alepha 0.20.7 → 0.21.0

package/dist/api/audits/index.d.ts

@@ -580,9 +580,9 @@ declare class AdminAuditController {
     }>;
     query: _$typebox.TObject<{
       type: _$typebox.TOptional<_$typebox.TString>;
+      search: _$typebox.TOptional<_$typebox.TString>;
       action: _$typebox.TOptional<_$typebox.TString>;
       severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
-      search: _$typebox.TOptional<_$typebox.TString>;
       sort: _$typebox.TOptional<_$typebox.TString>;
       userRealm: _$typebox.TOptional<_$typebox.TString>;
       resourceType: _$typebox.TOptional<_$typebox.TString>;
@@ -625,9 +625,9 @@ declare class AdminAuditController {
     }>;
     query: _$typebox.TObject<{
       type: _$typebox.TOptional<_$typebox.TString>;
+      search: _$typebox.TOptional<_$typebox.TString>;
       action: _$typebox.TOptional<_$typebox.TString>;
       severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
-      search: _$typebox.TOptional<_$typebox.TString>;
       sort: _$typebox.TOptional<_$typebox.TString>;
       userId: _$typebox.TOptional<_$typebox.TString>;
       userRealm: _$typebox.TOptional<_$typebox.TString>;

package/dist/api/audits/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/audits/entities/audits.ts","../../../src/api/audits/schemas/auditQuerySchema.ts","../../../src/api/audits/schemas/createAuditSchema.ts","../../../src/api/audits/services/AuditService.ts","../../../src/api/audits/controllers/AdminAuditController.ts","../../../src/api/audits/primitives/$audit.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/audits/schemas/auditResourceSchema.ts","../../../src/api/audits/index.ts"],"mappings":";;;;;;;;;;;;;;cAOa,mBAAA,EAGX,SAAA,CAH8B,OAAA;AAAA,KAKpB,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;;;;;;;;cAW7B,MAAA,EAAM,aAAA,CAAA,eAAA,WAAA,OAAA;gDAyGjB,SAAA,CAAA,OAAA;;;;AAzHF;;;;EAAgC;AAKhC;;;EAA4B;;AAW5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAmB;;;;;cA2GN,iBAAA,YAAiB,OAAA;gDAAgB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAA9C;;;cACa,uBAAA,EAAuB,aAAA,CAAA,aAAA,WAAA,OAAA;gDAAsB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAD5B;;;;;;;;;;;;;;;;;;;;;KAElB,WAAA,GAAc,MAAA,QAAc,MAAA,CAAO,MAAA;;;;;;cC5HlC,gBAAA,YAAgB,OAAA;4BAY3B,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;KAEU,UAAA,GAAa,MAAA,QAAc,gBAAA;;;;;;cCf1B,iBAAA,YAAiB,OAAA;QAiB5B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;;;;;;UCXvB,mBAAA;EACf,IAAA;EACA,WAAA;EACA,OAAA;AAAA;;;;;;;AHXF;;;cGuBa,YAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,IAAA,EAAI,aAAA,CAAA,UAAA,WAAA,OAAA;kDADD,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;qBAMH,UAAA,EAAU,GAAA,SAAA,mBAAA;;;;EAKtB,YAAA,CAAa,UAAA,EAAY,mBAAA;;;;EAWzB,kBAAA,CAAA,GAAsB,mBAAA;;;;YAOnB,iBAAA,CAAA,GAAqB,aAAA;;;;;EAQlB,MAAA,CAAO,IAAA,EAAM,WAAA,GAAc,OAAA,CAAQ,WAAA;;;;EA4DnC,MAAA,CACX,IAAA,UACA,MAAA,UACA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAOE,UAAA,CACX,MAAA,sFAOA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAYE,UAAA,CACX,MAAA,yEAOA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;EHnJM;;;EG+JJ,YAAA,CACX,MAAA,kCACA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;EHlKM;;;EGyKJ,cAAA,CACX,MAAA,4EAKA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAYE,YAAA,CACX,MAAA,sEACA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAYE,IAAA,CAAK,KAAA,GAAO,UAAA,GAAkB,OAAA,CAAQ,IAAA,CAAK,WAAA;;;;EAgE3C,OAAA,CAAQ,EAAA,WAAa,OAAA,CAAQ,WAAA;;;;EAO7B,UAAA,CACX,MAAA,UACA,KAAA,GAAO,IAAA,CAAK,UAAA,cACX,OAAA,CAAQ,IAAA,CAAK,WAAA;;;;EAOH,cAAA,CACX,YAAA,UACA,UAAA,UACA,KAAA,GAAO,IAAA,CAAK,UAAA,mCACX,OAAA,CAAQ,IAAA,CAAK,WAAA;;;;EAOH,QAAA,CACX,OAAA;IAAW,IAAA,GAAO,IAAA;IAAM,EAAA,GAAK,IAAA;IAAM,SAAA;EAAA,IAClC,OAAA,CAAQ,UAAA;;;;EAiEE,eAAA,CAAgB,IAAA,EAAM,IAAA,GAAO,OAAA;AAAA;;;;UAoB3B,UAAA;EACf,KAAA;EACA,MAAA,EAAQ,MAAA;EACR,UAAA,EAAY,MAAA,CAAO,aAAA;EACnB,WAAA;EACA,cAAA,EAAgB,WAAA;AAAA;;;;;;;;;;;;cCvYL,oBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,YAAA,EAAY,YAAA;EAAA,mBACZ,IAAA,EAAI,aAAA,CAAA,UAAA,WAAA,OAAA;kDADQ,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;WAMf,UAAA,mBAAU,iBAAA;;gCALH,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoBP,QAAA,mBAAQ,iBAAA;;UAfE,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;WAiCV,YAAA,mBAAY,iBAAA;;4BAlBJ,SAAA,CAAA,OAAA;IAAA;;;;;;;;;WA4CR,WAAA,mBAAW,iBAAA;;YA1BC,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0CZ,UAAA,mBAAU,iBAAA;;cAhBC,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmCX,cAAA,mBAAc,iBAAA;;oBAnBJ,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA2CV,aAAA,mBAAa,iBAAA;;gCAxBC,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0Dd,QAAA,mBAAQ,iBAAA;;YAlCK,SAAA,CAAA,OAAA;;;;;;;;WAsDb,gBAAA,mBAAgB,iBAAA;;8BApBR,SAAA,CAAA,OAAA;;;;;;;;;;;;UC3KT,qBAAA;;;;EAIf,IAAA;;;;EAKA,WAAA;;;;EAKA,OAAA;AAAA;;ALhBF;;;;;AAKA;;;;;AAWA;;;;;;;;;;;;;;;cK6Ba,cAAA,SAAuB,SAAA,CAAU,qBAAA;EAAA,mBACzB,YAAA,EAAY,YAAA;;;;MAKpB,IAAA,CAAA;;;;MAOA,WAAA,CAAA;;;;MAOA,OAAA,CAAA;;;;EAOE,GAAA,CACX,MAAA,UACA,OAAA,GAAS,eAAA,GACR,OAAA;;;;EAOU,UAAA,CACX,MAAA,UACA,OAAA,GAAS,IAAA,CAAK,eAAA,eACb,OAAA;;;;EAOU,UAAA,CACX,MAAA,UACA,YAAA,UACA,OAAA,GAAS,IAAA,CAAK,eAAA,gCACb,OAAA;;;;YAOO,MAAA,CAAA;AAAA;;;;UAaK,eAAA;EACf,QAAA;EACA,MAAA;EACA,SAAA;EACA,SAAA;EACA,YAAA;EACA,UAAA;EACA,WAAA;EACA,QAAA,GAAW,MAAA;EACX,SAAA;EACA,SAAA;EACA,SAAA;EACA,SAAA;EACA,OAAA;EACA,YAAA;AAAA;;;;;;;;;;;;;;;cAiBW,MAAA;EAAA,UAAmB,qBAAA,GAAqB,cAAA;EAAA;;;;;;;;;;;;;KCzIzC,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;ER1BM;;AAW5B;;EQqBE,IAAA;ERoFA;;;EQ/EA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ARXhC;;EQ6CE,WAAA,GAAc,KAAA;IR7C8B;;;IQiD1C,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;ETyFD;;;EAAA,CSpFC,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;;;;KC5BH,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;AXnBF;;;;;;YWsBY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;;;;cCvBjC,mBAAA,YAAmB,OAAA;oBAAgB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;KAEpC,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;;;;;;;;;;;;cCmB7B,eAAA,EAAe,QAAA,CAAA,OAAA,CAG1B,QAAA,CAH0B,MAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/audits/entities/audits.ts","../../../src/api/audits/schemas/auditQuerySchema.ts","../../../src/api/audits/schemas/createAuditSchema.ts","../../../src/api/audits/services/AuditService.ts","../../../src/api/audits/controllers/AdminAuditController.ts","../../../src/api/audits/primitives/$audit.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/audits/schemas/auditResourceSchema.ts","../../../src/api/audits/index.ts"],"mappings":";;;;;;;;;;;;;;cAOa,mBAAA,EAGX,SAAA,CAH8B,OAAA;AAAA,KAKpB,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;;;;;;;;cAW7B,MAAA,EAAM,aAAA,CAAA,eAAA,WAAA,OAAA;gDAyGjB,SAAA,CAAA,OAAA;;;EAzHW;;;;;EAKD;;;;EAAiD;AAW7D;;;EAyGE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAzGiB;;;;;cA2GN,iBAAA,YAAiB,OAAA;gDAAgB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAA9C;;;;cACa,uBAAA,EAAuB,aAAA,CAAA,aAAA,WAAA,OAAA;gDAAsB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAC9C,WAAA,GAAc,MAAA,QAAc,MAAA,CAAO,MAAA;;;;;;cC5HlC,gBAAA,YAAgB,OAAA;4BAY3B,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;KAEU,UAAA,GAAa,MAAA,QAAc,gBAAA;;;;;;cCf1B,iBAAA,YAAiB,OAAA;QAiB5B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;;;;;;UCXvB,mBAAA;EACf,IAAA;EACA,WAAA;EACA,OAAA;AAAA;;;;;;AHXF;;;;cGuBa,YAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,IAAA,EAAI,aAAA,CAAA,UAAA,WAAA,OAAA;kDADD,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;qBAMH,UAAA,EAAU,GAAA,SAAA,mBAAA;;;;EAKtB,YAAA,CAAa,UAAA,EAAY,mBAAA;;;;EAWzB,kBAAA,CAAA,GAAsB,mBAAA;;;;YAOnB,iBAAA,CAAA,GAAqB,aAAA;;;;;EAQlB,MAAA,CAAO,IAAA,EAAM,WAAA,GAAc,OAAA,CAAQ,WAAA;;;;EA4DnC,MAAA,CACX,IAAA,UACA,MAAA,UACA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAOE,UAAA,CACX,MAAA,sFAOA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAYE,UAAA,CACX,MAAA,yEAOA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;EHnJM;;;EG+JJ,YAAA,CACX,MAAA,kCACA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAOE,cAAA,CACX,MAAA,4EAKA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAYE,YAAA,CACX,MAAA,sEACA,OAAA,GAAS,IAAA,CAAK,WAAA,uBACb,OAAA,CAAQ,WAAA;;;;EAYE,IAAA,CAAK,KAAA,GAAO,UAAA,GAAkB,OAAA,CAAQ,IAAA,CAAK,WAAA;;;;EAgE3C,OAAA,CAAQ,EAAA,WAAa,OAAA,CAAQ,WAAA;;;;EAO7B,UAAA,CACX,MAAA,UACA,KAAA,GAAO,IAAA,CAAK,UAAA,cACX,OAAA,CAAQ,IAAA,CAAK,WAAA;;;;EAOH,cAAA,CACX,YAAA,UACA,UAAA,UACA,KAAA,GAAO,IAAA,CAAK,UAAA,mCACX,OAAA,CAAQ,IAAA,CAAK,WAAA;;;;EAOH,QAAA,CACX,OAAA;IAAW,IAAA,GAAO,IAAA;IAAM,EAAA,GAAK,IAAA;IAAM,SAAA;EAAA,IAClC,OAAA,CAAQ,UAAA;;;;EAiEE,eAAA,CAAgB,IAAA,EAAM,IAAA,GAAO,OAAA;AAAA;;;;UAoB3B,UAAA;EACf,KAAA;EACA,MAAA,EAAQ,MAAA;EACR,UAAA,EAAY,MAAA,CAAO,aAAA;EACnB,WAAA;EACA,cAAA,EAAgB,WAAA;AAAA;;;;;;;;;;;;cCvYL,oBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,YAAA,EAAY,YAAA;EAAA,mBACZ,IAAA,EAAI,aAAA,CAAA,UAAA,WAAA,OAAA;kDADQ,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;WAMf,UAAA,mBAAU,iBAAA;;gCALH,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoBP,QAAA,mBAAQ,iBAAA;;UAfE,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;WAiCV,YAAA,mBAAY,iBAAA;;4BAlBJ,SAAA,CAAA,OAAA;IAAA;;;;;;;;;WA4CR,WAAA,mBAAW,iBAAA;;YA1BC,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0CZ,UAAA,mBAAU,iBAAA;;cAhBC,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmCX,cAAA,mBAAc,iBAAA;;oBAnBJ,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA2CV,aAAA,mBAAa,iBAAA;;gCAxBC,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0Dd,QAAA,mBAAQ,iBAAA;;YAlCK,SAAA,CAAA,OAAA;;;;;;;;WAsDb,gBAAA,mBAAgB,iBAAA;;8BApBR,SAAA,CAAA,OAAA;;;;;;;;;;;;UC3KT,qBAAA;;;;EAIf,IAAA;;;;EAKA,WAAA;;;;EAKA,OAAA;AAAA;ALhBF;;;;;AAKA;;;;;AAWA;;;;;;;;;;;;;;;;AAhBA,cK6Ca,cAAA,SAAuB,SAAA,CAAU,qBAAA;EAAA,mBACzB,YAAA,EAAY,YAAA;;;;MAKpB,IAAA,CAAA;;;;MAOA,WAAA,CAAA;;;;MAOA,OAAA,CAAA;;;;EAOE,GAAA,CACX,MAAA,UACA,OAAA,GAAS,eAAA,GACR,OAAA;;;;EAOU,UAAA,CACX,MAAA,UACA,OAAA,GAAS,IAAA,CAAK,eAAA,eACb,OAAA;;;;EAOU,UAAA,CACX,MAAA,UACA,YAAA,UACA,OAAA,GAAS,IAAA,CAAK,eAAA,gCACb,OAAA;;;;YAOO,MAAA,CAAA;AAAA;;;;UAaK,eAAA;EACf,QAAA;EACA,MAAA;EACA,SAAA;EACA,SAAA;EACA,YAAA;EACA,UAAA;EACA,WAAA;EACA,QAAA,GAAW,MAAA;EACX,SAAA;EACA,SAAA;EACA,SAAA;EACA,SAAA;EACA,OAAA;EACA,YAAA;AAAA;;;;;;;;;;;;;;;cAiBW,MAAA;EAAA,UAAmB,qBAAA,GAAqB,cAAA;EAAA;;;;;;;;;;;;;KCzIzC,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;ER1BuC;AAW7D;;;EQqBE,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ARXhC;;;EQ6CE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;;;ATrEf;KUyCY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;AXnBF;;;;;;;YWsBY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;;;;cCvBjC,mBAAA,YAAmB,OAAA;oBAAgB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;KAEpC,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;;;;;;;;;;;;cCmB7B,eAAA,EAAe,QAAA,CAAA,OAAA,CAG1B,QAAA,CAH0B,MAAA"}

package/dist/api/files/index.browser.js

@@ -15,10 +15,35 @@ const files = $entity({
 		creatorName: t.optional(t.string()),
 		bucket: t.text(),
 		expirationDate: t.optional(t.datetime()),
+		/**
+		* Display name. Mutable via `FileService.updateFile` — can be renamed
+		* by callers (e.g. an Archive UI letting users rename uploaded blobs).
+		* Initialized to the uploader's filename at upload time. Use
+		* `originalName` if you need the as-uploaded filename after a rename.
+		*/
 		name: t.text(),
+		/**
+		* Immutable record of the uploader's filename at upload time. Set once
+		* by `FileService.uploadFile` and the `bucket:file:uploaded` hook;
+		* `FileService.updateFile` never touches it. Useful for download
+		* headers (Content-Disposition), audit trails, and any UI that wants
+		* to show "originally uploaded as X" alongside a renamed file.
+		*/
+		originalName: t.optional(t.string()),
 		size: t.number(),
 		mimeType: t.string(),
+		/**
+		* Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is
+		* caller's responsibility for now). Use with `FileQuery.tags` to
+		* filter via array-contains.
+		*/
 		tags: t.optional(t.array(t.text())),
+		/**
+		* SHA-256 hex digest of the file content (64 lowercase hex chars).
+		* Computed at upload time by `FileService.calculateChecksum`. Stable
+		* — never recomputed after upload. Use for integrity verification,
+		* content-based dedup, or downstream virus-scan correlation.
+		*/
 		checksum: t.optional(t.string())
 	}),
 	indexes: [

package/dist/api/files/index.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/index.browser.ts"],"sourcesContent":["import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n  name: \"files\",\n  schema: t.object({\n    id: db.primaryKey(t.uuid()),\n    version: db.version(),\n    createdAt: db.createdAt(),\n    updatedAt: db.updatedAt(),\n    organizationId: db.organization(),\n    blobId: t.text(),\n    creator: t.optional(t.uuid()),\n    creatorRealm: t.optional(t.string()),\n    creatorName: t.optional(t.string()),\n    bucket: t.text(),\n    expirationDate: t.optional(t.datetime()),\n    name: t.text(),\n    size: t.number(),\n    mimeType: t.string(),\n    tags: t.optional(t.array(t.text())),\n    checksum: t.optional(t.string()),\n  }),\n  indexes: [\n    \"expirationDate\",\n    \"bucket\",\n    \"creator\",\n    \"createdAt\",\n    \"mimeType\",\n    {\n      columns: [\"bucket\", \"createdAt\"],\n    },\n  ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n  bucket: t.optional(t.string()),\n  tags: t.optional(t.array(t.string())),\n  name: t.optional(t.string()),\n  mimeType: t.optional(t.string()),\n  creator: t.optional(t.uuid()),\n  createdAfter: t.optional(t.datetime()),\n  createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n  files.schema,\n  {},\n  {\n    title: \"FileResource\",\n    description: \"A file resource representing a file stored in the system.\",\n  },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n  bucket: t.string(),\n  totalSize: t.number(),\n  fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n  mimeType: t.string(),\n  fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n  totalSize: t.number(),\n  totalFiles: t.number(),\n  byBucket: t.array(bucketStatsSchema),\n  byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { $module } from \"alepha\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport type * from \"./controllers/AdminFileStatsController.ts\";\nexport type * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./schemas/fileQuerySchema.ts\";\nexport * from \"./schemas/fileResourceSchema.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaApiFiles = $module({\n  name: \"alepha.api.files\",\n  services: [],\n});\n"],"mappings":";;;AAGA,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;EACxC,MAAM,EAAE,MAAM;EACd,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;EACnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;AC7BF,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;ACPD,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;ACNF,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU,EAAE;CACb,CAAC"}
+{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/index.browser.ts"],"sourcesContent":["import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n  name: \"files\",\n  schema: t.object({\n    id: db.primaryKey(t.uuid()),\n    version: db.version(),\n    createdAt: db.createdAt(),\n    updatedAt: db.updatedAt(),\n    organizationId: db.organization(),\n    blobId: t.text(),\n    creator: t.optional(t.uuid()),\n    creatorRealm: t.optional(t.string()),\n    creatorName: t.optional(t.string()),\n    bucket: t.text(),\n    expirationDate: t.optional(t.datetime()),\n    /**\n     * Display name. Mutable via `FileService.updateFile` — can be renamed\n     * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n     * Initialized to the uploader's filename at upload time. Use\n     * `originalName` if you need the as-uploaded filename after a rename.\n     */\n    name: t.text(),\n    /**\n     * Immutable record of the uploader's filename at upload time. Set once\n     * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n     * `FileService.updateFile` never touches it. Useful for download\n     * headers (Content-Disposition), audit trails, and any UI that wants\n     * to show \"originally uploaded as X\" alongside a renamed file.\n     */\n    originalName: t.optional(t.string()),\n    size: t.number(),\n    mimeType: t.string(),\n    /**\n     * Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n     * caller's responsibility for now). Use with `FileQuery.tags` to\n     * filter via array-contains.\n     */\n    tags: t.optional(t.array(t.text())),\n    /**\n     * SHA-256 hex digest of the file content (64 lowercase hex chars).\n     * Computed at upload time by `FileService.calculateChecksum`. Stable\n     * — never recomputed after upload. Use for integrity verification,\n     * content-based dedup, or downstream virus-scan correlation.\n     */\n    checksum: t.optional(t.string()),\n  }),\n  indexes: [\n    \"expirationDate\",\n    \"bucket\",\n    \"creator\",\n    \"createdAt\",\n    \"mimeType\",\n    {\n      columns: [\"bucket\", \"createdAt\"],\n    },\n  ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n  bucket: t.optional(t.string()),\n  tags: t.optional(t.array(t.string())),\n  name: t.optional(t.string()),\n  mimeType: t.optional(t.string()),\n  creator: t.optional(t.uuid()),\n  createdAfter: t.optional(t.datetime()),\n  createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n  files.schema,\n  {},\n  {\n    title: \"FileResource\",\n    description: \"A file resource representing a file stored in the system.\",\n  },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n  bucket: t.string(),\n  totalSize: t.number(),\n  fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n  mimeType: t.string(),\n  fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n  totalSize: t.number(),\n  totalFiles: t.number(),\n  byBucket: t.array(bucketStatsSchema),\n  byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { $module } from \"alepha\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport type * from \"./controllers/AdminFileStatsController.ts\";\nexport type * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./schemas/fileQuerySchema.ts\";\nexport * from \"./schemas/fileResourceSchema.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaApiFiles = $module({\n  name: \"alepha.api.files\",\n  services: [],\n});\n"],"mappings":";;;AAGA,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;;;;;;;EAOxC,MAAM,EAAE,MAAM;;;;;;;;EAQd,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;;;;;;EAMpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;;;;;;;EAOnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;ACtDF,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;ACPD,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;ACNF,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU,EAAE;CACb,CAAC"}

package/dist/api/files/index.d.ts

@@ -25,10 +25,35 @@ declare const files: _$alepha_orm0.EntityPrimitive<_$typebox.TObject<{
   creatorName: _$typebox.TOptional<_$typebox.TString>;
   bucket: _$typebox.TString;
   expirationDate: _$typebox.TOptional<_$typebox.TString>;
+  /**
+   * Display name. Mutable via `FileService.updateFile` — can be renamed
+   * by callers (e.g. an Archive UI letting users rename uploaded blobs).
+   * Initialized to the uploader's filename at upload time. Use
+   * `originalName` if you need the as-uploaded filename after a rename.
+   */
   name: _$typebox.TString;
+  /**
+   * Immutable record of the uploader's filename at upload time. Set once
+   * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;
+   * `FileService.updateFile` never touches it. Useful for download
+   * headers (Content-Disposition), audit trails, and any UI that wants
+   * to show "originally uploaded as X" alongside a renamed file.
+   */
+  originalName: _$typebox.TOptional<_$typebox.TString>;
   size: _$typebox.TNumber;
   mimeType: _$typebox.TString;
+  /**
+   * Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is
+   * caller's responsibility for now). Use with `FileQuery.tags` to
+   * filter via array-contains.
+   */
   tags: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
+  /**
+   * SHA-256 hex digest of the file content (64 lowercase hex chars).
+   * Computed at upload time by `FileService.calculateChecksum`. Stable
+   * — never recomputed after upload. Use for integrity verification,
+   * content-based dedup, or downstream virus-scan correlation.
+   */
   checksum: _$typebox.TOptional<_$typebox.TString>;
 }>>;
 type FileEntity = Static<typeof files.schema>;
@@ -368,6 +393,7 @@ declare const fileResourceSchema: _$typebox.TObject<{
   bucket: _$typebox.TString;
   expirationDate: _$typebox.TOptional<_$typebox.TString>;
   name: _$typebox.TString;
+  originalName: _$typebox.TOptional<_$typebox.TString>;
   size: _$typebox.TNumber;
   mimeType: _$typebox.TString;
   tags: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
@@ -421,6 +447,7 @@ declare class FileService {
     bucket: _$typebox.TString;
     expirationDate: _$typebox.TOptional<_$typebox.TString>;
     name: _$typebox.TString;
+    originalName: _$typebox.TOptional<_$typebox.TString>;
     size: _$typebox.TNumber;
     mimeType: _$typebox.TString;
     tags: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
@@ -584,6 +611,39 @@ declare class AdminFileStatsController {
   }>;
 }
 //#endregion
+//#region ../../src/api/files/providers/FileAccessProvider.d.ts
+/**
+ * Authorization policy for file reads served through `FileController.streamFile`.
+ *
+ * Default: the caller must be the uploader (`file.creator === user.id`). Any
+ * other access path — public buckets, shared attachments, avatars — must be
+ * opted in by overriding this provider in the consuming app:
+ *
+ * ```ts
+ * class MyAccess extends FileAccessProvider {
+ *   async assertReadable(file, user) {
+ *     if (file.bucket === "avatars") return; // public
+ *     if (file.bucket === "campaign-icons") return this.checkCampaignVisible(file, user);
+ *     return super.assertReadable(file, user);
+ *   }
+ * }
+ * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });
+ * ```
+ *
+ * Why this exists: prior to introducing this gate, `streamFile` only required
+ * the framework-wide `file:read` permission. The default `user` role grants
+ * `*`, so every authenticated user could download any file by UUID — turning
+ * the 128-bit id into the sole security boundary across tenants.
+ */
+declare class FileAccessProvider {
+  /**
+   * Throws `ForbiddenError` when `user` may not read `file`. Override to
+   * implement bucket-aware or relationship-aware policies. The default
+   * implementation is strict: only the uploader passes.
+   */
+  assertReadable(file: FileEntity, user: UserAccountToken | undefined): Promise<void>;
+}
+//#endregion
 //#region ../../src/api/files/controllers/FileController.d.ts
 /**
  * REST API controller for file management operations.
@@ -593,6 +653,7 @@ declare class FileController {
   protected readonly url = "/files";
   protected readonly group = "files";
   protected readonly fileService: FileService;
+  protected readonly fileAccess: FileAccessProvider;
   /**
    * GET /files - Lists files with optional filtering and pagination.
    * Supports filtering by bucket and tags.
@@ -623,6 +684,7 @@ declare class FileController {
       bucket: _$typebox.TString;
       expirationDate: _$typebox.TOptional<_$typebox.TString>;
       name: _$typebox.TString;
+      originalName: _$typebox.TOptional<_$typebox.TString>;
       size: _$typebox.TNumber;
       mimeType: _$typebox.TString;
       tags: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
@@ -681,6 +743,7 @@ declare class FileController {
       bucket: _$typebox.TString;
       expirationDate: _$typebox.TOptional<_$typebox.TString>;
       name: _$typebox.TString;
+      originalName: _$typebox.TOptional<_$typebox.TString>;
       size: _$typebox.TNumber;
       mimeType: _$typebox.TString;
       tags: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
@@ -713,6 +776,7 @@ declare class FileController {
       bucket: _$typebox.TString;
       expirationDate: _$typebox.TOptional<_$typebox.TString>;
       name: _$typebox.TString;
+      originalName: _$typebox.TOptional<_$typebox.TString>;
       size: _$typebox.TNumber;
       mimeType: _$typebox.TString;
       tags: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
@@ -722,7 +786,13 @@ declare class FileController {
   /**
    * GET /files/:id - Streams/downloads a file by its ID.
    * Returns the file content with appropriate Content-Type header.
-   * Cached with ETag support for 1 year (immutable).
+   *
+   * Authorization is delegated to `FileAccessProvider.assertReadable`. The
+   * default policy is creator-only — override the provider via DI to widen
+   * access (e.g. avatars, shared attachments). See `FileAccessProvider`.
+   *
+   * Cache-Control is `private` because the per-user authorization decision
+   * cannot be cached by shared proxies/CDNs. Client-side ETag still works.
    */
   readonly streamFile: _$alepha_server0.ActionPrimitiveFn<{
     params: _$typebox.TObject<{
@@ -774,5 +844,5 @@ declare module "alepha/bucket" {
  */
 declare const AlephaApiFiles: _$alepha.Service<_$alepha.Module>;
 //#endregion
-export { AdminFileStatsController, AlephaApiFiles, BucketStats, FileController, FileEntity, FileJobs, FileService, MimeTypeStats, StorageStats, bucketStatsSchema, files, mimeTypeStatsSchema, storageStatsSchema };
+export { AdminFileStatsController, AlephaApiFiles, BucketStats, FileAccessProvider, FileController, FileEntity, FileJobs, FileService, MimeTypeStats, StorageStats, bucketStatsSchema, files, mimeTypeStatsSchema, storageStatsSchema };
 //# sourceMappingURL=index.d.ts.map

package/dist/api/files/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDA8BhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;KAEU,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cC/BhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;AJ1GhC;;;;;;;;;;;;AC/BA;;;;;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;;AL9Ef;;KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;;;;;YAGU,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAuBZ,kBAAA,EAvBY,QAAA,CAuBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;;;;;EAsCE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;EAmBhC,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;;;;AVxQ/C;;EUwSe,WAAA,CAAY,GAAA,aAAgB,OAAA;EVxSZ;;;;;;;;EUoVhB,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;ETnXhD;;;;;ESgYE,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA;;;;;;;;EAoDjC,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cC9alC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;cCDnB,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;WAMd,SAAA,mBAAS,iBAAA;;gCANK,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBd,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;EZlCV;;;;;EAAA,SY8EA,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;EZ9CG;;;;;EAAA,SYiGb,UAAA,mBAAU,iBAAA;;UAzBA,SAAA,CAAA,OAAA;IAAA;;;;;;cCvGf,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCehB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;;AdjCX;;;;IcwCI,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAIzB,QAAA,CAJyB,MAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDAuDhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;AAvDF;;;;;;;;;;;;;;;;;;;;;;KAyDY,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;AJjFhC;;;;;;;;;;;;ACxDA;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;AL9Ef;;;AAAA,KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;APvBF;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAwBZ,kBAAA,EAxBY,QAAA,CAwBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;;;;;EAuCE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;EAmBhC,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;;;;;;EAgChC,WAAA,CAAY,GAAA,aAAgB,OAAA;EVjR/B;;;;;;;;EU6TG,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;;;;ATrX7D;;ESkYe,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA;ET1XxC;;;;;;;ES8aO,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cChblC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXVhC;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;AAAA;;;;;;;cCvBQ,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,mBAAS,iBAAA;;gCANI,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;WA4CV,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;EbvBH;;;;;;;;ACxDzB;;;EDwDyB,SagFP,UAAA,mBAAU,iBAAA;;UA/BA,SAAA,CAAA,OAAA;IAAA;;;;;;cCzGf,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCiBhB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;IfoBT;;;;;IebE,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAUzB,QAAA,CAVyB,MAAA"}

package/dist/api/files/index.js

@@ -2,7 +2,7 @@ import { $hook, $inject, $module, Alepha, t } from "alepha";
 import { $bucket, AlephaBucket, FileNotFoundError } from "alepha/bucket";
 import { $etag, AlephaServerEtag } from "alepha/server/etag";
 import { $secure } from "alepha/security";
-import { $action, NotFoundError, okSchema } from "alepha/server";
+import { $action, ForbiddenError, NotFoundError, okSchema } from "alepha/server";
 import { createHash } from "node:crypto";
 import { DateTimeProvider } from "alepha/datetime";
 import { $logger } from "alepha/logger";
@@ -40,10 +40,35 @@ const files = $entity({
 		creatorName: t.optional(t.string()),
 		bucket: t.text(),
 		expirationDate: t.optional(t.datetime()),
+		/**
+		* Display name. Mutable via `FileService.updateFile` — can be renamed
+		* by callers (e.g. an Archive UI letting users rename uploaded blobs).
+		* Initialized to the uploader's filename at upload time. Use
+		* `originalName` if you need the as-uploaded filename after a rename.
+		*/
 		name: t.text(),
+		/**
+		* Immutable record of the uploader's filename at upload time. Set once
+		* by `FileService.uploadFile` and the `bucket:file:uploaded` hook;
+		* `FileService.updateFile` never touches it. Useful for download
+		* headers (Content-Disposition), audit trails, and any UI that wants
+		* to show "originally uploaded as X" alongside a renamed file.
+		*/
+		originalName: t.optional(t.string()),
 		size: t.number(),
 		mimeType: t.string(),
+		/**
+		* Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is
+		* caller's responsibility for now). Use with `FileQuery.tags` to
+		* filter via array-contains.
+		*/
 		tags: t.optional(t.array(t.text())),
+		/**
+		* SHA-256 hex digest of the file content (64 lowercase hex chars).
+		* Computed at upload time by `FileService.calculateChecksum`. Stable
+		* — never recomputed after upload. Use for integrity verification,
+		* content-based dedup, or downstream virus-scan correlation.
+		*/
 		checksum: t.optional(t.string())
 	}),
 	indexes: [
@@ -72,6 +97,7 @@ var FileService = class {
 				blobId: id,
 				mimeType: file.type,
 				name: file.name,
+				originalName: file.name,
 				size: file.size,
 				creator: options.user?.id,
 				creatorRealm: options.user?.realm,
@@ -189,6 +215,7 @@ var FileService = class {
 			blobId,
 			mimeType: file.type,
 			name: file.name,
+			originalName: file.name,
 			size: file.size,
 			creator: options.user?.id,
 			creatorRealm: options.user?.realm,
@@ -371,6 +398,44 @@ var AdminFileStatsController = class {
 	});
 };
 //#endregion
+//#region ../../src/api/files/providers/FileAccessProvider.ts
+/**
+* Authorization policy for file reads served through `FileController.streamFile`.
+*
+* Default: the caller must be the uploader (`file.creator === user.id`). Any
+* other access path — public buckets, shared attachments, avatars — must be
+* opted in by overriding this provider in the consuming app:
+*
+* ```ts
+* class MyAccess extends FileAccessProvider {
+*   async assertReadable(file, user) {
+*     if (file.bucket === "avatars") return; // public
+*     if (file.bucket === "campaign-icons") return this.checkCampaignVisible(file, user);
+*     return super.assertReadable(file, user);
+*   }
+* }
+* Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });
+* ```
+*
+* Why this exists: prior to introducing this gate, `streamFile` only required
+* the framework-wide `file:read` permission. The default `user` role grants
+* `*`, so every authenticated user could download any file by UUID — turning
+* the 128-bit id into the sole security boundary across tenants.
+*/
+var FileAccessProvider = class {
+	/**
+	* Throws `ForbiddenError` when `user` may not read `file`. Override to
+	* implement bucket-aware or relationship-aware policies. The default
+	* implementation is strict: only the uploader passes.
+	*/
+	async assertReadable(file, user) {
+		if (!user) throw new ForbiddenError("File access requires authentication");
+		if (user.ownership === false) return;
+		if (file.creator && file.creator === user.id) return;
+		throw new ForbiddenError("File access denied");
+	}
+};
+//#endregion
 //#region ../../src/api/files/schemas/fileQuerySchema.ts
 const fileQuerySchema = t.extend(pageQuerySchema, {
 	bucket: t.optional(t.string()),
@@ -397,6 +462,7 @@ var FileController = class {
 	url = "/files";
 	group = "files";
 	fileService = $inject(FileService);
+	fileAccess = $inject(FileAccessProvider);
 	/**
 	* GET /files - Lists files with optional filtering and pagination.
 	* Supports filtering by bucket and tags.
@@ -496,14 +562,20 @@ var FileController = class {
 	/**
 	* GET /files/:id - Streams/downloads a file by its ID.
 	* Returns the file content with appropriate Content-Type header.
-	* Cached with ETag support for 1 year (immutable).
+	*
+	* Authorization is delegated to `FileAccessProvider.assertReadable`. The
+	* default policy is creator-only — override the provider via DI to widen
+	* access (e.g. avatars, shared attachments). See `FileAccessProvider`.
+	*
+	* Cache-Control is `private` because the per-user authorization decision
+	* cannot be cached by shared proxies/CDNs. Client-side ETag still works.
 	*/
 	streamFile = $action({
 		path: `${this.url}/:id`,
 		group: this.group,
 		description: "Download a file",
 		use: [$secure({ permissions: ["file:read"] }), $etag({ control: {
-			public: true,
+			private: true,
 			maxAge: [1, "year"],
 			immutable: true
 		} })],
@@ -511,8 +583,10 @@ var FileController = class {
 			params: t.object({ id: t.uuid() }),
 			response: t.file()
 		},
-		handler: async ({ params }) => {
-			return await this.fileService.streamFile(params.id);
+		handler: async ({ params, user }) => {
+			const file = await this.fileService.getFileById(params.id);
+			await this.fileAccess.assertReadable(file, user);
+			return await this.fileService.streamFile(file.id);
 		}
 	});
 };
@@ -549,11 +623,12 @@ const AlephaApiFiles = $module({
 		FileController,
 		AdminFileStatsController,
 		FileJobs,
-		FileService
+		FileService,
+		FileAccessProvider
 	],
 	imports: [AlephaBucket, AlephaServerEtag]
 });
 //#endregion
-export { AdminFileStatsController, AlephaApiFiles, FileController, FileJobs, FileService, bucketStatsSchema, files, mimeTypeStatsSchema, storageStatsSchema };
+export { AdminFileStatsController, AlephaApiFiles, FileAccessProvider, FileController, FileJobs, FileService, bucketStatsSchema, files, mimeTypeStatsSchema, storageStatsSchema };
 
 //# sourceMappingURL=index.js.map