objectstack-ai
diff --git a/‎content/docs/references/data/field.mdx‎
Lines changed: 36 additions & 2 deletions b/‎content/docs/references/data/field.mdx‎
Lines changed: 36 additions & 2 deletions
diff --git a/‎content/docs/references/integration/misc.mdx‎
Lines changed: 2 additions & 15 deletions b/‎content/docs/references/integration/misc.mdx‎
Lines changed: 2 additions & 15 deletions
diff --git a/‎content/docs/references/integration/object-storage.mdx‎
Lines changed: 34 additions & 0 deletions b/‎content/docs/references/integration/object-storage.mdx‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎content/docs/references/system/index.mdx‎
Lines changed: 1 addition & 0 deletions b/‎content/docs/references/system/index.mdx‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/docs/references/system/meta.json‎
Lines changed: 1 addition & 0 deletions b/‎content/docs/references/system/meta.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/docs/references/system/object-storage.mdx‎
Lines changed: 240 additions & 0 deletions b/‎content/docs/references/system/object-storage.mdx‎
Lines changed: 240 additions & 0 deletions
@@ -12,8 +12,8 @@ description: Field protocol schemas
 ## TypeScript Usage
 
 ```typescript
-import { AddressSchema, CurrencyConfigSchema, CurrencyValueSchema, FieldSchema, FieldTypeSchema, LocationCoordinatesSchema, SelectOptionSchema, VectorConfigSchema } from '@objectstack/spec/data';
-import type { Address, CurrencyConfig, CurrencyValue, Field, FieldType, LocationCoordinates, SelectOption, VectorConfig } from '@objectstack/spec/data';
+import { AddressSchema, CurrencyConfigSchema, CurrencyValueSchema, FieldSchema, FieldTypeSchema, FileAttachmentConfigSchema, LocationCoordinatesSchema, SelectOptionSchema, VectorConfigSchema } from '@objectstack/spec/data';
+import type { Address, CurrencyConfig, CurrencyValue, Field, FieldType, FileAttachmentConfig, LocationCoordinates, SelectOption, VectorConfig } from '@objectstack/spec/data';
 
 // Validate data
 const result = AddressSchema.parse(data);
@@ -110,6 +110,7 @@ const result = AddressSchema.parse(data);
 | **allowScanning** | `boolean` | optional | Enable camera scanning for barcode/QR code input |
 | **currencyConfig** | `object` | optional | Configuration for currency field type |
 | **vectorConfig** | `object` | optional | Configuration for vector field type (AI/ML embeddings) |
+| **fileAttachmentConfig** | `object` | optional | Configuration for file and attachment field types |
 | **hidden** | `boolean` | optional | Hidden from default UI |
 | **readonly** | `boolean` | optional | Read-only in UI |
 | **encryption** | `boolean` | optional | Encrypt at rest |
@@ -169,6 +170,39 @@ const result = AddressSchema.parse(data);
 
 ---
 
+## FileAttachmentConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **minSize** | `number` | optional | Minimum file size in bytes |
+| **maxSize** | `number` | optional | Maximum file size in bytes (e.g., 10485760 = 10MB) |
+| **allowedTypes** | `string[]` | optional | Allowed file extensions (e.g., [".pdf", ".docx", ".jpg"]) |
+| **blockedTypes** | `string[]` | optional | Blocked file extensions (e.g., [".exe", ".bat", ".sh"]) |
+| **allowedMimeTypes** | `string[]` | optional | Allowed MIME types (e.g., ["image/jpeg", "application/pdf"]) |
+| **blockedMimeTypes** | `string[]` | optional | Blocked MIME types |
+| **virusScan** | `boolean` | optional | Enable virus scanning for uploaded files |
+| **virusScanProvider** | `Enum<'clamav' \| 'virustotal' \| 'metadefender' \| 'custom'>` | optional | Virus scanning service provider |
+| **virusScanOnUpload** | `boolean` | optional | Scan files immediately on upload |
+| **quarantineOnThreat** | `boolean` | optional | Quarantine files if threat detected |
+| **storageProvider** | `string` | optional | Object storage provider name (references ObjectStorageConfig) |
+| **storageBucket** | `string` | optional | Target bucket name |
+| **storagePrefix** | `string` | optional | Storage path prefix (e.g., "uploads/documents/") |
+| **imageValidation** | `object` | optional | Image-specific validation rules |
+| **allowMultiple** | `boolean` | optional | Allow multiple file uploads (overrides field.multiple) |
+| **allowReplace** | `boolean` | optional | Allow replacing existing files |
+| **allowDelete** | `boolean` | optional | Allow deleting uploaded files |
+| **requireUpload** | `boolean` | optional | Require at least one file when field is required |
+| **extractMetadata** | `boolean` | optional | Extract file metadata (name, size, type, etc.) |
+| **extractText** | `boolean` | optional | Extract text content from documents (OCR/parsing) |
+| **versioningEnabled** | `boolean` | optional | Keep previous versions of replaced files |
+| **maxVersions** | `number` | optional | Maximum number of versions to retain |
+| **publicRead** | `boolean` | optional | Allow public read access to uploaded files |
+| **presignedUrlExpiry** | `number` | optional | Presigned URL expiration in seconds (default: 1 hour) |
+
+---
+
 ## LocationCoordinates
 
 ### Properties
 
@@ -12,8 +12,8 @@ description: Misc protocol schemas
 ## TypeScript Usage
 
 ```typescript
-import { AckModeSchema, ApiVersionConfigSchema, CdcConfigSchema, ConsumerConfigSchema, DatabaseConnectorSchema, DatabasePoolConfigSchema, DatabaseProviderSchema, DatabaseTableSchema, DeliveryGuaranteeSchema, DlqConfigSchema, FileAccessPatternSchema, FileFilterConfigSchema, FileMetadataConfigSchema, FileStorageConnectorSchema, FileStorageProviderSchema, FileVersioningConfigSchema, MessageFormatSchema, MessageQueueConnectorSchema, MessageQueueProviderSchema, MultipartUploadConfigSchema, ProducerConfigSchema, SaasConnectorSchema, SaasObjectTypeSchema, SaasProviderSchema, SslConfigSchema, StorageBucketSchema, TopicQueueSchema } from '@objectstack/spec/integration';
-import type { AckMode, ApiVersionConfig, CdcConfig, ConsumerConfig, DatabaseConnector, DatabasePoolConfig, DatabaseProvider, DatabaseTable, DeliveryGuarantee, DlqConfig, FileAccessPattern, FileFilterConfig, FileMetadataConfig, FileStorageConnector, FileStorageProvider, FileVersioningConfig, MessageFormat, MessageQueueConnector, MessageQueueProvider, MultipartUploadConfig, ProducerConfig, SaasConnector, SaasObjectType, SaasProvider, SslConfig, StorageBucket, TopicQueue } from '@objectstack/spec/integration';
+import { AckModeSchema, ApiVersionConfigSchema, CdcConfigSchema, ConsumerConfigSchema, DatabaseConnectorSchema, DatabasePoolConfigSchema, DatabaseProviderSchema, DatabaseTableSchema, DeliveryGuaranteeSchema, DlqConfigSchema, FileAccessPatternSchema, FileFilterConfigSchema, FileMetadataConfigSchema, FileStorageConnectorSchema, FileStorageProviderSchema, FileVersioningConfigSchema, MessageFormatSchema, MessageQueueConnectorSchema, MessageQueueProviderSchema, ProducerConfigSchema, SaasConnectorSchema, SaasObjectTypeSchema, SaasProviderSchema, SslConfigSchema, StorageBucketSchema, TopicQueueSchema } from '@objectstack/spec/integration';
+import type { AckMode, ApiVersionConfig, CdcConfig, ConsumerConfig, DatabaseConnector, DatabasePoolConfig, DatabaseProvider, DatabaseTable, DeliveryGuarantee, DlqConfig, FileAccessPattern, FileFilterConfig, FileMetadataConfig, FileStorageConnector, FileStorageProvider, FileVersioningConfig, MessageFormat, MessageQueueConnector, MessageQueueProvider, ProducerConfig, SaasConnector, SaasObjectType, SaasProvider, SslConfig, StorageBucket, TopicQueue } from '@objectstack/spec/integration';
 
 // Validate data
 const result = AckModeSchema.parse(data);
@@ -374,19 +374,6 @@ Message queue provider type
 
 ---
 
-## MultipartUploadConfig
-
-### Properties
-
-| Property | Type | Required | Description |
-| :--- | :--- | :--- | :--- |
-| **enabled** | `boolean` | optional | Enable multipart uploads |
-| **partSize** | `number` | optional | Part size in bytes (min 5MB) |
-| **maxConcurrentParts** | `number` | optional | Maximum concurrent part uploads |
-| **threshold** | `number` | optional | File size threshold for multipart upload in bytes |
-
----
-
 ## ProducerConfig
 
 ### Properties
 
@@ -0,0 +1,34 @@
+---
+title: Object Storage
+description: Object Storage protocol schemas
+---
+
+# Object Storage
+
+<Callout type="info">
+**Source:** `packages/spec/src/integration/object-storage.zod.ts`
+</Callout>
+
+## TypeScript Usage
+
+```typescript
+import { MultipartUploadConfigSchema } from '@objectstack/spec/integration';
+import type { MultipartUploadConfig } from '@objectstack/spec/integration';
+
+// Validate data
+const result = MultipartUploadConfigSchema.parse(data);
+```
+
+---
+
+## MultipartUploadConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | optional | Enable multipart uploads |
+| **partSize** | `number` | optional | Part size in bytes (min 5MB) |
+| **maxConcurrentParts** | `number` | optional | Maximum concurrent part uploads |
+| **threshold** | `number` | optional | File size threshold for multipart upload in bytes |
+
@@ -21,6 +21,7 @@ This section contains all protocol schemas for the system layer of ObjectStack.
   <Card href="./logging" title="Logging" description="Source: packages/spec/src/system/logging.zod.ts" />
   <Card href="./manifest" title="Manifest" description="Source: packages/spec/src/system/manifest.zod.ts" />
   <Card href="./metrics" title="Metrics" description="Source: packages/spec/src/system/metrics.zod.ts" />
+  <Card href="./object-storage" title="Object Storage" description="Source: packages/spec/src/system/object-storage.zod.ts" />
   <Card href="./plugin" title="Plugin" description="Source: packages/spec/src/system/plugin.zod.ts" />
   <Card href="./plugin-capability" title="Plugin Capability" description="Source: packages/spec/src/system/plugin-capability.zod.ts" />
   <Card href="./scoped-storage" title="Scoped Storage" description="Source: packages/spec/src/system/scoped-storage.zod.ts" />
 
@@ -14,6 +14,7 @@
     "logging",
     "manifest",
     "metrics",
+    "object-storage",
     "plugin",
     "plugin-capability",
     "scoped-storage",
 
@@ -0,0 +1,240 @@
+---
+title: Object Storage
+description: Object Storage protocol schemas
+---
+
+# Object Storage
+
+<Callout type="info">
+**Source:** `packages/spec/src/system/object-storage.zod.ts`
+</Callout>
+
+## TypeScript Usage
+
+```typescript
+import { AccessControlConfigSchema, BucketConfigSchema, LifecycleActionSchema, LifecyclePolicyConfigSchema, LifecyclePolicyRuleSchema, MultipartUploadConfigSchema, ObjectMetadataSchema, ObjectStorageConfigSchema, PresignedUrlConfigSchema, StorageAclSchema, StorageClassSchema, StorageConnectionSchema, StorageProviderSchema } from '@objectstack/spec/system';
+import type { AccessControlConfig, BucketConfig, LifecycleAction, LifecyclePolicyConfig, LifecyclePolicyRule, MultipartUploadConfig, ObjectMetadata, ObjectStorageConfig, PresignedUrlConfig, StorageAcl, StorageClass, StorageConnection, StorageProvider } from '@objectstack/spec/system';
+
+// Validate data
+const result = AccessControlConfigSchema.parse(data);
+```
+
+---
+
+## AccessControlConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **acl** | `Enum<'private' \| 'public_read' \| 'public_read_write' \| 'authenticated_read' \| 'bucket_owner_read' \| 'bucket_owner_full_control'>` | optional | Default access control level |
+| **allowedOrigins** | `string[]` | optional | CORS allowed origins |
+| **allowedMethods** | `Enum<'GET' \| 'PUT' \| 'POST' \| 'DELETE' \| 'HEAD'>[]` | optional | CORS allowed HTTP methods |
+| **allowedHeaders** | `string[]` | optional | CORS allowed headers |
+| **exposeHeaders** | `string[]` | optional | CORS exposed headers |
+| **maxAge** | `number` | optional | CORS preflight cache duration in seconds |
+| **corsEnabled** | `boolean` | optional | Enable CORS configuration |
+| **publicAccess** | `object` | optional | Public access control |
+| **allowedIps** | `string[]` | optional | Allowed IP addresses/CIDR blocks |
+| **blockedIps** | `string[]` | optional | Blocked IP addresses/CIDR blocks |
+
+---
+
+## BucketConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **name** | `string` | ✅ | Bucket identifier in ObjectStack (snake_case) |
+| **label** | `string` | ✅ | Display label |
+| **bucketName** | `string` | ✅ | Actual bucket/container name in storage provider |
+| **region** | `string` | optional | Storage region (e.g., us-east-1, westus) |
+| **provider** | `Enum<'s3' \| 'azure_blob' \| 'gcs' \| 'minio' \| 'r2' \| 'spaces' \| 'wasabi' \| 'backblaze' \| 'local'>` | ✅ | Storage provider |
+| **endpoint** | `string` | optional | Custom endpoint URL (for S3-compatible providers) |
+| **pathStyle** | `boolean` | optional | Use path-style URLs (for S3-compatible providers) |
+| **versioning** | `boolean` | optional | Enable object versioning |
+| **encryption** | `object` | optional | Server-side encryption configuration |
+| **accessControl** | `object` | optional | Access control configuration |
+| **lifecyclePolicy** | `object` | optional | Lifecycle policy configuration |
+| **multipartConfig** | `object` | optional | Multipart upload configuration |
+| **tags** | `Record<string, string>` | optional | Bucket tags for organization |
+| **description** | `string` | optional | Bucket description |
+| **enabled** | `boolean` | optional | Enable this bucket |
+
+---
+
+## LifecycleAction
+
+Lifecycle policy action type
+
+### Allowed Values
+
+* `transition`
+* `delete`
+* `abort`
+
+---
+
+## LifecyclePolicyConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | optional | Enable lifecycle policies |
+| **rules** | `object[]` | optional | Lifecycle rules |
+
+---
+
+## LifecyclePolicyRule
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **id** | `string` | ✅ | Rule identifier |
+| **enabled** | `boolean` | optional | Enable this rule |
+| **action** | `Enum<'transition' \| 'delete' \| 'abort'>` | ✅ | Action to perform |
+| **prefix** | `string` | optional | Object key prefix filter (e.g., "uploads/") |
+| **tags** | `Record<string, string>` | optional | Object tag filters |
+| **daysAfterCreation** | `number` | optional | Days after object creation |
+| **daysAfterModification** | `number` | optional | Days after last modification |
+| **targetStorageClass** | `Enum<'standard' \| 'intelligent' \| 'infrequent_access' \| 'glacier' \| 'deep_archive'>` | optional | Target storage class for transition action |
+
+---
+
+## MultipartUploadConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | optional | Enable multipart uploads |
+| **partSize** | `number` | optional | Part size in bytes (min 5MB, max 5GB) |
+| **maxParts** | `number` | optional | Maximum number of parts (max 10,000) |
+| **threshold** | `number` | optional | File size threshold to trigger multipart upload (bytes) |
+| **maxConcurrent** | `number` | optional | Maximum concurrent part uploads |
+| **abortIncompleteAfterDays** | `number` | optional | Auto-abort incomplete uploads after N days |
+
+---
+
+## ObjectMetadata
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **contentType** | `string` | ✅ | MIME type (e.g., image/jpeg, application/pdf) |
+| **contentLength** | `number` | ✅ | File size in bytes |
+| **contentEncoding** | `string` | optional | Content encoding (e.g., gzip) |
+| **contentDisposition** | `string` | optional | Content disposition header |
+| **contentLanguage** | `string` | optional | Content language |
+| **cacheControl** | `string` | optional | Cache control directives |
+| **etag** | `string` | optional | Entity tag for versioning/caching |
+| **lastModified** | `string` | optional | Last modification timestamp |
+| **versionId** | `string` | optional | Object version identifier |
+| **storageClass** | `Enum<'standard' \| 'intelligent' \| 'infrequent_access' \| 'glacier' \| 'deep_archive'>` | optional | Storage class/tier |
+| **encryption** | `object` | optional | Server-side encryption configuration |
+| **custom** | `Record<string, string>` | optional | Custom user-defined metadata |
+
+---
+
+## ObjectStorageConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **name** | `string` | ✅ | Storage configuration identifier |
+| **label** | `string` | ✅ | Display label |
+| **provider** | `Enum<'s3' \| 'azure_blob' \| 'gcs' \| 'minio' \| 'r2' \| 'spaces' \| 'wasabi' \| 'backblaze' \| 'local'>` | ✅ | Primary storage provider |
+| **connection** | `object` | ✅ | Connection credentials |
+| **buckets** | `object[]` | optional | Configured buckets |
+| **defaultBucket** | `string` | optional | Default bucket name for operations |
+| **enabled** | `boolean` | optional | Enable this storage configuration |
+| **description** | `string` | optional | Configuration description |
+
+---
+
+## PresignedUrlConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **operation** | `Enum<'get' \| 'put' \| 'delete' \| 'head'>` | ✅ | Allowed operation |
+| **expiresIn** | `number` | ✅ | Expiration time in seconds (max 7 days) |
+| **contentType** | `string` | optional | Required content type for PUT operations |
+| **maxSize** | `number` | optional | Maximum file size in bytes for PUT operations |
+| **responseContentType** | `string` | optional | Override content-type for GET operations |
+| **responseContentDisposition** | `string` | optional | Override content-disposition for GET operations |
+
+---
+
+## StorageAcl
+
+Storage access control level
+
+### Allowed Values
+
+* `private`
+* `public_read`
+* `public_read_write`
+* `authenticated_read`
+* `bucket_owner_read`
+* `bucket_owner_full_control`
+
+---
+
+## StorageClass
+
+Storage class/tier for cost optimization
+
+### Allowed Values
+
+* `standard`
+* `intelligent`
+* `infrequent_access`
+* `glacier`
+* `deep_archive`
+
+---
+
+## StorageConnection
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **accessKeyId** | `string` | optional | AWS access key ID or MinIO access key |
+| **secretAccessKey** | `string` | optional | AWS secret access key or MinIO secret key |
+| **sessionToken** | `string` | optional | AWS session token for temporary credentials |
+| **accountName** | `string` | optional | Azure storage account name |
+| **accountKey** | `string` | optional | Azure storage account key |
+| **sasToken** | `string` | optional | Azure SAS token |
+| **projectId** | `string` | optional | GCP project ID |
+| **credentials** | `string` | optional | GCP service account credentials JSON |
+| **endpoint** | `string` | optional | Custom endpoint URL |
+| **region** | `string` | optional | Default region |
+| **useSSL** | `boolean` | optional | Use SSL/TLS for connections |
+| **timeout** | `number` | optional | Connection timeout in milliseconds |
+
+---
+
+## StorageProvider
+
+Storage provider type
+
+### Allowed Values
+
+* `s3`
+* `azure_blob`
+* `gcs`
+* `minio`
+* `r2`
+* `spaces`
+* `wasabi`
+* `backblaze`
+* `local`
+