feat(v1.1.5): files SDK + files:* triggers

Filesystem-backed blob storage as the fifth concrete trigger kind. - `files::collection(c).{create,head,get,update,delete,list}` Rhai SDK (blob in/out; metadata maps; missing-field throws naming the field). - `FilesService` trait in picloud-shared; `FsFilesRepo` (atomic write: temp→fsync→rename→fsync-dir→DB; single-pass SHA-256; checksum-verified reads → Corrupted) + `FilesServiceImpl` in manager-core. Metadata in Postgres (0018), bytes on disk under PICLOUD_FILES_ROOT with 0o700 shard dirs. - `files:*` trigger kind via the Layout-E pattern (0019: widen both CHECKs + files_trigger_details), TriggerEvent::Files (metadata only, no bytes), emit_files fan-out, dispatcher arm, admin endpoint POST /triggers/files (reuses validate_trigger_target). - AppFilesRead/AppFilesWrite capabilities → script:read/script:write (seven-scope commitment held). AppPubsubPublish reserved for v1.1.6. - Admin files API (list + delete) + dashboard Files view per app. Cross-app isolation keyed on cx.app_id at every layer. ~45 new tests (service in-memory, fs tempdir, bridge integration). No DB required for the suite. publish_ephemeral and the orphan sweep stay deferred. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-03 21:18:17 +02:00
parent 03d03ea6e7
commit 6e132b6ee0
29 changed files with 3599 additions and 31 deletions
--- a/crates/shared/src/trigger_event.rs
+++ b/crates/shared/src/trigger_event.rs
@@ -78,6 +78,39 @@ impl DocsEventOp {
    }
 }

+/// Operations a files trigger can fire on. v1.1.5. Stored as a
+/// lowercase string in `files_trigger_details.ops` (Postgres `text[]`).
+/// CRUD verbs (`create`) mirror `DocsEventOp`, distinct from KV's
+/// set/upsert flavour.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[serde(rename_all = "lowercase")]
+pub enum FilesEventOp {
+    Create,
+    Update,
+    Delete,
+}
+
+impl FilesEventOp {
+    #[must_use]
+    pub const fn as_str(self) -> &'static str {
+        match self {
+            Self::Create => "create",
+            Self::Update => "update",
+            Self::Delete => "delete",
+        }
+    }
+
+    #[must_use]
+    pub fn from_wire(s: &str) -> Option<Self> {
+        match s {
+            "create" => Some(Self::Create),
+            "update" => Some(Self::Update),
+            "delete" => Some(Self::Delete),
+            _ => None,
+        }
+    }
+}
+
 /// Discriminated description of a triggering event. Lifted from the
 /// outbox row's payload at dispatch time. Each variant carries the
 /// fields the corresponding `ctx.event` shape exposes to the script.
@@ -123,6 +156,27 @@ pub enum TriggerEvent {
        fired_at: DateTime<Utc>,
    },

+    /// A files create / update / delete fired this handler. v1.1.5.
+    /// Carries the affected file's **metadata only** — never the blob
+    /// bytes (files are too big to ship through trigger payloads). A
+    /// handler that wants the bytes calls
+    /// `files::collection(c).get(id)` itself. `prev` is the prior
+    /// metadata for update (and the deleted-row metadata for delete);
+    /// absent on create. Surfaced to scripts as `ctx.event.files`.
+    Files {
+        op: FilesEventOp,
+        collection: String,
+        /// UUID as string — Rhai sees it as a string.
+        id: String,
+        name: String,
+        content_type: String,
+        size: u64,
+        /// Lowercase hex SHA-256.
+        checksum: String,
+        #[serde(default, skip_serializing_if = "Option::is_none")]
+        prev: Option<serde_json::Value>,
+    },
+
    /// A dead-letter row fired this handler. The original event is
    /// nested verbatim plus the dead-letter metadata the design notes
    /// §4 require.
@@ -148,6 +202,7 @@ impl TriggerEvent {
            Self::Kv { .. } => "kv",
            Self::Docs { .. } => "docs",
            Self::Cron { .. } => "cron",
+            Self::Files { .. } => "files",
            Self::DeadLetter { .. } => "dead_letter",
        }
    }