alepha 0.21.2 → 0.23.0

package/dist/api/files/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDAuDhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;AAvDF;;;;;;;;;;;;;;;;;;;;;;KAyDY,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;AJjFhC;;;;;;;;;;;;ACxDA;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;AL9Ef;;;AAAA,KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;APvBF;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAwBZ,kBAAA,EAxBY,QAAA,CAwBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;;;;;;;EAyCE,UAAA,CAAW,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;EAmB7C,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;;;;;AVnP/C;EUmRe,WAAA,CAAY,GAAA,aAAgB,OAAA;;;;;;;;;EA4C5B,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;;ATvX7D;;;;ESoYe,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA;;;;;;;;EAoDjC,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cClblC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXVhC;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;;;;;;;;;;;;;;;;;;;EAkCG,YAAA,CAAa,IAAA,EAAM,UAAA,GAAa,OAAA;AAAA;;;;;;;cCzD3B,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,mBAAS,iBAAA;;gCANI,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;WA4CV,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;EbvBH;;;;;;;;ACxDzB;;;EDwDyB,SagFP,UAAA,mBAAU,iBAAA;;UA/BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;WAwEV,gBAAA,mBAAgB,iBAAA;;UAzCN,SAAA,CAAA,OAAA;IAAA;;;;;;cCxIf,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCiBhB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;IfoBT;;;;;IebE,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAUzB,QAAA,CAVyB,MAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/schemas/fileCreatorSummarySchema.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;cAGa,KAAA,uBAAK,eAAA,mBAAA,OAAA;;;;;;;;;;;;;;;;AAAlB;;;EAuDE;;;;;;;;;;;;;;;;;;;;;;;;KAEU,UAAA,GAAa,MAAM,QAAQ,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,oBAAe,OAAA;;;;;;;;;;;;KAUhB,SAAA,GAAY,MAAM,QAAQ,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;AJ9BhB;;;;;;IIiDQ,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;IJjDT;AAAA;;IIqD3C,MAAA;;AH7GR;;IGiHQ,IAAA;IHzGN;;;IG6GM,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;AH/HhC;;;;AAAqD;;;;ACGrD;;;;;;;;;;;EE8JE,WAAA,GAAc,KAAA;IFvJP;;;IE2JL,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;IFxJ1B;;;IE4JF,IAAA;IFtKkD;;;IE0KlD,MAAA;IFzKD;;;IE6KC,KAAA,GAAQ,GAAA;EAAA;EFzKN;;;EE+KJ,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,IAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA;EAAA,IAIA,MAAA,IAAU,CAAA;EAAA,IAIV,YAAA,IAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,IAAgB,aAAA,CAAc,CAAA;AAAA;;ADvOpC;;KCmPY,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAS;AAAA,KAE9B,iBAAA;EACV,IAAA;AAAA,IACE,iBAAiB;EACjB,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAW;AAAA;AAAA,UAGI,kBAAA;;;;EAIf,UAAA,EAAY,GAAG;;;;;;EAOf,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;;;;KC5BH,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,oBAAiB,OAAA;;;APZ9B;;;;;;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cCzBjC,kBAAA,oBAAkB,OAAA;sDAe9B,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAM,QAAQ,kBAAA;;;cClB5B,iBAAA,oBAAiB,OAAA;;;;;cAMjB,mBAAA,oBAAmB,OAAA;;;;cAKnB,kBAAA,oBAAkB,OAAA;;;;;;;;;;;;;KAOnB,WAAA,GAAc,MAAM,QAAQ,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAM,QAAQ,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAM,QAAQ,kBAAA;;;cCA5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,0BAAG,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,kBAAA,EAAkB,kBAAA;EAAA,mBAClB,UAAA,EAAU,kBAAA;EAAA,mBACV,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,uBAAc,UAAA,mBAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAepB,kBAAA;;;;QAUkD,IAAA;MAAA;IAAA;EAAA;EAAA,UAKlD,YAAA,mBAAY,aAAA;EAAA,UA0BZ,kBAAA,mBAAkB,aAAA;;;;;;;;;;;;;YAwBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;YAWzC,UAAA,CAAW,IAAA,EAAM,WAAA;;;;;AV7D7B;;;EUwES,MAAA,CAAO,UAAA,YAA+C,eAAA;EVxEtC;;;;AAA0B;;;EU6FpC,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;ETrJ7C;;;;;;ESkNE,gBAAA,IAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;ATtPb;;;;AAAqD;;;;ACGrD;;;;;;YQmTkB,mBAAA,CACd,MAAA,EAAQ,eAAA,EACR,MAAA,UACA,MAAA,QAAc,OAAA,CAAQ,UAAA,IACrB,OAAA,CAAQ,UAAA;ERrTR;;;;;;;;;;EQ6UU,UAAA,CAAW,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,QAAA;ER/Ub;;;;;;;;;;;;EQkWhC,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;ERhWP;;;;;;AACiB;;;EQ8XR,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;EPvYnC;;;;;EOuaG,WAAA,CAAY,GAAA,aAAgB,OAAA;EPtaM;;;;;;;;EOkdlC,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;EP7cvD;;;;;;;;;;;EOgeS,eAAA,IAAmB,OAAA,CAAQ,YAAA;EPreO;;;;;;;EO2gBxC,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cCphBlC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,0BAAY,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXjB9B;;;;;;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;;;;;;;;;;;;;;;;;;;EAkCG,YAAA,CAAa,IAAA,EAAM,UAAA,GAAa,OAAA;AAAA;;;;;;;cCzD3B,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,0BAAS,iBAAA;;;;;;;;;;;;;;0DANI,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,0BAAU,iBAAA;;;;;;;;;;;;;;WAmBV,WAAA,0BAAW,iBAAA;;;;;;;;;;;;AbE7B;WauBkB,UAAA,0BAAU,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA0BV,UAAA,0BAAU,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EX5FmB;;;;;;;;;;;EAAA,SW2H7B,UAAA,0BAAU,iBAAA;;;;;;EXlHtB;;;;;;AACiB;;;;ACTvB;;;;EDQM,SW2JY,gBAAA,0BAAgB,iBAAA;;;;;;;;;cCjLrB,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,6BAAU,kBAAA;AAAA;;;;;;;;;;;;;;cCMf,wBAAA,oBAAwB,OAAA;;;;;;;KAQzB,kBAAA,GAAqB,MAAM,QAAQ,wBAAA;;;;YCMnC,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;IhB2BR;;;IgBtBE,IAAA;IhBjCc;;;IgBsCd,IAAA,GAAO,gBAAgB;;;;;;IAOvB,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,mBAAc,OAAA,kBAAA,MAAA"}

package/dist/api/files/index.js

@@ -6,7 +6,8 @@ import { $action, ForbiddenError, NotFoundError, okSchema } from "alepha/server"
 import { createHash } from "node:crypto";
 import { DateTimeProvider } from "alepha/datetime";
 import { $logger } from "alepha/logger";
-import { $entity, $repository, db, pageQuerySchema } from "alepha/orm";
+import { $entity, $repository, RepositoryProvider, db, pageQuerySchema } from "alepha/orm";
+import { FileSystemProvider } from "alepha/system";
 import { $scheduler } from "alepha/scheduler";
 //#region ../../src/api/files/schemas/storageStatsSchema.ts
 const bucketStatsSchema = t.object({
@@ -86,14 +87,37 @@ var FileService = class {
 	alepha = $inject(Alepha);
 	log = $logger();
 	dateTimeProvider = $inject(DateTimeProvider);
+	repositoryProvider = $inject(RepositoryProvider);
+	fileSystem = $inject(FileSystemProvider);
 	defaultBucket = $bucket({ name: "default" });
 	fileRepository = $repository(files);
+	/**
+	* Best-effort left join embedding the uploader on every file row, so the
+	* admin UI can render `user.email` instead of the bare `creator` UUID.
+	* Joins `files.creator` → `users.id`. Only applied when the `users` table is
+	* actually registered in the app (see `findFiles`) — the files module stays
+	* usable standalone, without `alepha/api/users`. Targets the default `users`
+	* table, so creators in non-default realms come back unmatched (`user`
+	* undefined), which the UI handles by falling back to `creatorName`.
+	*
+	* The `users` entity is resolved from the repository registry at runtime
+	* rather than imported: the users module already depends on the files module
+	* (avatars), so a compile-time import here would form a circular dependency.
+	*/
+	resolveCreatorJoin() {
+		const usersEntity = this.repositoryProvider.getRepositories().find((repo) => repo.entity.name === "users")?.entity;
+		if (!usersEntity) return;
+		return { user: {
+			join: usersEntity,
+			on: ["creator", usersEntity.cols.id]
+		} };
+	}
 	onUploadFile = $hook({
 		on: "bucket:file:uploaded",
 		handler: async ({ file, bucket, options, id }) => {
 			if (options.persist === false) return;
 			const checksum = await this.calculateChecksum(file);
-			await this.fileRepository.create({
+			await this.persistBlobMetadata(bucket, id, () => this.fileRepository.create({
 				blobId: id,
 				mimeType: file.type,
 				name: file.name,
@@ -104,7 +128,7 @@ var FileService = class {
 				expirationDate: this.getExpirationDate(options.ttl),
 				bucket: bucket.name,
 				checksum
-			});
+			}));
 		}
 	});
 	onDeleteBucketFile = $hook({
@@ -119,15 +143,27 @@ var FileService = class {
 	/**
 	* Calculates SHA-256 checksum of a file.
 	*
+	* Reads the whole file into memory. Callers that already hold the bytes
+	* should use {@link hashBuffer} instead to avoid re-reading — re-reading a
+	* one-shot stream either yields the wrong hash or drains a stream another
+	* step still needs.
+	*
 	* @param file - The file to calculate checksum for
 	* @returns Hexadecimal string representation of the SHA-256 hash
 	* @protected
 	*/
 	async calculateChecksum(file) {
-		const buffer = await file.arrayBuffer();
-		const hash = createHash("sha256");
-		hash.update(Buffer.from(buffer));
-		return hash.digest("hex");
+		return this.hashBuffer(await file.arrayBuffer());
+	}
+	/**
+	* Calculates the SHA-256 checksum of an already-read body.
+	*
+	* @param data - The file bytes
+	* @returns Hexadecimal string representation of the SHA-256 hash
+	* @protected
+	*/
+	hashBuffer(data) {
+		return createHash("sha256").update(Buffer.from(data)).digest("hex");
 	}
 	/**
 	* Gets a bucket primitive by name.
@@ -162,7 +198,11 @@ var FileService = class {
 		};
 		else if (q.createdAfter) where.createdAt = { gte: q.createdAfter };
 		else if (q.createdBefore) where.createdAt = { lte: q.createdBefore };
-		return await this.fileRepository.paginate(q, { where }, { count: true }).then((page) => {
+		const withCreator = this.resolveCreatorJoin();
+		return await this.fileRepository.paginate(q, {
+			where,
+			...withCreator ? { with: withCreator } : {}
+		}, { count: true }).then((page) => {
 			return {
 				...page,
 				content: page.content.map((it) => this.entityToResource(it))
@@ -206,12 +246,18 @@ var FileService = class {
 	*/
 	async uploadFile(file, options = {}) {
 		const bucket = this.bucket(options.bucket);
-		const checksum = await this.calculateChecksum(file);
+		const data = await file.arrayBuffer();
+		const checksum = this.hashBuffer(data);
+		file = this.fileSystem.createFile({
+			arrayBuffer: data,
+			name: file.name,
+			type: file.type
+		});
 		const blobId = await bucket.upload(file, { persist: false });
 		let expirationDate;
 		if (options.expirationDate) expirationDate = this.dateTimeProvider.of(options.expirationDate).toISOString();
 		else if (bucket.options.ttl) expirationDate = this.getExpirationDate(bucket.options.ttl);
-		return await this.fileRepository.create({
+		return await this.persistBlobMetadata(bucket, blobId, () => this.fileRepository.create({
 			blobId,
 			mimeType: file.type,
 			name: file.name,
@@ -224,7 +270,35 @@ var FileService = class {
 			bucket: bucket.name,
 			tags: options.tags,
 			checksum
-		});
+		}));
+	}
+	/**
+	* Persists the metadata row for an already-uploaded blob, deleting the
+	* blob if the insert fails. Uploads are not atomic: the blob is written to
+	* storage first (the row needs the returned `blobId`), so a failed insert
+	* would otherwise leak the blob — an orphaned blob with no DB row. This
+	* compensates by removing the blob, favouring the recoverable failure
+	* (a missing blob) over the worse one (a row pointing at nothing).
+	*
+	* Best-effort: cleanup runs with `skipHook` so it neither re-emits
+	* `bucket:file:deleted` nor touches the (non-existent) DB row, and a failed
+	* cleanup is logged rather than thrown. The original write error is always
+	* rethrown so callers still see the real failure.
+	*
+	* @param bucket - The bucket the blob was uploaded to
+	* @param blobId - The id returned by `bucket.upload`
+	* @param insert - Thunk performing the metadata insert
+	* @returns The created file entity
+	*/
+	async persistBlobMetadata(bucket, blobId, insert) {
+		try {
+			return await insert();
+		} catch (error) {
+			await bucket.delete(blobId, true).catch((cleanupError) => {
+				this.log.warn(`Failed to remove orphaned blob ${blobId} from bucket ${bucket.name} after a metadata write failure`, cleanupError);
+			});
+			throw error;
+		}
 	}
 	/**
 	* Streams a file from storage by its database ID, or directly from an
@@ -329,39 +403,45 @@ var FileService = class {
 	/**
 	* Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.
 	*
+	* Aggregated in SQL (`SUM`/`COUNT` + `GROUP BY`) rather than by loading
+	* every row into memory — the table can hold millions of files, and this
+	* endpoint must stay O(groups), not O(rows). Totals are derived from the
+	* per-bucket groups (every row has exactly one bucket), so no extra query
+	* is needed.
+	*
 	* @returns Storage statistics with aggregated data
 	*/
 	async getStorageStats() {
-		const allFiles = await this.fileRepository.findMany({});
-		const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);
-		const totalFiles = allFiles.length;
-		const bucketMap = /* @__PURE__ */ new Map();
-		for (const file of allFiles) {
-			const existing = bucketMap.get(file.bucket) || {
-				totalSize: 0,
-				fileCount: 0
-			};
-			existing.totalSize += file.size;
-			existing.fileCount += 1;
-			bucketMap.set(file.bucket, existing);
-		}
-		const mimeTypeMap = /* @__PURE__ */ new Map();
-		for (const file of allFiles) {
-			const existing = mimeTypeMap.get(file.mimeType) || 0;
-			mimeTypeMap.set(file.mimeType, existing + 1);
-		}
+		const [byBucketRows, byMimeTypeRows] = await Promise.all([this.fileRepository.aggregate({
+			select: {
+				bucket: true,
+				size: {
+					sum: true,
+					count: true
+				}
+			},
+			groupBy: ["bucket"]
+		}), this.fileRepository.aggregate({
+			select: {
+				mimeType: true,
+				size: { count: true }
+			},
+			groupBy: ["mimeType"]
+		})]);
+		const byBucket = byBucketRows.map((row) => ({
+			bucket: row.bucket,
+			totalSize: row.size.sum,
+			fileCount: row.size.count
+		}));
+		const byMimeType = byMimeTypeRows.map((row) => ({
+			mimeType: row.mimeType,
+			fileCount: row.size.count
+		}));
 		return {
-			totalSize,
-			totalFiles,
-			byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({
-				bucket,
-				totalSize: stats.totalSize,
-				fileCount: stats.fileCount
-			})),
-			byMimeType: Array.from(mimeTypeMap.entries()).map(([mimeType, fileCount]) => ({
-				mimeType,
-				fileCount
-			}))
+			totalSize: byBucket.reduce((sum, b) => sum + b.totalSize, 0),
+			totalFiles: byBucket.reduce((sum, b) => sum + b.fileCount, 0),
+			byBucket,
+			byMimeType
 		};
 	}
 	/**
@@ -470,8 +550,38 @@ const fileQuerySchema = t.extend(pageQuerySchema, {
 	createdBefore: t.optional(t.datetime())
 });
 //#endregion
+//#region ../../src/api/files/schemas/fileCreatorSummarySchema.ts
+/**
+* Slim view of a file's uploader, embedded by the admin listing via a
+* best-effort left join (`files.creator` → `users.id`) so the UI can render
+* a human-readable identifier instead of a bare UUID.
+*
+* Optional end-to-end: the join only runs when the `users` entity is
+* registered in the running app (see `FileService.findFiles`), and even then
+* a file whose creator was deleted — or who lives in a non-default realm —
+* comes back with `user` undefined. Callers must fall back to `creatorName`
+* or the raw `creator` id.
+*/
+const fileCreatorSummarySchema = t.object({
+	id: t.uuid(),
+	email: t.optional(t.string({ format: "email" })),
+	username: t.optional(t.shortText({
+		minLength: 3,
+		maxLength: 30
+	})),
+	firstName: t.optional(t.string()),
+	lastName: t.optional(t.string())
+});
+//#endregion
 //#region ../../src/api/files/schemas/fileResourceSchema.ts
-const fileResourceSchema = t.extend(files.schema, {}, {
+const fileResourceSchema = t.extend(files.schema, { 
+/**
+* Uploader summary, embedded by the admin listing via a best-effort
+* left join. Optional — see `fileCreatorSummarySchema`. Distinct from
+* the denormalized `creatorName`, which is set only on direct uploads
+* and never carries an email.
+*/
+user: t.optional(fileCreatorSummarySchema) }, {
 	title: "FileResource",
 	description: "A file resource representing a file stored in the system."
 });
@@ -685,6 +795,6 @@ const AlephaApiFiles = $module({
 	imports: [AlephaBucket, AlephaServerEtag]
 });
 //#endregion
-export { AdminFileStatsController, AlephaApiFiles, FileAccessProvider, FileController, FileJobs, FileService, bucketStatsSchema, files, mimeTypeStatsSchema, storageStatsSchema };
+export { AdminFileStatsController, AlephaApiFiles, FileAccessProvider, FileController, FileJobs, FileService, bucketStatsSchema, fileCreatorSummarySchema, fileQuerySchema, fileResourceSchema, files, mimeTypeStatsSchema, storageStatsSchema };
 
 //# sourceMappingURL=index.js.map

package/dist/api/files/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/entities/files.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n  bucket: t.string(),\n  totalSize: t.number(),\n  fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n  mimeType: t.string(),\n  fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n  totalSize: t.number(),\n  totalFiles: t.number(),\n  byBucket: t.array(bucketStatsSchema),\n  byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n  name: \"files\",\n  schema: t.object({\n    id: db.primaryKey(t.uuid()),\n    version: db.version(),\n    createdAt: db.createdAt(),\n    updatedAt: db.updatedAt(),\n    organizationId: db.organization(),\n    blobId: t.text(),\n    creator: t.optional(t.uuid()),\n    creatorRealm: t.optional(t.string()),\n    creatorName: t.optional(t.string()),\n    bucket: t.text(),\n    expirationDate: t.optional(t.datetime()),\n    /**\n     * Display name. Mutable via `FileService.updateFile` — can be renamed\n     * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n     * Initialized to the uploader's filename at upload time. Use\n     * `originalName` if you need the as-uploaded filename after a rename.\n     */\n    name: t.text(),\n    /**\n     * Immutable record of the uploader's filename at upload time. Set once\n     * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n     * `FileService.updateFile` never touches it. Useful for download\n     * headers (Content-Disposition), audit trails, and any UI that wants\n     * to show \"originally uploaded as X\" alongside a renamed file.\n     */\n    originalName: t.optional(t.string()),\n    size: t.number(),\n    mimeType: t.string(),\n    /**\n     * Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n     * caller's responsibility for now). Use with `FileQuery.tags` to\n     * filter via array-contains.\n     */\n    tags: t.optional(t.array(t.text())),\n    /**\n     * SHA-256 hex digest of the file content (64 lowercase hex chars).\n     * Computed at upload time by `FileService.calculateChecksum`. Stable\n     * — never recomputed after upload. Use for integrity verification,\n     * content-based dedup, or downstream virus-scan correlation.\n     */\n    checksum: t.optional(t.string()),\n  }),\n  indexes: [\n    \"expirationDate\",\n    \"bucket\",\n    \"creator\",\n    \"createdAt\",\n    \"mimeType\",\n    {\n      columns: [\"bucket\", \"createdAt\"],\n    },\n  ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import { createHash } from \"node:crypto\";\nimport { $hook, $inject, Alepha, type FileLike } from \"alepha\";\nimport {\n  $bucket,\n  type BucketPrimitive,\n  FileNotFoundError,\n} from \"alepha/bucket\";\nimport {\n  type DateTime,\n  DateTimeProvider,\n  type DurationLike,\n} from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { $repository, type Page } from \"alepha/orm\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport type { Ok } from \"alepha/server\";\nimport { NotFoundError } from \"alepha/server\";\nimport { type FileEntity, files } from \"../entities/files.ts\";\nimport type { FileQuery } from \"../schemas/fileQuerySchema.ts\";\nimport type { FileResource } from \"../schemas/fileResourceSchema.ts\";\nimport type { StorageStats } from \"../schemas/storageStatsSchema.ts\";\n\nexport class FileService {\n  protected readonly alepha = $inject(Alepha);\n  protected readonly log = $logger();\n  protected readonly dateTimeProvider = $inject(DateTimeProvider);\n  protected readonly defaultBucket = $bucket({ name: \"default\" });\n  public readonly fileRepository = $repository(files);\n\n  protected onUploadFile = $hook({\n    on: \"bucket:file:uploaded\",\n    handler: async ({ file, bucket, options, id }) => {\n      if (options.persist === false) {\n        return;\n      }\n\n      const checksum = await this.calculateChecksum(file);\n\n      await this.fileRepository.create({\n        blobId: id,\n        mimeType: file.type,\n        name: file.name,\n        originalName: file.name,\n        size: file.size,\n        creator: options.user?.id,\n        creatorRealm: options.user?.realm,\n        expirationDate: this.getExpirationDate(options.ttl),\n        bucket: bucket.name,\n        checksum,\n      });\n    },\n  });\n\n  protected onDeleteBucketFile = $hook({\n    on: \"bucket:file:deleted\",\n    handler: async ({ bucket, id }) => {\n      await this.fileRepository.deleteMany({\n        blobId: { eq: id },\n        bucket: { eq: bucket.name },\n      });\n    },\n  });\n\n  // -------------------------------------------------------------------------------------------------------------------\n\n  /**\n   * Calculates SHA-256 checksum of a file.\n   *\n   * @param file - The file to calculate checksum for\n   * @returns Hexadecimal string representation of the SHA-256 hash\n   * @protected\n   */\n  protected async calculateChecksum(file: FileLike): Promise<string> {\n    const buffer = await file.arrayBuffer();\n    const hash = createHash(\"sha256\");\n    hash.update(Buffer.from(buffer));\n    return hash.digest(\"hex\");\n  }\n\n  /**\n   * Gets a bucket primitive by name.\n   *\n   * @param bucketName - The name of the bucket to retrieve (defaults to \"default\")\n   * @returns The bucket primitive\n   * @throws {NotFoundError} If the bucket is not found\n   */\n  public bucket(bucketName: string = this.defaultBucket.name): BucketPrimitive {\n    const bucket = this.alepha\n      .primitives($bucket)\n      .find((it) => it.name === bucketName);\n\n    if (!bucket) {\n      throw new NotFoundError(`Bucket '${bucketName}' not found.`);\n    }\n\n    return bucket;\n  }\n\n  // -------------------------------------------------------------------------------------------------------------------\n\n  /**\n   * Finds files matching the given query criteria with pagination support.\n   * Supports filtering by bucket, tags, name, mimeType, creator, and date range.\n   *\n   * @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting\n   * @returns Paginated list of file entities\n   */\n  public async findFiles(q: FileQuery = {}): Promise<Page<FileEntity>> {\n    q.sort ??= \"-createdAt\";\n\n    const where = this.fileRepository.createQueryWhere();\n\n    if (q.bucket) {\n      where.bucket = { eq: q.bucket };\n    }\n\n    if (q.tags) {\n      where.tags = { arrayContains: q.tags };\n    }\n\n    if (q.name) {\n      where.name = { ilike: `%${q.name}%` };\n    }\n\n    if (q.mimeType) {\n      where.mimeType = { eq: q.mimeType };\n    }\n\n    if (q.creator) {\n      where.creator = { eq: q.creator };\n    }\n\n    if (q.createdAfter && q.createdBefore) {\n      where.createdAt = {\n        gte: q.createdAfter,\n        lte: q.createdBefore,\n      };\n    } else if (q.createdAfter) {\n      where.createdAt = { gte: q.createdAfter };\n    } else if (q.createdBefore) {\n      where.createdAt = { lte: q.createdBefore };\n    }\n\n    return await this.fileRepository\n      .paginate(q, { where }, { count: true })\n      .then((page) => {\n        return {\n          ...page,\n          content: page.content.map((it) => this.entityToResource(it)),\n        };\n      });\n  }\n\n  /**\n   * Finds files that have expired based on their expiration date.\n   * Limited to 1000 files per call to prevent memory issues.\n   *\n   * @returns Array of expired file entities\n   */\n  public async findExpiredFiles(): Promise<FileEntity[]> {\n    return await this.fileRepository.findMany({\n      limit: 1000,\n      where: {\n        expirationDate: { lte: this.dateTimeProvider.nowISOString() },\n      },\n    });\n  }\n\n  /**\n   * Calculates an expiration date based on a TTL (time to live) duration.\n   *\n   * @param ttl - Duration like \"1 day\", \"2 hours\", etc.\n   * @returns DateTime representation of the expiration date, or undefined if no TTL provided\n   * @protected\n   */\n  protected getExpirationDate(ttl?: DurationLike): string | undefined {\n    return ttl\n      ? this.dateTimeProvider\n          .now()\n          .add(this.dateTimeProvider.duration(ttl))\n          .toISOString()\n      : undefined;\n  }\n\n  /**\n   * Uploads a file to a bucket and creates a database record with metadata.\n   * Automatically calculates and stores the file checksum (SHA-256).\n   *\n   * @param file - The file to upload\n   * @param options - Upload options including bucket, expiration, user, and tags\n   * @param options.bucket - Target bucket name (defaults to \"default\")\n   * @param options.expirationDate - When the file should expire\n   * @param options.user - User performing the upload (for audit trail)\n   * @param options.tags - Tags to associate with the file\n   * @returns The created file entity with all metadata\n   * @throws {NotFoundError} If the specified bucket doesn't exist\n   */\n  public async uploadFile(\n    file: FileLike,\n    options: {\n      expirationDate?: string | DateTime;\n      bucket?: string;\n      user?: UserAccountToken;\n      tags?: string[];\n    } = {},\n  ): Promise<FileEntity> {\n    const bucket = this.bucket(options.bucket);\n\n    const checksum = await this.calculateChecksum(file);\n    const blobId = await bucket.upload(file, { persist: false });\n\n    let expirationDate: string | undefined;\n    if (options.expirationDate) {\n      expirationDate = this.dateTimeProvider\n        .of(options.expirationDate)\n        .toISOString();\n    } else if (bucket.options.ttl) {\n      expirationDate = this.getExpirationDate(bucket.options.ttl);\n    }\n\n    return await this.fileRepository.create({\n      blobId: blobId,\n      mimeType: file.type,\n      name: file.name,\n      originalName: file.name,\n      size: file.size,\n      creator: options.user?.id,\n      creatorRealm: options.user?.realm,\n      creatorName: options.user?.name,\n      expirationDate,\n      bucket: bucket.name,\n      tags: options.tags,\n      checksum,\n    });\n  }\n\n  /**\n   * Streams a file from storage by its database ID, or directly from an\n   * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the\n   * caller has already fetched the row (e.g. after an access check).\n   *\n   * @param id - The database ID (UUID) of the file, or the entity itself\n   * @returns The file object ready for streaming/downloading\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   * @throws {FileNotFoundError} If the file exists in database but not in storage\n   */\n  public async streamFile(id: string | FileEntity): Promise<FileLike> {\n    const entity = await this.getFileById(id);\n    const bucket = this.bucket(entity.bucket);\n\n    return await bucket.download(entity.blobId);\n  }\n\n  /**\n   * Updates file metadata (name, tags, expiration date).\n   * Does not modify the actual file content in storage.\n   *\n   * @param id - The database ID (UUID) of the file to update\n   * @param data - Partial file data to update\n   * @param data.name - New file name\n   * @param data.tags - New tags array\n   * @param data.expirationDate - New expiration date\n   * @returns The updated file entity\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   */\n  public async updateFile(\n    id: string,\n    data: {\n      name?: string;\n      tags?: string[];\n      expirationDate?: DateTime | string;\n    },\n  ): Promise<FileEntity> {\n    const file = await this.getFileById(id);\n\n    const updateData: Partial<FileEntity> = {};\n\n    if (data.name !== undefined) {\n      updateData.name = data.name;\n    }\n\n    if (data.tags !== undefined) {\n      updateData.tags = data.tags;\n    }\n\n    if (data.expirationDate !== undefined) {\n      updateData.expirationDate = this.dateTimeProvider\n        .of(data.expirationDate)\n        .toISOString();\n    }\n\n    return await this.fileRepository.updateById(file.id, updateData);\n  }\n\n  /**\n   * Deletes a file from both storage and database.\n   * Handles cases where file is already deleted from storage gracefully.\n   * Always ensures database record is removed even if storage deletion fails.\n   *\n   * @param id - The database ID (UUID) of the file to delete\n   * @returns Success response with the deleted file ID\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   */\n  public async deleteFile(id: string): Promise<Ok> {\n    const file = await this.getFileById(id);\n    const bucket = this.bucket(file.bucket);\n\n    // Always delete the database record\n    await this.fileRepository.deleteById(file.id);\n\n    try {\n      await bucket.delete(file.blobId, true);\n    } catch (e) {\n      if (e instanceof FileNotFoundError) {\n        // File is already deleted in the bucket, this is okay\n        this.log.debug(\n          `File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`,\n        );\n      } else {\n        // Other errors (permission, network, etc.) - log but continue to clean up database\n        this.log.warn(\n          `Failed to delete file ${file.blobId} from bucket ${bucket.name}`,\n          e,\n        );\n      }\n    }\n\n    return { ok: true, id: String(file.id) };\n  }\n\n  /**\n   * Delete many files in one round-trip per bucket. The database rows are\n   * removed in a single `deleteMany`, and each affected bucket gets a single\n   * `bucket.deleteMany` call (R2/S3 batch where supported).\n   */\n  public async deleteFiles(ids: string[]): Promise<string[]> {\n    if (ids.length === 0) return [];\n\n    const files = await this.fileRepository.findMany({\n      where: { id: { inArray: ids } },\n      columns: [\"id\", \"bucket\", \"blobId\"],\n    });\n    if (files.length === 0) return [];\n\n    const dbDeleted = await this.fileRepository.deleteMany({\n      id: { inArray: files.map((f) => f.id) },\n    });\n\n    const blobsByBucket = new Map<string, string[]>();\n    for (const f of files) {\n      const list = blobsByBucket.get(f.bucket) ?? [];\n      list.push(f.blobId);\n      blobsByBucket.set(f.bucket, list);\n    }\n\n    for (const [bucketName, blobIds] of blobsByBucket) {\n      try {\n        await this.bucket(bucketName).deleteMany(blobIds, true);\n      } catch (e) {\n        // DB rows already gone — log and continue. Orphaned blobs are\n        // recoverable; orphaned DB rows would be worse.\n        this.log.warn(\n          `Failed to bulk-delete ${blobIds.length} files from bucket ${bucketName}`,\n          e,\n        );\n      }\n    }\n\n    return dbDeleted.map(String);\n  }\n\n  /**\n   * Retrieves a file entity by its ID.\n   * If already an entity object, returns it as-is (convenience method).\n   *\n   * @param id - Either a UUID string or an existing FileEntity object\n   * @returns The file entity\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   */\n  public async getFileById(id: string | FileEntity): Promise<FileEntity> {\n    if (typeof id === \"object\") {\n      return id;\n    }\n\n    return await this.fileRepository.getById(id);\n  }\n\n  /**\n   * Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.\n   *\n   * @returns Storage statistics with aggregated data\n   */\n  public async getStorageStats(): Promise<StorageStats> {\n    const allFiles = await this.fileRepository.findMany({});\n\n    const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);\n    const totalFiles = allFiles.length;\n\n    // Group by bucket\n    const bucketMap = new Map<\n      string,\n      { totalSize: number; fileCount: number }\n    >();\n    for (const file of allFiles) {\n      const existing = bucketMap.get(file.bucket) || {\n        totalSize: 0,\n        fileCount: 0,\n      };\n      existing.totalSize += file.size;\n      existing.fileCount += 1;\n      bucketMap.set(file.bucket, existing);\n    }\n\n    // Group by MIME type\n    const mimeTypeMap = new Map<string, number>();\n    for (const file of allFiles) {\n      const existing = mimeTypeMap.get(file.mimeType) || 0;\n      mimeTypeMap.set(file.mimeType, existing + 1);\n    }\n\n    return {\n      totalSize,\n      totalFiles,\n      byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({\n        bucket,\n        totalSize: stats.totalSize,\n        fileCount: stats.fileCount,\n      })),\n      byMimeType: Array.from(mimeTypeMap.entries()).map(\n        ([mimeType, fileCount]) => ({\n          mimeType,\n          fileCount,\n        }),\n      ),\n    };\n  }\n\n  /**\n   * Converts a file entity to a file resource (API response format).\n   * Currently a pass-through, but allows for future transformation logic.\n   *\n   * @param entity - The file entity to convert\n   * @returns The file resource for API responses\n   */\n  public entityToResource(entity: FileEntity): FileResource {\n    return entity;\n  }\n}\n","import { $inject } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action } from \"alepha/server\";\nimport { storageStatsSchema } from \"../schemas/storageStatsSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for storage analytics and statistics.\n * Provides endpoints for viewing storage usage metrics.\n */\nexport class AdminFileStatsController {\n  protected readonly url = \"/files/stats\";\n  protected readonly group = \"admin:files\";\n  protected readonly fileService = $inject(FileService);\n\n  /**\n   * GET /files/stats - Gets storage statistics.\n   * Returns aggregated data including total size, file count,\n   * and breakdowns by bucket and MIME type.\n   */\n  public readonly getFileStats = $action({\n    path: this.url,\n    group: this.group,\n    use: [$secure({ permissions: [\"admin:file:read\"] })],\n    description: \"Get storage statistics\",\n    schema: {\n      response: storageStatsSchema,\n    },\n    handler: () => this.fileService.getStorageStats(),\n  });\n}\n","import type { UserAccountToken } from \"alepha/security\";\nimport { ForbiddenError, NotFoundError } from \"alepha/server\";\nimport type { FileEntity } from \"../entities/files.ts\";\n\n/**\n * Authorization policy for file reads served through `FileController.streamFile`.\n *\n * Default: the caller must be the uploader (`file.creator === user.id`). Any\n * other access path — public buckets, shared attachments, avatars — must be\n * opted in by overriding this provider in the consuming app:\n *\n * ```ts\n * class MyAccess extends FileAccessProvider {\n *   async assertReadable(file, user) {\n *     if (file.bucket === \"avatars\") return; // public\n *     if (file.bucket === \"campaign-icons\") return this.checkCampaignVisible(file, user);\n *     return super.assertReadable(file, user);\n *   }\n * }\n * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });\n * ```\n *\n * Why this exists: prior to introducing this gate, `streamFile` only required\n * the framework-wide `file:read` permission. The default `user` role grants\n * `*`, so every authenticated user could download any file by UUID — turning\n * the 128-bit id into the sole security boundary across tenants.\n */\nexport class FileAccessProvider {\n  /**\n   * Throws `ForbiddenError` when `user` may not read `file`. Override to\n   * implement bucket-aware or relationship-aware policies. The default\n   * implementation is strict: only the uploader passes.\n   */\n  async assertReadable(\n    file: FileEntity,\n    user: UserAccountToken | undefined,\n  ): Promise<void> {\n    if (!user) {\n      throw new ForbiddenError(\"File access requires authentication\");\n    }\n    // Privileged identities (admin without narrow ownership scope) bypass\n    // the per-file check — they need to be able to read any file via the\n    // admin UI/inspector regardless of who uploaded it.\n    if (user.ownership === false) {\n      return;\n    }\n    if (file.creator && file.creator === user.id) {\n      return;\n    }\n    throw new ForbiddenError(\"File access denied\");\n  }\n\n  /**\n   * Throws when `file` may not be served through the anonymous\n   * `/public/files/:id` route. The default is deny-all: nothing is public\n   * unless this method is overridden. Throws `NotFoundError` (not 403) so the\n   * endpoint doesn't leak the existence of private file ids.\n   *\n   * Typical override matches on bucket name:\n   *\n   * ```ts\n   * class MyAccess extends FileAccessProvider {\n   *   async assertPublic(file) {\n   *     if (file.bucket === \"avatars\") return;\n   *     if (file.bucket === \"campaign-icons\") return;\n   *     return super.assertPublic(file);\n   *   }\n   * }\n   * ```\n   */\n  async assertPublic(file: FileEntity): Promise<void> {\n    throw new NotFoundError(`File '${file.id}' not found`);\n  }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n  bucket: t.optional(t.string()),\n  tags: t.optional(t.array(t.string())),\n  name: t.optional(t.string()),\n  mimeType: t.optional(t.string()),\n  creator: t.optional(t.uuid()),\n  createdAfter: t.optional(t.datetime()),\n  createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n  files.schema,\n  {},\n  {\n    title: \"FileResource\",\n    description: \"A file resource representing a file stored in the system.\",\n  },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import { $inject, t } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action, okSchema } from \"alepha/server\";\nimport { $etag } from \"alepha/server/etag\";\nimport { FileAccessProvider } from \"../providers/FileAccessProvider.ts\";\nimport { fileQuerySchema } from \"../schemas/fileQuerySchema.ts\";\nimport { fileResourceSchema } from \"../schemas/fileResourceSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for file management operations.\n * Provides endpoints for uploading, downloading, listing, and deleting files.\n */\nexport class FileController {\n  protected readonly url = \"/files\";\n  protected readonly group = \"files\";\n  protected readonly fileService = $inject(FileService);\n  protected readonly fileAccess = $inject(FileAccessProvider);\n\n  /**\n   * GET /files - Lists files with optional filtering and pagination.\n   * Supports filtering by bucket and tags.\n   */\n  public readonly findFiles = $action({\n    path: this.url,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:read\"] })],\n    description: \"List files with filtering and pagination\",\n    schema: {\n      query: fileQuerySchema,\n      response: t.page(fileResourceSchema),\n    },\n    handler: ({ query }) => this.fileService.findFiles(query),\n  });\n\n  /**\n   * DELETE /files/:id - Deletes a file from both storage and database.\n   * Removes the file from the bucket and cleans up the database record.\n   */\n  public readonly deleteFile = $action({\n    method: \"DELETE\",\n    path: `${this.url}/:id`,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:delete\"] })],\n    description: \"Delete a file\",\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      response: okSchema,\n    },\n    handler: ({ params }) => this.fileService.deleteFile(params.id),\n  });\n\n  /**\n   * POST /files/delete - Delete many files in one request, batching the\n   * underlying bucket calls per bucket (R2/S3 batch where supported).\n   */\n  public readonly deleteFiles = $action({\n    method: \"POST\",\n    path: `${this.url}/delete`,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:delete\"] })],\n    description: \"Delete many files\",\n    schema: {\n      body: t.object({\n        ids: t.array(t.uuid(), { minItems: 1, maxItems: 1000 }),\n      }),\n      response: t.object({\n        deleted: t.array(t.string()),\n      }),\n    },\n    handler: async ({ body }) => {\n      const deleted = await this.fileService.deleteFiles(body.ids);\n      return { deleted };\n    },\n  });\n\n  /**\n   * POST /files - Uploads a new file to storage.\n   * Creates a database record with metadata and calculates checksum.\n   * Optionally specify bucket and expiration date.\n   */\n  public readonly uploadFile = $action({\n    path: this.url,\n    group: this.group,\n    use: [$secure({ permissions: [\"file:create\"] })],\n    description: \"Upload a new file\",\n    schema: {\n      body: t.object({\n        file: t.file(),\n      }),\n      query: t.object({\n        expirationDate: t.optional(t.datetime()),\n        bucket: t.optional(t.string()),\n      }),\n      response: fileResourceSchema,\n    },\n    handler: async ({ body, user, query }) =>\n      this.fileService.uploadFile(body.file, {\n        user,\n        ...query,\n      }),\n  });\n\n  /**\n   * PATCH /files/:id - Updates file metadata.\n   * Allows updating name, tags, and expiration date without modifying file content.\n   */\n  public readonly updateFile = $action({\n    method: \"PATCH\",\n    path: `${this.url}/:id`,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:update\"] })],\n    description: \"Update file metadata\",\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      body: t.object({\n        name: t.optional(t.string()),\n        tags: t.optional(t.array(t.string())),\n        expirationDate: t.optional(t.datetime()),\n      }),\n      response: fileResourceSchema,\n    },\n    handler: ({ params, body }) => this.fileService.updateFile(params.id, body),\n  });\n\n  /**\n   * GET /files/:id - Streams/downloads a file by its ID.\n   * Returns the file content with appropriate Content-Type header.\n   *\n   * Authorization is delegated to `FileAccessProvider.assertReadable`. The\n   * default policy is creator-only — override the provider via DI to widen\n   * access (e.g. avatars, shared attachments). See `FileAccessProvider`.\n   *\n   * Cache-Control is `private` because the per-user authorization decision\n   * cannot be cached by shared proxies/CDNs. Client-side ETag still works.\n   */\n  public readonly streamFile = $action({\n    path: `${this.url}/:id`,\n    group: this.group,\n    description: \"Download a file\",\n    use: [\n      $secure({ permissions: [\"file:read\"] }),\n      $etag({\n        control: {\n          private: true,\n          maxAge: [1, \"year\"],\n          immutable: true,\n        },\n      }),\n    ],\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      response: t.file(),\n    },\n    handler: async ({ params, user }) => {\n      const file = await this.fileService.getFileById(params.id);\n      await this.fileAccess.assertReadable(file, user);\n      return await this.fileService.streamFile(file);\n    },\n  });\n\n  /**\n   * GET /public/files/:id - Anonymous, edge-cacheable download.\n   *\n   * Authorization is delegated to `FileAccessProvider.assertPublic`. The\n   * default policy is deny-all (throws `NotFoundError`), so consuming apps\n   * must override the provider to opt files in — typically by bucket name\n   * (avatars, campaign icons, etc.).\n   *\n   * Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge\n   * cache and any intermediary proxy can serve subsequent hits without\n   * touching the Worker. The split URL prefix (vs `/files/:id`) is what\n   * makes this safe: edge cache is URL-keyed, so public and private files\n   * live in separate cache lanes.\n   */\n  public readonly streamPublicFile = $action({\n    path: \"/public/files/:id\",\n    group: this.group,\n    description: \"Download a public file (anonymous, edge-cacheable)\",\n    use: [\n      $etag({\n        control: {\n          public: true,\n          maxAge: [1, \"year\"],\n          immutable: true,\n        },\n      }),\n    ],\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      response: t.file(),\n    },\n    handler: async ({ params }) => {\n      const file = await this.fileService.getFileById(params.id);\n      await this.fileAccess.assertPublic(file);\n      return await this.fileService.streamFile(file);\n    },\n  });\n}\n","import { $inject } from \"alepha\";\nimport { $scheduler } from \"alepha/scheduler\";\nimport { FileService } from \"../services/FileService.ts\";\n\nexport class FileJobs {\n  protected readonly fileService = $inject(FileService);\n\n  public readonly purgeFiles = $scheduler({\n    name: \"api:files:purgeFiles\",\n    description: \"Purge files that are marked for deletion\",\n    cron: \"0 * * * *\", // Hourly at minute 0\n    handler: async () => {\n      const files = await this.fileService.findExpiredFiles();\n\n      await Promise.all(\n        files.map((file) => this.fileService.deleteFile(file.id)),\n      );\n    },\n  });\n}\n","import { $module } from \"alepha\";\nimport { AlephaBucket } from \"alepha/bucket\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { AlephaServerEtag } from \"alepha/server/etag\";\nimport { AdminFileStatsController } from \"./controllers/AdminFileStatsController.ts\";\nimport { FileController } from \"./controllers/FileController.ts\";\nimport { FileJobs } from \"./jobs/FileJobs.ts\";\nimport { FileAccessProvider } from \"./providers/FileAccessProvider.ts\";\nimport { FileService } from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./controllers/AdminFileStatsController.ts\";\nexport * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./jobs/FileJobs.ts\";\nexport * from \"./providers/FileAccessProvider.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\nexport * from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/bucket\" {\n  interface BucketFileOptions {\n    /**\n     * Time to live for the files in the bucket.\n     */\n    ttl?: DurationLike;\n\n    /**\n     * Tags for the bucket.\n     */\n    tags?: string[];\n\n    /**\n     * User performing the operation.\n     */\n    user?: UserAccountToken;\n\n    /**\n     * Whether to persist the file metadata in the database.\n     *\n     * @default true\n     */\n    persist?: boolean;\n  }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * File management endpoints.\n *\n * **Features:**\n * - Upload/download endpoints\n * - File metadata storage\n * - TTL-based expiration\n * - Storage statistics\n *\n * @module alepha.api.files\n */\nexport const AlephaApiFiles = $module({\n  name: \"alepha.api.files\",\n  services: [\n    FileController,\n    AdminFileStatsController,\n    FileJobs,\n    FileService,\n    FileAccessProvider,\n  ],\n  imports: [AlephaBucket, AlephaServerEtag],\n});\n"],"mappings":";;;;;;;;;;;AAGA,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;AChBF,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;;;;;;;EAOxC,MAAM,EAAE,MAAM;;;;;;;;EAQd,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;;;;;;EAMpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;;;;;;;EAOnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;ACpCF,IAAa,cAAb,MAAyB;CACvB,SAA4B,QAAQ,OAAO;CAC3C,MAAyB,SAAS;CAClC,mBAAsC,QAAQ,iBAAiB;CAC/D,gBAAmC,QAAQ,EAAE,MAAM,WAAW,CAAC;CAC/D,iBAAiC,YAAY,MAAM;CAEnD,eAAyB,MAAM;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,MAAM,QAAQ,SAAS,SAAS;GAChD,IAAI,QAAQ,YAAY,OACtB;GAGF,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;GAEnD,MAAM,KAAK,eAAe,OAAO;IAC/B,QAAQ;IACR,UAAU,KAAK;IACf,MAAM,KAAK;IACX,cAAc,KAAK;IACnB,MAAM,KAAK;IACX,SAAS,QAAQ,MAAM;IACvB,cAAc,QAAQ,MAAM;IAC5B,gBAAgB,KAAK,kBAAkB,QAAQ,IAAI;IACnD,QAAQ,OAAO;IACf;IACD,CAAC;;EAEL,CAAC;CAEF,qBAA+B,MAAM;EACnC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS;GACjC,MAAM,KAAK,eAAe,WAAW;IACnC,QAAQ,EAAE,IAAI,IAAI;IAClB,QAAQ,EAAE,IAAI,OAAO,MAAM;IAC5B,CAAC;;EAEL,CAAC;;;;;;;;CAWF,MAAgB,kBAAkB,MAAiC;EACjE,MAAM,SAAS,MAAM,KAAK,aAAa;EACvC,MAAM,OAAO,WAAW,SAAS;EACjC,KAAK,OAAO,OAAO,KAAK,OAAO,CAAC;EAChC,OAAO,KAAK,OAAO,MAAM;;;;;;;;;CAU3B,OAAc,aAAqB,KAAK,cAAc,MAAuB;EAC3E,MAAM,SAAS,KAAK,OACjB,WAAW,QAAQ,CACnB,MAAM,OAAO,GAAG,SAAS,WAAW;EAEvC,IAAI,CAAC,QACH,MAAM,IAAI,cAAc,WAAW,WAAW,cAAc;EAG9D,OAAO;;;;;;;;;CAYT,MAAa,UAAU,IAAe,EAAE,EAA6B;EACnE,EAAE,SAAS;EAEX,MAAM,QAAQ,KAAK,eAAe,kBAAkB;EAEpD,IAAI,EAAE,QACJ,MAAM,SAAS,EAAE,IAAI,EAAE,QAAQ;EAGjC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,eAAe,EAAE,MAAM;EAGxC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,OAAO,IAAI,EAAE,KAAK,IAAI;EAGvC,IAAI,EAAE,UACJ,MAAM,WAAW,EAAE,IAAI,EAAE,UAAU;EAGrC,IAAI,EAAE,SACJ,MAAM,UAAU,EAAE,IAAI,EAAE,SAAS;EAGnC,IAAI,EAAE,gBAAgB,EAAE,eACtB,MAAM,YAAY;GAChB,KAAK,EAAE;GACP,KAAK,EAAE;GACR;OACI,IAAI,EAAE,cACX,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc;OACpC,IAAI,EAAE,eACX,MAAM,YAAY,EAAE,KAAK,EAAE,eAAe;EAG5C,OAAO,MAAM,KAAK,eACf,SAAS,GAAG,EAAE,OAAO,EAAE,EAAE,OAAO,MAAM,CAAC,CACvC,MAAM,SAAS;GACd,OAAO;IACL,GAAG;IACH,SAAS,KAAK,QAAQ,KAAK,OAAO,KAAK,iBAAiB,GAAG,CAAC;IAC7D;IACD;;;;;;;;CASN,MAAa,mBAA0C;EACrD,OAAO,MAAM,KAAK,eAAe,SAAS;GACxC,OAAO;GACP,OAAO,EACL,gBAAgB,EAAE,KAAK,KAAK,iBAAiB,cAAc,EAAE,EAC9D;GACF,CAAC;;;;;;;;;CAUJ,kBAA4B,KAAwC;EAClE,OAAO,MACH,KAAK,iBACF,KAAK,CACL,IAAI,KAAK,iBAAiB,SAAS,IAAI,CAAC,CACxC,aAAa,GAChB,KAAA;;;;;;;;;;;;;;;CAgBN,MAAa,WACX,MACA,UAKI,EAAE,EACe;EACrB,MAAM,SAAS,KAAK,OAAO,QAAQ,OAAO;EAE1C,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;EACnD,MAAM,SAAS,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO,CAAC;EAE5D,IAAI;EACJ,IAAI,QAAQ,gBACV,iBAAiB,KAAK,iBACnB,GAAG,QAAQ,eAAe,CAC1B,aAAa;OACX,IAAI,OAAO,QAAQ,KACxB,iBAAiB,KAAK,kBAAkB,OAAO,QAAQ,IAAI;EAG7D,OAAO,MAAM,KAAK,eAAe,OAAO;GAC9B;GACR,UAAU,KAAK;GACf,MAAM,KAAK;GACX,cAAc,KAAK;GACnB,MAAM,KAAK;GACX,SAAS,QAAQ,MAAM;GACvB,cAAc,QAAQ,MAAM;GAC5B,aAAa,QAAQ,MAAM;GAC3B;GACA,QAAQ,OAAO;GACf,MAAM,QAAQ;GACd;GACD,CAAC;;;;;;;;;;;;CAaJ,MAAa,WAAW,IAA4C;EAClE,MAAM,SAAS,MAAM,KAAK,YAAY,GAAG;EAGzC,OAAO,MAFQ,KAAK,OAAO,OAAO,OAEf,CAAC,SAAS,OAAO,OAAO;;;;;;;;;;;;;;CAe7C,MAAa,WACX,IACA,MAKqB;EACrB,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EAEvC,MAAM,aAAkC,EAAE;EAE1C,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,mBAAmB,KAAA,GAC1B,WAAW,iBAAiB,KAAK,iBAC9B,GAAG,KAAK,eAAe,CACvB,aAAa;EAGlB,OAAO,MAAM,KAAK,eAAe,WAAW,KAAK,IAAI,WAAW;;;;;;;;;;;CAYlE,MAAa,WAAW,IAAyB;EAC/C,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EACvC,MAAM,SAAS,KAAK,OAAO,KAAK,OAAO;EAGvC,MAAM,KAAK,eAAe,WAAW,KAAK,GAAG;EAE7C,IAAI;GACF,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK;WAC/B,GAAG;GACV,IAAI,aAAa,mBAEf,KAAK,IAAI,MACP,QAAQ,KAAK,OAAO,uBAAuB,OAAO,KAAK,+BACxD;QAGD,KAAK,IAAI,KACP,yBAAyB,KAAK,OAAO,eAAe,OAAO,QAC3D,EACD;;EAIL,OAAO;GAAE,IAAI;GAAM,IAAI,OAAO,KAAK,GAAG;GAAE;;;;;;;CAQ1C,MAAa,YAAY,KAAkC;EACzD,IAAI,IAAI,WAAW,GAAG,OAAO,EAAE;EAE/B,MAAM,QAAQ,MAAM,KAAK,eAAe,SAAS;GAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,KAAK,EAAE;GAC/B,SAAS;IAAC;IAAM;IAAU;IAAS;GACpC,CAAC;EACF,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE;EAEjC,MAAM,YAAY,MAAM,KAAK,eAAe,WAAW,EACrD,IAAI,EAAE,SAAS,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE,EACxC,CAAC;EAEF,MAAM,gCAAgB,IAAI,KAAuB;EACjD,KAAK,MAAM,KAAK,OAAO;GACrB,MAAM,OAAO,cAAc,IAAI,EAAE,OAAO,IAAI,EAAE;GAC9C,KAAK,KAAK,EAAE,OAAO;GACnB,cAAc,IAAI,EAAE,QAAQ,KAAK;;EAGnC,KAAK,MAAM,CAAC,YAAY,YAAY,eAClC,IAAI;GACF,MAAM,KAAK,OAAO,WAAW,CAAC,WAAW,SAAS,KAAK;WAChD,GAAG;GAGV,KAAK,IAAI,KACP,yBAAyB,QAAQ,OAAO,qBAAqB,cAC7D,EACD;;EAIL,OAAO,UAAU,IAAI,OAAO;;;;;;;;;;CAW9B,MAAa,YAAY,IAA8C;EACrE,IAAI,OAAO,OAAO,UAChB,OAAO;EAGT,OAAO,MAAM,KAAK,eAAe,QAAQ,GAAG;;;;;;;CAQ9C,MAAa,kBAAyC;EACpD,MAAM,WAAW,MAAM,KAAK,eAAe,SAAS,EAAE,CAAC;EAEvD,MAAM,YAAY,SAAS,QAAQ,KAAK,SAAS,MAAM,KAAK,MAAM,EAAE;EACpE,MAAM,aAAa,SAAS;EAG5B,MAAM,4BAAY,IAAI,KAGnB;EACH,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,UAAU,IAAI,KAAK,OAAO,IAAI;IAC7C,WAAW;IACX,WAAW;IACZ;GACD,SAAS,aAAa,KAAK;GAC3B,SAAS,aAAa;GACtB,UAAU,IAAI,KAAK,QAAQ,SAAS;;EAItC,MAAM,8BAAc,IAAI,KAAqB;EAC7C,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,YAAY,IAAI,KAAK,SAAS,IAAI;GACnD,YAAY,IAAI,KAAK,UAAU,WAAW,EAAE;;EAG9C,OAAO;GACL;GACA;GACA,UAAU,MAAM,KAAK,UAAU,SAAS,CAAC,CAAC,KAAK,CAAC,QAAQ,YAAY;IAClE;IACA,WAAW,MAAM;IACjB,WAAW,MAAM;IAClB,EAAE;GACH,YAAY,MAAM,KAAK,YAAY,SAAS,CAAC,CAAC,KAC3C,CAAC,UAAU,gBAAgB;IAC1B;IACA;IACD,EACF;GACF;;;;;;;;;CAUH,iBAAwB,QAAkC;EACxD,OAAO;;;;;;;;;ACnbX,IAAa,2BAAb,MAAsC;CACpC,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;;;;;;CAOrD,eAA+B,QAAQ;EACrC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ,EACN,UAAU,oBACX;EACD,eAAe,KAAK,YAAY,iBAAiB;EAClD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;ACFJ,IAAa,qBAAb,MAAgC;;;;;;CAM9B,MAAM,eACJ,MACA,MACe;EACf,IAAI,CAAC,MACH,MAAM,IAAI,eAAe,sCAAsC;EAKjE,IAAI,KAAK,cAAc,OACrB;EAEF,IAAI,KAAK,WAAW,KAAK,YAAY,KAAK,IACxC;EAEF,MAAM,IAAI,eAAe,qBAAqB;;;;;;;;;;;;;;;;;;;;CAqBhD,MAAM,aAAa,MAAiC;EAClD,MAAM,IAAI,cAAc,SAAS,KAAK,GAAG,aAAa;;;;;ACnE1D,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;;;;;ACGD,IAAa,iBAAb,MAA4B;CAC1B,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;CACrD,aAAgC,QAAQ,mBAAmB;;;;;CAM3D,YAA4B,QAAQ;EAClC,MAAM,KAAK;EACX,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ;GACN,OAAO;GACP,UAAU,EAAE,KAAK,mBAAmB;GACrC;EACD,UAAU,EAAE,YAAY,KAAK,YAAY,UAAU,MAAM;EAC1D,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,aAAa,KAAK,YAAY,WAAW,OAAO,GAAG;EAChE,CAAC;;;;;CAMF,cAA8B,QAAQ;EACpC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;IAAE,UAAU;IAAG,UAAU;IAAM,CAAC,EACxD,CAAC;GACF,UAAU,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAC7B,CAAC;GACH;EACD,SAAS,OAAO,EAAE,WAAW;GAE3B,OAAO,EAAE,SAAA,MADa,KAAK,YAAY,YAAY,KAAK,IAAI,EAC1C;;EAErB,CAAC;;;;;;CAOF,aAA6B,QAAQ;EACnC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,EAAE,CAAC,CAAC;EAChD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,MAAM,EAAE,MAAM,EACf,CAAC;GACF,OAAO,EAAE,OAAO;IACd,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC/B,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,MAAM,MAAM,YAC5B,KAAK,YAAY,WAAW,KAAK,MAAM;GACrC;GACA,GAAG;GACJ,CAAC;EACL,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,MAAM,EAAE,OAAO;IACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACzC,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,QAAQ,WAAW,KAAK,YAAY,WAAW,OAAO,IAAI,KAAK;EAC5E,CAAC;;;;;;;;;;;;CAaF,aAA6B,QAAQ;EACnC,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE,CAAC,EACvC,MAAM,EACJ,SAAS;GACP,SAAS;GACT,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,QAAQ,WAAW;GACnC,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,eAAe,MAAM,KAAK;GAChD,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK;;EAEjD,CAAC;;;;;;;;;;;;;;;CAgBF,mBAAmC,QAAQ;EACzC,MAAM;EACN,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,MAAM,EACJ,SAAS;GACP,QAAQ;GACR,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,aAAa;GAC7B,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,aAAa,KAAK;GACxC,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK;;EAEjD,CAAC;;;;ACzMJ,IAAa,WAAb,MAAsB;CACpB,cAAiC,QAAQ,YAAY;CAErD,aAA6B,WAAW;EACtC,MAAM;EACN,aAAa;EACb,MAAM;EACN,SAAS,YAAY;GACnB,MAAM,QAAQ,MAAM,KAAK,YAAY,kBAAkB;GAEvD,MAAM,QAAQ,IACZ,MAAM,KAAK,SAAS,KAAK,YAAY,WAAW,KAAK,GAAG,CAAC,CAC1D;;EAEJ,CAAC;;;;;;;;;;;;;;;AC4CJ,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,SAAS,CAAC,cAAc,iBAAiB;CAC1C,CAAC"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/entities/files.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileCreatorSummarySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n  bucket: t.string(),\n  totalSize: t.number(),\n  fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n  mimeType: t.string(),\n  fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n  totalSize: t.number(),\n  totalFiles: t.number(),\n  byBucket: t.array(bucketStatsSchema),\n  byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n  name: \"files\",\n  schema: t.object({\n    id: db.primaryKey(t.uuid()),\n    version: db.version(),\n    createdAt: db.createdAt(),\n    updatedAt: db.updatedAt(),\n    organizationId: db.organization(),\n    blobId: t.text(),\n    creator: t.optional(t.uuid()),\n    creatorRealm: t.optional(t.string()),\n    creatorName: t.optional(t.string()),\n    bucket: t.text(),\n    expirationDate: t.optional(t.datetime()),\n    /**\n     * Display name. Mutable via `FileService.updateFile` — can be renamed\n     * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n     * Initialized to the uploader's filename at upload time. Use\n     * `originalName` if you need the as-uploaded filename after a rename.\n     */\n    name: t.text(),\n    /**\n     * Immutable record of the uploader's filename at upload time. Set once\n     * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n     * `FileService.updateFile` never touches it. Useful for download\n     * headers (Content-Disposition), audit trails, and any UI that wants\n     * to show \"originally uploaded as X\" alongside a renamed file.\n     */\n    originalName: t.optional(t.string()),\n    size: t.number(),\n    mimeType: t.string(),\n    /**\n     * Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n     * caller's responsibility for now). Use with `FileQuery.tags` to\n     * filter via array-contains.\n     */\n    tags: t.optional(t.array(t.text())),\n    /**\n     * SHA-256 hex digest of the file content (64 lowercase hex chars).\n     * Computed at upload time by `FileService.calculateChecksum`. Stable\n     * — never recomputed after upload. Use for integrity verification,\n     * content-based dedup, or downstream virus-scan correlation.\n     */\n    checksum: t.optional(t.string()),\n  }),\n  indexes: [\n    \"expirationDate\",\n    \"bucket\",\n    \"creator\",\n    \"createdAt\",\n    \"mimeType\",\n    {\n      columns: [\"bucket\", \"createdAt\"],\n    },\n  ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import { createHash } from \"node:crypto\";\nimport { $hook, $inject, Alepha, type FileLike } from \"alepha\";\nimport {\n  $bucket,\n  type BucketPrimitive,\n  FileNotFoundError,\n} from \"alepha/bucket\";\nimport {\n  type DateTime,\n  DateTimeProvider,\n  type DurationLike,\n} from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { $repository, type Page, RepositoryProvider } from \"alepha/orm\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport type { Ok } from \"alepha/server\";\nimport { NotFoundError } from \"alepha/server\";\nimport { FileSystemProvider } from \"alepha/system\";\nimport { type FileEntity, files } from \"../entities/files.ts\";\nimport type { FileQuery } from \"../schemas/fileQuerySchema.ts\";\nimport type { FileResource } from \"../schemas/fileResourceSchema.ts\";\nimport type { StorageStats } from \"../schemas/storageStatsSchema.ts\";\n\nexport class FileService {\n  protected readonly alepha = $inject(Alepha);\n  protected readonly log = $logger();\n  protected readonly dateTimeProvider = $inject(DateTimeProvider);\n  protected readonly repositoryProvider = $inject(RepositoryProvider);\n  protected readonly fileSystem = $inject(FileSystemProvider);\n  protected readonly defaultBucket = $bucket({ name: \"default\" });\n  public readonly fileRepository = $repository(files);\n\n  /**\n   * Best-effort left join embedding the uploader on every file row, so the\n   * admin UI can render `user.email` instead of the bare `creator` UUID.\n   * Joins `files.creator` → `users.id`. Only applied when the `users` table is\n   * actually registered in the app (see `findFiles`) — the files module stays\n   * usable standalone, without `alepha/api/users`. Targets the default `users`\n   * table, so creators in non-default realms come back unmatched (`user`\n   * undefined), which the UI handles by falling back to `creatorName`.\n   *\n   * The `users` entity is resolved from the repository registry at runtime\n   * rather than imported: the users module already depends on the files module\n   * (avatars), so a compile-time import here would form a circular dependency.\n   */\n  protected resolveCreatorJoin() {\n    const usersEntity = this.repositoryProvider\n      .getRepositories()\n      .find((repo) => repo.entity.name === \"users\")?.entity;\n    if (!usersEntity) {\n      return undefined;\n    }\n    return {\n      user: {\n        join: usersEntity,\n        on: [\"creator\", usersEntity.cols.id] as [\"creator\", { name: string }],\n      },\n    };\n  }\n\n  protected onUploadFile = $hook({\n    on: \"bucket:file:uploaded\",\n    handler: async ({ file, bucket, options, id }) => {\n      if (options.persist === false) {\n        return;\n      }\n\n      const checksum = await this.calculateChecksum(file);\n\n      await this.persistBlobMetadata(bucket, id, () =>\n        this.fileRepository.create({\n          blobId: id,\n          mimeType: file.type,\n          name: file.name,\n          originalName: file.name,\n          size: file.size,\n          creator: options.user?.id,\n          creatorRealm: options.user?.realm,\n          expirationDate: this.getExpirationDate(options.ttl),\n          bucket: bucket.name,\n          checksum,\n        }),\n      );\n    },\n  });\n\n  protected onDeleteBucketFile = $hook({\n    on: \"bucket:file:deleted\",\n    handler: async ({ bucket, id }) => {\n      await this.fileRepository.deleteMany({\n        blobId: { eq: id },\n        bucket: { eq: bucket.name },\n      });\n    },\n  });\n\n  // -------------------------------------------------------------------------------------------------------------------\n\n  /**\n   * Calculates SHA-256 checksum of a file.\n   *\n   * Reads the whole file into memory. Callers that already hold the bytes\n   * should use {@link hashBuffer} instead to avoid re-reading — re-reading a\n   * one-shot stream either yields the wrong hash or drains a stream another\n   * step still needs.\n   *\n   * @param file - The file to calculate checksum for\n   * @returns Hexadecimal string representation of the SHA-256 hash\n   * @protected\n   */\n  protected async calculateChecksum(file: FileLike): Promise<string> {\n    return this.hashBuffer(await file.arrayBuffer());\n  }\n\n  /**\n   * Calculates the SHA-256 checksum of an already-read body.\n   *\n   * @param data - The file bytes\n   * @returns Hexadecimal string representation of the SHA-256 hash\n   * @protected\n   */\n  protected hashBuffer(data: ArrayBuffer): string {\n    return createHash(\"sha256\").update(Buffer.from(data)).digest(\"hex\");\n  }\n\n  /**\n   * Gets a bucket primitive by name.\n   *\n   * @param bucketName - The name of the bucket to retrieve (defaults to \"default\")\n   * @returns The bucket primitive\n   * @throws {NotFoundError} If the bucket is not found\n   */\n  public bucket(bucketName: string = this.defaultBucket.name): BucketPrimitive {\n    const bucket = this.alepha\n      .primitives($bucket)\n      .find((it) => it.name === bucketName);\n\n    if (!bucket) {\n      throw new NotFoundError(`Bucket '${bucketName}' not found.`);\n    }\n\n    return bucket;\n  }\n\n  // -------------------------------------------------------------------------------------------------------------------\n\n  /**\n   * Finds files matching the given query criteria with pagination support.\n   * Supports filtering by bucket, tags, name, mimeType, creator, and date range.\n   *\n   * @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting\n   * @returns Paginated list of file entities\n   */\n  public async findFiles(q: FileQuery = {}): Promise<Page<FileEntity>> {\n    q.sort ??= \"-createdAt\";\n\n    const where = this.fileRepository.createQueryWhere();\n\n    if (q.bucket) {\n      where.bucket = { eq: q.bucket };\n    }\n\n    if (q.tags) {\n      where.tags = { arrayContains: q.tags };\n    }\n\n    if (q.name) {\n      where.name = { ilike: `%${q.name}%` };\n    }\n\n    if (q.mimeType) {\n      where.mimeType = { eq: q.mimeType };\n    }\n\n    if (q.creator) {\n      where.creator = { eq: q.creator };\n    }\n\n    if (q.createdAfter && q.createdBefore) {\n      where.createdAt = {\n        gte: q.createdAfter,\n        lte: q.createdBefore,\n      };\n    } else if (q.createdAfter) {\n      where.createdAt = { gte: q.createdAfter };\n    } else if (q.createdBefore) {\n      where.createdAt = { lte: q.createdBefore };\n    }\n\n    // The creator join requires the `users` table. Only opt in when a users\n    // repository is registered (i.e. `alepha/api/users` is loaded) so the\n    // files module — and its standalone tests — keep working without it.\n    const withCreator = this.resolveCreatorJoin();\n\n    return await this.fileRepository\n      .paginate(\n        q,\n        { where, ...(withCreator ? { with: withCreator } : {}) },\n        { count: true },\n      )\n      .then((page) => {\n        return {\n          ...page,\n          content: page.content.map((it) => this.entityToResource(it)),\n        };\n      });\n  }\n\n  /**\n   * Finds files that have expired based on their expiration date.\n   * Limited to 1000 files per call to prevent memory issues.\n   *\n   * @returns Array of expired file entities\n   */\n  public async findExpiredFiles(): Promise<FileEntity[]> {\n    return await this.fileRepository.findMany({\n      limit: 1000,\n      where: {\n        expirationDate: { lte: this.dateTimeProvider.nowISOString() },\n      },\n    });\n  }\n\n  /**\n   * Calculates an expiration date based on a TTL (time to live) duration.\n   *\n   * @param ttl - Duration like \"1 day\", \"2 hours\", etc.\n   * @returns DateTime representation of the expiration date, or undefined if no TTL provided\n   * @protected\n   */\n  protected getExpirationDate(ttl?: DurationLike): string | undefined {\n    return ttl\n      ? this.dateTimeProvider\n          .now()\n          .add(this.dateTimeProvider.duration(ttl))\n          .toISOString()\n      : undefined;\n  }\n\n  /**\n   * Uploads a file to a bucket and creates a database record with metadata.\n   * Automatically calculates and stores the file checksum (SHA-256).\n   *\n   * @param file - The file to upload\n   * @param options - Upload options including bucket, expiration, user, and tags\n   * @param options.bucket - Target bucket name (defaults to \"default\")\n   * @param options.expirationDate - When the file should expire\n   * @param options.user - User performing the upload (for audit trail)\n   * @param options.tags - Tags to associate with the file\n   * @returns The created file entity with all metadata\n   * @throws {NotFoundError} If the specified bucket doesn't exist\n   */\n  public async uploadFile(\n    file: FileLike,\n    options: {\n      expirationDate?: string | DateTime;\n      bucket?: string;\n      user?: UserAccountToken;\n      tags?: string[];\n    } = {},\n  ): Promise<FileEntity> {\n    const bucket = this.bucket(options.bucket);\n\n    // Read the source exactly once. The checksum and the stored bytes are\n    // both derived from this single buffer, so a one-shot stream is never\n    // read twice — the previous code checksummed the file and then let\n    // bucket.upload read it again, which drained the stream and stored an\n    // empty blob. Uploads are size-capped (bucket maxSize / multipart\n    // limits), so buffering here is intentional and bounded.\n    const data = await file.arrayBuffer();\n    const checksum = this.hashBuffer(data);\n    file = this.fileSystem.createFile({\n      arrayBuffer: data,\n      name: file.name,\n      type: file.type,\n    });\n\n    const blobId = await bucket.upload(file, { persist: false });\n\n    let expirationDate: string | undefined;\n    if (options.expirationDate) {\n      expirationDate = this.dateTimeProvider\n        .of(options.expirationDate)\n        .toISOString();\n    } else if (bucket.options.ttl) {\n      expirationDate = this.getExpirationDate(bucket.options.ttl);\n    }\n\n    return await this.persistBlobMetadata(bucket, blobId, () =>\n      this.fileRepository.create({\n        blobId: blobId,\n        mimeType: file.type,\n        name: file.name,\n        originalName: file.name,\n        size: file.size,\n        creator: options.user?.id,\n        creatorRealm: options.user?.realm,\n        creatorName: options.user?.name,\n        expirationDate,\n        bucket: bucket.name,\n        tags: options.tags,\n        checksum,\n      }),\n    );\n  }\n\n  /**\n   * Persists the metadata row for an already-uploaded blob, deleting the\n   * blob if the insert fails. Uploads are not atomic: the blob is written to\n   * storage first (the row needs the returned `blobId`), so a failed insert\n   * would otherwise leak the blob — an orphaned blob with no DB row. This\n   * compensates by removing the blob, favouring the recoverable failure\n   * (a missing blob) over the worse one (a row pointing at nothing).\n   *\n   * Best-effort: cleanup runs with `skipHook` so it neither re-emits\n   * `bucket:file:deleted` nor touches the (non-existent) DB row, and a failed\n   * cleanup is logged rather than thrown. The original write error is always\n   * rethrown so callers still see the real failure.\n   *\n   * @param bucket - The bucket the blob was uploaded to\n   * @param blobId - The id returned by `bucket.upload`\n   * @param insert - Thunk performing the metadata insert\n   * @returns The created file entity\n   */\n  protected async persistBlobMetadata(\n    bucket: BucketPrimitive,\n    blobId: string,\n    insert: () => Promise<FileEntity>,\n  ): Promise<FileEntity> {\n    try {\n      return await insert();\n    } catch (error) {\n      await bucket.delete(blobId, true).catch((cleanupError) => {\n        this.log.warn(\n          `Failed to remove orphaned blob ${blobId} from bucket ${bucket.name} after a metadata write failure`,\n          cleanupError,\n        );\n      });\n      throw error;\n    }\n  }\n\n  /**\n   * Streams a file from storage by its database ID, or directly from an\n   * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the\n   * caller has already fetched the row (e.g. after an access check).\n   *\n   * @param id - The database ID (UUID) of the file, or the entity itself\n   * @returns The file object ready for streaming/downloading\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   * @throws {FileNotFoundError} If the file exists in database but not in storage\n   */\n  public async streamFile(id: string | FileEntity): Promise<FileLike> {\n    const entity = await this.getFileById(id);\n    const bucket = this.bucket(entity.bucket);\n\n    return await bucket.download(entity.blobId);\n  }\n\n  /**\n   * Updates file metadata (name, tags, expiration date).\n   * Does not modify the actual file content in storage.\n   *\n   * @param id - The database ID (UUID) of the file to update\n   * @param data - Partial file data to update\n   * @param data.name - New file name\n   * @param data.tags - New tags array\n   * @param data.expirationDate - New expiration date\n   * @returns The updated file entity\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   */\n  public async updateFile(\n    id: string,\n    data: {\n      name?: string;\n      tags?: string[];\n      expirationDate?: DateTime | string;\n    },\n  ): Promise<FileEntity> {\n    const file = await this.getFileById(id);\n\n    const updateData: Partial<FileEntity> = {};\n\n    if (data.name !== undefined) {\n      updateData.name = data.name;\n    }\n\n    if (data.tags !== undefined) {\n      updateData.tags = data.tags;\n    }\n\n    if (data.expirationDate !== undefined) {\n      updateData.expirationDate = this.dateTimeProvider\n        .of(data.expirationDate)\n        .toISOString();\n    }\n\n    return await this.fileRepository.updateById(file.id, updateData);\n  }\n\n  /**\n   * Deletes a file from both storage and database.\n   * Handles cases where file is already deleted from storage gracefully.\n   * Always ensures database record is removed even if storage deletion fails.\n   *\n   * @param id - The database ID (UUID) of the file to delete\n   * @returns Success response with the deleted file ID\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   */\n  public async deleteFile(id: string): Promise<Ok> {\n    const file = await this.getFileById(id);\n    const bucket = this.bucket(file.bucket);\n\n    // Always delete the database record\n    await this.fileRepository.deleteById(file.id);\n\n    try {\n      await bucket.delete(file.blobId, true);\n    } catch (e) {\n      if (e instanceof FileNotFoundError) {\n        // File is already deleted in the bucket, this is okay\n        this.log.debug(\n          `File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`,\n        );\n      } else {\n        // Other errors (permission, network, etc.) - log but continue to clean up database\n        this.log.warn(\n          `Failed to delete file ${file.blobId} from bucket ${bucket.name}`,\n          e,\n        );\n      }\n    }\n\n    return { ok: true, id: String(file.id) };\n  }\n\n  /**\n   * Delete many files in one round-trip per bucket. The database rows are\n   * removed in a single `deleteMany`, and each affected bucket gets a single\n   * `bucket.deleteMany` call (R2/S3 batch where supported).\n   */\n  public async deleteFiles(ids: string[]): Promise<string[]> {\n    if (ids.length === 0) return [];\n\n    const files = await this.fileRepository.findMany({\n      where: { id: { inArray: ids } },\n      columns: [\"id\", \"bucket\", \"blobId\"],\n    });\n    if (files.length === 0) return [];\n\n    const dbDeleted = await this.fileRepository.deleteMany({\n      id: { inArray: files.map((f) => f.id) },\n    });\n\n    const blobsByBucket = new Map<string, string[]>();\n    for (const f of files) {\n      const list = blobsByBucket.get(f.bucket) ?? [];\n      list.push(f.blobId);\n      blobsByBucket.set(f.bucket, list);\n    }\n\n    for (const [bucketName, blobIds] of blobsByBucket) {\n      try {\n        await this.bucket(bucketName).deleteMany(blobIds, true);\n      } catch (e) {\n        // DB rows already gone — log and continue. Orphaned blobs are\n        // recoverable; orphaned DB rows would be worse.\n        this.log.warn(\n          `Failed to bulk-delete ${blobIds.length} files from bucket ${bucketName}`,\n          e,\n        );\n      }\n    }\n\n    return dbDeleted.map(String);\n  }\n\n  /**\n   * Retrieves a file entity by its ID.\n   * If already an entity object, returns it as-is (convenience method).\n   *\n   * @param id - Either a UUID string or an existing FileEntity object\n   * @returns The file entity\n   * @throws {NotFoundError} If the file doesn't exist in the database\n   */\n  public async getFileById(id: string | FileEntity): Promise<FileEntity> {\n    if (typeof id === \"object\") {\n      return id;\n    }\n\n    return await this.fileRepository.getById(id);\n  }\n\n  /**\n   * Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.\n   *\n   * Aggregated in SQL (`SUM`/`COUNT` + `GROUP BY`) rather than by loading\n   * every row into memory — the table can hold millions of files, and this\n   * endpoint must stay O(groups), not O(rows). Totals are derived from the\n   * per-bucket groups (every row has exactly one bucket), so no extra query\n   * is needed.\n   *\n   * @returns Storage statistics with aggregated data\n   */\n  public async getStorageStats(): Promise<StorageStats> {\n    const [byBucketRows, byMimeTypeRows] = await Promise.all([\n      this.fileRepository.aggregate({\n        select: { bucket: true, size: { sum: true, count: true } },\n        groupBy: [\"bucket\"],\n      }),\n      this.fileRepository.aggregate({\n        select: { mimeType: true, size: { count: true } },\n        groupBy: [\"mimeType\"],\n      }),\n    ]);\n\n    const byBucket = byBucketRows.map((row) => ({\n      bucket: row.bucket,\n      totalSize: row.size.sum,\n      fileCount: row.size.count,\n    }));\n\n    const byMimeType = byMimeTypeRows.map((row) => ({\n      mimeType: row.mimeType,\n      fileCount: row.size.count,\n    }));\n\n    return {\n      totalSize: byBucket.reduce((sum, b) => sum + b.totalSize, 0),\n      totalFiles: byBucket.reduce((sum, b) => sum + b.fileCount, 0),\n      byBucket,\n      byMimeType,\n    };\n  }\n\n  /**\n   * Converts a file entity to a file resource (API response format).\n   * Currently a pass-through, but allows for future transformation logic.\n   *\n   * @param entity - The file entity to convert\n   * @returns The file resource for API responses\n   */\n  public entityToResource(entity: FileEntity): FileResource {\n    return entity;\n  }\n}\n","import { $inject } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action } from \"alepha/server\";\nimport { storageStatsSchema } from \"../schemas/storageStatsSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for storage analytics and statistics.\n * Provides endpoints for viewing storage usage metrics.\n */\nexport class AdminFileStatsController {\n  protected readonly url = \"/files/stats\";\n  protected readonly group = \"admin:files\";\n  protected readonly fileService = $inject(FileService);\n\n  /**\n   * GET /files/stats - Gets storage statistics.\n   * Returns aggregated data including total size, file count,\n   * and breakdowns by bucket and MIME type.\n   */\n  public readonly getFileStats = $action({\n    path: this.url,\n    group: this.group,\n    use: [$secure({ permissions: [\"admin:file:read\"] })],\n    description: \"Get storage statistics\",\n    schema: {\n      response: storageStatsSchema,\n    },\n    handler: () => this.fileService.getStorageStats(),\n  });\n}\n","import type { UserAccountToken } from \"alepha/security\";\nimport { ForbiddenError, NotFoundError } from \"alepha/server\";\nimport type { FileEntity } from \"../entities/files.ts\";\n\n/**\n * Authorization policy for file reads served through `FileController.streamFile`.\n *\n * Default: the caller must be the uploader (`file.creator === user.id`). Any\n * other access path — public buckets, shared attachments, avatars — must be\n * opted in by overriding this provider in the consuming app:\n *\n * ```ts\n * class MyAccess extends FileAccessProvider {\n *   async assertReadable(file, user) {\n *     if (file.bucket === \"avatars\") return; // public\n *     if (file.bucket === \"campaign-icons\") return this.checkCampaignVisible(file, user);\n *     return super.assertReadable(file, user);\n *   }\n * }\n * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });\n * ```\n *\n * Why this exists: prior to introducing this gate, `streamFile` only required\n * the framework-wide `file:read` permission. The default `user` role grants\n * `*`, so every authenticated user could download any file by UUID — turning\n * the 128-bit id into the sole security boundary across tenants.\n */\nexport class FileAccessProvider {\n  /**\n   * Throws `ForbiddenError` when `user` may not read `file`. Override to\n   * implement bucket-aware or relationship-aware policies. The default\n   * implementation is strict: only the uploader passes.\n   */\n  async assertReadable(\n    file: FileEntity,\n    user: UserAccountToken | undefined,\n  ): Promise<void> {\n    if (!user) {\n      throw new ForbiddenError(\"File access requires authentication\");\n    }\n    // Privileged identities (admin without narrow ownership scope) bypass\n    // the per-file check — they need to be able to read any file via the\n    // admin UI/inspector regardless of who uploaded it.\n    if (user.ownership === false) {\n      return;\n    }\n    if (file.creator && file.creator === user.id) {\n      return;\n    }\n    throw new ForbiddenError(\"File access denied\");\n  }\n\n  /**\n   * Throws when `file` may not be served through the anonymous\n   * `/public/files/:id` route. The default is deny-all: nothing is public\n   * unless this method is overridden. Throws `NotFoundError` (not 403) so the\n   * endpoint doesn't leak the existence of private file ids.\n   *\n   * Typical override matches on bucket name:\n   *\n   * ```ts\n   * class MyAccess extends FileAccessProvider {\n   *   async assertPublic(file) {\n   *     if (file.bucket === \"avatars\") return;\n   *     if (file.bucket === \"campaign-icons\") return;\n   *     return super.assertPublic(file);\n   *   }\n   * }\n   * ```\n   */\n  async assertPublic(file: FileEntity): Promise<void> {\n    throw new NotFoundError(`File '${file.id}' not found`);\n  }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n  bucket: t.optional(t.string()),\n  tags: t.optional(t.array(t.string())),\n  name: t.optional(t.string()),\n  mimeType: t.optional(t.string()),\n  creator: t.optional(t.uuid()),\n  createdAfter: t.optional(t.datetime()),\n  createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\n\n/**\n * Slim view of a file's uploader, embedded by the admin listing via a\n * best-effort left join (`files.creator` → `users.id`) so the UI can render\n * a human-readable identifier instead of a bare UUID.\n *\n * Optional end-to-end: the join only runs when the `users` entity is\n * registered in the running app (see `FileService.findFiles`), and even then\n * a file whose creator was deleted — or who lives in a non-default realm —\n * comes back with `user` undefined. Callers must fall back to `creatorName`\n * or the raw `creator` id.\n */\nexport const fileCreatorSummarySchema = t.object({\n  id: t.uuid(),\n  email: t.optional(t.string({ format: \"email\" })),\n  username: t.optional(t.shortText({ minLength: 3, maxLength: 30 })),\n  firstName: t.optional(t.string()),\n  lastName: t.optional(t.string()),\n});\n\nexport type FileCreatorSummary = Static<typeof fileCreatorSummarySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\nimport { fileCreatorSummarySchema } from \"./fileCreatorSummarySchema.ts\";\n\nexport const fileResourceSchema = t.extend(\n  files.schema,\n  {\n    /**\n     * Uploader summary, embedded by the admin listing via a best-effort\n     * left join. Optional — see `fileCreatorSummarySchema`. Distinct from\n     * the denormalized `creatorName`, which is set only on direct uploads\n     * and never carries an email.\n     */\n    user: t.optional(fileCreatorSummarySchema),\n  },\n  {\n    title: \"FileResource\",\n    description: \"A file resource representing a file stored in the system.\",\n  },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import { $inject, t } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action, okSchema } from \"alepha/server\";\nimport { $etag } from \"alepha/server/etag\";\nimport { FileAccessProvider } from \"../providers/FileAccessProvider.ts\";\nimport { fileQuerySchema } from \"../schemas/fileQuerySchema.ts\";\nimport { fileResourceSchema } from \"../schemas/fileResourceSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for file management operations.\n * Provides endpoints for uploading, downloading, listing, and deleting files.\n */\nexport class FileController {\n  protected readonly url = \"/files\";\n  protected readonly group = \"files\";\n  protected readonly fileService = $inject(FileService);\n  protected readonly fileAccess = $inject(FileAccessProvider);\n\n  /**\n   * GET /files - Lists files with optional filtering and pagination.\n   * Supports filtering by bucket and tags.\n   */\n  public readonly findFiles = $action({\n    path: this.url,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:read\"] })],\n    description: \"List files with filtering and pagination\",\n    schema: {\n      query: fileQuerySchema,\n      response: t.page(fileResourceSchema),\n    },\n    handler: ({ query }) => this.fileService.findFiles(query),\n  });\n\n  /**\n   * DELETE /files/:id - Deletes a file from both storage and database.\n   * Removes the file from the bucket and cleans up the database record.\n   */\n  public readonly deleteFile = $action({\n    method: \"DELETE\",\n    path: `${this.url}/:id`,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:delete\"] })],\n    description: \"Delete a file\",\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      response: okSchema,\n    },\n    handler: ({ params }) => this.fileService.deleteFile(params.id),\n  });\n\n  /**\n   * POST /files/delete - Delete many files in one request, batching the\n   * underlying bucket calls per bucket (R2/S3 batch where supported).\n   */\n  public readonly deleteFiles = $action({\n    method: \"POST\",\n    path: `${this.url}/delete`,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:delete\"] })],\n    description: \"Delete many files\",\n    schema: {\n      body: t.object({\n        ids: t.array(t.uuid(), { minItems: 1, maxItems: 1000 }),\n      }),\n      response: t.object({\n        deleted: t.array(t.string()),\n      }),\n    },\n    handler: async ({ body }) => {\n      const deleted = await this.fileService.deleteFiles(body.ids);\n      return { deleted };\n    },\n  });\n\n  /**\n   * POST /files - Uploads a new file to storage.\n   * Creates a database record with metadata and calculates checksum.\n   * Optionally specify bucket and expiration date.\n   */\n  public readonly uploadFile = $action({\n    path: this.url,\n    group: this.group,\n    use: [$secure({ permissions: [\"file:create\"] })],\n    description: \"Upload a new file\",\n    schema: {\n      body: t.object({\n        file: t.file(),\n      }),\n      query: t.object({\n        expirationDate: t.optional(t.datetime()),\n        bucket: t.optional(t.string()),\n      }),\n      response: fileResourceSchema,\n    },\n    handler: async ({ body, user, query }) =>\n      this.fileService.uploadFile(body.file, {\n        user,\n        ...query,\n      }),\n  });\n\n  /**\n   * PATCH /files/:id - Updates file metadata.\n   * Allows updating name, tags, and expiration date without modifying file content.\n   */\n  public readonly updateFile = $action({\n    method: \"PATCH\",\n    path: `${this.url}/:id`,\n    group: `admin:${this.group}`,\n    use: [$secure({ permissions: [\"admin:file:update\"] })],\n    description: \"Update file metadata\",\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      body: t.object({\n        name: t.optional(t.string()),\n        tags: t.optional(t.array(t.string())),\n        expirationDate: t.optional(t.datetime()),\n      }),\n      response: fileResourceSchema,\n    },\n    handler: ({ params, body }) => this.fileService.updateFile(params.id, body),\n  });\n\n  /**\n   * GET /files/:id - Streams/downloads a file by its ID.\n   * Returns the file content with appropriate Content-Type header.\n   *\n   * Authorization is delegated to `FileAccessProvider.assertReadable`. The\n   * default policy is creator-only — override the provider via DI to widen\n   * access (e.g. avatars, shared attachments). See `FileAccessProvider`.\n   *\n   * Cache-Control is `private` because the per-user authorization decision\n   * cannot be cached by shared proxies/CDNs. Client-side ETag still works.\n   */\n  public readonly streamFile = $action({\n    path: `${this.url}/:id`,\n    group: this.group,\n    description: \"Download a file\",\n    use: [\n      $secure({ permissions: [\"file:read\"] }),\n      $etag({\n        control: {\n          private: true,\n          maxAge: [1, \"year\"],\n          immutable: true,\n        },\n      }),\n    ],\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      response: t.file(),\n    },\n    handler: async ({ params, user }) => {\n      const file = await this.fileService.getFileById(params.id);\n      await this.fileAccess.assertReadable(file, user);\n      return await this.fileService.streamFile(file);\n    },\n  });\n\n  /**\n   * GET /public/files/:id - Anonymous, edge-cacheable download.\n   *\n   * Authorization is delegated to `FileAccessProvider.assertPublic`. The\n   * default policy is deny-all (throws `NotFoundError`), so consuming apps\n   * must override the provider to opt files in — typically by bucket name\n   * (avatars, campaign icons, etc.).\n   *\n   * Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge\n   * cache and any intermediary proxy can serve subsequent hits without\n   * touching the Worker. The split URL prefix (vs `/files/:id`) is what\n   * makes this safe: edge cache is URL-keyed, so public and private files\n   * live in separate cache lanes.\n   */\n  public readonly streamPublicFile = $action({\n    path: \"/public/files/:id\",\n    group: this.group,\n    description: \"Download a public file (anonymous, edge-cacheable)\",\n    use: [\n      $etag({\n        control: {\n          public: true,\n          maxAge: [1, \"year\"],\n          immutable: true,\n        },\n      }),\n    ],\n    schema: {\n      params: t.object({\n        id: t.uuid(),\n      }),\n      response: t.file(),\n    },\n    handler: async ({ params }) => {\n      const file = await this.fileService.getFileById(params.id);\n      await this.fileAccess.assertPublic(file);\n      return await this.fileService.streamFile(file);\n    },\n  });\n}\n","import { $inject } from \"alepha\";\nimport { $scheduler } from \"alepha/scheduler\";\nimport { FileService } from \"../services/FileService.ts\";\n\nexport class FileJobs {\n  protected readonly fileService = $inject(FileService);\n\n  public readonly purgeFiles = $scheduler({\n    name: \"api:files:purgeFiles\",\n    description: \"Purge files that are marked for deletion\",\n    cron: \"0 * * * *\", // Hourly at minute 0\n    handler: async () => {\n      const files = await this.fileService.findExpiredFiles();\n\n      await Promise.all(\n        files.map((file) => this.fileService.deleteFile(file.id)),\n      );\n    },\n  });\n}\n","import { $module } from \"alepha\";\nimport { AlephaBucket } from \"alepha/bucket\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { AlephaServerEtag } from \"alepha/server/etag\";\nimport { AdminFileStatsController } from \"./controllers/AdminFileStatsController.ts\";\nimport { FileController } from \"./controllers/FileController.ts\";\nimport { FileJobs } from \"./jobs/FileJobs.ts\";\nimport { FileAccessProvider } from \"./providers/FileAccessProvider.ts\";\nimport { FileService } from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./controllers/AdminFileStatsController.ts\";\nexport * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./jobs/FileJobs.ts\";\nexport * from \"./providers/FileAccessProvider.ts\";\nexport * from \"./schemas/fileCreatorSummarySchema.ts\";\nexport * from \"./schemas/fileQuerySchema.ts\";\nexport * from \"./schemas/fileResourceSchema.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\nexport * from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/bucket\" {\n  interface BucketFileOptions {\n    /**\n     * Time to live for the files in the bucket.\n     */\n    ttl?: DurationLike;\n\n    /**\n     * Tags for the bucket.\n     */\n    tags?: string[];\n\n    /**\n     * User performing the operation.\n     */\n    user?: UserAccountToken;\n\n    /**\n     * Whether to persist the file metadata in the database.\n     *\n     * @default true\n     */\n    persist?: boolean;\n  }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * File management endpoints.\n *\n * **Features:**\n * - Upload/download endpoints\n * - File metadata storage\n * - TTL-based expiration\n * - Storage statistics\n *\n * @module alepha.api.files\n */\nexport const AlephaApiFiles = $module({\n  name: \"alepha.api.files\",\n  services: [\n    FileController,\n    AdminFileStatsController,\n    FileJobs,\n    FileService,\n    FileAccessProvider,\n  ],\n  imports: [AlephaBucket, AlephaServerEtag],\n});\n"],"mappings":";;;;;;;;;;;;AAGA,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,OAAO;CACjB,WAAW,EAAE,OAAO;CACpB,WAAW,EAAE,OAAO;AACtB,CAAC;AAED,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,OAAO;CACnB,WAAW,EAAE,OAAO;AACtB,CAAC;AAED,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,OAAO;CACpB,YAAY,EAAE,OAAO;CACrB,UAAU,EAAE,MAAM,iBAAiB;CACnC,YAAY,EAAE,MAAM,mBAAmB;AACzC,CAAC;;;AChBD,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,KAAK,CAAC;EAC1B,SAAS,GAAG,QAAQ;EACpB,WAAW,GAAG,UAAU;EACxB,WAAW,GAAG,UAAU;EACxB,gBAAgB,GAAG,aAAa;EAChC,QAAQ,EAAE,KAAK;EACf,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B,cAAc,EAAE,SAAS,EAAE,OAAO,CAAC;EACnC,aAAa,EAAE,SAAS,EAAE,OAAO,CAAC;EAClC,QAAQ,EAAE,KAAK;EACf,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;;;;;;;EAOvC,MAAM,EAAE,KAAK;;;;;;;;EAQb,cAAc,EAAE,SAAS,EAAE,OAAO,CAAC;EACnC,MAAM,EAAE,OAAO;EACf,UAAU,EAAE,OAAO;;;;;;EAMnB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;;;;;;;EAOlC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC;CACjC,CAAC;CACD,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,WAAW,EACjC;CACF;AACF,CAAC;;;ACnCD,IAAa,cAAb,MAAyB;CACvB,SAA4B,QAAQ,MAAM;CAC1C,MAAyB,QAAQ;CACjC,mBAAsC,QAAQ,gBAAgB;CAC9D,qBAAwC,QAAQ,kBAAkB;CAClE,aAAgC,QAAQ,kBAAkB;CAC1D,gBAAmC,QAAQ,EAAE,MAAM,UAAU,CAAC;CAC9D,iBAAiC,YAAY,KAAK;;;;;;;;;;;;;;CAelD,qBAA+B;EAC7B,MAAM,cAAc,KAAK,mBACtB,gBAAgB,EAChB,MAAM,SAAS,KAAK,OAAO,SAAS,OAAO,GAAG;EACjD,IAAI,CAAC,aACH;EAEF,OAAO,EACL,MAAM;GACJ,MAAM;GACN,IAAI,CAAC,WAAW,YAAY,KAAK,EAAE;EACrC,EACF;CACF;CAEA,eAAyB,MAAM;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,MAAM,QAAQ,SAAS,SAAS;GAChD,IAAI,QAAQ,YAAY,OACtB;GAGF,MAAM,WAAW,MAAM,KAAK,kBAAkB,IAAI;GAElD,MAAM,KAAK,oBAAoB,QAAQ,UACrC,KAAK,eAAe,OAAO;IACzB,QAAQ;IACR,UAAU,KAAK;IACf,MAAM,KAAK;IACX,cAAc,KAAK;IACnB,MAAM,KAAK;IACX,SAAS,QAAQ,MAAM;IACvB,cAAc,QAAQ,MAAM;IAC5B,gBAAgB,KAAK,kBAAkB,QAAQ,GAAG;IAClD,QAAQ,OAAO;IACf;GACF,CAAC,CACH;EACF;CACF,CAAC;CAED,qBAA+B,MAAM;EACnC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS;GACjC,MAAM,KAAK,eAAe,WAAW;IACnC,QAAQ,EAAE,IAAI,GAAG;IACjB,QAAQ,EAAE,IAAI,OAAO,KAAK;GAC5B,CAAC;EACH;CACF,CAAC;;;;;;;;;;;;;CAgBD,MAAgB,kBAAkB,MAAiC;EACjE,OAAO,KAAK,WAAW,MAAM,KAAK,YAAY,CAAC;CACjD;;;;;;;;CASA,WAAqB,MAA2B;EAC9C,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,KAAK,IAAI,CAAC,EAAE,OAAO,KAAK;CACpE;;;;;;;;CASA,OAAc,aAAqB,KAAK,cAAc,MAAuB;EAC3E,MAAM,SAAS,KAAK,OACjB,WAAW,OAAO,EAClB,MAAM,OAAO,GAAG,SAAS,UAAU;EAEtC,IAAI,CAAC,QACH,MAAM,IAAI,cAAc,WAAW,WAAW,aAAa;EAG7D,OAAO;CACT;;;;;;;;CAWA,MAAa,UAAU,IAAe,CAAC,GAA8B;EACnE,EAAE,SAAS;EAEX,MAAM,QAAQ,KAAK,eAAe,iBAAiB;EAEnD,IAAI,EAAE,QACJ,MAAM,SAAS,EAAE,IAAI,EAAE,OAAO;EAGhC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,eAAe,EAAE,KAAK;EAGvC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,OAAO,IAAI,EAAE,KAAK,GAAG;EAGtC,IAAI,EAAE,UACJ,MAAM,WAAW,EAAE,IAAI,EAAE,SAAS;EAGpC,IAAI,EAAE,SACJ,MAAM,UAAU,EAAE,IAAI,EAAE,QAAQ;EAGlC,IAAI,EAAE,gBAAgB,EAAE,eACtB,MAAM,YAAY;GAChB,KAAK,EAAE;GACP,KAAK,EAAE;EACT;OACK,IAAI,EAAE,cACX,MAAM,YAAY,EAAE,KAAK,EAAE,aAAa;OACnC,IAAI,EAAE,eACX,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc;EAM3C,MAAM,cAAc,KAAK,mBAAmB;EAE5C,OAAO,MAAM,KAAK,eACf,SACC,GACA;GAAE;GAAO,GAAI,cAAc,EAAE,MAAM,YAAY,IAAI,CAAC;EAAG,GACvD,EAAE,OAAO,KAAK,CAChB,EACC,MAAM,SAAS;GACd,OAAO;IACL,GAAG;IACH,SAAS,KAAK,QAAQ,KAAK,OAAO,KAAK,iBAAiB,EAAE,CAAC;GAC7D;EACF,CAAC;CACL;;;;;;;CAQA,MAAa,mBAA0C;EACrD,OAAO,MAAM,KAAK,eAAe,SAAS;GACxC,OAAO;GACP,OAAO,EACL,gBAAgB,EAAE,KAAK,KAAK,iBAAiB,aAAa,EAAE,EAC9D;EACF,CAAC;CACH;;;;;;;;CASA,kBAA4B,KAAwC;EAClE,OAAO,MACH,KAAK,iBACF,IAAI,EACJ,IAAI,KAAK,iBAAiB,SAAS,GAAG,CAAC,EACvC,YAAY,IACf,KAAA;CACN;;;;;;;;;;;;;;CAeA,MAAa,WACX,MACA,UAKI,CAAC,GACgB;EACrB,MAAM,SAAS,KAAK,OAAO,QAAQ,MAAM;EAQzC,MAAM,OAAO,MAAM,KAAK,YAAY;EACpC,MAAM,WAAW,KAAK,WAAW,IAAI;EACrC,OAAO,KAAK,WAAW,WAAW;GAChC,aAAa;GACb,MAAM,KAAK;GACX,MAAM,KAAK;EACb,CAAC;EAED,MAAM,SAAS,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,MAAM,CAAC;EAE3D,IAAI;EACJ,IAAI,QAAQ,gBACV,iBAAiB,KAAK,iBACnB,GAAG,QAAQ,cAAc,EACzB,YAAY;OACV,IAAI,OAAO,QAAQ,KACxB,iBAAiB,KAAK,kBAAkB,OAAO,QAAQ,GAAG;EAG5D,OAAO,MAAM,KAAK,oBAAoB,QAAQ,cAC5C,KAAK,eAAe,OAAO;GACjB;GACR,UAAU,KAAK;GACf,MAAM,KAAK;GACX,cAAc,KAAK;GACnB,MAAM,KAAK;GACX,SAAS,QAAQ,MAAM;GACvB,cAAc,QAAQ,MAAM;GAC5B,aAAa,QAAQ,MAAM;GAC3B;GACA,QAAQ,OAAO;GACf,MAAM,QAAQ;GACd;EACF,CAAC,CACH;CACF;;;;;;;;;;;;;;;;;;;CAoBA,MAAgB,oBACd,QACA,QACA,QACqB;EACrB,IAAI;GACF,OAAO,MAAM,OAAO;EACtB,SAAS,OAAO;GACd,MAAM,OAAO,OAAO,QAAQ,IAAI,EAAE,OAAO,iBAAiB;IACxD,KAAK,IAAI,KACP,kCAAkC,OAAO,eAAe,OAAO,KAAK,kCACpE,YACF;GACF,CAAC;GACD,MAAM;EACR;CACF;;;;;;;;;;;CAYA,MAAa,WAAW,IAA4C;EAClE,MAAM,SAAS,MAAM,KAAK,YAAY,EAAE;EAGxC,OAAO,MAFQ,KAAK,OAAO,OAAO,MAEhB,EAAE,SAAS,OAAO,MAAM;CAC5C;;;;;;;;;;;;;CAcA,MAAa,WACX,IACA,MAKqB;EACrB,MAAM,OAAO,MAAM,KAAK,YAAY,EAAE;EAEtC,MAAM,aAAkC,CAAC;EAEzC,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,mBAAmB,KAAA,GAC1B,WAAW,iBAAiB,KAAK,iBAC9B,GAAG,KAAK,cAAc,EACtB,YAAY;EAGjB,OAAO,MAAM,KAAK,eAAe,WAAW,KAAK,IAAI,UAAU;CACjE;;;;;;;;;;CAWA,MAAa,WAAW,IAAyB;EAC/C,MAAM,OAAO,MAAM,KAAK,YAAY,EAAE;EACtC,MAAM,SAAS,KAAK,OAAO,KAAK,MAAM;EAGtC,MAAM,KAAK,eAAe,WAAW,KAAK,EAAE;EAE5C,IAAI;GACF,MAAM,OAAO,OAAO,KAAK,QAAQ,IAAI;EACvC,SAAS,GAAG;GACV,IAAI,aAAa,mBAEf,KAAK,IAAI,MACP,QAAQ,KAAK,OAAO,uBAAuB,OAAO,KAAK,8BACzD;QAGA,KAAK,IAAI,KACP,yBAAyB,KAAK,OAAO,eAAe,OAAO,QAC3D,CACF;EAEJ;EAEA,OAAO;GAAE,IAAI;GAAM,IAAI,OAAO,KAAK,EAAE;EAAE;CACzC;;;;;;CAOA,MAAa,YAAY,KAAkC;EACzD,IAAI,IAAI,WAAW,GAAG,OAAO,CAAC;EAE9B,MAAM,QAAQ,MAAM,KAAK,eAAe,SAAS;GAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,IAAI,EAAE;GAC9B,SAAS;IAAC;IAAM;IAAU;GAAQ;EACpC,CAAC;EACD,IAAI,MAAM,WAAW,GAAG,OAAO,CAAC;EAEhC,MAAM,YAAY,MAAM,KAAK,eAAe,WAAW,EACrD,IAAI,EAAE,SAAS,MAAM,KAAK,MAAM,EAAE,EAAE,EAAE,EACxC,CAAC;EAED,MAAM,gCAAgB,IAAI,IAAsB;EAChD,KAAK,MAAM,KAAK,OAAO;GACrB,MAAM,OAAO,cAAc,IAAI,EAAE,MAAM,KAAK,CAAC;GAC7C,KAAK,KAAK,EAAE,MAAM;GAClB,cAAc,IAAI,EAAE,QAAQ,IAAI;EAClC;EAEA,KAAK,MAAM,CAAC,YAAY,YAAY,eAClC,IAAI;GACF,MAAM,KAAK,OAAO,UAAU,EAAE,WAAW,SAAS,IAAI;EACxD,SAAS,GAAG;GAGV,KAAK,IAAI,KACP,yBAAyB,QAAQ,OAAO,qBAAqB,cAC7D,CACF;EACF;EAGF,OAAO,UAAU,IAAI,MAAM;CAC7B;;;;;;;;;CAUA,MAAa,YAAY,IAA8C;EACrE,IAAI,OAAO,OAAO,UAChB,OAAO;EAGT,OAAO,MAAM,KAAK,eAAe,QAAQ,EAAE;CAC7C;;;;;;;;;;;;CAaA,MAAa,kBAAyC;EACpD,MAAM,CAAC,cAAc,kBAAkB,MAAM,QAAQ,IAAI,CACvD,KAAK,eAAe,UAAU;GAC5B,QAAQ;IAAE,QAAQ;IAAM,MAAM;KAAE,KAAK;KAAM,OAAO;IAAK;GAAE;GACzD,SAAS,CAAC,QAAQ;EACpB,CAAC,GACD,KAAK,eAAe,UAAU;GAC5B,QAAQ;IAAE,UAAU;IAAM,MAAM,EAAE,OAAO,KAAK;GAAE;GAChD,SAAS,CAAC,UAAU;EACtB,CAAC,CACH,CAAC;EAED,MAAM,WAAW,aAAa,KAAK,SAAS;GAC1C,QAAQ,IAAI;GACZ,WAAW,IAAI,KAAK;GACpB,WAAW,IAAI,KAAK;EACtB,EAAE;EAEF,MAAM,aAAa,eAAe,KAAK,SAAS;GAC9C,UAAU,IAAI;GACd,WAAW,IAAI,KAAK;EACtB,EAAE;EAEF,OAAO;GACL,WAAW,SAAS,QAAQ,KAAK,MAAM,MAAM,EAAE,WAAW,CAAC;GAC3D,YAAY,SAAS,QAAQ,KAAK,MAAM,MAAM,EAAE,WAAW,CAAC;GAC5D;GACA;EACF;CACF;;;;;;;;CASA,iBAAwB,QAAkC;EACxD,OAAO;CACT;AACF;;;;;;;ACvhBA,IAAa,2BAAb,MAAsC;CACpC,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,WAAW;;;;;;CAOpD,eAA+B,QAAQ;EACrC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,iBAAiB,EAAE,CAAC,CAAC;EACnD,aAAa;EACb,QAAQ,EACN,UAAU,mBACZ;EACA,eAAe,KAAK,YAAY,gBAAgB;CAClD,CAAC;AACH;;;;;;;;;;;;;;;;;;;;;;;;;;ACHA,IAAa,qBAAb,MAAgC;;;;;;CAM9B,MAAM,eACJ,MACA,MACe;EACf,IAAI,CAAC,MACH,MAAM,IAAI,eAAe,qCAAqC;EAKhE,IAAI,KAAK,cAAc,OACrB;EAEF,IAAI,KAAK,WAAW,KAAK,YAAY,KAAK,IACxC;EAEF,MAAM,IAAI,eAAe,oBAAoB;CAC/C;;;;;;;;;;;;;;;;;;;CAoBA,MAAM,aAAa,MAAiC;EAClD,MAAM,IAAI,cAAc,SAAS,KAAK,GAAG,YAAY;CACvD;AACF;;;ACrEA,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;CAC7B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC;CAC3B,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC;CAC/B,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC;CACrC,eAAe,EAAE,SAAS,EAAE,SAAS,CAAC;AACxC,CAAC;;;;;;;;;;;;;;ACCD,MAAa,2BAA2B,EAAE,OAAO;CAC/C,IAAI,EAAE,KAAK;CACX,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,CAAC;CAC/C,UAAU,EAAE,SAAS,EAAE,UAAU;EAAE,WAAW;EAAG,WAAW;CAAG,CAAC,CAAC;CACjE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC;CAChC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC;AACjC,CAAC;;;ACfD,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN;;;;;;;AAOE,MAAM,EAAE,SAAS,wBAAwB,EAC3C,GACA;CACE,OAAO;CACP,aAAa;AACf,CACF;;;;;;;ACNA,IAAa,iBAAb,MAA4B;CAC1B,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,WAAW;CACpD,aAAgC,QAAQ,kBAAkB;;;;;CAM1D,YAA4B,QAAQ;EAClC,MAAM,KAAK;EACX,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,iBAAiB,EAAE,CAAC,CAAC;EACnD,aAAa;EACb,QAAQ;GACN,OAAO;GACP,UAAU,EAAE,KAAK,kBAAkB;EACrC;EACA,UAAU,EAAE,YAAY,KAAK,YAAY,UAAU,KAAK;CAC1D,CAAC;;;;;CAMD,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,mBAAmB,EAAE,CAAC,CAAC;EACrD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACb,CAAC;GACD,UAAU;EACZ;EACA,UAAU,EAAE,aAAa,KAAK,YAAY,WAAW,OAAO,EAAE;CAChE,CAAC;;;;;CAMD,cAA8B,QAAQ;EACpC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,mBAAmB,EAAE,CAAC,CAAC;EACrD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EAAE,KAAK,GAAG;IAAE,UAAU;IAAG,UAAU;GAAK,CAAC,EACxD,CAAC;GACD,UAAU,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAC7B,CAAC;EACH;EACA,SAAS,OAAO,EAAE,WAAW;GAE3B,OAAO,EAAE,SAAA,MADa,KAAK,YAAY,YAAY,KAAK,GAAG,EAC1C;EACnB;CACF,CAAC;;;;;;CAOD,aAA6B,QAAQ;EACnC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,aAAa,EAAE,CAAC,CAAC;EAC/C,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,MAAM,EAAE,KAAK,EACf,CAAC;GACD,OAAO,EAAE,OAAO;IACd,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;IACvC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;GAC/B,CAAC;GACD,UAAU;EACZ;EACA,SAAS,OAAO,EAAE,MAAM,MAAM,YAC5B,KAAK,YAAY,WAAW,KAAK,MAAM;GACrC;GACA,GAAG;EACL,CAAC;CACL,CAAC;;;;;CAMD,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,mBAAmB,EAAE,CAAC,CAAC;EACrD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACb,CAAC;GACD,MAAM,EAAE,OAAO;IACb,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,gBAAgB,EAAE,SAAS,EAAE,SAAS,CAAC;GACzC,CAAC;GACD,UAAU;EACZ;EACA,UAAU,EAAE,QAAQ,WAAW,KAAK,YAAY,WAAW,OAAO,IAAI,IAAI;CAC5E,CAAC;;;;;;;;;;;;CAaD,aAA6B,QAAQ;EACnC,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,QAAQ,EAAE,aAAa,CAAC,WAAW,EAAE,CAAC,GACtC,MAAM,EACJ,SAAS;GACP,SAAS;GACT,QAAQ,CAAC,GAAG,MAAM;GAClB,WAAW;EACb,EACF,CAAC,CACH;EACA,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACb,CAAC;GACD,UAAU,EAAE,KAAK;EACnB;EACA,SAAS,OAAO,EAAE,QAAQ,WAAW;GACnC,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,EAAE;GACzD,MAAM,KAAK,WAAW,eAAe,MAAM,IAAI;GAC/C,OAAO,MAAM,KAAK,YAAY,WAAW,IAAI;EAC/C;CACF,CAAC;;;;;;;;;;;;;;;CAgBD,mBAAmC,QAAQ;EACzC,MAAM;EACN,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,MAAM,EACJ,SAAS;GACP,QAAQ;GACR,QAAQ,CAAC,GAAG,MAAM;GAClB,WAAW;EACb,EACF,CAAC,CACH;EACA,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,KAAK,EACb,CAAC;GACD,UAAU,EAAE,KAAK;EACnB;EACA,SAAS,OAAO,EAAE,aAAa;GAC7B,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,EAAE;GACzD,MAAM,KAAK,WAAW,aAAa,IAAI;GACvC,OAAO,MAAM,KAAK,YAAY,WAAW,IAAI;EAC/C;CACF,CAAC;AACH;;;AC1MA,IAAa,WAAb,MAAsB;CACpB,cAAiC,QAAQ,WAAW;CAEpD,aAA6B,WAAW;EACtC,MAAM;EACN,aAAa;EACb,MAAM;EACN,SAAS,YAAY;GACnB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB;GAEtD,MAAM,QAAQ,IACZ,MAAM,KAAK,SAAS,KAAK,YAAY,WAAW,KAAK,EAAE,CAAC,CAC1D;EACF;CACF,CAAC;AACH;;;;;;;;;;;;;;AC8CA,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU;EACR;EACA;EACA;EACA;EACA;CACF;CACA,SAAS,CAAC,cAAc,gBAAgB;AAC1C,CAAC"}

package/dist/api/jobs/index.browser.js

@@ -86,7 +86,7 @@ const jobConfig = $atom({
 		drainTimeout: t.integer({ description: "Max time (ms) to wait for in-flight jobs during shutdown." })
 	}),
 	default: {
-		sweepCron: "*/5 * * * *",
+		sweepCron: "*/15 * * * *",
 		trimCron: "0 * * * *",
 		staleThreshold: 3e5,
 		runTimeout: 18e5,
@@ -125,7 +125,7 @@ const jobExecutionQuerySchema = t.object({
 *   `JobService` is responsible for the int → string transform.
 * - `can` derives the available admin actions from the row's status.
 */
-const jobExecutionResourceSchema = t.extend(jobExecutionEntity.schema, {
+const jobExecutionResourceSchema = t.extend(t.omit(jobExecutionEntity.schema, ["priority"]), {
 	priority: t.enum([
 		"critical",
 		"high",

package/dist/api/jobs/index.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/api/jobs/entities/jobExecutionEntity.ts","../../../src/api/jobs/schemas/jobConfigAtom.ts","../../../src/api/jobs/schemas/jobExecutionQuerySchema.ts","../../../src/api/jobs/schemas/jobExecutionResourceSchema.ts","../../../src/api/jobs/schemas/jobRegistrationSchema.ts","../../../src/api/jobs/schemas/triggerJobSchema.ts","../../../src/api/jobs/index.browser.ts"],"sourcesContent":["import { type Static, t } from \"alepha\";\nimport { logEntrySchema } from \"alepha/logger\";\nimport { $entity, db } from \"alepha/orm\";\n\n/**\n * Job execution record.\n *\n * Stores durable state for queue-mode jobs (outbox pattern) and error records\n * for cron-mode jobs. Successful executions are trimmed by the sweep to keep\n * the last N rows per job (configurable via `jobConfig.keepLastSuccess`).\n *\n * Status transitions:\n * - queue push            → pending (or `scheduled` if `delay`/`scheduledAt` was given)\n * - worker claim          → running\n * - success               → ok (or row deleted, depending on `record` and `keepLastSuccess`)\n * - terminal failure      → error\n * - retryable failure     → scheduled (with scheduledAt = now; sweep picks it up)\n * - delay                 → scheduled (with scheduledAt = now + delay)\n * - sweep picks due ones  → pending\n * - cancel                → cancelled\n */\nexport const jobExecutionEntity = $entity({\n  name: \"job_executions\",\n  schema: t.object({\n    id: db.primaryKey(t.uuid()),\n    createdAt: db.createdAt(),\n    updatedAt: db.updatedAt(),\n\n    jobName: t.text(),\n    key: t.optional(t.nullable(t.text())),\n\n    status: db.default(\n      t.enum([\"pending\", \"running\", \"scheduled\", \"ok\", \"error\", \"cancelled\"]),\n      \"pending\",\n    ),\n    priority: db.default(t.integer({ minimum: 0, maximum: 3 }), 2),\n\n    attempt: db.default(t.integer(), 0),\n    maxAttempts: db.default(t.integer(), 1),\n\n    payload: t.optional(t.record(t.text(), t.any())),\n\n    scheduledAt: t.optional(t.datetime()),\n    startedAt: t.optional(t.datetime()),\n    completedAt: t.optional(t.datetime()),\n\n    error: t.optional(t.text()),\n    logs: t.optional(t.array(logEntrySchema)),\n\n    triggeredBy: t.optional(t.text()),\n    triggeredByName: t.optional(t.text()),\n    cancelledBy: t.optional(t.text()),\n    cancelledByName: t.optional(t.text()),\n  }),\n  indexes: [\n    { columns: [\"jobName\", \"status\", \"scheduledAt\"] },\n    { columns: [\"jobName\", \"status\", \"createdAt\"] },\n    { columns: [\"jobName\", \"startedAt\"] },\n    { columns: [\"jobName\", \"key\"], unique: true },\n  ],\n});\n\nexport type JobExecutionEntity = Static<typeof jobExecutionEntity.schema>;\n\nexport type JobStatus =\n  | \"pending\"\n  | \"running\"\n  | \"scheduled\"\n  | \"ok\"\n  | \"error\"\n  | \"cancelled\";\n","import { $atom, type Static, t } from \"alepha\";\n\nexport const jobConfig = $atom({\n  name: \"alepha.jobs\",\n  description: \"Configuration for the $job primitive.\",\n  schema: t.object({\n    sweepCron: t.text({\n      description:\n        \"Cron expression for the sweep tick. Must be minute-granular at minimum (cron resolution). On Cloudflare Workers this expression is emitted into wrangler.jsonc by the build.\",\n    }),\n    trimCron: t.text({\n      description:\n        \"Cron expression for the ring-buffer trim tick (per-job keepLastSuccess/keepLastError enforcement). Decoupled from `sweepCron` because trim is bounded by job execution rate, not retry latency — running it every sweep is wasted work for most apps.\",\n    }),\n    staleThreshold: t.integer({\n      description: \"Pending age (ms) before the sweep re-dispatches it.\",\n    }),\n    runTimeout: t.integer({\n      description:\n        \"Running age (ms) before assumed crash (fallback when no per-job timeout).\",\n    }),\n    keepLastSuccess: t.integer({\n      description:\n        \"Max successful rows to keep per job. Set 0 to disable and delete on success.\",\n    }),\n    keepLastError: t.integer({\n      description: \"Max error rows to keep per job.\",\n    }),\n    logMaxEntries: t.integer({\n      description: \"Max log entries captured per execution.\",\n    }),\n    drainTimeout: t.integer({\n      description: \"Max time (ms) to wait for in-flight jobs during shutdown.\",\n    }),\n  }),\n  default: {\n    sweepCron: \"*/5 * * * *\",\n    trimCron: \"0 * * * *\",\n    staleThreshold: 300_000,\n    runTimeout: 1_800_000,\n    keepLastSuccess: 10,\n    keepLastError: 10,\n    logMaxEntries: 100,\n    drainTimeout: 30_000,\n  },\n});\n\nexport type JobConfig = Static<typeof jobConfig.schema>;\n\ndeclare module \"alepha\" {\n  interface State {\n    [jobConfig.key]: JobConfig;\n  }\n}\n","import { type Static, t } from \"alepha\";\n\nexport const jobExecutionQuerySchema = t.object({\n  status: t.optional(\n    t.enum([\"pending\", \"running\", \"scheduled\", \"ok\", \"error\", \"cancelled\"]),\n  ),\n  limit: t.optional(t.integer({ minimum: 1, maximum: 200, default: 20 })),\n});\n\nexport type JobExecutionQuery = Static<typeof jobExecutionQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { jobExecutionEntity } from \"../entities/jobExecutionEntity.ts\";\n\n/**\n * Public-facing schema for a job execution row.\n *\n * Diverges from the raw entity in two places, both for API ergonomics:\n *\n * - `priority` is exposed as the **string enum** (`critical`/`high`/...)\n *   instead of the numeric value used internally for SQL ordering. The\n *   `JobService` is responsible for the int → string transform.\n * - `can` derives the available admin actions from the row's status.\n */\nexport const jobExecutionResourceSchema = t.extend(\n  jobExecutionEntity.schema,\n  {\n    priority: t.enum([\"critical\", \"high\", \"normal\", \"low\"]),\n    can: t.object({\n      retry: t.boolean(),\n      cancel: t.boolean(),\n    }),\n  },\n  {\n    title: \"JobExecutionResource\",\n    description: \"A job execution row with derived actions.\",\n  },\n);\n\nexport type JobExecutionResource = Static<typeof jobExecutionResourceSchema>;\n","import { type Static, t } from \"alepha\";\n\nexport const jobRegistrationSchema = t.object({\n  name: t.text(),\n  description: t.optional(t.text()),\n  type: t.enum([\"cron\", \"queue\", \"direct\"], {\n    description:\n      \"Effective runtime mode. 'cron' = scheduled. 'queue' = push-driven, dispatched via AlephaApiJobsQueue. 'direct' = push-driven, processed in-process (no queue infrastructure loaded), with the sweep as the safety net.\",\n  }),\n  priority: t.enum([\"critical\", \"high\", \"normal\", \"low\"]),\n  cron: t.optional(t.text()),\n  timeout: t.optional(t.text()),\n  retry: t.optional(\n    t.object({\n      retries: t.integer(),\n    }),\n  ),\n  recent: t.object({\n    ok: t.integer(),\n    error: t.integer(),\n    lastRun: t.optional(t.datetime()),\n  }),\n});\n\nexport type JobRegistration = Static<typeof jobRegistrationSchema>;\n","import { type Static, t } from \"alepha\";\n\nexport const triggerJobSchema = t.object({\n  payload: t.optional(t.record(t.text(), t.any())),\n});\n\nexport type TriggerJob = Static<typeof triggerJobSchema>;\n","import { $module } from \"alepha\";\n\n// -----------------------------------------------------------------------------------------------------------------\n\nexport * from \"./entities/jobExecutionEntity.ts\";\nexport * from \"./schemas/jobConfigAtom.ts\";\nexport * from \"./schemas/jobExecutionQuerySchema.ts\";\nexport * from \"./schemas/jobExecutionResourceSchema.ts\";\nexport * from \"./schemas/jobRegistrationSchema.ts\";\nexport * from \"./schemas/triggerJobSchema.ts\";\n\n// -----------------------------------------------------------------------------------------------------------------\n\nexport const AlephaApiJobs = $module({\n  name: \"alepha.api.jobs\",\n  services: [],\n});\n\nexport const AlephaApiJobsQueue = $module({\n  name: \"alepha.api.jobs.queue\",\n  services: [],\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,qBAAqB,QAAQ;CACxC,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EAEzB,SAAS,EAAE,MAAM;EACjB,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;EAErC,QAAQ,GAAG,QACT,EAAE,KAAK;GAAC;GAAW;GAAW;GAAa;GAAM;GAAS;GAAY,CAAC,EACvE,UACD;EACD,UAAU,GAAG,QAAQ,EAAE,QAAQ;GAAE,SAAS;GAAG,SAAS;GAAG,CAAC,EAAE,EAAE;EAE9D,SAAS,GAAG,QAAQ,EAAE,SAAS,EAAE,EAAE;EACnC,aAAa,GAAG,QAAQ,EAAE,SAAS,EAAE,EAAE;EAEvC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,CAAC;EAEhD,aAAa,EAAE,SAAS,EAAE,UAAU,CAAC;EACrC,WAAW,EAAE,SAAS,EAAE,UAAU,CAAC;EACnC,aAAa,EAAE,SAAS,EAAE,UAAU,CAAC;EAErC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC;EAC3B,MAAM,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;EAEzC,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC;EACjC,iBAAiB,EAAE,SAAS,EAAE,MAAM,CAAC;EACrC,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC;EACjC,iBAAiB,EAAE,SAAS,EAAE,MAAM,CAAC;EACtC,CAAC;CACF,SAAS;EACP,EAAE,SAAS;GAAC;GAAW;GAAU;GAAc,EAAE;EACjD,EAAE,SAAS;GAAC;GAAW;GAAU;GAAY,EAAE;EAC/C,EAAE,SAAS,CAAC,WAAW,YAAY,EAAE;EACrC;GAAE,SAAS,CAAC,WAAW,MAAM;GAAE,QAAQ;GAAM;EAC9C;CACF,CAAC;;;AC1DF,MAAa,YAAY,MAAM;CAC7B,MAAM;CACN,aAAa;CACb,QAAQ,EAAE,OAAO;EACf,WAAW,EAAE,KAAK,EAChB,aACE,gLACH,CAAC;EACF,UAAU,EAAE,KAAK,EACf,aACE,yPACH,CAAC;EACF,gBAAgB,EAAE,QAAQ,EACxB,aAAa,uDACd,CAAC;EACF,YAAY,EAAE,QAAQ,EACpB,aACE,6EACH,CAAC;EACF,iBAAiB,EAAE,QAAQ,EACzB,aACE,gFACH,CAAC;EACF,eAAe,EAAE,QAAQ,EACvB,aAAa,mCACd,CAAC;EACF,eAAe,EAAE,QAAQ,EACvB,aAAa,2CACd,CAAC;EACF,cAAc,EAAE,QAAQ,EACtB,aAAa,6DACd,CAAC;EACH,CAAC;CACF,SAAS;EACP,WAAW;EACX,UAAU;EACV,gBAAgB;EAChB,YAAY;EACZ,iBAAiB;EACjB,eAAe;EACf,eAAe;EACf,cAAc;EACf;CACF,CAAC;;;AC3CF,MAAa,0BAA0B,EAAE,OAAO;CAC9C,QAAQ,EAAE,SACR,EAAE,KAAK;EAAC;EAAW;EAAW;EAAa;EAAM;EAAS;EAAY,CAAC,CACxE;CACD,OAAO,EAAE,SAAS,EAAE,QAAQ;EAAE,SAAS;EAAG,SAAS;EAAK,SAAS;EAAI,CAAC,CAAC;CACxE,CAAC;;;;;;;;;;;;;ACMF,MAAa,6BAA6B,EAAE,OAC1C,mBAAmB,QACnB;CACE,UAAU,EAAE,KAAK;EAAC;EAAY;EAAQ;EAAU;EAAM,CAAC;CACvD,KAAK,EAAE,OAAO;EACZ,OAAO,EAAE,SAAS;EAClB,QAAQ,EAAE,SAAS;EACpB,CAAC;CACH,EACD;CACE,OAAO;CACP,aAAa;CACd,CACF;;;ACxBD,MAAa,wBAAwB,EAAE,OAAO;CAC5C,MAAM,EAAE,MAAM;CACd,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC;CACjC,MAAM,EAAE,KAAK;EAAC;EAAQ;EAAS;EAAS,EAAE,EACxC,aACE,0NACH,CAAC;CACF,UAAU,EAAE,KAAK;EAAC;EAAY;EAAQ;EAAU;EAAM,CAAC;CACvD,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC;CAC1B,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,OAAO,EAAE,SACP,EAAE,OAAO,EACP,SAAS,EAAE,SAAS,EACrB,CAAC,CACH;CACD,QAAQ,EAAE,OAAO;EACf,IAAI,EAAE,SAAS;EACf,OAAO,EAAE,SAAS;EAClB,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC;EAClC,CAAC;CACH,CAAC;;;ACpBF,MAAa,mBAAmB,EAAE,OAAO,EACvC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,CAAC,EACjD,CAAC;;;ACSF,MAAa,gBAAgB,QAAQ;CACnC,MAAM;CACN,UAAU,EAAE;CACb,CAAC;AAEF,MAAa,qBAAqB,QAAQ;CACxC,MAAM;CACN,UAAU,EAAE;CACb,CAAC"}
+{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/api/jobs/entities/jobExecutionEntity.ts","../../../src/api/jobs/schemas/jobConfigAtom.ts","../../../src/api/jobs/schemas/jobExecutionQuerySchema.ts","../../../src/api/jobs/schemas/jobExecutionResourceSchema.ts","../../../src/api/jobs/schemas/jobRegistrationSchema.ts","../../../src/api/jobs/schemas/triggerJobSchema.ts","../../../src/api/jobs/index.browser.ts"],"sourcesContent":["import { type Static, t } from \"alepha\";\nimport { logEntrySchema } from \"alepha/logger\";\nimport { $entity, db } from \"alepha/orm\";\n\n/**\n * Job execution record.\n *\n * Stores durable state for queue-mode jobs (outbox pattern) and error records\n * for cron-mode jobs. Successful executions are trimmed by the sweep to keep\n * the last N rows per job (configurable via `jobConfig.keepLastSuccess`).\n *\n * Status transitions:\n * - queue push            → pending (or `scheduled` if `delay`/`scheduledAt` was given)\n * - worker claim          → running\n * - success               → ok (or row deleted, depending on `record` and `keepLastSuccess`)\n * - terminal failure      → error\n * - retryable failure     → scheduled (with scheduledAt = now; sweep picks it up)\n * - delay                 → scheduled (with scheduledAt = now + delay)\n * - sweep picks due ones  → pending\n * - cancel                → cancelled\n */\nexport const jobExecutionEntity = $entity({\n  name: \"job_executions\",\n  schema: t.object({\n    id: db.primaryKey(t.uuid()),\n    createdAt: db.createdAt(),\n    updatedAt: db.updatedAt(),\n\n    jobName: t.text(),\n    key: t.optional(t.nullable(t.text())),\n\n    status: db.default(\n      t.enum([\"pending\", \"running\", \"scheduled\", \"ok\", \"error\", \"cancelled\"]),\n      \"pending\",\n    ),\n    priority: db.default(t.integer({ minimum: 0, maximum: 3 }), 2),\n\n    attempt: db.default(t.integer(), 0),\n    maxAttempts: db.default(t.integer(), 1),\n\n    payload: t.optional(t.record(t.text(), t.any())),\n\n    scheduledAt: t.optional(t.datetime()),\n    startedAt: t.optional(t.datetime()),\n    completedAt: t.optional(t.datetime()),\n\n    error: t.optional(t.text()),\n    logs: t.optional(t.array(logEntrySchema)),\n\n    triggeredBy: t.optional(t.text()),\n    triggeredByName: t.optional(t.text()),\n    cancelledBy: t.optional(t.text()),\n    cancelledByName: t.optional(t.text()),\n  }),\n  indexes: [\n    { columns: [\"jobName\", \"status\", \"scheduledAt\"] },\n    { columns: [\"jobName\", \"status\", \"createdAt\"] },\n    { columns: [\"jobName\", \"startedAt\"] },\n    { columns: [\"jobName\", \"key\"], unique: true },\n  ],\n});\n\nexport type JobExecutionEntity = Static<typeof jobExecutionEntity.schema>;\n\nexport type JobStatus =\n  | \"pending\"\n  | \"running\"\n  | \"scheduled\"\n  | \"ok\"\n  | \"error\"\n  | \"cancelled\";\n","import { $atom, type Static, t } from \"alepha\";\n\nexport const jobConfig = $atom({\n  name: \"alepha.jobs\",\n  description: \"Configuration for the $job primitive.\",\n  schema: t.object({\n    sweepCron: t.text({\n      description:\n        \"Cron expression for the sweep tick. Must be minute-granular at minimum (cron resolution). On Cloudflare Workers this expression is emitted into wrangler.jsonc by the build.\",\n    }),\n    trimCron: t.text({\n      description:\n        \"Cron expression for the ring-buffer trim tick (per-job keepLastSuccess/keepLastError enforcement). Decoupled from `sweepCron` because trim is bounded by job execution rate, not retry latency — running it every sweep is wasted work for most apps.\",\n    }),\n    staleThreshold: t.integer({\n      description: \"Pending age (ms) before the sweep re-dispatches it.\",\n    }),\n    runTimeout: t.integer({\n      description:\n        \"Running age (ms) before assumed crash (fallback when no per-job timeout).\",\n    }),\n    keepLastSuccess: t.integer({\n      description:\n        \"Max successful rows to keep per job. Set 0 to disable and delete on success.\",\n    }),\n    keepLastError: t.integer({\n      description: \"Max error rows to keep per job.\",\n    }),\n    logMaxEntries: t.integer({\n      description: \"Max log entries captured per execution.\",\n    }),\n    drainTimeout: t.integer({\n      description: \"Max time (ms) to wait for in-flight jobs during shutdown.\",\n    }),\n  }),\n  default: {\n    sweepCron: \"*/15 * * * *\",\n    trimCron: \"0 * * * *\",\n    staleThreshold: 300_000,\n    runTimeout: 1_800_000,\n    keepLastSuccess: 10,\n    keepLastError: 10,\n    logMaxEntries: 100,\n    drainTimeout: 30_000,\n  },\n});\n\nexport type JobConfig = Static<typeof jobConfig.schema>;\n\ndeclare module \"alepha\" {\n  interface State {\n    [jobConfig.key]: JobConfig;\n  }\n}\n","import { type Static, t } from \"alepha\";\n\nexport const jobExecutionQuerySchema = t.object({\n  status: t.optional(\n    t.enum([\"pending\", \"running\", \"scheduled\", \"ok\", \"error\", \"cancelled\"]),\n  ),\n  limit: t.optional(t.integer({ minimum: 1, maximum: 200, default: 20 })),\n});\n\nexport type JobExecutionQuery = Static<typeof jobExecutionQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { jobExecutionEntity } from \"../entities/jobExecutionEntity.ts\";\n\n/**\n * Public-facing schema for a job execution row.\n *\n * Diverges from the raw entity in two places, both for API ergonomics:\n *\n * - `priority` is exposed as the **string enum** (`critical`/`high`/...)\n *   instead of the numeric value used internally for SQL ordering. The\n *   `JobService` is responsible for the int → string transform.\n * - `can` derives the available admin actions from the row's status.\n */\nexport const jobExecutionResourceSchema = t.extend(\n  // `t.extend` composes (interface-extends), it does not override: the base\n  // `priority` (integer) would still be enforced alongside the enum below and\n  // reject the int→string transform. Drop it from the base first.\n  t.omit(jobExecutionEntity.schema, [\"priority\"]),\n  {\n    priority: t.enum([\"critical\", \"high\", \"normal\", \"low\"]),\n    can: t.object({\n      retry: t.boolean(),\n      cancel: t.boolean(),\n    }),\n  },\n  {\n    title: \"JobExecutionResource\",\n    description: \"A job execution row with derived actions.\",\n  },\n);\n\nexport type JobExecutionResource = Static<typeof jobExecutionResourceSchema>;\n","import { type Static, t } from \"alepha\";\n\nexport const jobRegistrationSchema = t.object({\n  name: t.text(),\n  description: t.optional(t.text()),\n  type: t.enum([\"cron\", \"queue\", \"direct\"], {\n    description:\n      \"Effective runtime mode. 'cron' = scheduled. 'queue' = push-driven, dispatched via AlephaApiJobsQueue. 'direct' = push-driven, processed in-process (no queue infrastructure loaded), with the sweep as the safety net.\",\n  }),\n  priority: t.enum([\"critical\", \"high\", \"normal\", \"low\"]),\n  cron: t.optional(t.text()),\n  timeout: t.optional(t.text()),\n  retry: t.optional(\n    t.object({\n      retries: t.integer(),\n    }),\n  ),\n  recent: t.object({\n    ok: t.integer(),\n    error: t.integer(),\n    lastRun: t.optional(t.datetime()),\n  }),\n});\n\nexport type JobRegistration = Static<typeof jobRegistrationSchema>;\n","import { type Static, t } from \"alepha\";\n\nexport const triggerJobSchema = t.object({\n  payload: t.optional(t.record(t.text(), t.any())),\n});\n\nexport type TriggerJob = Static<typeof triggerJobSchema>;\n","import { $module } from \"alepha\";\n\n// -----------------------------------------------------------------------------------------------------------------\n\nexport * from \"./entities/jobExecutionEntity.ts\";\nexport * from \"./schemas/jobConfigAtom.ts\";\nexport * from \"./schemas/jobExecutionQuerySchema.ts\";\nexport * from \"./schemas/jobExecutionResourceSchema.ts\";\nexport * from \"./schemas/jobRegistrationSchema.ts\";\nexport * from \"./schemas/triggerJobSchema.ts\";\n\n// -----------------------------------------------------------------------------------------------------------------\n\nexport const AlephaApiJobs = $module({\n  name: \"alepha.api.jobs\",\n  services: [],\n});\n\nexport const AlephaApiJobsQueue = $module({\n  name: \"alepha.api.jobs.queue\",\n  services: [],\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAqBA,MAAa,qBAAqB,QAAQ;CACxC,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,KAAK,CAAC;EAC1B,WAAW,GAAG,UAAU;EACxB,WAAW,GAAG,UAAU;EAExB,SAAS,EAAE,KAAK;EAChB,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;EAEpC,QAAQ,GAAG,QACT,EAAE,KAAK;GAAC;GAAW;GAAW;GAAa;GAAM;GAAS;EAAW,CAAC,GACtE,SACF;EACA,UAAU,GAAG,QAAQ,EAAE,QAAQ;GAAE,SAAS;GAAG,SAAS;EAAE,CAAC,GAAG,CAAC;EAE7D,SAAS,GAAG,QAAQ,EAAE,QAAQ,GAAG,CAAC;EAClC,aAAa,GAAG,QAAQ,EAAE,QAAQ,GAAG,CAAC;EAEtC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,GAAG,EAAE,IAAI,CAAC,CAAC;EAE/C,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;EACpC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC;EAClC,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;EAEpC,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC;EAC1B,MAAM,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;EAExC,aAAa,EAAE,SAAS,EAAE,KAAK,CAAC;EAChC,iBAAiB,EAAE,SAAS,EAAE,KAAK,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,KAAK,CAAC;EAChC,iBAAiB,EAAE,SAAS,EAAE,KAAK,CAAC;CACtC,CAAC;CACD,SAAS;EACP,EAAE,SAAS;GAAC;GAAW;GAAU;EAAa,EAAE;EAChD,EAAE,SAAS;GAAC;GAAW;GAAU;EAAW,EAAE;EAC9C,EAAE,SAAS,CAAC,WAAW,WAAW,EAAE;EACpC;GAAE,SAAS,CAAC,WAAW,KAAK;GAAG,QAAQ;EAAK;CAC9C;AACF,CAAC;;;AC1DD,MAAa,YAAY,MAAM;CAC7B,MAAM;CACN,aAAa;CACb,QAAQ,EAAE,OAAO;EACf,WAAW,EAAE,KAAK,EAChB,aACE,+KACJ,CAAC;EACD,UAAU,EAAE,KAAK,EACf,aACE,wPACJ,CAAC;EACD,gBAAgB,EAAE,QAAQ,EACxB,aAAa,sDACf,CAAC;EACD,YAAY,EAAE,QAAQ,EACpB,aACE,4EACJ,CAAC;EACD,iBAAiB,EAAE,QAAQ,EACzB,aACE,+EACJ,CAAC;EACD,eAAe,EAAE,QAAQ,EACvB,aAAa,kCACf,CAAC;EACD,eAAe,EAAE,QAAQ,EACvB,aAAa,0CACf,CAAC;EACD,cAAc,EAAE,QAAQ,EACtB,aAAa,4DACf,CAAC;CACH,CAAC;CACD,SAAS;EACP,WAAW;EACX,UAAU;EACV,gBAAgB;EAChB,YAAY;EACZ,iBAAiB;EACjB,eAAe;EACf,eAAe;EACf,cAAc;CAChB;AACF,CAAC;;;AC3CD,MAAa,0BAA0B,EAAE,OAAO;CAC9C,QAAQ,EAAE,SACR,EAAE,KAAK;EAAC;EAAW;EAAW;EAAa;EAAM;EAAS;CAAW,CAAC,CACxE;CACA,OAAO,EAAE,SAAS,EAAE,QAAQ;EAAE,SAAS;EAAG,SAAS;EAAK,SAAS;CAAG,CAAC,CAAC;AACxE,CAAC;;;;;;;;;;;;;ACMD,MAAa,6BAA6B,EAAE,OAI1C,EAAE,KAAK,mBAAmB,QAAQ,CAAC,UAAU,CAAC,GAC9C;CACE,UAAU,EAAE,KAAK;EAAC;EAAY;EAAQ;EAAU;CAAK,CAAC;CACtD,KAAK,EAAE,OAAO;EACZ,OAAO,EAAE,QAAQ;EACjB,QAAQ,EAAE,QAAQ;CACpB,CAAC;AACH,GACA;CACE,OAAO;CACP,aAAa;AACf,CACF;;;AC3BA,MAAa,wBAAwB,EAAE,OAAO;CAC5C,MAAM,EAAE,KAAK;CACb,aAAa,EAAE,SAAS,EAAE,KAAK,CAAC;CAChC,MAAM,EAAE,KAAK;EAAC;EAAQ;EAAS;CAAQ,GAAG,EACxC,aACE,yNACJ,CAAC;CACD,UAAU,EAAE,KAAK;EAAC;EAAY;EAAQ;EAAU;CAAK,CAAC;CACtD,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC;CACzB,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC;CAC5B,OAAO,EAAE,SACP,EAAE,OAAO,EACP,SAAS,EAAE,QAAQ,EACrB,CAAC,CACH;CACA,QAAQ,EAAE,OAAO;EACf,IAAI,EAAE,QAAQ;EACd,OAAO,EAAE,QAAQ;EACjB,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;CAClC,CAAC;AACH,CAAC;;;ACpBD,MAAa,mBAAmB,EAAE,OAAO,EACvC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,GAAG,EAAE,IAAI,CAAC,CAAC,EACjD,CAAC;;;ACSD,MAAa,gBAAgB,QAAQ;CACnC,MAAM;CACN,UAAU,CAAC;AACb,CAAC;AAED,MAAa,qBAAqB,QAAQ;CACxC,MAAM;CACN,UAAU,CAAC;AACb,CAAC"}