alepha 0.20.5 → 0.20.7

package/dist/api/audits/index.d.ts

@@ -1,537 +1,237 @@
 import * as _$alepha from "alepha";
 import { Alepha, KIND, Primitive, Static, TNull, TObject, TOptional, TSchema, TUnion } from "alepha";
-import * as _$alepha_server0 from "alepha/server";
-import { ServerRequest } from "alepha/server";
 import * as _$alepha_orm0 from "alepha/orm";
 import { Page } from "alepha/orm";
+import * as _$alepha_server0 from "alepha/server";
+import { ServerRequest } from "alepha/server";
 import * as _$alepha_logger0 from "alepha/logger";
+import * as _$typebox from "typebox";
 import { BuildExtraConfigColumns, SQL } from "drizzle-orm";
 import { PgColumnBuilderBase, PgSequenceOptions, PgTableExtraConfigValue, UpdateDeleteAction } from "drizzle-orm/pg-core";
-//#region ../../src/orm/core/schemas/insertSchema.d.ts
+//#region ../../src/api/audits/entities/audits.d.ts
 /**
- * Transforms a TObject schema for insert operations.
- * All default properties at the root level are made optional.
- * Generated columns are excluded entirely.
- *
- * @example
- * Before: { name: string; age: number(default=0); fullName: generated }
- * After:  { name: string; age?: number; }
+ * Audit severity levels for categorizing events.
  */
-type TObjectInsert<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
-  [PG_GENERATED]: any;
-} ? never : K]: T["properties"][K] extends {
-  [PG_DEFAULT]: any;
-} | {
-  "~optional": true;
-} ? TOptional<T["properties"][K]> : T["properties"][K] }>;
-//#endregion
-//#region ../../src/orm/core/schemas/updateSchema.d.ts
+declare const auditSeveritySchema: _$typebox.TUnsafe<"info" | "warning" | "critical">;
+type AuditSeverity = Static<typeof auditSeveritySchema>;
 /**
- * Transforms a TObject schema for update operations.
- * All optional properties at the root level are made nullable (i.e., `T | null`).
- * Generated columns are excluded entirely.
+ * Audit log entity for tracking important system events.
  *
- * @example
- * Before: { name?: string; age: number; fullName: generated }
- * After:  { name?: string | null; age: number; }
+ * Stores comprehensive audit information including:
+ * - Who performed the action (userId, userRealm)
+ * - What happened (type, action, resource)
+ * - When it happened (createdAt)
+ * - Context and details (metadata, ipAddress, userAgent)
  */
-type TObjectUpdate<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
-  [PG_GENERATED]: any;
-} ? never : K]: T["properties"][K] extends TOptional<infer U> ? TOptional<TUnion<[U, TNull]>> : T["properties"][K] }>;
-//#endregion
-//#region ../../src/orm/core/primitives/$entity.d.ts
-interface EntityPrimitiveOptions<T extends TObject, Keys = keyof Static<T>> {
+declare const audits: _$alepha_orm0.EntityPrimitive<_$typebox.TObject<{
+  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+  organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
   /**
-   * The database table name that will be created for this entity.
-   * If not provided, name will be inferred from the $repository variable name.
+   * Audit event type (e.g., "auth", "user", "payment", "system").
+   * Used for categorizing and filtering audit events.
    */
-  name: string;
+  type: _$typebox.TString;
   /**
-   * TypeBox schema defining the table structure and column types.
+   * Specific action performed (e.g., "login", "logout", "create", "update", "delete").
    */
-  schema: T;
+  action: _$typebox.TString;
   /**
-   * Database indexes to create for query optimization.
+   * Severity level of the event.
    */
-  indexes?: (Keys | {
-    /**
-     * Single column to index.
-     */
-    column: Keys;
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name?: string;
-    /**
-     * Partial index condition. Only rows matching this SQL expression are indexed.
-     */
-    where?: SQL;
-  } | {
-    /**
-     * Multiple columns for composite index (order matters for query optimization).
-     */
-    columns: Keys[];
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name?: string;
-    /**
-     * Partial index condition. Only rows matching this SQL expression are indexed.
-     */
-    where?: SQL;
-  } | {
-    /**
-     * SQL expressions for expression-based indexes.
-     *
-     * Can include column references and SQL functions like `LOWER()`, `UPPER()`, etc.
-     * Columns and expressions can be mixed together.
-     *
-     * @example
-     * ```ts
-     * // Case-insensitive unique username per realm
-     * indexes: [{
-     *   expressions: (self) => [self.realm, sql`LOWER(${self.username})`],
-     *   unique: true,
-     *   name: "users_realm_username_lower_idx",
-     * }]
-     * ```
-     */
-    expressions: (self: Record<Keys & string, any>) => (SQL | any)[];
-    /**
-     * Whether this should be a unique index (enforces uniqueness constraint).
-     */
-    unique?: boolean;
-    /**
-     * Custom name for the index. If not provided, generates name automatically.
-     */
-    name: string;
-    /**
-     * Partial index condition. Only rows matching this SQL expression are indexed.
-     */
-    where?: SQL;
-  })[];
+  severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
-   * Foreign key constraints to maintain referential integrity.
+   * User ID who performed the action (null for system events).
    */
-  foreignKeys?: Array<{
-    /**
-     * Optional name for the foreign key constraint.
-     */
-    name?: string;
-    /**
-     * Local columns that reference the foreign table.
-     */
-    columns: Array<keyof Static<T>>;
-    /**
-     * Referenced columns in the foreign table.
-     * Must be EntityColumn references from other entities.
-     */
-    foreignColumns: Array<() => EntityColumn<any>>;
-  }>;
+  userId: _$typebox.TOptional<_$typebox.TString>;
   /**
-   * Additional table constraints for data validation.
-   *
-   * Constraints enforce business rules at the database level, providing
-   * an additional layer of data integrity beyond application validation.
-   *
-   * **Constraint Types**:
-   * - **Unique constraints**: Prevent duplicate values across columns
-   * - **Check constraints**: Enforce custom validation rules with SQL expressions
-   *
-   * @example
-   * ```ts
-   * constraints: [
-   *   {
-   *     name: "unique_user_email",
-   *     columns: ["email"],
-   *     unique: true
-   *   },
-   *   {
-   *     name: "valid_age_range",
-   *     columns: ["age"],
-   *     check: sql`age >= 0 AND age <= 150`
-   *   },
-   *   {
-   *     name: "unique_user_username_per_tenant",
-   *     columns: ["tenantId", "username"],
-   *     unique: true
-   *   }
-   * ]
-   * ```
+   * User realm for multi-tenant support.
    */
-  constraints?: Array<{
-    /**
-     * Columns involved in this constraint.
-     */
-    columns: Array<keyof Static<T>>;
-    /**
-     * Optional name for the constraint.
-     */
-    name?: string;
-    /**
-     * Whether this is a unique constraint.
-     */
-    unique?: boolean | {};
-    /**
-     * SQL expression for check constraint validation.
-     */
-    check?: SQL;
-  }>;
+  userRealm: _$typebox.TOptional<_$typebox.TString>;
   /**
-   * Advanced Drizzle ORM configuration for complex table setups.
+   * User email at the time of the event (denormalized for history).
    */
-  config?: (self: BuildExtraConfigColumns<string, FromSchema<T>, "pg">) => PgTableExtraConfigValue[];
-}
-declare class EntityPrimitive<T extends TObject = TObject> {
-  readonly options: EntityPrimitiveOptions<T>;
-  constructor(options: EntityPrimitiveOptions<T>);
-  alias(alias: string): this;
-  get cols(): EntityColumns<T>;
-  get name(): string;
-  get schema(): T;
-  get insertSchema(): TObjectInsert<T>;
-  get updateSchema(): TObjectUpdate<T>;
-}
-/**
- * Convert a schema to columns.
- */
-type FromSchema<T extends TObject> = { [key in keyof T["properties"]]: PgColumnBuilderBase };
-type EntityColumn<T extends TObject> = {
-  name: string;
-  entity: EntityPrimitive<T>;
-};
-type EntityColumns<T extends TObject> = { [key in keyof T["properties"]]: EntityColumn<T> };
-//#endregion
-//#region ../../src/orm/core/constants/PG_SYMBOLS.d.ts
-declare const PG_DEFAULT: unique symbol;
-declare const PG_PRIMARY_KEY: unique symbol;
-declare const PG_CREATED_AT: unique symbol;
-declare const PG_UPDATED_AT: unique symbol;
-declare const PG_DELETED_AT: unique symbol;
-declare const PG_VERSION: unique symbol;
-declare const PG_IDENTITY: unique symbol;
-declare const PG_ENUM: unique symbol;
-declare const PG_REF: unique symbol;
-declare const PG_GENERATED: unique symbol;
-declare const PG_ORGANIZATION: unique symbol;
-/**
- * @deprecated Use `PG_IDENTITY` instead.
- */
-declare const PG_SERIAL: unique symbol;
-type PgSymbols = {
-  [PG_DEFAULT]: {};
-  [PG_PRIMARY_KEY]: {};
-  [PG_CREATED_AT]: {};
-  [PG_UPDATED_AT]: {};
-  [PG_DELETED_AT]: {};
-  [PG_VERSION]: {};
-  [PG_IDENTITY]: PgIdentityOptions;
-  [PG_REF]: PgRefOptions;
-  [PG_ENUM]: PgEnumOptions;
-  [PG_GENERATED]: PgGeneratedOptions;
-  [PG_ORGANIZATION]: {};
+  userEmail: _$typebox.TOptional<_$typebox.TString>;
   /**
-   * @deprecated Use `PG_IDENTITY` instead.
+   * Resource type affected (e.g., "user", "order", "file").
    */
-  [PG_SERIAL]: {};
-};
-type PgSymbolKeys = keyof PgSymbols;
-type PgIdentityOptions = {
-  mode: "always" | "byDefault";
-} & PgSequenceOptions & {
-  name?: string;
-};
-interface PgEnumOptions {
-  name?: string;
-  description?: string;
-}
-interface PgGeneratedOptions {
+  resourceType: _$typebox.TOptional<_$typebox.TString>;
   /**
-   * SQL expression for the generated column.
+   * Resource ID affected.
    */
-  expression: SQL;
+  resourceId: _$typebox.TOptional<_$typebox.TString>;
   /**
-   * Storage mode for the generated column.
-   * - `"stored"` — value is computed on write and stored on disk (default for PostgreSQL).
-   * - `"virtual"` — value is computed on read (default for SQLite).
+   * Human-readable description of the event.
    */
-  mode?: "stored" | "virtual";
-}
-interface PgRefOptions {
-  ref: () => {
-    name: string;
-    entity: EntityPrimitive;
-  };
-  actions?: {
-    onUpdate?: UpdateDeleteAction;
-    onDelete?: UpdateDeleteAction;
-  };
-}
-//#endregion
-//#region ../../src/orm/core/helpers/pgAttr.d.ts
-/**
- * Type representation.
- */
-type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
-//#endregion
-//#region ../../src/orm/core/schemas/databaseEnvSchema.d.ts
-/**
- * Base database environment schema.
- *
- * Defines the `DATABASE_URL` connection string used by all ORM providers
- * to determine the database driver and connection target.
- *
- * Supported URL formats:
- * - `sqlite://:memory:` or `sqlite://./path/to/db` — SQLite (Node.js or Bun)
- * - `postgres://user:password@host:port/database` — PostgreSQL (Node.js or Bun)
- * - `pglite://:memory:` or `pglite://./path` — PGlite (embedded Postgres)
- * - `d1://BINDING_NAME` — Cloudflare D1
- * - `hyperdrive://BINDING_NAME` — Cloudflare Hyperdrive
- */
-declare const databaseEnvSchema: _$alepha.TObject<{
-  DATABASE_URL: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * Enable or disable push-based schema synchronization (drizzle-kit push).
-   *
-   * Defaults to `true` in development and test, `false` in production.
-   * Set to `false` in development to skip automatic schema sync
-   * (e.g. when managing migrations manually).
-   */
-  DATABASE_SYNC: _$alepha.TOptional<_$alepha.TBoolean>;
-}>;
-declare module "alepha" {
-  interface Env extends Partial<Static<typeof databaseEnvSchema>> {}
-} //# sourceMappingURL=databaseEnvSchema.d.ts.map
-//#endregion
-//#region ../../src/api/audits/entities/audits.d.ts
-/**
- * Audit severity levels for categorizing events.
- */
-declare const auditSeveritySchema: _$alepha.TUnsafe<"info" | "warning" | "critical">;
-type AuditSeverity = Static<typeof auditSeveritySchema>;
-/**
- * Audit log entity for tracking important system events.
- *
- * Stores comprehensive audit information including:
- * - Who performed the action (userId, userRealm)
- * - What happened (type, action, resource)
- * - When it happened (createdAt)
- * - Context and details (metadata, ipAddress, userAgent)
- */
-declare const audits: _$alepha_orm0.EntityPrimitive<_$alepha.TObject<{
-  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
-  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
-  /**
-   * Audit event type (e.g., "auth", "user", "payment", "system").
-   * Used for categorizing and filtering audit events.
-   */
-  type: _$alepha.TString;
-  /**
-   * Specific action performed (e.g., "login", "logout", "create", "update", "delete").
-   */
-  action: _$alepha.TString;
-  /**
-   * Severity level of the event.
-   */
-  severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
-  /**
-   * User ID who performed the action (null for system events).
-   */
-  userId: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * User realm for multi-tenant support.
-   */
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * User email at the time of the event (denormalized for history).
-   */
-  userEmail: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * Resource type affected (e.g., "user", "order", "file").
-   */
-  resourceType: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * Resource ID affected.
-   */
-  resourceId: _$alepha.TOptional<_$alepha.TString>;
-  /**
-   * Human-readable description of the event.
-   */
-  description: _$alepha.TOptional<_$alepha.TString>;
+  description: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Additional metadata/context as JSON.
    */
-  metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
+  metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
   /**
    * Client IP address.
    */
-  ipAddress: _$alepha.TOptional<_$alepha.TString>;
+  ipAddress: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Client user agent.
    */
-  userAgent: _$alepha.TOptional<_$alepha.TString>;
+  userAgent: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Session ID if applicable.
    */
-  sessionId: _$alepha.TOptional<_$alepha.TString>;
+  sessionId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Request ID for correlation.
    */
-  requestId: _$alepha.TOptional<_$alepha.TString>;
+  requestId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Whether the action was successful.
    */
-  success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+  success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
    * Error message if the action failed.
    */
-  errorMessage: _$alepha.TOptional<_$alepha.TString>;
+  errorMessage: _$typebox.TOptional<_$typebox.TString>;
 }>>;
-declare const auditEntitySchema: _$alepha.TObject<{
-  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
-  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+declare const auditEntitySchema: _$typebox.TObject<{
+  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+  organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
   /**
    * Audit event type (e.g., "auth", "user", "payment", "system").
    * Used for categorizing and filtering audit events.
    */
-  type: _$alepha.TString;
+  type: _$typebox.TString;
   /**
    * Specific action performed (e.g., "login", "logout", "create", "update", "delete").
    */
-  action: _$alepha.TString;
+  action: _$typebox.TString;
   /**
    * Severity level of the event.
    */
-  severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+  severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
    * User ID who performed the action (null for system events).
    */
-  userId: _$alepha.TOptional<_$alepha.TString>;
+  userId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * User realm for multi-tenant support.
    */
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
+  userRealm: _$typebox.TOptional<_$typebox.TString>;
   /**
    * User email at the time of the event (denormalized for history).
    */
-  userEmail: _$alepha.TOptional<_$alepha.TString>;
+  userEmail: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Resource type affected (e.g., "user", "order", "file").
    */
-  resourceType: _$alepha.TOptional<_$alepha.TString>;
+  resourceType: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Resource ID affected.
    */
-  resourceId: _$alepha.TOptional<_$alepha.TString>;
+  resourceId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Human-readable description of the event.
    */
-  description: _$alepha.TOptional<_$alepha.TString>;
+  description: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Additional metadata/context as JSON.
    */
-  metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
+  metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
   /**
    * Client IP address.
    */
-  ipAddress: _$alepha.TOptional<_$alepha.TString>;
+  ipAddress: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Client user agent.
    */
-  userAgent: _$alepha.TOptional<_$alepha.TString>;
+  userAgent: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Session ID if applicable.
    */
-  sessionId: _$alepha.TOptional<_$alepha.TString>;
+  sessionId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Request ID for correlation.
    */
-  requestId: _$alepha.TOptional<_$alepha.TString>;
+  requestId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Whether the action was successful.
    */
-  success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+  success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
    * Error message if the action failed.
    */
-  errorMessage: _$alepha.TOptional<_$alepha.TString>;
+  errorMessage: _$typebox.TOptional<_$typebox.TString>;
 }>;
-declare const auditEntityInsertSchema: _$alepha_orm0.TObjectInsert<_$alepha.TObject<{
-  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
-  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+declare const auditEntityInsertSchema: _$alepha_orm0.TObjectInsert<_$typebox.TObject<{
+  id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+  createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+  organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
   /**
    * Audit event type (e.g., "auth", "user", "payment", "system").
    * Used for categorizing and filtering audit events.
    */
-  type: _$alepha.TString;
+  type: _$typebox.TString;
   /**
    * Specific action performed (e.g., "login", "logout", "create", "update", "delete").
    */
-  action: _$alepha.TString;
+  action: _$typebox.TString;
   /**
    * Severity level of the event.
    */
-  severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+  severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
    * User ID who performed the action (null for system events).
    */
-  userId: _$alepha.TOptional<_$alepha.TString>;
+  userId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * User realm for multi-tenant support.
    */
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
+  userRealm: _$typebox.TOptional<_$typebox.TString>;
   /**
    * User email at the time of the event (denormalized for history).
    */
-  userEmail: _$alepha.TOptional<_$alepha.TString>;
+  userEmail: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Resource type affected (e.g., "user", "order", "file").
    */
-  resourceType: _$alepha.TOptional<_$alepha.TString>;
+  resourceType: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Resource ID affected.
    */
-  resourceId: _$alepha.TOptional<_$alepha.TString>;
+  resourceId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Human-readable description of the event.
    */
-  description: _$alepha.TOptional<_$alepha.TString>;
+  description: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Additional metadata/context as JSON.
    */
-  metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
+  metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
   /**
    * Client IP address.
    */
-  ipAddress: _$alepha.TOptional<_$alepha.TString>;
+  ipAddress: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Client user agent.
    */
-  userAgent: _$alepha.TOptional<_$alepha.TString>;
+  userAgent: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Session ID if applicable.
    */
-  sessionId: _$alepha.TOptional<_$alepha.TString>;
+  sessionId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Request ID for correlation.
    */
-  requestId: _$alepha.TOptional<_$alepha.TString>;
+  requestId: _$typebox.TOptional<_$typebox.TString>;
   /**
    * Whether the action was successful.
    */
-  success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+  success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
   /**
    * Error message if the action failed.
    */
-  errorMessage: _$alepha.TOptional<_$alepha.TString>;
+  errorMessage: _$typebox.TOptional<_$typebox.TString>;
 }>>;
 type AuditEntity = Static<typeof audits.schema>;
 //#endregion
@@ -539,21 +239,21 @@ type AuditEntity = Static<typeof audits.schema>;
 /**
  * Query schema for searching and filtering audit logs.
  */
-declare const auditQuerySchema: _$alepha.TObject<{
-  page: _$alepha.TOptional<_$alepha.TInteger>;
-  size: _$alepha.TOptional<_$alepha.TInteger>;
-  sort: _$alepha.TOptional<_$alepha.TString>;
-  type: _$alepha.TOptional<_$alepha.TString>;
-  action: _$alepha.TOptional<_$alepha.TString>;
-  severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
-  userId: _$alepha.TOptional<_$alepha.TString>;
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
-  resourceType: _$alepha.TOptional<_$alepha.TString>;
-  resourceId: _$alepha.TOptional<_$alepha.TString>;
-  success: _$alepha.TOptional<_$alepha.TBoolean>;
-  from: _$alepha.TOptional<_$alepha.TString>;
-  to: _$alepha.TOptional<_$alepha.TString>;
-  search: _$alepha.TOptional<_$alepha.TString>;
+declare const auditQuerySchema: _$typebox.TObject<{
+  page: _$typebox.TOptional<_$typebox.TInteger>;
+  size: _$typebox.TOptional<_$typebox.TInteger>;
+  sort: _$typebox.TOptional<_$typebox.TString>;
+  type: _$typebox.TOptional<_$typebox.TString>;
+  action: _$typebox.TOptional<_$typebox.TString>;
+  severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+  userId: _$typebox.TOptional<_$typebox.TString>;
+  userRealm: _$typebox.TOptional<_$typebox.TString>;
+  resourceType: _$typebox.TOptional<_$typebox.TString>;
+  resourceId: _$typebox.TOptional<_$typebox.TString>;
+  success: _$typebox.TOptional<_$typebox.TBoolean>;
+  from: _$typebox.TOptional<_$typebox.TString>;
+  to: _$typebox.TOptional<_$typebox.TString>;
+  search: _$typebox.TOptional<_$typebox.TString>;
 }>;
 type AuditQuery = Static<typeof auditQuerySchema>;
 //#endregion
@@ -561,23 +261,23 @@ type AuditQuery = Static<typeof auditQuerySchema>;
 /**
  * Schema for creating a new audit log entry.
  */
-declare const createAuditSchema: _$alepha.TObject<{
-  type: _$alepha.TString;
-  action: _$alepha.TString;
-  severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
-  userId: _$alepha.TOptional<_$alepha.TString>;
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
-  userEmail: _$alepha.TOptional<_$alepha.TString>;
-  resourceType: _$alepha.TOptional<_$alepha.TString>;
-  resourceId: _$alepha.TOptional<_$alepha.TString>;
-  description: _$alepha.TOptional<_$alepha.TString>;
-  metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-  ipAddress: _$alepha.TOptional<_$alepha.TString>;
-  userAgent: _$alepha.TOptional<_$alepha.TString>;
-  sessionId: _$alepha.TOptional<_$alepha.TString>;
-  requestId: _$alepha.TOptional<_$alepha.TString>;
-  success: _$alepha.TOptional<_$alepha.TBoolean>;
-  errorMessage: _$alepha.TOptional<_$alepha.TString>;
+declare const createAuditSchema: _$typebox.TObject<{
+  type: _$typebox.TString;
+  action: _$typebox.TString;
+  severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+  userId: _$typebox.TOptional<_$typebox.TString>;
+  userRealm: _$typebox.TOptional<_$typebox.TString>;
+  userEmail: _$typebox.TOptional<_$typebox.TString>;
+  resourceType: _$typebox.TOptional<_$typebox.TString>;
+  resourceId: _$typebox.TOptional<_$typebox.TString>;
+  description: _$typebox.TOptional<_$typebox.TString>;
+  metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+  ipAddress: _$typebox.TOptional<_$typebox.TString>;
+  userAgent: _$typebox.TOptional<_$typebox.TString>;
+  sessionId: _$typebox.TOptional<_$typebox.TString>;
+  requestId: _$typebox.TOptional<_$typebox.TString>;
+  success: _$typebox.TOptional<_$typebox.TBoolean>;
+  errorMessage: _$typebox.TOptional<_$typebox.TString>;
 }>;
 type CreateAudit = Static<typeof createAuditSchema>;
 //#endregion
@@ -602,25 +302,26 @@ interface AuditTypeDefinition {
 declare class AuditService {
   protected readonly alepha: Alepha;
   protected readonly log: _$alepha_logger0.Logger;
-  protected readonly repo: _$alepha_orm0.Repository<_$alepha.TObject<{
-    id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
-    createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$alepha.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
-    type: _$alepha.TString;
-    action: _$alepha.TString;
-    severity: _$alepha_orm0.PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
-    userId: _$alepha.TOptional<_$alepha.TString>;
-    userRealm: _$alepha.TOptional<_$alepha.TString>;
-    userEmail: _$alepha.TOptional<_$alepha.TString>;
-    resourceType: _$alepha.TOptional<_$alepha.TString>;
-    resourceId: _$alepha.TOptional<_$alepha.TString>;
-    description: _$alepha.TOptional<_$alepha.TString>;
-    metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-    ipAddress: _$alepha.TOptional<_$alepha.TString>;
-    userAgent: _$alepha.TOptional<_$alepha.TString>;
-    sessionId: _$alepha.TOptional<_$alepha.TString>;
-    requestId: _$alepha.TOptional<_$alepha.TString>;
-    success: _$alepha_orm0.PgAttr<_$alepha.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
-    errorMessage: _$alepha.TOptional<_$alepha.TString>;
+  protected readonly repo: _$alepha_orm0.Repository<_$typebox.TObject<{
+    id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+    createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+    type: _$typebox.TString;
+    action: _$typebox.TString;
+    severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+    userId: _$typebox.TOptional<_$typebox.TString>;
+    userRealm: _$typebox.TOptional<_$typebox.TString>;
+    userEmail: _$typebox.TOptional<_$typebox.TString>;
+    resourceType: _$typebox.TOptional<_$typebox.TString>;
+    resourceId: _$typebox.TOptional<_$typebox.TString>;
+    description: _$typebox.TOptional<_$typebox.TString>;
+    metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+    ipAddress: _$typebox.TOptional<_$typebox.TString>;
+    userAgent: _$typebox.TOptional<_$typebox.TString>;
+    sessionId: _$typebox.TOptional<_$typebox.TString>;
+    requestId: _$typebox.TOptional<_$typebox.TString>;
+    success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+    errorMessage: _$typebox.TOptional<_$typebox.TString>;
   }>>;
   /**
    * Registry of audit types and their allowed actions.
@@ -721,73 +422,108 @@ declare class AdminAuditController {
   protected readonly url = "/audits";
   protected readonly group = "admin:audits";
   protected readonly auditService: AuditService;
+  protected readonly repo: _$alepha_orm0.Repository<_$typebox.TObject<{
+    id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+    createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+    organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+    type: _$typebox.TString;
+    action: _$typebox.TString;
+    severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+    userId: _$typebox.TOptional<_$typebox.TString>;
+    userRealm: _$typebox.TOptional<_$typebox.TString>;
+    userEmail: _$typebox.TOptional<_$typebox.TString>;
+    resourceType: _$typebox.TOptional<_$typebox.TString>;
+    resourceId: _$typebox.TOptional<_$typebox.TString>;
+    description: _$typebox.TOptional<_$typebox.TString>;
+    metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+    ipAddress: _$typebox.TOptional<_$typebox.TString>;
+    userAgent: _$typebox.TOptional<_$typebox.TString>;
+    sessionId: _$typebox.TOptional<_$typebox.TString>;
+    requestId: _$typebox.TOptional<_$typebox.TString>;
+    success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+    errorMessage: _$typebox.TOptional<_$typebox.TString>;
+  }>>;
   /**
    * Find audit entries with filtering and pagination.
    */
   readonly findAudits: _$alepha_server0.ActionPrimitiveFn<{
-    query: _$alepha.TObject<{
-      page: _$alepha.TOptional<_$alepha.TInteger>;
-      size: _$alepha.TOptional<_$alepha.TInteger>;
-      sort: _$alepha.TOptional<_$alepha.TString>;
-      type: _$alepha.TOptional<_$alepha.TString>;
-      action: _$alepha.TOptional<_$alepha.TString>;
-      severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      success: _$alepha.TOptional<_$alepha.TBoolean>;
-      from: _$alepha.TOptional<_$alepha.TString>;
-      to: _$alepha.TOptional<_$alepha.TString>;
-      search: _$alepha.TOptional<_$alepha.TString>;
+    query: _$typebox.TObject<{
+      page: _$typebox.TOptional<_$typebox.TInteger>;
+      size: _$typebox.TOptional<_$typebox.TInteger>;
+      sort: _$typebox.TOptional<_$typebox.TString>;
+      type: _$typebox.TOptional<_$typebox.TString>;
+      action: _$typebox.TOptional<_$typebox.TString>;
+      severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$typebox.TOptional<_$typebox.TBoolean>;
+      from: _$typebox.TOptional<_$typebox.TString>;
+      to: _$typebox.TOptional<_$typebox.TString>;
+      search: _$typebox.TOptional<_$typebox.TString>;
     }>;
-    response: _$alepha.TPage<_$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
+    response: _$alepha.TPage<_$typebox.TObject<{
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+      organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+      type: _$typebox.TString;
+      action: _$typebox.TString;
+      severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      userEmail: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+      ipAddress: _$typebox.TOptional<_$typebox.TString>;
+      userAgent: _$typebox.TOptional<_$typebox.TString>;
+      sessionId: _$typebox.TOptional<_$typebox.TString>;
+      requestId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+      errorMessage: _$typebox.TOptional<_$typebox.TString>;
     }>>;
   }>;
   /**
    * Get a single audit entry by ID.
    */
   readonly getAudit: _$alepha_server0.ActionPrimitiveFn<{
-    params: _$alepha.TObject<{
-      id: _$alepha.TString;
+    params: _$typebox.TObject<{
+      id: _$typebox.TString;
+    }>;
+    response: _$typebox.TObject<{
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+      organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+      type: _$typebox.TString;
+      action: _$typebox.TString;
+      severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      userEmail: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+      ipAddress: _$typebox.TOptional<_$typebox.TString>;
+      userAgent: _$typebox.TOptional<_$typebox.TString>;
+      sessionId: _$typebox.TOptional<_$typebox.TString>;
+      requestId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+      errorMessage: _$typebox.TOptional<_$typebox.TString>;
+    }>;
+  }>;
+  /**
+   * Delete many audit entries by id in one repository call. Use with care —
+   * audit logs are usually retained for compliance reasons.
+   */
+  readonly deleteAudits: _$alepha_server0.ActionPrimitiveFn<{
+    body: _$typebox.TObject<{
+      ids: _$typebox.TArray<_$typebox.TString>;
     }>;
-    response: _$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
+    response: _$typebox.TObject<{
+      deleted: _$typebox.TArray<_$typebox.TString>;
     }>;
   }>;
   /**
@@ -795,168 +531,172 @@ declare class AdminAuditController {
    * System-only — this permission should never be assigned to human roles.
    */
   readonly createAudit: _$alepha_server0.ActionPrimitiveFn<{
-    body: _$alepha.TObject<{
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: _$alepha.TOptional<_$alepha.TBoolean>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
+    body: _$typebox.TObject<{
+      type: _$typebox.TString;
+      action: _$typebox.TString;
+      severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      userEmail: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+      ipAddress: _$typebox.TOptional<_$typebox.TString>;
+      userAgent: _$typebox.TOptional<_$typebox.TString>;
+      sessionId: _$typebox.TOptional<_$typebox.TString>;
+      requestId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$typebox.TOptional<_$typebox.TBoolean>;
+      errorMessage: _$typebox.TOptional<_$typebox.TString>;
     }>;
-    response: _$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
+    response: _$typebox.TObject<{
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+      organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+      type: _$typebox.TString;
+      action: _$typebox.TString;
+      severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      userEmail: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+      ipAddress: _$typebox.TOptional<_$typebox.TString>;
+      userAgent: _$typebox.TOptional<_$typebox.TString>;
+      sessionId: _$typebox.TOptional<_$typebox.TString>;
+      requestId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+      errorMessage: _$typebox.TOptional<_$typebox.TString>;
     }>;
   }>;
   /**
    * Get audit entries for a specific user.
    */
   readonly findByUser: _$alepha_server0.ActionPrimitiveFn<{
-    params: _$alepha.TObject<{
-      userId: _$alepha.TString;
+    params: _$typebox.TObject<{
+      userId: _$typebox.TString;
     }>;
-    query: _$alepha.TObject<{
-      type: _$alepha.TOptional<_$alepha.TString>;
-      search: _$alepha.TOptional<_$alepha.TString>;
-      action: _$alepha.TOptional<_$alepha.TString>;
-      severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
-      sort: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      success: _$alepha.TOptional<_$alepha.TBoolean>;
-      page: _$alepha.TOptional<_$alepha.TInteger>;
-      size: _$alepha.TOptional<_$alepha.TInteger>;
-      from: _$alepha.TOptional<_$alepha.TString>;
-      to: _$alepha.TOptional<_$alepha.TString>;
+    query: _$typebox.TObject<{
+      type: _$typebox.TOptional<_$typebox.TString>;
+      action: _$typebox.TOptional<_$typebox.TString>;
+      severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+      search: _$typebox.TOptional<_$typebox.TString>;
+      sort: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$typebox.TOptional<_$typebox.TBoolean>;
+      page: _$typebox.TOptional<_$typebox.TInteger>;
+      size: _$typebox.TOptional<_$typebox.TInteger>;
+      from: _$typebox.TOptional<_$typebox.TString>;
+      to: _$typebox.TOptional<_$typebox.TString>;
     }>;
-    response: _$alepha.TPage<_$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
+    response: _$alepha.TPage<_$typebox.TObject<{
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+      organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+      type: _$typebox.TString;
+      action: _$typebox.TString;
+      severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      userEmail: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+      ipAddress: _$typebox.TOptional<_$typebox.TString>;
+      userAgent: _$typebox.TOptional<_$typebox.TString>;
+      sessionId: _$typebox.TOptional<_$typebox.TString>;
+      requestId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+      errorMessage: _$typebox.TOptional<_$typebox.TString>;
     }>>;
   }>;
   /**
    * Get audit entries for a specific resource.
    */
   readonly findByResource: _$alepha_server0.ActionPrimitiveFn<{
-    params: _$alepha.TObject<{
-      resourceType: _$alepha.TString;
-      resourceId: _$alepha.TString;
+    params: _$typebox.TObject<{
+      resourceType: _$typebox.TString;
+      resourceId: _$typebox.TString;
     }>;
-    query: _$alepha.TObject<{
-      type: _$alepha.TOptional<_$alepha.TString>;
-      search: _$alepha.TOptional<_$alepha.TString>;
-      action: _$alepha.TOptional<_$alepha.TString>;
-      severity: _$alepha.TOptional<_$alepha.TUnsafe<"info" | "warning" | "critical">>;
-      sort: _$alepha.TOptional<_$alepha.TString>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      success: _$alepha.TOptional<_$alepha.TBoolean>;
-      page: _$alepha.TOptional<_$alepha.TInteger>;
-      size: _$alepha.TOptional<_$alepha.TInteger>;
-      from: _$alepha.TOptional<_$alepha.TString>;
-      to: _$alepha.TOptional<_$alepha.TString>;
+    query: _$typebox.TObject<{
+      type: _$typebox.TOptional<_$typebox.TString>;
+      action: _$typebox.TOptional<_$typebox.TString>;
+      severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+      search: _$typebox.TOptional<_$typebox.TString>;
+      sort: _$typebox.TOptional<_$typebox.TString>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      success: _$typebox.TOptional<_$typebox.TBoolean>;
+      page: _$typebox.TOptional<_$typebox.TInteger>;
+      size: _$typebox.TOptional<_$typebox.TInteger>;
+      from: _$typebox.TOptional<_$typebox.TString>;
+      to: _$typebox.TOptional<_$typebox.TString>;
     }>;
-    response: _$alepha.TPage<_$alepha.TObject<{
-      id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-      createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-      type: _$alepha.TString;
-      action: _$alepha.TString;
-      severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-      userId: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
-      userEmail: _$alepha.TOptional<_$alepha.TString>;
-      resourceType: _$alepha.TOptional<_$alepha.TString>;
-      resourceId: _$alepha.TOptional<_$alepha.TString>;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-      ipAddress: _$alepha.TOptional<_$alepha.TString>;
-      userAgent: _$alepha.TOptional<_$alepha.TString>;
-      sessionId: _$alepha.TOptional<_$alepha.TString>;
-      requestId: _$alepha.TOptional<_$alepha.TString>;
-      success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-      errorMessage: _$alepha.TOptional<_$alepha.TString>;
+    response: _$alepha.TPage<_$typebox.TObject<{
+      id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+      createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+      organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+      type: _$typebox.TString;
+      action: _$typebox.TString;
+      severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+      userId: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
+      userEmail: _$typebox.TOptional<_$typebox.TString>;
+      resourceType: _$typebox.TOptional<_$typebox.TString>;
+      resourceId: _$typebox.TOptional<_$typebox.TString>;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+      ipAddress: _$typebox.TOptional<_$typebox.TString>;
+      userAgent: _$typebox.TOptional<_$typebox.TString>;
+      sessionId: _$typebox.TOptional<_$typebox.TString>;
+      requestId: _$typebox.TOptional<_$typebox.TString>;
+      success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+      errorMessage: _$typebox.TOptional<_$typebox.TString>;
     }>>;
   }>;
   /**
    * Get audit statistics.
    */
   readonly getAuditStats: _$alepha_server0.ActionPrimitiveFn<{
-    query: _$alepha.TObject<{
-      from: _$alepha.TOptional<_$alepha.TString>;
-      to: _$alepha.TOptional<_$alepha.TString>;
-      userRealm: _$alepha.TOptional<_$alepha.TString>;
+    query: _$typebox.TObject<{
+      from: _$typebox.TOptional<_$typebox.TString>;
+      to: _$typebox.TOptional<_$typebox.TString>;
+      userRealm: _$typebox.TOptional<_$typebox.TString>;
     }>;
-    response: _$alepha.TObject<{
-      total: _$alepha.TInteger;
-      byType: _$alepha.TRecord<"^.*$", _$alepha.TInteger>;
-      bySeverity: _$alepha.TObject<{
-        info: _$alepha.TInteger;
-        warning: _$alepha.TInteger;
-        critical: _$alepha.TInteger;
+    response: _$typebox.TObject<{
+      total: _$typebox.TInteger;
+      byType: _$typebox.TRecord<"^.*$", _$typebox.TInteger>;
+      bySeverity: _$typebox.TObject<{
+        info: _$typebox.TInteger;
+        warning: _$typebox.TInteger;
+        critical: _$typebox.TInteger;
       }>;
-      successRate: _$alepha.TNumber;
-      recentFailures: _$alepha.TArray<_$alepha.TObject<{
-        id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-        createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-        type: _$alepha.TString;
-        action: _$alepha.TString;
-        severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-        userId: _$alepha.TOptional<_$alepha.TString>;
-        userRealm: _$alepha.TOptional<_$alepha.TString>;
-        userEmail: _$alepha.TOptional<_$alepha.TString>;
-        resourceType: _$alepha.TOptional<_$alepha.TString>;
-        resourceId: _$alepha.TOptional<_$alepha.TString>;
-        description: _$alepha.TOptional<_$alepha.TString>;
-        metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-        ipAddress: _$alepha.TOptional<_$alepha.TString>;
-        userAgent: _$alepha.TOptional<_$alepha.TString>;
-        sessionId: _$alepha.TOptional<_$alepha.TString>;
-        requestId: _$alepha.TOptional<_$alepha.TString>;
-        success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-        errorMessage: _$alepha.TOptional<_$alepha.TString>;
+      successRate: _$typebox.TNumber;
+      recentFailures: _$typebox.TArray<_$typebox.TObject<{
+        id: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_PRIMARY_KEY>, typeof _$alepha_orm0.PG_DEFAULT>;
+        createdAt: _$alepha_orm0.PgAttr<_$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_CREATED_AT>, typeof _$alepha_orm0.PG_DEFAULT>;
+        organizationId: _$alepha_orm0.PgAttr<_$typebox.TString, typeof _$alepha_orm0.PG_ORGANIZATION>;
+        type: _$typebox.TString;
+        action: _$typebox.TString;
+        severity: _$alepha_orm0.PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof _$alepha_orm0.PG_DEFAULT>;
+        userId: _$typebox.TOptional<_$typebox.TString>;
+        userRealm: _$typebox.TOptional<_$typebox.TString>;
+        userEmail: _$typebox.TOptional<_$typebox.TString>;
+        resourceType: _$typebox.TOptional<_$typebox.TString>;
+        resourceId: _$typebox.TOptional<_$typebox.TString>;
+        description: _$typebox.TOptional<_$typebox.TString>;
+        metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+        ipAddress: _$typebox.TOptional<_$typebox.TString>;
+        userAgent: _$typebox.TOptional<_$typebox.TString>;
+        sessionId: _$typebox.TOptional<_$typebox.TString>;
+        requestId: _$typebox.TOptional<_$typebox.TString>;
+        success: _$alepha_orm0.PgAttr<_$typebox.TBoolean, typeof _$alepha_orm0.PG_DEFAULT>;
+        errorMessage: _$typebox.TOptional<_$typebox.TString>;
       }>>;
     }>;
   }>;
@@ -964,21 +704,21 @@ declare class AdminAuditController {
    * Get registered audit types.
    */
   readonly getTypes: _$alepha_server0.ActionPrimitiveFn<{
-    response: _$alepha.TArray<_$alepha.TObject<{
-      type: _$alepha.TString;
-      description: _$alepha.TOptional<_$alepha.TString>;
-      actions: _$alepha.TArray<_$alepha.TString>;
+    response: _$typebox.TArray<_$typebox.TObject<{
+      type: _$typebox.TString;
+      description: _$typebox.TOptional<_$typebox.TString>;
+      actions: _$typebox.TArray<_$typebox.TString>;
     }>>;
   }>;
   /**
    * Get distinct values for filters.
    */
   readonly getFilterOptions: _$alepha_server0.ActionPrimitiveFn<{
-    response: _$alepha.TObject<{
-      types: _$alepha.TArray<_$alepha.TString>;
-      actions: _$alepha.TArray<_$alepha.TString>;
-      resourceTypes: _$alepha.TArray<_$alepha.TString>;
-      userRealms: _$alepha.TArray<_$alepha.TString>;
+    response: _$typebox.TObject<{
+      types: _$typebox.TArray<_$typebox.TString>;
+      actions: _$typebox.TArray<_$typebox.TString>;
+      resourceTypes: _$typebox.TArray<_$typebox.TString>;
+      userRealms: _$typebox.TArray<_$typebox.TString>;
     }>;
   }>;
 }
@@ -1096,29 +836,336 @@ declare const $audit: {
   [KIND]: typeof AuditPrimitive;
 };
 //#endregion
+//#region ../../src/orm/core/schemas/insertSchema.d.ts
+/**
+ * Transforms a TObject schema for insert operations.
+ * All default properties at the root level are made optional.
+ * Generated columns are excluded entirely.
+ *
+ * @example
+ * Before: { name: string; age: number(default=0); fullName: generated }
+ * After:  { name: string; age?: number; }
+ */
+type TObjectInsert<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
+  [PG_GENERATED]: any;
+} ? never : K]: T["properties"][K] extends {
+  [PG_DEFAULT]: any;
+} | {
+  [PG_ORGANIZATION]: any;
+} | {
+  "~optional": true;
+} ? TOptional<T["properties"][K]> : T["properties"][K] }>;
+//#endregion
+//#region ../../src/orm/core/schemas/updateSchema.d.ts
+/**
+ * Transforms a TObject schema for update operations.
+ * All optional properties at the root level are made nullable (i.e., `T | null`).
+ * Generated columns are excluded entirely.
+ *
+ * @example
+ * Before: { name?: string; age: number; fullName: generated }
+ * After:  { name?: string | null; age: number; }
+ */
+type TObjectUpdate<T extends TObject> = TObject<{ [K in keyof T["properties"] as T["properties"][K] extends {
+  [PG_GENERATED]: any;
+} ? never : K]: T["properties"][K] extends TOptional<infer U> ? TOptional<TUnion<[U, TNull]>> : T["properties"][K] }>;
+//#endregion
+//#region ../../src/orm/core/primitives/$entity.d.ts
+interface EntityPrimitiveOptions<T extends TObject, Keys = keyof Static<T>> {
+  /**
+   * The database table name that will be created for this entity.
+   * If not provided, name will be inferred from the $repository variable name.
+   */
+  name: string;
+  /**
+   * TypeBox schema defining the table structure and column types.
+   */
+  schema: T;
+  /**
+   * Database indexes to create for query optimization.
+   */
+  indexes?: (Keys | {
+    /**
+     * Single column to index.
+     */
+    column: Keys;
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name?: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  } | {
+    /**
+     * Multiple columns for composite index (order matters for query optimization).
+     */
+    columns: Keys[];
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name?: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  } | {
+    /**
+     * SQL expressions for expression-based indexes.
+     *
+     * Can include column references and SQL functions like `LOWER()`, `UPPER()`, etc.
+     * Columns and expressions can be mixed together.
+     *
+     * @example
+     * ```ts
+     * // Case-insensitive unique username per realm
+     * indexes: [{
+     *   expressions: (self) => [self.realm, sql`LOWER(${self.username})`],
+     *   unique: true,
+     *   name: "users_realm_username_lower_idx",
+     * }]
+     * ```
+     */
+    expressions: (self: Record<Keys & string, any>) => (SQL | any)[];
+    /**
+     * Whether this should be a unique index (enforces uniqueness constraint).
+     */
+    unique?: boolean;
+    /**
+     * Custom name for the index. If not provided, generates name automatically.
+     */
+    name: string;
+    /**
+     * Partial index condition. Only rows matching this SQL expression are indexed.
+     */
+    where?: SQL;
+  })[];
+  /**
+   * Foreign key constraints to maintain referential integrity.
+   */
+  foreignKeys?: Array<{
+    /**
+     * Optional name for the foreign key constraint.
+     */
+    name?: string;
+    /**
+     * Local columns that reference the foreign table.
+     */
+    columns: Array<keyof Static<T>>;
+    /**
+     * Referenced columns in the foreign table.
+     * Must be EntityColumn references from other entities.
+     */
+    foreignColumns: Array<() => EntityColumn<any>>;
+  }>;
+  /**
+   * Additional table constraints for data validation.
+   *
+   * Constraints enforce business rules at the database level, providing
+   * an additional layer of data integrity beyond application validation.
+   *
+   * **Constraint Types**:
+   * - **Unique constraints**: Prevent duplicate values across columns
+   * - **Check constraints**: Enforce custom validation rules with SQL expressions
+   *
+   * @example
+   * ```ts
+   * constraints: [
+   *   {
+   *     name: "unique_user_email",
+   *     columns: ["email"],
+   *     unique: true
+   *   },
+   *   {
+   *     name: "valid_age_range",
+   *     columns: ["age"],
+   *     check: sql`age >= 0 AND age <= 150`
+   *   },
+   *   {
+   *     name: "unique_user_username_per_tenant",
+   *     columns: ["tenantId", "username"],
+   *     unique: true
+   *   }
+   * ]
+   * ```
+   */
+  constraints?: Array<{
+    /**
+     * Columns involved in this constraint.
+     */
+    columns: Array<keyof Static<T>>;
+    /**
+     * Optional name for the constraint.
+     */
+    name?: string;
+    /**
+     * Whether this is a unique constraint.
+     */
+    unique?: boolean | {};
+    /**
+     * SQL expression for check constraint validation.
+     */
+    check?: SQL;
+  }>;
+  /**
+   * Advanced Drizzle ORM configuration for complex table setups.
+   */
+  config?: (self: BuildExtraConfigColumns<string, FromSchema<T>, "pg">) => PgTableExtraConfigValue[];
+}
+declare class EntityPrimitive<T extends TObject = TObject> {
+  readonly options: EntityPrimitiveOptions<T>;
+  constructor(options: EntityPrimitiveOptions<T>);
+  alias(alias: string): this;
+  get cols(): EntityColumns<T>;
+  get name(): string;
+  get schema(): T;
+  get insertSchema(): TObjectInsert<T>;
+  get updateSchema(): TObjectUpdate<T>;
+}
+/**
+ * Convert a schema to columns.
+ */
+type FromSchema<T extends TObject> = { [key in keyof T["properties"]]: PgColumnBuilderBase };
+type EntityColumn<T extends TObject> = {
+  name: string;
+  entity: EntityPrimitive<T>;
+};
+type EntityColumns<T extends TObject> = { [key in keyof T["properties"]]: EntityColumn<T> };
+//#endregion
+//#region ../../src/orm/core/constants/PG_SYMBOLS.d.ts
+declare const PG_DEFAULT: unique symbol;
+declare const PG_PRIMARY_KEY: unique symbol;
+declare const PG_CREATED_AT: unique symbol;
+declare const PG_UPDATED_AT: unique symbol;
+declare const PG_DELETED_AT: unique symbol;
+declare const PG_VERSION: unique symbol;
+declare const PG_IDENTITY: unique symbol;
+declare const PG_ENUM: unique symbol;
+declare const PG_REF: unique symbol;
+declare const PG_GENERATED: unique symbol;
+declare const PG_ORGANIZATION: unique symbol;
+/**
+ * @deprecated Use `PG_IDENTITY` instead.
+ */
+declare const PG_SERIAL: unique symbol;
+type PgSymbols = {
+  [PG_DEFAULT]: {};
+  [PG_PRIMARY_KEY]: {};
+  [PG_CREATED_AT]: {};
+  [PG_UPDATED_AT]: {};
+  [PG_DELETED_AT]: {};
+  [PG_VERSION]: {};
+  [PG_IDENTITY]: PgIdentityOptions;
+  [PG_REF]: PgRefOptions;
+  [PG_ENUM]: PgEnumOptions;
+  [PG_GENERATED]: PgGeneratedOptions;
+  [PG_ORGANIZATION]: {};
+  /**
+   * @deprecated Use `PG_IDENTITY` instead.
+   */
+  [PG_SERIAL]: {};
+};
+type PgSymbolKeys = keyof PgSymbols;
+type PgIdentityOptions = {
+  mode: "always" | "byDefault";
+} & PgSequenceOptions & {
+  name?: string;
+};
+interface PgEnumOptions {
+  name?: string;
+  description?: string;
+}
+interface PgGeneratedOptions {
+  /**
+   * SQL expression for the generated column.
+   */
+  expression: SQL;
+  /**
+   * Storage mode for the generated column.
+   * - `"stored"` — value is computed on write and stored on disk (default for PostgreSQL).
+   * - `"virtual"` — value is computed on read (default for SQLite).
+   */
+  mode?: "stored" | "virtual";
+}
+interface PgRefOptions {
+  ref: () => {
+    name: string;
+    entity: EntityPrimitive;
+  };
+  actions?: {
+    onUpdate?: UpdateDeleteAction;
+    onDelete?: UpdateDeleteAction;
+  };
+}
+//#endregion
+//#region ../../src/orm/core/helpers/pgAttr.d.ts
+/**
+ * Type representation.
+ */
+type PgAttr<T extends TSchema, TAttr extends PgSymbolKeys> = T & { [K in TAttr]: PgSymbols[K] };
+//#endregion
+//#region ../../src/orm/core/schemas/databaseEnvSchema.d.ts
+/**
+ * Base database environment schema.
+ *
+ * Defines the `DATABASE_URL` connection string used by all ORM providers
+ * to determine the database driver and connection target.
+ *
+ * Supported URL formats:
+ * - `sqlite://:memory:` or `sqlite://./path/to/db` — SQLite (Node.js or Bun)
+ * - `postgres://user:password@host:port/database` — PostgreSQL (Node.js or Bun)
+ * - `pglite://:memory:` or `pglite://./path` — PGlite (embedded Postgres)
+ * - `d1://BINDING_NAME` — Cloudflare D1
+ * - `hyperdrive://BINDING_NAME` — Cloudflare Hyperdrive
+ */
+declare const databaseEnvSchema: _$typebox.TObject<{
+  DATABASE_URL: _$typebox.TOptional<_$typebox.TString>;
+  /**
+   * Enable or disable push-based schema synchronization (drizzle-kit push).
+   *
+   * Defaults to `true` in development and test, `false` in production.
+   * Set to `false` in development to skip automatic schema sync
+   * (e.g. when managing migrations manually).
+   */
+  DATABASE_SYNC: _$typebox.TOptional<_$typebox.TBoolean>;
+}>;
+declare module "alepha" {
+  interface Env extends Partial<Static<typeof databaseEnvSchema>> {}
+} //# sourceMappingURL=databaseEnvSchema.d.ts.map
+//#endregion
 //#region ../../src/api/audits/schemas/auditResourceSchema.d.ts
 /**
  * Resource schema for audit log responses.
  */
-declare const auditResourceSchema: _$alepha.TObject<{
-  id: PgAttr<PgAttr<_$alepha.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
-  createdAt: PgAttr<PgAttr<_$alepha.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
-  type: _$alepha.TString;
-  action: _$alepha.TString;
-  severity: PgAttr<_$alepha.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
-  userId: _$alepha.TOptional<_$alepha.TString>;
-  userRealm: _$alepha.TOptional<_$alepha.TString>;
-  userEmail: _$alepha.TOptional<_$alepha.TString>;
-  resourceType: _$alepha.TOptional<_$alepha.TString>;
-  resourceId: _$alepha.TOptional<_$alepha.TString>;
-  description: _$alepha.TOptional<_$alepha.TString>;
-  metadata: _$alepha.TOptional<_$alepha.TRecord<string, _$alepha.TAny>>;
-  ipAddress: _$alepha.TOptional<_$alepha.TString>;
-  userAgent: _$alepha.TOptional<_$alepha.TString>;
-  sessionId: _$alepha.TOptional<_$alepha.TString>;
-  requestId: _$alepha.TOptional<_$alepha.TString>;
-  success: PgAttr<_$alepha.TBoolean, typeof PG_DEFAULT>;
-  errorMessage: _$alepha.TOptional<_$alepha.TString>;
+declare const auditResourceSchema: _$typebox.TObject<{
+  id: PgAttr<PgAttr<_$typebox.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>;
+  createdAt: PgAttr<PgAttr<_$typebox.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>;
+  organizationId: PgAttr<_$typebox.TString, typeof PG_ORGANIZATION>;
+  type: _$typebox.TString;
+  action: _$typebox.TString;
+  severity: PgAttr<_$typebox.TUnsafe<"info" | "warning" | "critical">, typeof PG_DEFAULT>;
+  userId: _$typebox.TOptional<_$typebox.TString>;
+  userRealm: _$typebox.TOptional<_$typebox.TString>;
+  userEmail: _$typebox.TOptional<_$typebox.TString>;
+  resourceType: _$typebox.TOptional<_$typebox.TString>;
+  resourceId: _$typebox.TOptional<_$typebox.TString>;
+  description: _$typebox.TOptional<_$typebox.TString>;
+  metadata: _$typebox.TOptional<_$typebox.TRecord<string, _$typebox.TAny>>;
+  ipAddress: _$typebox.TOptional<_$typebox.TString>;
+  userAgent: _$typebox.TOptional<_$typebox.TString>;
+  sessionId: _$typebox.TOptional<_$typebox.TString>;
+  requestId: _$typebox.TOptional<_$typebox.TString>;
+  success: PgAttr<_$typebox.TBoolean, typeof PG_DEFAULT>;
+  errorMessage: _$typebox.TOptional<_$typebox.TString>;
 }>;
 type AuditResource = Static<typeof auditResourceSchema>;
 //#endregion