_$alepha.TString>;
         requestId: _$alepha.TOptional<_$alepha.TString>;
-        success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
+        success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
         errorMessage: _$alepha.TOptional<_$alepha.TString>;
       }>>;
     }>;
@@ -1096,6 +824,310 @@ declare const $audit: {
   [KIND]: typeof AuditPrimitive;
 };
 //#endregion
+//#region ../../src/orm/core/schemas/insertSchema.d.ts
+/**
+ * Transforms a TObject schema for insert operations.
+ * All default properties at the root level are made optional.
+ * Generated columns are excluded entirely.
+ *
+ * @example
+ * Before: { name: string; age: number(default=0); fullName: generated }
+ * After:  { name: string; age?: number; }
+ */
+type TObjectInsert<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
+  [PG_GENERATED]: any;
+} ? never : K]: T["properties"][K] extends {
+  [PG_DEFAULT]: any;
+} | {
+  "~optional": true;
+} ? TOptional<T["properties"][K]> : T["properties"][K] }>;
+//#endregion
+//#region ../../src/orm/core/schemas/updateSchema.d.ts
+/**
+ * Transforms a TObject schema for update operations.
+ * All optional properties at the root level are made nullable (i.e., `T | null`).
+ * Generated columns are excluded entirely.
+ *
+ * @example
+ * Before: { name?: string; age: number; fullName: generated }
+ * After:  { name?: string | null; age: number; }
+ */
+type TObjectUpdate<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
+  [PG_GENERATED]: any;
+} ? never : K]: T["properties"][K] extends TOptional<infer U> ? TOptional<TUnion<[U, TNull]>> : T["properties"][K] }>;
+//#endregion
+//#region ../../src/orm/core/primitives/$entity.d.ts
+interface EntityPrimitiveOptions<T extends TObject, Keys = keyof Static<T>> {
+  /**
+   * The database table name that will be created for this entity.
+   * If not provided, name will be inferred from the $repository variable name.
+   */
+  name: string;
+  /**
+   * TypeBox schema defining the table structure and column types.
+   */
+  schema: T;
+  /**
+   * Database indexes to create for query optimization.
+   */
+  indexes?: (Keys | {
+    /**
+     * Single column to index.
+     */
+    column: Keys;
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name?: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  } | {
+    /**
+     * Multiple columns for composite index (order matters for query optimization).
+     */
+    columns: Keys[];
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name?: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  } | {
+    /**
+     * SQL expressions for expression-based indexes.
+     *
+     * Can include column references and SQL functions like `LOWER()`, `UPPER()`, etc.
+     * Columns and expressions can be mixed together.
+     *
+     * @example
+     * ```ts
+     * // Case-insensitive unique username per realm
+     * indexes: [{
+     *   expressions: (self) => [self.realm, sql`LOWER(${self.username})`],
+     *   unique: true,
+     *   name: "users_realm_username_lower_idx",
+     * }]
+     * ```
+     */
+    expressions: (self: Record<Keys & string, any>) => (SQL | any)[];
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  })[];
+  /**
+   * Foreign key constraints to maintain referential integrity.
+   */
+  foreignKeys?: Array<{
+    /**
+     * Optional name for the foreign key constraint.
+     */
+    name?: string;
+    /**
+     * Local columns that reference the foreign table.
+     */
+    columns: Array<keyof Static<T>>;
+    /**
+     * Referenced columns in the foreign table.
+     * Must be EntityColumn references from other entities.
+     */
+    foreignColumns: Array<() => EntityColumn<any>>;
+  }>;
+  /**
+   * Additional table constraints for data validation.
+   *
+   * Constraints enforce business rules at the database level, providing
+   * an additional layer of data integrity beyond application validation.
+   *
+   * **Constraint Types**:
+   * - **Unique constraints**: Prevent duplicate values across columns
+   * - **Check constraints**: Enforce custom validation rules with SQL expressions
+   *
+   * @example
+   * ```ts
+   * constraints: [
+   *   {
+   *     name: "unique_user_email",
+   *     columns: ["email"],
+   *     unique: true
+   *   },
+   *   {
+   *     name: "valid_age_range",
+   *     columns: ["age"],
+   *     check: sql`age >= 0 AND age <= 150`
+   *   },
+   *   {
+   *     name: "unique_user_username_per_tenant",
+   *     columns: ["tenantId", "username"],
+   *     unique: true
+   *   }
+   * ]
+   * ```
+   */
+  constraints?: Array<{
+    /**
+     * Columns involved in this constraint.
+     */
+    columns: Array<keyof Static<T>>;
+    /**
+     * Optional name for the constraint.
+     */
+    name?: string;
+    /**
+     * Whether this is a unique constraint.
+     */
+    unique?: boolean | {};
+    /**
+     * SQL expression for check constraint validation.
+     */
+    check?: SQL;
+  }>;
+  /**
+   * Advanced Drizzle ORM configuration for complex table setups.
+   */
+  config?: (self: BuildExtraConfigColumns<string, FromSchema<T>, "pg">) => PgTableExtraConfigValue[];
+}
+declare class EntityPrimitive<T extends TObject = TObject> {
+  readonly options: EntityPrimitiveOptions<T>;
+  constructor(options: EntityPrimitiveOptions<T>);
+  alias(alias: string): this;
+  get cols(): EntityColumns<T>;
+  get name(): string;
+  get schema(): T;
+  get insertSchema(): TObjectInsert<T>;
+  get updateSchema(): TObjectUpdate<T>;
+}
+/**
+ * Convert a schema to columns.
+ */
+type FromSchema<T extends TObject> = { [key in keyof T["properties"]]: PgColumnBuilderBase };
+type EntityColumn<T extends TObject> = {
+  name: string;
+  entity: EntityPrimitive<T>;
+};
+type EntityColumns<T extends TObject> = { [key in keyof T["properties"]]: EntityColumn<T> };
+//#endregion
+//#region ../../src/orm/core/constants/PG_SYMBOLS.d.ts
+declare const PG_DEFAULT: unique symbol;
+declare const PG_PRIMARY_KEY: unique symbol;
+declare const PG_CREATED_AT: unique symbol;
+declare const PG_UPDATED_AT: unique symbol;
+declare const PG_DELETED_AT: unique symbol;
+declare const PG_VERSION: unique symbol;
+declare const PG_IDENTITY: unique symbol;
+declare const PG_ENUM: unique symbol;
+declare const PG_REF: unique symbol;
+declare const PG_GENERATED: unique symbol;
+declare const PG_ORGANIZATION: unique symbol;
+/**
+ * @deprecated Use `PG_IDENTITY` instead.
+ */
+declare const PG_SERIAL: unique symbol;
+type PgSymbols = {
+  [PG_DEFAULT]: {};
+  [PG_PRIMARY_KEY]: {};
+  [PG_CREATED_AT]: {};
+  [PG_UPDATED_AT]: {};
+  [PG_DELETED_AT]: {};
+  [PG_VERSION]: {};
+  [PG_IDENTITY]: PgIdentityOptions;
+  [PG_REF]: PgRefOptions;
+  [PG_ENUM]: PgEnumOptions;
+  [PG_GENERATED]: PgGeneratedOptions;
+  [PG_ORGANIZATION]: {};
+  /**
+   * @deprecated Use `PG_IDENTITY` instead.
+   */
+  [PG_SERIAL]: {};
+};
+type PgSymbolKeys = keyof PgSymbols;
+type PgIdentityOptions = {
+  mode: "always" | "byDefault";
+} & PgSequenceOptions & {
+  name?: string;
+};
+interface PgEnumOptions {
+  name?: string;
+  description?: string;
+}
+interface PgGeneratedOptions {
+  /**
+   * SQL expression for the generated column.
+   */
+  expression: SQL;
+  /**
+   * Storage mode for the generated column.
+   * - `"stored"` — value is computed on write and stored on disk (default for PostgreSQL).
+   * - `"virtual"` — value is computed on read (default for SQLite).
+   */
+  mode?: "stored" | "virtual";
+}
+interface PgRefOptions {
+  ref: () => {
+    name: string;
+    entity: EntityPrimitive;
+  };
+  actions?: {
+    onUpdate?: UpdateDeleteAction;
+    onDelete?: UpdateDeleteAction;
+  };
+}
+//#endregion
+//#region ../../src/orm/core/helpers/pgAttr.d.ts
+/**
+ * Type representation.
+ */
+type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
+//#endregion
+//#region ../../src/orm/core/schemas/databaseEnvSchema.d.ts
+/**
+ * Base database environment schema.
+ *
+ * Defines the `DATABASE_URL` connection string used by all ORM providers
+ * to determine the database driver and connection target.
+ *
+ * Supported URL formats:
+ * - `sqlite://:memory:` or `sqlite://./path/to/db` — SQLite (Node.js or Bun)
+ * - `postgres://user:password@host:port/database` — PostgreSQL (Node.js or Bun)
+ * - `pglite://:memory:` or `pglite://./path` — PGlite (embedded Postgres)
+ * - `d1://BINDING_NAME` — Cloudflare D1
+ * - `hyperdrive://BINDING_NAME` — Cloudflare Hyperdrive
+ */
+declare const databaseEnvSchema: _$alepha.TObject<{
+  DATABASE_URL: _$alepha.TOptional<_$alepha.TString>;
+  /**
+   * Enable or disable push-based schema synchronization (drizzle-kit push).
+   *
+   * Defaults to `true` in development and test, `false` in production.
+   * Set to `false` in development to skip automatic schema sync
+   * (e.g. when managing migrations manually).
+   */
+  DATABASE_SYNC: _$alepha.TOptional<_$alepha.TBoolean>;
+}>;
+declare module "alepha" {
+  interface Env extends Partial<Static<typeof databaseEnvSchema>> {}
+} //# sourceMappingURL=databaseEnvSchema.d.ts.map
+//#endregion
 //#region ../../src/api/audits/schemas/auditResourceSchema.d.ts
 /**
  * Resource schema for audit log responses.