chore(v1.1.5): version bumps, CI workflow, schema-snapshot un-ignore

- Workspace 1.1.4 → 1.1.5; SDK 1.5 → 1.6; dashboard 0.10.0 → 0.11.0.
- CHANGELOG v1.1.5 entry; CLAUDE.md runtime-config table gains
  PICLOUD_FILES_ROOT + PICLOUD_FILES_MAX_FILE_SIZE_BYTES.
- schema_snapshot test: drop #[ignore] + #[sqlx::test]; run against
  DATABASE_URL when set, skip cleanly when absent. Re-blessed golden
  picks up files / files_trigger_details / pubsub_trigger_details, the
  two widened CHECKs, and the pubsub partial index.
- First CI workflow (.github/workflows/ci.yml): postgres:15 service +
  fmt + clippy + cargo test --workspace; separate dashboard check job.
- Add files/pubsub admin-trigger reject-coverage tests (module +
  cross-app + bad-pattern), mirroring the v1.1.3 regression set.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.github/workflows/ci.yml

@@ -0,0 +1,72 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+  # Matches what docker-compose produces locally; the schema-snapshot
+  # guardrail and any other DB-backed tests run against this service.
+  DATABASE_URL: postgres://picloud:picloud@localhost:5432/picloud
+
+jobs:
+  rust:
+    name: Rust — fmt, clippy, test
+    runs-on: ubuntu-latest
+    services:
+      postgres:
+        image: postgres:15
+        env:
+          POSTGRES_USER: picloud
+          POSTGRES_PASSWORD: picloud
+          POSTGRES_DB: picloud
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd "pg_isready -U picloud"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+    steps:
+      - uses: actions/checkout@v4
+
+      # rust-toolchain.toml pins the channel; this action honors it.
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt, clippy
+
+      - name: Cache cargo
+        uses: Swatinem/rust-cache@v2
+
+      - name: Format check
+        run: cargo fmt --all -- --check
+
+      - name: Clippy
+        run: cargo clippy --all-targets --all-features -- -D warnings
+
+      # Runs the whole workspace, including the schema-snapshot guardrail
+      # (it picks up DATABASE_URL from the env above and the postgres
+      # service; without a DB it would skip cleanly).
+      - name: Test
+        run: cargo test --workspace
+
+  dashboard:
+    name: Dashboard — check
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: dashboard
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: dashboard/package-lock.json
+      - name: Install deps
+        run: npm ci
+      - name: Svelte check
+        run: npm run check

CHANGELOG.md

@@ -1,5 +1,76 @@
 # PiCloud Changelog
 
+## v1.1.5 — Files & Pub/Sub (unreleased)
+
+Two stateful services + two trigger kinds. **`files::*`** is
+filesystem-backed blob storage (atomic writes, path-sharded layout,
+single-pass SHA-256 with checksum-verified reads); the metadata row
+lives in Postgres, the bytes on disk. **`pubsub::publish_durable`** is
+durable pub/sub through the universal outbox, fanning out one delivery
+row per matching subscriber **at publish time** inside a single
+transaction. Both ride the v1.1.1 trigger framework as the fifth and
+sixth concrete kinds via the established Layout-E extension pattern.
+
+### Added
+
+- **`files::collection(name).{create,head,get,update,delete,list}`** —
+  blob storage SDK. `create`/`update` take a Rhai `Blob`; `get` returns
+  a `Blob` (or `()` if missing); `head`/`list` return metadata maps
+  (`id, name, content_type, size, checksum, created_at, updated_at`).
+  `create`/`update`/`delete` throw on failure; `get`/`head` return `()`
+  for a missing file; `delete` returns a was-present bool. Missing
+  required field on `create` throws naming the field.
+- **Atomic writes** — temp file → fsync → rename → fsync parent dir →
+  DB row, so a crash never leaves a readable half-written file. SHA-256
+  is computed in a single pass during the write; `get` re-verifies it
+  and surfaces `FilesError::Corrupted` (logged with the path, never
+  auto-deleted) on a mismatch. Shard dirs are created `0o700`.
+- **`files:*` trigger kind** — `ctx.event.files` carries the metadata
+  only (never the bytes; a handler that wants them calls
+  `files::collection(c).get(id)`). `prev` is `()` on create, the prior
+  metadata on update, the deleted metadata on delete.
+- **`pubsub::publish_durable(topic, message)`** — durable publish.
+  Message is any JSON-serializable Rhai value; Blobs encode as base64
+  (at any nesting depth). No matching subscriber → the publish succeeds
+  silently with zero outbox rows.
+- **`pubsub:*` trigger kind** — topic patterns are exact, `<prefix>.*`,
+  or `*`; mid-pattern wildcards are rejected at trigger creation.
+  `ctx.event.pubsub` carries `topic`, `message`, `published_at`.
+- **`FilesService` + `PubsubService` traits** (`picloud-shared`) +
+  `FsFilesRepo`/`FilesServiceImpl` and `PostgresPubsubRepo`/
+  `PubsubServiceImpl` (manager-core). Wired into the `Services` bundle
+  as `files` and `pubsub`.
+- **Capabilities** `AppFilesRead`/`AppFilesWrite` → `script:read`/
+  `script:write`, `AppPubsubPublish` → `script:write`. No new `Scope`
+  variant — the seven-scope commitment holds. Script-as-gate: skipped
+  when the script runs unauthenticated.
+- **Admin files API** (`GET`/`DELETE /apps/{id}/files`) + dashboard
+  Files view per app; **Pub/Sub trigger form** on the Triggers tab.
+- **CI** — first `.github/workflows/ci.yml` (Postgres service, fmt +
+  clippy + `cargo test --workspace`); the schema-snapshot guardrail now
+  runs instead of being `#[ignore]`'d.
+
+### Changed
+
+- Workspace version: 1.1.4 → 1.1.5
+- Rhai SDK version: 1.5 → 1.6
+- Dashboard version: 0.10.0 → 0.11.0
+- `schema_snapshot` test: no longer `#[ignore]`'d — runs against
+  `DATABASE_URL` when set, skips cleanly when absent.
+
+### Migrations
+
+- 0018_files.sql — `files` metadata table (bytes live on disk).
+- 0019_files_triggers.sql — widen kind/source_kind CHECKs + add
+  `files_trigger_details`.
+- 0020_pubsub_triggers.sql — widen kind/source_kind CHECKs + add
+  `pubsub_trigger_details` + partial index.
+
+### New environment variables
+
+- `PICLOUD_FILES_ROOT` (default `./data`)
+- `PICLOUD_FILES_MAX_FILE_SIZE_BYTES` (default 100 MB)
+
 ## v1.1.4 — Outbound HTTP & Cron triggers (unreleased)
 
 Two surfaces. **`http::*`** lets Rhai scripts make outbound HTTP

CLAUDE.md

@@ -118,6 +118,8 @@ Environment variables consumed by the `picloud` binary:
 | `DATABASE_URL` | — | Required. Postgres connection string. |
 | `PICLOUD_SESSION_TTL_HOURS` | `24` | Sliding-window session lifetime. |
 | `PICLOUD_SANDBOX_MAX_*` | conservative defaults | Per-knob admin ceilings on Rhai sandbox overrides. See `manager-core::sandbox::SandboxCeiling`. |
+| `PICLOUD_FILES_ROOT` | `./data` | Filesystem root for `files::*` blob storage (v1.1.5). Bytes live at `<root>/files/<app_id>/<collection>/<id[0:2]>/<id>`; metadata in Postgres. |
+| `PICLOUD_FILES_MAX_FILE_SIZE_BYTES` | `104857600` (100 MB) | Per-file hard size cap for `files::*` (v1.1.5). Per-app quotas deferred to v1.2. |
 
 ## Out of MVP
 

Cargo.lock

@@ -1610,7 +1610,7 @@ dependencies = [
 
 [[package]]
 name = "picloud"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -1636,7 +1636,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-cli"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "anyhow",
  "assert_cmd",
@@ -1657,7 +1657,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-executor"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "anyhow",
  "picloud-executor-core",
@@ -1669,7 +1669,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-executor-core"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "async-trait",
  "base64",
@@ -1693,7 +1693,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-manager"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "anyhow",
  "picloud-manager-core",
@@ -1705,7 +1705,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-manager-core"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "argon2",
  "async-trait",
@@ -1733,7 +1733,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-orchestrator"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "anyhow",
  "picloud-orchestrator-core",
@@ -1745,7 +1745,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-orchestrator-core"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "async-trait",
  "axum",
@@ -1766,7 +1766,7 @@ dependencies = [
 
 [[package]]
 name = "picloud-shared"
-version = "1.1.4"
+version = "1.1.5"
 dependencies = [
  "async-trait",
  "chrono",

Cargo.toml

@@ -13,7 +13,7 @@ members = [
 ]
 
 [workspace.package]
-version = "1.1.4"
+version = "1.1.5"
 edition = "2021"
 rust-version = "1.92"
 license = "MIT OR Apache-2.0"

crates/manager-core/src/triggers_api.rs

@@ -1739,4 +1739,258 @@ mod tests {
         .expect("endpoint target should succeed");
         assert_eq!(status, StatusCode::CREATED);
     }
+
+    // ----------------------------------------------------------------
+    // v1.1.5: files + pubsub trigger create (Layout-E reject coverage).
+    // ----------------------------------------------------------------
+
+    fn files_req(script_id: ScriptId, glob: &str) -> CreateFilesTriggerRequest {
+        CreateFilesTriggerRequest {
+            script_id,
+            collection_glob: glob.into(),
+            ops: vec![FilesEventOp::Create],
+            dispatch_mode: TriggerDispatchMode::Async,
+            retry_max_attempts: None,
+            retry_backoff: None,
+            retry_base_ms: None,
+        }
+    }
+
+    #[tokio::test]
+    async fn files_trigger_create_succeeds() {
+        let app_id = AppId::new();
+        let script_id = ScriptId::new();
+        let state = state_with_endpoint(Arc::new(AlwaysAllowAuthzRepo), app_id, script_id);
+        let (status, Json(trigger)) = create_files_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(files_req(script_id, "avatars")),
+        )
+        .await
+        .unwrap();
+        assert_eq!(status, StatusCode::CREATED);
+        assert!(matches!(
+            trigger.kind,
+            crate::trigger_repo::TriggerKind::Files
+        ));
+        match trigger.details {
+            TriggerDetails::Files {
+                collection_glob,
+                ops,
+            } => {
+                assert_eq!(collection_glob, "avatars");
+                assert_eq!(ops, vec![FilesEventOp::Create]);
+            }
+            other => panic!("expected Files details, got {other:?}"),
+        }
+    }
+
+    #[tokio::test]
+    async fn files_trigger_empty_glob_rejected() {
+        let app_id = AppId::new();
+        let state = state_with(Arc::new(AlwaysAllowAuthzRepo), app_id);
+        let res = create_files_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(files_req(ScriptId::new(), "   ")),
+        )
+        .await;
+        assert!(matches!(
+            res.expect_err("empty glob"),
+            TriggersApiError::Invalid(_)
+        ));
+    }
+
+    #[tokio::test]
+    async fn files_trigger_rejects_module_target() {
+        let app_id = AppId::new();
+        let script_id = ScriptId::new();
+        let state = TriggersState {
+            triggers: Arc::new(InMemoryTriggerRepo::default()),
+            apps: InMemoryAppRepo::with(app_id),
+            authz: Arc::new(AlwaysAllowAuthzRepo),
+            scripts: InMemoryScriptRepo::with_module(app_id, script_id),
+            config: TriggerConfig::conservative(),
+        };
+        let res = create_files_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(files_req(script_id, "avatars")),
+        )
+        .await;
+        let msg = match res.expect_err("module rejected") {
+            TriggersApiError::Invalid(m) => m,
+            other => panic!("expected Invalid, got {other:?}"),
+        };
+        assert!(msg.to_lowercase().contains("module"));
+    }
+
+    #[tokio::test]
+    async fn files_trigger_rejects_cross_app_script() {
+        let app_a = AppId::new();
+        let app_b = AppId::new();
+        let script_id = ScriptId::new();
+        let state = TriggersState {
+            triggers: Arc::new(InMemoryTriggerRepo::default()),
+            apps: InMemoryAppRepo::with(app_a),
+            authz: Arc::new(AlwaysAllowAuthzRepo),
+            scripts: InMemoryScriptRepo::with_endpoint(app_b, script_id),
+            config: TriggerConfig::conservative(),
+        };
+        let res = create_files_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_a),
+            Json(files_req(script_id, "avatars")),
+        )
+        .await;
+        let msg = match res.expect_err("cross-app rejected") {
+            TriggersApiError::Invalid(m) => m,
+            other => panic!("expected Invalid, got {other:?}"),
+        };
+        assert!(msg.to_lowercase().contains("does not belong"));
+    }
+
+    #[tokio::test]
+    async fn files_trigger_member_without_role_is_forbidden() {
+        let app_id = AppId::new();
+        let state = state_with(Arc::new(AlwaysDenyAuthzRepo), app_id);
+        let res = create_files_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(files_req(ScriptId::new(), "avatars")),
+        )
+        .await;
+        assert!(matches!(
+            res.expect_err("forbidden"),
+            TriggersApiError::Forbidden
+        ));
+    }
+
+    fn pubsub_req(script_id: ScriptId, pattern: &str) -> CreatePubsubTriggerRequest {
+        CreatePubsubTriggerRequest {
+            script_id,
+            topic_pattern: pattern.into(),
+            dispatch_mode: TriggerDispatchMode::Async,
+            retry_max_attempts: None,
+            retry_backoff: None,
+            retry_base_ms: None,
+        }
+    }
+
+    #[tokio::test]
+    async fn pubsub_trigger_create_succeeds() {
+        let app_id = AppId::new();
+        let script_id = ScriptId::new();
+        let state = state_with_endpoint(Arc::new(AlwaysAllowAuthzRepo), app_id, script_id);
+        let (status, Json(trigger)) = create_pubsub_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(pubsub_req(script_id, "user.*")),
+        )
+        .await
+        .unwrap();
+        assert_eq!(status, StatusCode::CREATED);
+        match trigger.details {
+            TriggerDetails::Pubsub { topic_pattern } => assert_eq!(topic_pattern, "user.*"),
+            other => panic!("expected Pubsub details, got {other:?}"),
+        }
+    }
+
+    #[tokio::test]
+    async fn pubsub_trigger_rejects_bad_pattern() {
+        let app_id = AppId::new();
+        let script_id = ScriptId::new();
+        let state = state_with_endpoint(Arc::new(AlwaysAllowAuthzRepo), app_id, script_id);
+        for bad in ["*.created", "a.*.b", "**"] {
+            let res = create_pubsub_trigger(
+                State(state.clone()),
+                Extension(member_principal()),
+                Path(app_id),
+                Json(pubsub_req(script_id, bad)),
+            )
+            .await;
+            let msg = match res.expect_err("bad pattern") {
+                TriggersApiError::Invalid(m) => m,
+                other => panic!("expected Invalid, got {other:?}"),
+            };
+            assert!(
+                msg.contains("unsupported pubsub topic pattern"),
+                "got {msg} for {bad}"
+            );
+        }
+    }
+
+    #[tokio::test]
+    async fn pubsub_trigger_rejects_module_target() {
+        let app_id = AppId::new();
+        let script_id = ScriptId::new();
+        let state = TriggersState {
+            triggers: Arc::new(InMemoryTriggerRepo::default()),
+            apps: InMemoryAppRepo::with(app_id),
+            authz: Arc::new(AlwaysAllowAuthzRepo),
+            scripts: InMemoryScriptRepo::with_module(app_id, script_id),
+            config: TriggerConfig::conservative(),
+        };
+        let res = create_pubsub_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(pubsub_req(script_id, "user.*")),
+        )
+        .await;
+        let msg = match res.expect_err("module rejected") {
+            TriggersApiError::Invalid(m) => m,
+            other => panic!("expected Invalid, got {other:?}"),
+        };
+        assert!(msg.to_lowercase().contains("module"));
+    }
+
+    #[tokio::test]
+    async fn pubsub_trigger_rejects_cross_app_script() {
+        let app_a = AppId::new();
+        let app_b = AppId::new();
+        let script_id = ScriptId::new();
+        let state = TriggersState {
+            triggers: Arc::new(InMemoryTriggerRepo::default()),
+            apps: InMemoryAppRepo::with(app_a),
+            authz: Arc::new(AlwaysAllowAuthzRepo),
+            scripts: InMemoryScriptRepo::with_endpoint(app_b, script_id),
+            config: TriggerConfig::conservative(),
+        };
+        let res = create_pubsub_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_a),
+            Json(pubsub_req(script_id, "user.*")),
+        )
+        .await;
+        let msg = match res.expect_err("cross-app rejected") {
+            TriggersApiError::Invalid(m) => m,
+            other => panic!("expected Invalid, got {other:?}"),
+        };
+        assert!(msg.to_lowercase().contains("does not belong"));
+    }
+
+    #[tokio::test]
+    async fn pubsub_trigger_member_without_role_is_forbidden() {
+        let app_id = AppId::new();
+        let state = state_with(Arc::new(AlwaysDenyAuthzRepo), app_id);
+        let res = create_pubsub_trigger(
+            State(state),
+            Extension(member_principal()),
+            Path(app_id),
+            Json(pubsub_req(ScriptId::new(), "user.*")),
+        )
+        .await;
+        assert!(matches!(
+            res.expect_err("forbidden"),
+            TriggersApiError::Forbidden
+        ));
+    }
 }

crates/manager-core/tests/expected_schema.txt

@@ -128,6 +128,22 @@ table: execution_logs
   created_at: timestamp with time zone NOT NULL default=now()
   app_id: uuid NOT NULL
 
+table: files
+  app_id: uuid NOT NULL
+  collection: text NOT NULL
+  id: uuid NOT NULL
+  name: text NOT NULL
+  content_type: text NOT NULL
+  size_bytes: bigint NOT NULL
+  checksum_sha256: text NOT NULL
+  created_at: timestamp with time zone NOT NULL default=now()
+  updated_at: timestamp with time zone NOT NULL default=now()
+
+table: files_trigger_details
+  trigger_id: uuid NOT NULL
+  collection_glob: text NOT NULL
+  ops: ARRAY NOT NULL
+
 table: kv_entries
   app_id: uuid NOT NULL
   collection: text NOT NULL
@@ -158,6 +174,10 @@ table: outbox
   claimed_by: text NULL
   created_at: timestamp with time zone NOT NULL default=now()
 
+table: pubsub_trigger_details
+  trigger_id: uuid NOT NULL
+  topic_pattern: text NOT NULL
+
 table: routes
   id: uuid NOT NULL default=gen_random_uuid()
   script_id: uuid NOT NULL
@@ -268,6 +288,13 @@ indexes on execution_logs:
   execution_logs_pkey: public.execution_logs USING btree (id)
   execution_logs_script_id_created_at_idx: public.execution_logs USING btree (script_id, created_at DESC)
 
+indexes on files:
+  files_pkey: public.files USING btree (app_id, collection, id)
+  idx_files_app_collection: public.files USING btree (app_id, collection)
+
+indexes on files_trigger_details:
+  files_trigger_details_pkey: public.files_trigger_details USING btree (trigger_id)
+
 indexes on kv_entries:
   idx_kv_entries_app_collection: public.kv_entries USING btree (app_id, collection)
   kv_entries_pkey: public.kv_entries USING btree (app_id, collection, key)
@@ -280,6 +307,9 @@ indexes on outbox:
   idx_outbox_due: public.outbox USING btree (next_attempt_at) WHERE (claimed_at IS NULL)
   outbox_pkey: public.outbox USING btree (id)
 
+indexes on pubsub_trigger_details:
+  pubsub_trigger_details_pkey: public.pubsub_trigger_details USING btree (trigger_id)
+
 indexes on routes:
   routes_app_id_idx: public.routes USING btree (app_id)
   routes_lookup_idx: public.routes USING btree (host_kind, host)
@@ -300,6 +330,7 @@ indexes on scripts:
 
 indexes on triggers:
   idx_triggers_app_kind_enabled: public.triggers USING btree (app_id, kind) WHERE (enabled = true)
+  idx_triggers_app_pubsub_enabled: public.triggers USING btree (app_id, kind) WHERE ((enabled = true) AND (kind = 'pubsub'::text))
   triggers_pkey: public.triggers USING btree (id)
 
 ## constraints
@@ -370,6 +401,14 @@ constraints on execution_logs:
   [FOREIGN KEY] execution_logs_script_id_fkey: FOREIGN KEY (script_id) REFERENCES scripts(id) ON DELETE CASCADE
   [PRIMARY KEY] execution_logs_pkey: PRIMARY KEY (id)
 
+constraints on files:
+  [FOREIGN KEY] files_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
+  [PRIMARY KEY] files_pkey: PRIMARY KEY (app_id, collection, id)
+
+constraints on files_trigger_details:
+  [FOREIGN KEY] files_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE
+  [PRIMARY KEY] files_trigger_details_pkey: PRIMARY KEY (trigger_id)
+
 constraints on kv_entries:
   [FOREIGN KEY] kv_entries_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
   [PRIMARY KEY] kv_entries_pkey: PRIMARY KEY (app_id, collection, key)
@@ -379,10 +418,14 @@ constraints on kv_trigger_details:
   [PRIMARY KEY] kv_trigger_details_pkey: PRIMARY KEY (trigger_id)
 
 constraints on outbox:
-  [CHECK] outbox_source_kind_check: CHECK ((source_kind = ANY (ARRAY['http'::text, 'kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text])))
+  [CHECK] outbox_source_kind_check: CHECK ((source_kind = ANY (ARRAY['http'::text, 'kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text, 'files'::text, 'pubsub'::text])))
   [FOREIGN KEY] outbox_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
   [PRIMARY KEY] outbox_pkey: PRIMARY KEY (id)
 
+constraints on pubsub_trigger_details:
+  [FOREIGN KEY] pubsub_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE
+  [PRIMARY KEY] pubsub_trigger_details_pkey: PRIMARY KEY (trigger_id)
+
 constraints on routes:
   [CHECK] routes_dispatch_mode_check: CHECK ((dispatch_mode = ANY (ARRAY['sync'::text, 'async'::text])))
   [CHECK] routes_host_kind_check: CHECK ((host_kind = ANY (ARRAY['any'::text, 'strict'::text, 'wildcard'::text])))
@@ -407,7 +450,7 @@ constraints on scripts:
 
 constraints on triggers:
   [CHECK] triggers_dispatch_mode_check: CHECK ((dispatch_mode = ANY (ARRAY['sync'::text, 'async'::text])))
-  [CHECK] triggers_kind_check: CHECK ((kind = ANY (ARRAY['kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text])))
+  [CHECK] triggers_kind_check: CHECK ((kind = ANY (ARRAY['kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text, 'files'::text, 'pubsub'::text])))
   [CHECK] triggers_retry_backoff_check: CHECK ((retry_backoff = ANY (ARRAY['exponential'::text, 'linear'::text, 'constant'::text])))
   [FOREIGN KEY] triggers_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE
   [FOREIGN KEY] triggers_registered_by_principal_fkey: FOREIGN KEY (registered_by_principal) REFERENCES admin_users(id) ON DELETE CASCADE
@@ -432,3 +475,6 @@ constraints on triggers:
   0015: scripts kind
   0016: script imports
   0017: cron triggers
+  0018: files
+  0019: files triggers
+  0020: pubsub triggers

crates/manager-core/tests/schema_snapshot.rs

@@ -25,22 +25,46 @@
 //!
 //! Review the resulting diff in the same PR as the new migration.
 //!
-//! Like the orchestrator integration tests, this is `#[ignore]`'d by
+//! v1.1.5: this test is no longer `#[ignore]`'d. It runs whenever
-//! default so plain `cargo test --workspace` stays green without
+//! `DATABASE_URL` is set (CI wires a `postgres:15` service) and **skips
-//! infrastructure.
+//! cleanly** when it's absent, so plain `cargo test --workspace` stays
+//! green on machines without Postgres. Unlike the previous
+//! `#[sqlx::test]` form (which spun up an isolated throwaway database),
+//! it now applies the migrations against the `DATABASE_URL` database
+//! directly — migrations are forward-only and idempotent, and CI's
+//! Postgres is fresh, so the structural dump is identical either way.
 
 use std::fmt::Write as _;
 use std::path::PathBuf;
 
+use sqlx::postgres::PgPoolOptions;
 use sqlx::{PgPool, Row};
 
 const SCHEMA: &str = "public";
 
 const SNAPSHOT_PATH: &str = "tests/expected_schema.txt";
 
-#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[tokio::test]
-#[sqlx::test(migrations = "./migrations")]
+async fn schema_after_replay_matches_snapshot() {
-async fn schema_after_replay_matches_snapshot(pool: PgPool) {
+    // Skip cleanly when DATABASE_URL is unset so `cargo test --workspace`
+    // stays green without Postgres. CI sets it (postgres:15 service).
+    let Ok(url) = std::env::var("DATABASE_URL") else {
+        eprintln!(
+            "schema_snapshot: DATABASE_URL unset — skipping. Set it (e.g. \
+             postgres://picloud:picloud@localhost:5432/picloud) to run this guardrail."
+        );
+        return;
+    };
+    let pool = PgPoolOptions::new()
+        .max_connections(1)
+        .connect(&url)
+        .await
+        .expect("connect to DATABASE_URL");
+    sqlx::migrate!("./migrations")
+        .run(&pool)
+        .await
+        .expect("apply migrations");
+
     let actual = dump_schema(&pool).await;
 
     let snapshot_file = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join(SNAPSHOT_PATH);

crates/shared/src/version.rs

@@ -39,7 +39,17 @@ pub const PRODUCT_VERSION: &str = env!("CARGO_PKG_VERSION");
 /// SSRF deny-list on the resolved IP); `ctx.event.cron` for cron-trigger
 /// handlers (carries `schedule`, `timezone`, `scheduled_at`, `fired_at`).
 /// The `Services` bundle gains `http: Arc<dyn HttpService>`.
-pub const SDK_VERSION: &str = "1.5";
+///
+/// 1.6 additions (v1.1.5):
+/// `files::collection(name).{create,head,get,update,delete,list}` —
+/// filesystem-backed blob storage (blobs in/out; metadata maps;
+/// checksum-verified reads) with `ctx.event.files` for files-trigger
+/// handlers (metadata only, never the bytes); and
+/// `pubsub::publish_durable(topic, message)` — durable pub/sub with
+/// publish-time fan-out and `ctx.event.pubsub` for pubsub-trigger
+/// handlers. The `Services` bundle gains `files: Arc<dyn FilesService>`
+/// and `pubsub: Arc<dyn PubsubService>`.
+pub const SDK_VERSION: &str = "1.6";
 
 /// HTTP API major version. Appears in URL paths as `/api/v{N}/...`.
 /// Bump (new integer + new URL prefix) when the request/response

dashboard/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "picloud-dashboard",
-	"version": "0.10.0",
+	"version": "0.11.0",
 	"private": true,
 	"type": "module",
 	"scripts": {