feat(core): rebrand to @lossless.zone/objectstorage

- Rename from @lossless.zone/s3container to @lossless.zone/objectstorage
- Replace @push.rocks/smarts3 with @push.rocks/smartstorage
- Change env var prefix from S3_ to OBJST_
- Rename S3Container class to ObjectStorageContainer
- Update web component prefix from s3c- to objst-
- Update UI labels, CLI flags, documentation, and Docker config

ts/00_commitinfo_data.ts

@@ -0,0 +1,8 @@
+/**
+ * autocreated commitinfo by @push.rocks/commitinfo
+ */
+export const commitinfo = {
+  name: '@lossless.zone/objectstorage',
+  version: '1.4.0',
+  description: 'object storage server with management UI powered by smartstorage'
+}

ts/classes/objectstoragecontainer.ts

@@ -0,0 +1,376 @@
+import * as plugins from '../plugins.ts';
+import { type IObjectStorageConfig, defaultConfig } from '../types.ts';
+import type * as interfaces from '../../ts_interfaces/index.ts';
+import { OpsServer } from '../opsserver/index.ts';
+import { PolicyManager } from './policymanager.ts';
+
+export class ObjectStorageContainer {
+  public config: IObjectStorageConfig;
+  public smartstorageInstance!: plugins.smartstorage.SmartStorage;
+  public s3Client!: plugins.S3Client;
+  public opsServer: OpsServer;
+  public policyManager: PolicyManager;
+  public startedAt: number = 0;
+
+  constructor(configArg?: Partial<IObjectStorageConfig>) {
+    this.config = { ...defaultConfig, ...configArg };
+
+    // Read environment variables (override config)
+    const envPort = Deno.env.get('OBJST_PORT');
+    if (envPort) this.config.objstPort = parseInt(envPort, 10);
+
+    const envUiPort = Deno.env.get('UI_PORT');
+    if (envUiPort) this.config.uiPort = parseInt(envUiPort, 10);
+
+    const envStorageDir = Deno.env.get('OBJST_STORAGE_DIR');
+    if (envStorageDir) this.config.storageDirectory = envStorageDir;
+
+    const envAccessKey = Deno.env.get('OBJST_ACCESS_KEY');
+    const envSecretKey = Deno.env.get('OBJST_SECRET_KEY');
+    if (envAccessKey && envSecretKey) {
+      this.config.accessCredentials = [
+        { accessKeyId: envAccessKey, secretAccessKey: envSecretKey },
+      ];
+    }
+
+    const envAdminPassword = Deno.env.get('OBJST_ADMIN_PASSWORD');
+    if (envAdminPassword) this.config.adminPassword = envAdminPassword;
+
+    const envRegion = Deno.env.get('OBJST_REGION');
+    if (envRegion) this.config.region = envRegion;
+
+    this.opsServer = new OpsServer(this);
+    this.policyManager = new PolicyManager(this);
+  }
+
+  public async start(): Promise<void> {
+    console.log(`Starting ObjectStorage...`);
+    console.log(`  Storage port: ${this.config.objstPort}`);
+    console.log(`  UI port: ${this.config.uiPort}`);
+    console.log(`  Storage: ${this.config.storageDirectory}`);
+    console.log(`  Region:  ${this.config.region}`);
+
+    // Start smartstorage
+    this.smartstorageInstance = await plugins.smartstorage.SmartStorage.createAndStart({
+      server: {
+        port: this.config.objstPort,
+        address: '0.0.0.0',
+        region: this.config.region,
+      },
+      storage: {
+        directory: this.config.storageDirectory,
+      },
+      auth: {
+        enabled: true,
+        credentials: this.config.accessCredentials,
+      },
+    });
+
+    this.startedAt = Date.now();
+    console.log(`Storage server started on port ${this.config.objstPort}`);
+
+    // Create S3 client for management operations
+    const descriptor = await this.smartstorageInstance.getStorageDescriptor();
+    this.s3Client = new plugins.S3Client({
+      endpoint: `http://${descriptor.endpoint}:${descriptor.port}`,
+      region: this.config.region,
+      credentials: {
+        accessKeyId: descriptor.accessKey,
+        secretAccessKey: descriptor.accessSecret,
+      },
+      forcePathStyle: true,
+    });
+
+    // Load named policies
+    await this.policyManager.load();
+
+    // Start UI server
+    await this.opsServer.start(this.config.uiPort);
+    console.log(`Management UI started on port ${this.config.uiPort}`);
+  }
+
+  public async stop(): Promise<void> {
+    console.log('Stopping ObjectStorage...');
+    await this.opsServer.stop();
+    await this.smartstorageInstance.stop();
+    console.log('ObjectStorage stopped.');
+  }
+
+  // ── Management methods ──
+
+  public async listBuckets(): Promise<interfaces.data.IBucketInfo[]> {
+    const response = await this.s3Client.send(new plugins.ListBucketsCommand({}));
+    const buckets: interfaces.data.IBucketInfo[] = [];
+
+    for (const bucket of response.Buckets || []) {
+      const name = bucket.Name || '';
+      const creationDate = bucket.CreationDate?.getTime() || 0;
+
+      // Get object count and size for each bucket
+      let objectCount = 0;
+      let totalSizeBytes = 0;
+      let continuationToken: string | undefined;
+
+      do {
+        const listResp = await this.s3Client.send(
+          new plugins.ListObjectsV2Command({
+            Bucket: name,
+            ContinuationToken: continuationToken,
+          }),
+        );
+
+        for (const obj of listResp.Contents || []) {
+          objectCount++;
+          totalSizeBytes += obj.Size || 0;
+        }
+
+        continuationToken = listResp.IsTruncated ? listResp.NextContinuationToken : undefined;
+      } while (continuationToken);
+
+      buckets.push({ name, creationDate, objectCount, totalSizeBytes });
+    }
+
+    return buckets;
+  }
+
+  public async createBucket(bucketName: string): Promise<void> {
+    await this.smartstorageInstance.createBucket(bucketName);
+  }
+
+  public async deleteBucket(bucketName: string): Promise<void> {
+    await this.s3Client.send(new plugins.DeleteBucketCommand({ Bucket: bucketName }));
+  }
+
+  public async listObjects(
+    bucketName: string,
+    prefix?: string,
+    delimiter?: string,
+    maxKeys?: number,
+  ): Promise<interfaces.data.IObjectListResult> {
+    const response = await this.s3Client.send(
+      new plugins.ListObjectsV2Command({
+        Bucket: bucketName,
+        Prefix: prefix || '',
+        Delimiter: delimiter || '/',
+        MaxKeys: maxKeys || 1000,
+      }),
+    );
+
+    const objects: interfaces.data.IObjectInfo[] = (response.Contents || []).map((obj) => ({
+      key: obj.Key || '',
+      size: obj.Size || 0,
+      lastModified: obj.LastModified?.getTime() || 0,
+      etag: obj.ETag || '',
+      contentType: '',
+    }));
+
+    const commonPrefixes = (response.CommonPrefixes || []).map((p) => p.Prefix || '');
+
+    return {
+      objects,
+      commonPrefixes,
+      isTruncated: response.IsTruncated || false,
+      currentPrefix: prefix || '',
+    };
+  }
+
+  public async deleteObject(bucketName: string, key: string): Promise<void> {
+    await this.s3Client.send(
+      new plugins.DeleteObjectCommand({ Bucket: bucketName, Key: key }),
+    );
+  }
+
+  public async getObject(bucketName: string, key: string): Promise<{
+    content: string;
+    contentType: string;
+    size: number;
+    lastModified: string;
+  }> {
+    const response = await this.s3Client.send(
+      new plugins.GetObjectCommand({ Bucket: bucketName, Key: key }),
+    );
+    const bodyBytes = await response.Body!.transformToByteArray();
+    // Convert to base64
+    let binary = '';
+    for (const byte of bodyBytes) {
+      binary += String.fromCharCode(byte);
+    }
+    const base64Content = btoa(binary);
+
+    return {
+      content: base64Content,
+      contentType: response.ContentType || 'application/octet-stream',
+      size: response.ContentLength || 0,
+      lastModified: response.LastModified?.toISOString() || new Date().toISOString(),
+    };
+  }
+
+  public async putObject(
+    bucketName: string,
+    key: string,
+    base64Content: string,
+    contentType: string,
+  ): Promise<void> {
+    const binaryString = atob(base64Content);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    await this.s3Client.send(
+      new plugins.PutObjectCommand({
+        Bucket: bucketName,
+        Key: key,
+        Body: bytes,
+        ContentType: contentType,
+      }),
+    );
+  }
+
+  public async deletePrefix(bucketName: string, prefix: string): Promise<void> {
+    let continuationToken: string | undefined;
+    do {
+      const listResp = await this.s3Client.send(
+        new plugins.ListObjectsV2Command({
+          Bucket: bucketName,
+          Prefix: prefix,
+          ContinuationToken: continuationToken,
+        }),
+      );
+      for (const obj of listResp.Contents || []) {
+        if (obj.Key) {
+          await this.s3Client.send(
+            new plugins.DeleteObjectCommand({ Bucket: bucketName, Key: obj.Key }),
+          );
+        }
+      }
+      continuationToken = listResp.IsTruncated ? listResp.NextContinuationToken : undefined;
+    } while (continuationToken);
+  }
+
+  public async getObjectUrl(bucketName: string, key: string): Promise<string> {
+    const descriptor = await this.smartstorageInstance.getStorageDescriptor();
+    return `http://${descriptor.endpoint}:${descriptor.port}/${bucketName}/${key}`;
+  }
+
+  public async moveObject(
+    bucketName: string,
+    sourceKey: string,
+    destKey: string,
+  ): Promise<{ success: boolean; error?: string }> {
+    try {
+      await this.s3Client.send(
+        new plugins.CopyObjectCommand({
+          Bucket: bucketName,
+          CopySource: `${bucketName}/${sourceKey}`,
+          Key: destKey,
+        }),
+      );
+      await this.s3Client.send(
+        new plugins.DeleteObjectCommand({ Bucket: bucketName, Key: sourceKey }),
+      );
+      return { success: true };
+    } catch (err: any) {
+      return { success: false, error: err.message };
+    }
+  }
+
+  public async movePrefix(
+    bucketName: string,
+    sourcePrefix: string,
+    destPrefix: string,
+  ): Promise<{ success: boolean; movedCount?: number; error?: string }> {
+    try {
+      let movedCount = 0;
+      let continuationToken: string | undefined;
+      do {
+        const listResp = await this.s3Client.send(
+          new plugins.ListObjectsV2Command({
+            Bucket: bucketName,
+            Prefix: sourcePrefix,
+            ContinuationToken: continuationToken,
+          }),
+        );
+        for (const obj of listResp.Contents || []) {
+          if (!obj.Key) continue;
+          const newKey = destPrefix + obj.Key.slice(sourcePrefix.length);
+          await this.s3Client.send(
+            new plugins.CopyObjectCommand({
+              Bucket: bucketName,
+              CopySource: `${bucketName}/${obj.Key}`,
+              Key: newKey,
+            }),
+          );
+          await this.s3Client.send(
+            new plugins.DeleteObjectCommand({ Bucket: bucketName, Key: obj.Key }),
+          );
+          movedCount++;
+        }
+        continuationToken = listResp.IsTruncated ? listResp.NextContinuationToken : undefined;
+      } while (continuationToken);
+      return { success: true, movedCount };
+    } catch (err: any) {
+      return { success: false, error: err.message };
+    }
+  }
+
+  public async getServerStats(): Promise<interfaces.data.IServerStatus> {
+    const buckets = await this.listBuckets();
+    let totalObjectCount = 0;
+    let totalStorageBytes = 0;
+    for (const b of buckets) {
+      totalObjectCount += b.objectCount;
+      totalStorageBytes += b.totalSizeBytes;
+    }
+
+    return {
+      running: true,
+      objstPort: this.config.objstPort,
+      uiPort: this.config.uiPort,
+      uptime: Math.floor((Date.now() - this.startedAt) / 1000),
+      startedAt: this.startedAt,
+      bucketCount: buckets.length,
+      totalObjectCount,
+      totalStorageBytes,
+      storageDirectory: this.config.storageDirectory,
+      region: this.config.region,
+      authEnabled: true,
+    };
+  }
+
+  public async getBucketPolicy(bucketName: string): Promise<string | null> {
+    try {
+      const response = await this.s3Client.send(
+        new plugins.GetBucketPolicyCommand({ Bucket: bucketName }),
+      );
+      return response.Policy || null;
+    } catch (err: any) {
+      if (err.name === 'NoSuchBucketPolicy' || err.Code === 'NoSuchBucketPolicy') {
+        return null;
+      }
+      throw err;
+    }
+  }
+
+  public async putBucketPolicy(bucketName: string, policyJson: string): Promise<void> {
+    await this.s3Client.send(
+      new plugins.PutBucketPolicyCommand({ Bucket: bucketName, Policy: policyJson }),
+    );
+  }
+
+  public async deleteBucketPolicy(bucketName: string): Promise<void> {
+    await this.s3Client.send(
+      new plugins.DeleteBucketPolicyCommand({ Bucket: bucketName }),
+    );
+  }
+
+  public async getConnectionInfo(): Promise<interfaces.data.IConnectionInfo> {
+    const descriptor = await this.smartstorageInstance.getStorageDescriptor();
+    return {
+      endpoint: descriptor.endpoint,
+      port: Number(descriptor.port ?? this.config.objstPort),
+      useSsl: descriptor.useSsl ?? false,
+      accessKey: descriptor.accessKey,
+      region: this.config.region,
+    };
+  }
+}

ts/classes/policymanager.ts

@@ -0,0 +1,269 @@
+import type { ObjectStorageContainer } from './objectstoragecontainer.ts';
+import type * as interfaces from '../../ts_interfaces/index.ts';
+
+export class PolicyManager {
+  private objectStorageRef: ObjectStorageContainer;
+  private data: interfaces.data.IPoliciesData = {
+    namedPolicies: {},
+    bucketPolicyAttachments: {},
+  };
+  private filePath: string;
+
+  constructor(objectStorageRef: ObjectStorageContainer) {
+    this.objectStorageRef = objectStorageRef;
+    const storageDir = objectStorageRef.config.storageDirectory;
+    this.filePath = `${storageDir}/.objectstorage/policies.json`;
+  }
+
+  // ── Persistence ──
+
+  public async load(): Promise<void> {
+    try {
+      const dirPath = this.filePath.substring(0, this.filePath.lastIndexOf('/'));
+      await Deno.mkdir(dirPath, { recursive: true });
+
+      const content = await Deno.readTextFile(this.filePath);
+      this.data = JSON.parse(content);
+    } catch {
+      // File doesn't exist yet — start with empty data
+      this.data = { namedPolicies: {}, bucketPolicyAttachments: {} };
+    }
+  }
+
+  private async save(): Promise<void> {
+    const dirPath = this.filePath.substring(0, this.filePath.lastIndexOf('/'));
+    await Deno.mkdir(dirPath, { recursive: true });
+    await Deno.writeTextFile(this.filePath, JSON.stringify(this.data, null, 2));
+  }
+
+  // ── CRUD ──
+
+  public listPolicies(): interfaces.data.INamedPolicy[] {
+    return Object.values(this.data.namedPolicies);
+  }
+
+  public getPolicy(policyId: string): interfaces.data.INamedPolicy | null {
+    return this.data.namedPolicies[policyId] || null;
+  }
+
+  public async createPolicy(
+    name: string,
+    description: string,
+    statements: interfaces.data.IObjstStatement[],
+  ): Promise<interfaces.data.INamedPolicy> {
+    const id = crypto.randomUUID();
+    const now = Date.now();
+    const policy: interfaces.data.INamedPolicy = {
+      id,
+      name,
+      description,
+      statements,
+      createdAt: now,
+      updatedAt: now,
+    };
+    this.data.namedPolicies[id] = policy;
+    await this.save();
+    return policy;
+  }
+
+  public async updatePolicy(
+    policyId: string,
+    name: string,
+    description: string,
+    statements: interfaces.data.IObjstStatement[],
+  ): Promise<interfaces.data.INamedPolicy> {
+    const existing = this.data.namedPolicies[policyId];
+    if (!existing) {
+      throw new Error(`Policy not found: ${policyId}`);
+    }
+    existing.name = name;
+    existing.description = description;
+    existing.statements = statements;
+    existing.updatedAt = Date.now();
+    await this.save();
+
+    // Recompute policies for all buckets that have this policy attached
+    const affectedBuckets = this.getBucketsForPolicy(policyId);
+    for (const bucket of affectedBuckets) {
+      await this.recomputeAndApplyPolicy(bucket);
+    }
+
+    return existing;
+  }
+
+  public async deletePolicy(policyId: string): Promise<void> {
+    if (!this.data.namedPolicies[policyId]) {
+      throw new Error(`Policy not found: ${policyId}`);
+    }
+
+    // Find all affected buckets before deleting
+    const affectedBuckets = this.getBucketsForPolicy(policyId);
+
+    // Remove from namedPolicies
+    delete this.data.namedPolicies[policyId];
+
+    // Remove from all bucket attachments
+    for (const bucket of Object.keys(this.data.bucketPolicyAttachments)) {
+      this.data.bucketPolicyAttachments[bucket] = this.data.bucketPolicyAttachments[bucket].filter(
+        (id) => id !== policyId,
+      );
+      if (this.data.bucketPolicyAttachments[bucket].length === 0) {
+        delete this.data.bucketPolicyAttachments[bucket];
+      }
+    }
+
+    await this.save();
+
+    // Recompute policies for affected buckets
+    for (const bucket of affectedBuckets) {
+      await this.recomputeAndApplyPolicy(bucket);
+    }
+  }
+
+  // ── Attachments ──
+
+  public getBucketAttachments(bucketName: string): {
+    attachedPolicies: interfaces.data.INamedPolicy[];
+    availablePolicies: interfaces.data.INamedPolicy[];
+  } {
+    const attachedIds = this.data.bucketPolicyAttachments[bucketName] || [];
+    const allPolicies = this.listPolicies();
+    const attachedPolicies = allPolicies.filter((p) => attachedIds.includes(p.id));
+    const availablePolicies = allPolicies.filter((p) => !attachedIds.includes(p.id));
+    return { attachedPolicies, availablePolicies };
+  }
+
+  public getBucketsForPolicy(policyId: string): string[] {
+    const buckets: string[] = [];
+    for (const [bucket, policyIds] of Object.entries(this.data.bucketPolicyAttachments)) {
+      if (policyIds.includes(policyId)) {
+        buckets.push(bucket);
+      }
+    }
+    return buckets;
+  }
+
+  public async attachPolicyToBucket(policyId: string, bucketName: string): Promise<void> {
+    if (!this.data.namedPolicies[policyId]) {
+      throw new Error(`Policy not found: ${policyId}`);
+    }
+    if (!this.data.bucketPolicyAttachments[bucketName]) {
+      this.data.bucketPolicyAttachments[bucketName] = [];
+    }
+    if (!this.data.bucketPolicyAttachments[bucketName].includes(policyId)) {
+      this.data.bucketPolicyAttachments[bucketName].push(policyId);
+    }
+    await this.save();
+    await this.recomputeAndApplyPolicy(bucketName);
+  }
+
+  public async detachPolicyFromBucket(policyId: string, bucketName: string): Promise<void> {
+    if (this.data.bucketPolicyAttachments[bucketName]) {
+      this.data.bucketPolicyAttachments[bucketName] = this.data.bucketPolicyAttachments[bucketName].filter(
+        (id) => id !== policyId,
+      );
+      if (this.data.bucketPolicyAttachments[bucketName].length === 0) {
+        delete this.data.bucketPolicyAttachments[bucketName];
+      }
+    }
+    await this.save();
+    await this.recomputeAndApplyPolicy(bucketName);
+  }
+
+  public async setPolicyBuckets(policyId: string, bucketNames: string[]): Promise<void> {
+    if (!this.data.namedPolicies[policyId]) {
+      throw new Error(`Policy not found: ${policyId}`);
+    }
+
+    const oldBuckets = this.getBucketsForPolicy(policyId);
+    const newBucketsSet = new Set(bucketNames);
+    const oldBucketsSet = new Set(oldBuckets);
+
+    // Remove from buckets no longer in the list
+    for (const bucket of oldBuckets) {
+      if (!newBucketsSet.has(bucket)) {
+        this.data.bucketPolicyAttachments[bucket] = (this.data.bucketPolicyAttachments[bucket] || []).filter(
+          (id) => id !== policyId,
+        );
+        if (this.data.bucketPolicyAttachments[bucket]?.length === 0) {
+          delete this.data.bucketPolicyAttachments[bucket];
+        }
+      }
+    }
+
+    // Add to new buckets
+    for (const bucket of bucketNames) {
+      if (!oldBucketsSet.has(bucket)) {
+        if (!this.data.bucketPolicyAttachments[bucket]) {
+          this.data.bucketPolicyAttachments[bucket] = [];
+        }
+        if (!this.data.bucketPolicyAttachments[bucket].includes(policyId)) {
+          this.data.bucketPolicyAttachments[bucket].push(policyId);
+        }
+      }
+    }
+
+    await this.save();
+
+    // Recompute all affected buckets (union of old and new)
+    const allAffected = new Set([...oldBuckets, ...bucketNames]);
+    for (const bucket of allAffected) {
+      await this.recomputeAndApplyPolicy(bucket);
+    }
+  }
+
+  // ── Cleanup ──
+
+  public async onBucketDeleted(bucketName: string): Promise<void> {
+    if (this.data.bucketPolicyAttachments[bucketName]) {
+      delete this.data.bucketPolicyAttachments[bucketName];
+      await this.save();
+    }
+  }
+
+  // ── Merge & Apply ──
+
+  private async recomputeAndApplyPolicy(bucketName: string): Promise<void> {
+    const attachedIds = this.data.bucketPolicyAttachments[bucketName] || [];
+
+    if (attachedIds.length === 0) {
+      // No policies attached — remove any existing policy
+      try {
+        await this.objectStorageRef.deleteBucketPolicy(bucketName);
+      } catch {
+        // NoSuchBucketPolicy is fine
+      }
+      return;
+    }
+
+    // Gather all statements from attached policies
+    const allStatements: interfaces.data.IObjstStatement[] = [];
+    for (const policyId of attachedIds) {
+      const policy = this.data.namedPolicies[policyId];
+      if (!policy) continue;
+      for (const stmt of policy.statements) {
+        // Deep clone and replace ${bucket} placeholder
+        const cloned = JSON.parse(JSON.stringify(stmt)) as interfaces.data.IObjstStatement;
+        cloned.Resource = this.replaceBucketPlaceholder(cloned.Resource, bucketName);
+        allStatements.push(cloned);
+      }
+    }
+
+    const mergedPolicy = {
+      Version: '2012-10-17',
+      Statement: allStatements,
+    };
+
+    await this.objectStorageRef.putBucketPolicy(bucketName, JSON.stringify(mergedPolicy));
+  }
+
+  private replaceBucketPlaceholder(
+    resource: string | string[],
+    bucketName: string,
+  ): string | string[] {
+    if (typeof resource === 'string') {
+      return resource.replace(/\$\{bucket\}/g, bucketName);
+    }
+    return resource.map((r) => r.replace(/\$\{bucket\}/g, bucketName));
+  }
+}

ts/cli.ts

@@ -0,0 +1,77 @@
+import { ObjectStorageContainer } from './classes/objectstoragecontainer.ts';
+import type { IObjectStorageConfig } from './types.ts';
+
+export async function runCli(): Promise<void> {
+  const args = Deno.args;
+  const command = args[0];
+
+  if (!command || command === 'help') {
+    printHelp();
+    return;
+  }
+
+  if (command === 'server') {
+    const configOverrides: Partial<IObjectStorageConfig> = {};
+
+    // Parse CLI args
+    for (let i = 1; i < args.length; i++) {
+      switch (args[i]) {
+        case '--storage-port':
+          configOverrides.objstPort = parseInt(args[++i], 10);
+          break;
+        case '--ui-port':
+          configOverrides.uiPort = parseInt(args[++i], 10);
+          break;
+        case '--storage-dir':
+          configOverrides.storageDirectory = args[++i];
+          break;
+        case '--ephemeral':
+          // Use a temp directory for storage
+          configOverrides.storageDirectory = './.nogit/objstdata';
+          break;
+      }
+    }
+
+    const container = new ObjectStorageContainer(configOverrides);
+
+    // Graceful shutdown
+    const shutdown = async () => {
+      console.log('\nShutting down...');
+      await container.stop();
+      Deno.exit(0);
+    };
+
+    Deno.addSignalListener('SIGINT', shutdown);
+    Deno.addSignalListener('SIGTERM', shutdown);
+
+    await container.start();
+  } else {
+    console.error(`Unknown command: ${command}`);
+    printHelp();
+    Deno.exit(1);
+  }
+}
+
+function printHelp(): void {
+  console.log(`
+ObjectStorage - S3-compatible object storage server with management UI
+
+Usage:
+  objectstorage server [options]
+
+Options:
+  --ephemeral          Use local .nogit/objstdata for storage
+  --storage-port PORT  Storage API port (default: 9000, env: OBJST_PORT)
+  --ui-port PORT       Management UI port (default: 3000, env: UI_PORT)
+  --storage-dir DIR    Storage directory (default: /data, env: OBJST_STORAGE_DIR)
+
+Environment Variables:
+  OBJST_PORT           Storage API port
+  UI_PORT              Management UI port
+  OBJST_STORAGE_DIR    Storage directory
+  OBJST_ACCESS_KEY     Access key (default: admin)
+  OBJST_SECRET_KEY     Secret key (default: admin)
+  OBJST_ADMIN_PASSWORD Admin UI password (default: admin)
+  OBJST_REGION         Storage region (default: us-east-1)
+  `);
+}

ts/index.ts

@@ -0,0 +1,3 @@
+export { ObjectStorageContainer } from './classes/objectstoragecontainer.ts';
+export { runCli } from './cli.ts';
+export type { IObjectStorageConfig } from './types.ts';

ts/opsserver/classes.opsserver.ts

@@ -0,0 +1,63 @@
+import * as plugins from '../plugins.ts';
+import type { ObjectStorageContainer } from '../classes/objectstoragecontainer.ts';
+import * as handlers from './handlers/index.ts';
+import { files as bundledFiles } from '../../ts_bundled/bundle.ts';
+
+export class OpsServer {
+  public objectStorageRef: ObjectStorageContainer;
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+  public server!: plugins.typedserver.utilityservers.UtilityWebsiteServer;
+
+  // Handler instances
+  public adminHandler!: handlers.AdminHandler;
+  public statusHandler!: handlers.StatusHandler;
+  public bucketsHandler!: handlers.BucketsHandler;
+  public objectsHandler!: handlers.ObjectsHandler;
+  public configHandler!: handlers.ConfigHandler;
+  public credentialsHandler!: handlers.CredentialsHandler;
+  public policiesHandler!: handlers.PoliciesHandler;
+
+  constructor(objectStorageRef: ObjectStorageContainer) {
+    this.objectStorageRef = objectStorageRef;
+  }
+
+  public async start(port = 3000) {
+    this.server = new plugins.typedserver.utilityservers.UtilityWebsiteServer({
+      domain: 'localhost',
+      feedMetadata: undefined,
+      bundledContent: bundledFiles,
+    });
+
+    // Chain typedrouters: server -> opsServer -> individual handlers
+    this.server.typedrouter.addTypedRouter(this.typedrouter);
+
+    // Set up all handlers
+    await this.setupHandlers();
+
+    await this.server.start(port);
+    console.log(`OpsServer started on http://localhost:${port}`);
+  }
+
+  private async setupHandlers(): Promise<void> {
+    // AdminHandler requires async initialization for JWT key generation
+    this.adminHandler = new handlers.AdminHandler(this);
+    await this.adminHandler.initialize();
+
+    // All other handlers self-register in their constructors
+    this.statusHandler = new handlers.StatusHandler(this);
+    this.bucketsHandler = new handlers.BucketsHandler(this);
+    this.objectsHandler = new handlers.ObjectsHandler(this);
+    this.configHandler = new handlers.ConfigHandler(this);
+    this.credentialsHandler = new handlers.CredentialsHandler(this);
+    this.policiesHandler = new handlers.PoliciesHandler(this);
+
+    console.log('OpsServer TypedRequest handlers initialized');
+  }
+
+  public async stop() {
+    if (this.server) {
+      await this.server.stop();
+      console.log('OpsServer stopped');
+    }
+  }
+}

ts/opsserver/handlers/admin.handler.ts

@@ -0,0 +1,131 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+
+export interface IJwtData {
+  userId: string;
+  status: 'loggedIn' | 'loggedOut';
+  expiresAt: number;
+}
+
+export class AdminHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+  public smartjwtInstance!: plugins.smartjwt.SmartJwt<IJwtData>;
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+  }
+
+  public async initialize(): Promise<void> {
+    this.smartjwtInstance = new plugins.smartjwt.SmartJwt();
+    await this.smartjwtInstance.init();
+    await this.smartjwtInstance.createNewKeyPair();
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    // Login
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+        'adminLoginWithUsernameAndPassword',
+        async (dataArg) => {
+          const adminPassword = this.opsServerRef.objectStorageRef.config.adminPassword;
+          if (dataArg.username !== 'admin' || dataArg.password !== adminPassword) {
+            throw new plugins.typedrequest.TypedResponseError('Invalid credentials');
+          }
+
+          const expiresAt = Date.now() + 24 * 3600 * 1000;
+          const userId = 'admin';
+          const jwt = await this.smartjwtInstance.createJWT({
+            userId,
+            status: 'loggedIn',
+            expiresAt,
+          });
+
+          console.log('Admin user logged in');
+
+          return {
+            identity: {
+              jwt,
+              userId,
+              username: 'admin',
+              expiresAt,
+              role: 'admin' as const,
+            },
+          };
+        },
+      ),
+    );
+
+    // Logout
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AdminLogout>(
+        'adminLogout',
+        async (_dataArg) => {
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Verify Identity
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_VerifyIdentity>(
+        'verifyIdentity',
+        async (dataArg) => {
+          if (!dataArg.identity?.jwt) {
+            return { valid: false };
+          }
+          try {
+            const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
+            if (jwtData.expiresAt < Date.now()) return { valid: false };
+            if (jwtData.status !== 'loggedIn') return { valid: false };
+            return {
+              valid: true,
+              identity: {
+                jwt: dataArg.identity.jwt,
+                userId: jwtData.userId,
+                username: dataArg.identity.username,
+                expiresAt: jwtData.expiresAt,
+                role: dataArg.identity.role,
+              },
+            };
+          } catch {
+            return { valid: false };
+          }
+        },
+      ),
+    );
+  }
+
+  // Guard for valid identity
+  public validIdentityGuard = new plugins.smartguard.Guard<{
+    identity: interfaces.data.IIdentity;
+  }>(
+    async (dataArg) => {
+      if (!dataArg.identity?.jwt) return false;
+      try {
+        const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
+        if (jwtData.expiresAt < Date.now()) return false;
+        if (jwtData.status !== 'loggedIn') return false;
+        if (dataArg.identity.expiresAt !== jwtData.expiresAt) return false;
+        if (dataArg.identity.userId !== jwtData.userId) return false;
+        return true;
+      } catch {
+        return false;
+      }
+    },
+    { failedHint: 'identity is not valid', name: 'validIdentityGuard' },
+  );
+
+  // Guard for admin identity
+  public adminIdentityGuard = new plugins.smartguard.Guard<{
+    identity: interfaces.data.IIdentity;
+  }>(
+    async (dataArg) => {
+      const isValid = await this.validIdentityGuard.exec(dataArg);
+      if (!isValid) return false;
+      return dataArg.identity.role === 'admin';
+    },
+    { failedHint: 'user is not admin', name: 'adminIdentityGuard' },
+  );
+}

ts/opsserver/handlers/buckets.handler.ts

@@ -0,0 +1,94 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class BucketsHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    // List buckets
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListBuckets>(
+        'listBuckets',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const buckets = await this.opsServerRef.objectStorageRef.listBuckets();
+          return { buckets };
+        },
+      ),
+    );
+
+    // Create bucket
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateBucket>(
+        'createBucket',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await this.opsServerRef.objectStorageRef.createBucket(dataArg.bucketName);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Delete bucket
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteBucket>(
+        'deleteBucket',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await this.opsServerRef.objectStorageRef.deleteBucket(dataArg.bucketName);
+          await this.opsServerRef.objectStorageRef.policyManager.onBucketDeleted(dataArg.bucketName);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Get bucket policy
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetBucketPolicy>(
+        'getBucketPolicy',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const policy = await this.opsServerRef.objectStorageRef.getBucketPolicy(dataArg.bucketName);
+          return { policy };
+        },
+      ),
+    );
+
+    // Put bucket policy
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PutBucketPolicy>(
+        'putBucketPolicy',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          // Validate JSON
+          try {
+            JSON.parse(dataArg.policy);
+          } catch {
+            throw new Error('Invalid JSON policy document');
+          }
+          await this.opsServerRef.objectStorageRef.putBucketPolicy(dataArg.bucketName, dataArg.policy);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Delete bucket policy
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteBucketPolicy>(
+        'deleteBucketPolicy',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await this.opsServerRef.objectStorageRef.deleteBucketPolicy(dataArg.bucketName);
+          return { ok: true };
+        },
+      ),
+    );
+  }
+}

ts/opsserver/handlers/config.handler.ts

@@ -0,0 +1,34 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class ConfigHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetServerConfig>(
+        'getServerConfig',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const containerConfig = this.opsServerRef.objectStorageRef.config;
+          const config: interfaces.data.IServerConfig = {
+            objstPort: containerConfig.objstPort,
+            uiPort: containerConfig.uiPort,
+            region: containerConfig.region,
+            storageDirectory: containerConfig.storageDirectory,
+            authEnabled: true,
+            corsEnabled: false,
+          };
+          return { config };
+        },
+      ),
+    );
+  }
+}

ts/opsserver/handlers/credentials.handler.ts

@@ -0,0 +1,73 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class CredentialsHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    // Get credentials (secrets masked)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetCredentials>(
+        'getCredentials',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const credentials = this.opsServerRef.objectStorageRef.config.accessCredentials.map(
+            (cred) => ({
+              accessKeyId: cred.accessKeyId,
+              secretAccessKey: cred.secretAccessKey.slice(0, 4) + '****',
+            }),
+          );
+          return { credentials };
+        },
+      ),
+    );
+
+    // Add credential
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AddCredential>(
+        'addCredential',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          this.opsServerRef.objectStorageRef.config.accessCredentials.push({
+            accessKeyId: dataArg.accessKeyId,
+            secretAccessKey: dataArg.secretAccessKey,
+          });
+          // Update the smartstorage auth config
+          this.opsServerRef.objectStorageRef.smartstorageInstance.config.auth!.credentials =
+            this.opsServerRef.objectStorageRef.config.accessCredentials;
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Remove credential
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_RemoveCredential>(
+        'removeCredential',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const creds = this.opsServerRef.objectStorageRef.config.accessCredentials;
+          if (creds.length <= 1) {
+            throw new plugins.typedrequest.TypedResponseError(
+              'Cannot remove the last credential',
+            );
+          }
+          this.opsServerRef.objectStorageRef.config.accessCredentials = creds.filter(
+            (c) => c.accessKeyId !== dataArg.accessKeyId,
+          );
+          // Update the smartstorage auth config
+          this.opsServerRef.objectStorageRef.smartstorageInstance.config.auth!.credentials =
+            this.opsServerRef.objectStorageRef.config.accessCredentials;
+          return { ok: true };
+        },
+      ),
+    );
+  }
+}

ts/opsserver/handlers/index.ts

@@ -0,0 +1,7 @@
+export { AdminHandler } from './admin.handler.ts';
+export { StatusHandler } from './status.handler.ts';
+export { BucketsHandler } from './buckets.handler.ts';
+export { ObjectsHandler } from './objects.handler.ts';
+export { ConfigHandler } from './config.handler.ts';
+export { CredentialsHandler } from './credentials.handler.ts';
+export { PoliciesHandler } from './policies.handler.ts';

ts/opsserver/handlers/objects.handler.ts

@@ -0,0 +1,126 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class ObjectsHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    // List objects
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListObjects>(
+        'listObjects',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const result = await this.opsServerRef.objectStorageRef.listObjects(
+            dataArg.bucketName,
+            dataArg.prefix,
+            dataArg.delimiter,
+            dataArg.maxKeys,
+          );
+          return { result };
+        },
+      ),
+    );
+
+    // Delete object
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteObject>(
+        'deleteObject',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await this.opsServerRef.objectStorageRef.deleteObject(dataArg.bucketName, dataArg.key);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Get object
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetObject>(
+        'getObject',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          return await this.opsServerRef.objectStorageRef.getObject(dataArg.bucketName, dataArg.key);
+        },
+      ),
+    );
+
+    // Put object
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PutObject>(
+        'putObject',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await this.opsServerRef.objectStorageRef.putObject(
+            dataArg.bucketName,
+            dataArg.key,
+            dataArg.base64Content,
+            dataArg.contentType,
+          );
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Delete prefix (folder)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeletePrefix>(
+        'deletePrefix',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await this.opsServerRef.objectStorageRef.deletePrefix(dataArg.bucketName, dataArg.prefix);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Get object URL
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetObjectUrl>(
+        'getObjectUrl',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const url = await this.opsServerRef.objectStorageRef.getObjectUrl(dataArg.bucketName, dataArg.key);
+          return { url };
+        },
+      ),
+    );
+
+    // Move object
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_MoveObject>(
+        'moveObject',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          return await this.opsServerRef.objectStorageRef.moveObject(
+            dataArg.bucketName,
+            dataArg.sourceKey,
+            dataArg.destKey,
+          );
+        },
+      ),
+    );
+
+    // Move prefix (folder)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_MovePrefix>(
+        'movePrefix',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          return await this.opsServerRef.objectStorageRef.movePrefix(
+            dataArg.bucketName,
+            dataArg.sourcePrefix,
+            dataArg.destPrefix,
+          );
+        },
+      ),
+    );
+  }
+}

ts/opsserver/handlers/policies.handler.ts

@@ -0,0 +1,128 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class PoliciesHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    const pm = () => this.opsServerRef.objectStorageRef.policyManager;
+
+    // List named policies
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListNamedPolicies>(
+        'listNamedPolicies',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          return { policies: pm().listPolicies() };
+        },
+      ),
+    );
+
+    // Create named policy
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateNamedPolicy>(
+        'createNamedPolicy',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const policy = await pm().createPolicy(dataArg.name, dataArg.description, dataArg.statements);
+          return { policy };
+        },
+      ),
+    );
+
+    // Update named policy
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateNamedPolicy>(
+        'updateNamedPolicy',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const policy = await pm().updatePolicy(dataArg.policyId, dataArg.name, dataArg.description, dataArg.statements);
+          return { policy };
+        },
+      ),
+    );
+
+    // Delete named policy
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteNamedPolicy>(
+        'deleteNamedPolicy',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await pm().deletePolicy(dataArg.policyId);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Get bucket named policies (attached + available)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetBucketNamedPolicies>(
+        'getBucketNamedPolicies',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          return pm().getBucketAttachments(dataArg.bucketName);
+        },
+      ),
+    );
+
+    // Attach policy to bucket
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AttachPolicyToBucket>(
+        'attachPolicyToBucket',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await pm().attachPolicyToBucket(dataArg.policyId, dataArg.bucketName);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Detach policy from bucket
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DetachPolicyFromBucket>(
+        'detachPolicyFromBucket',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await pm().detachPolicyFromBucket(dataArg.policyId, dataArg.bucketName);
+          return { ok: true };
+        },
+      ),
+    );
+
+    // Get policy buckets (attached + available)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetPolicyBuckets>(
+        'getPolicyBuckets',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const attachedBuckets = pm().getBucketsForPolicy(dataArg.policyId);
+          const allBuckets = await this.opsServerRef.objectStorageRef.listBuckets();
+          const attachedSet = new Set(attachedBuckets);
+          const availableBuckets = allBuckets
+            .map((b) => b.name)
+            .filter((name) => !attachedSet.has(name));
+          return { attachedBuckets, availableBuckets };
+        },
+      ),
+    );
+
+    // Set policy buckets
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_SetPolicyBuckets>(
+        'setPolicyBuckets',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          await pm().setPolicyBuckets(dataArg.policyId, dataArg.bucketNames);
+          return { ok: true };
+        },
+      ),
+    );
+  }
+}

ts/opsserver/handlers/status.handler.ts

@@ -0,0 +1,27 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class StatusHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetServerStatus>(
+        'getServerStatus',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const status = await this.opsServerRef.objectStorageRef.getServerStats();
+          const connectionInfo = await this.opsServerRef.objectStorageRef.getConnectionInfo();
+          return { status, connectionInfo };
+        },
+      ),
+    );
+  }
+}

ts/opsserver/helpers/guards.ts

@@ -0,0 +1,29 @@
+import * as plugins from '../../plugins.ts';
+import type { AdminHandler } from '../handlers/admin.handler.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+
+export async function requireValidIdentity<T extends { identity?: interfaces.data.IIdentity }>(
+  adminHandler: AdminHandler,
+  dataArg: T,
+): Promise<void> {
+  if (!dataArg.identity) {
+    throw new plugins.typedrequest.TypedResponseError('No identity provided');
+  }
+  const passed = await adminHandler.validIdentityGuard.exec({ identity: dataArg.identity });
+  if (!passed) {
+    throw new plugins.typedrequest.TypedResponseError('Valid identity required');
+  }
+}
+
+export async function requireAdminIdentity<T extends { identity?: interfaces.data.IIdentity }>(
+  adminHandler: AdminHandler,
+  dataArg: T,
+): Promise<void> {
+  if (!dataArg.identity) {
+    throw new plugins.typedrequest.TypedResponseError('No identity provided');
+  }
+  const passed = await adminHandler.adminIdentityGuard.exec({ identity: dataArg.identity });
+  if (!passed) {
+    throw new plugins.typedrequest.TypedResponseError('Admin access required');
+  }
+}

ts/opsserver/index.ts

@@ -0,0 +1 @@
+export { OpsServer } from './classes.opsserver.ts';

ts/plugins.ts

@@ -0,0 +1,48 @@
+import * as smartstorage from '@push.rocks/smartstorage';
+export { smartstorage };
+
+import * as smartbucket from '@push.rocks/smartbucket';
+export { smartbucket };
+
+import {
+  S3Client,
+  ListBucketsCommand,
+  CreateBucketCommand,
+  DeleteBucketCommand,
+  ListObjectsV2Command,
+  HeadObjectCommand,
+  DeleteObjectCommand,
+  GetObjectCommand,
+  PutObjectCommand,
+  CopyObjectCommand,
+  GetBucketPolicyCommand,
+  PutBucketPolicyCommand,
+  DeleteBucketPolicyCommand,
+} from '@aws-sdk/client-s3';
+export {
+  S3Client,
+  ListBucketsCommand,
+  CreateBucketCommand,
+  DeleteBucketCommand,
+  ListObjectsV2Command,
+  HeadObjectCommand,
+  DeleteObjectCommand,
+  GetObjectCommand,
+  PutObjectCommand,
+  CopyObjectCommand,
+  GetBucketPolicyCommand,
+  PutBucketPolicyCommand,
+  DeleteBucketPolicyCommand,
+};
+
+import * as typedrequest from '@api.global/typedrequest';
+export { typedrequest };
+
+import * as typedserver from '@api.global/typedserver';
+export { typedserver };
+
+import * as smartguard from '@push.rocks/smartguard';
+export { smartguard };
+
+import * as smartjwt from '@push.rocks/smartjwt';
+export { smartjwt };

ts/types.ts

@@ -0,0 +1,17 @@
+export interface IObjectStorageConfig {
+  objstPort: number;
+  uiPort: number;
+  storageDirectory: string;
+  accessCredentials: Array<{ accessKeyId: string; secretAccessKey: string }>;
+  adminPassword: string;
+  region: string;
+}
+
+export const defaultConfig: IObjectStorageConfig = {
+  objstPort: 9000,
+  uiPort: 3000,
+  storageDirectory: '/data',
+  accessCredentials: [{ accessKeyId: 'admin', secretAccessKey: 'admin' }],
+  adminPassword: 'admin',
+  region: 'us-east-1',
+};