Updates

Add Alibaba Cloud Object Storage Service (OSS) adapter (files-sdk/alibaba). Thin wrapper around the S3 adapter — endpoint derived from the region code (oss-<region>.aliyuncs.com), virtual-hosted-style addressing, errors relabelled as "Alibaba Cloud error". Auto-loads from ALIBABA_ACCESS_KEY_ID and ALIBABA_ACCESS_KEY_SECRET.

Add Appwrite adapter at files-sdk/appwrite exporting appwrite(), a wrapper around the official node-appwrite SDK's Storage API. Auto-loads endpoint, projectId, and key from APPWRITE_ENDPOINT / APPWRITE_PROJECT_ID / APPWRITE_API_KEY (with NEXT_PUBLIC_* fallbacks for the first two), or accepts an existing Client or Storage instance via client. list({ prefix }) is forwarded as a startsWith("$id", prefix) query against the canonical file ID — files created outside the adapter where the display name differs from $id won't be matched by prefix. upload() buffers stream bodies up-front since InputFile.fromBuffer has no streaming form, throws on UploadOptions.cacheControl and non-empty UploadOptions.metadata (Appwrite has no equivalent fields), and silently ignores UploadOptions.contentType (Appwrite auto-detects mime from the payload). copy() is read-then-write — Appwrite has no server-side copy primitive, so it costs an egress + an ingest and is not atomic. url() throws by default (Appwrite SDKs cannot mint signed read URLs with API keys); set public: true on a public bucket to return the constructed permanent view URL. signedUploadUrl() throws — Appwrite has no presigned upload primitive; use JWTs or the client SDK for direct uploads. Keys (Appwrite file IDs) must start with [a-zA-Z0-9] and use only [a-zA-Z0-9._-], max 36 characters — invalid keys throw a FilesError("Provider", ...) before the API call. Errors are relabelled as Appwrite error, with 404/401+403/409 mapped to NotFound/Unauthorized/Conflict.

Add AI SDK tools subpath (files-sdk/ai-sdk) exporting createFileTools(...) — wraps a configured Files instance as a set of Vercel AI SDK tools (listFiles, getFileMetadata, downloadFile, getFileUrl, uploadFile, deleteFile, copyFile, signUploadUrl) ready to plug into generateText / streamText / any agent. Mirrors @github-tools/sdk's ergonomics: write tools require approval by default (configurable globally or per-tool via requireApproval), readOnly: true strips writes entirely, and overrides lets callers patch tool descriptions/titles/etc. without touching execute. Individual tool factories (uploadFile, downloadFile, …) are also exported for cherry-picking. ai and zod are optional peer dependencies — only required when consuming the new subpath.

googleDrive and onedrive adapters now auto-load credentials from process.env when not passed explicitly, matching the convention already in place for the other adapters. googleDrive() reads GOOGLE_DRIVE_CLIENT_EMAIL + GOOGLE_DRIVE_PRIVATE_KEY (service-account credentials) or GOOGLE_DRIVE_KEY_FILE (path to a service-account JSON), plus GOOGLE_DRIVE_SUBJECT for domain-wide delegation, GOOGLE_DRIVE_ID to target a Shared Drive, and GOOGLE_DRIVE_ROOT_FOLDER_ID to override the bucket root (when only GOOGLE_DRIVE_ID is set, rootFolderId defaults to the drive id so Shared Drives work with no extra config). onedrive() reads ONEDRIVE_ACCESS_TOKEN (static token) or the ONEDRIVE_TENANT_ID + ONEDRIVE_CLIENT_ID + ONEDRIVE_CLIENT_SECRET triple (client-credentials/app-only auth), plus ONEDRIVE_DRIVE_ID / ONEDRIVE_SITE_ID / ONEDRIVE_USER_ID to target a specific drive — the existing "client-credentials needs a target" guard still applies. Explicit options continue to take precedence over env vars; missing-auth error messages now mention the env fallback names.

Fix release workflow referencing a non-existent VERCEL_PROJECT_ID_WEB secret; now reads VERCEL_PROJECT_ID to match the configured repository secret so the post-publish Vercel deploy succeeds.

Add Akamai Cloud Object Storage adapter (files-sdk/akamai), formerly Linode Object Storage. Thin wrapper over the S3 adapter with Akamai defaults: endpoint derived from the region cluster code (us-iad-1, nl-ams-1, fr-par-1, the older us-east-1/eu-central-1/ap-south-1 clusters, etc.) as https://<region>.linodeobjects.com and overridable, virtual-hosted-style addressing, "Akamai error" provider label, and AKAMAI_ACCESS_KEY_ID / AKAMAI_SECRET_ACCESS_KEY env-var fallbacks. publicBaseUrl accepts a public-bucket origin (https://<bucket>.<region>.linodeobjects.com) or a custom CNAME for unsigned URLs; otherwise url() returns a presigned GetObject (1-hour default).

Initial release