feat(storage): add Bundle API client support

[efirs]

Summary

• Add bundle() function for streaming multi-object tar download via POST /{bucket}?bundle
• SigV4-signed HTTP POST, returns streaming ReadableStream<Uint8Array>
• Bundle header constants in shared TigrisHeaders enum
• Exported generateSignatureHeaders from shared for reuse

Test plan

• Unit tests: 8 tests covering validation, request construction, auth modes, HTTP errors
• npm run test passes (84 tests)
• npm run build passes

🤖 Generated with Claude Code

---

Note

Medium Risk
Introduces a new storage client request path that builds auth headers (SigV4 vs session token) and streams response bodies, so mistakes could break authentication or large-download behavior. Scope is contained to a new API plus header/export wiring and unit tests.

Overview
Adds a new bundle() storage client that POSTs to /{bucket}?bundle with a JSON list of object keys and returns a streaming tar (optionally compressed) response, with configurable compression and onError request headers.

Updates shared plumbing to support this: adds bundle-related TigrisHeaders constants, re-exports generateSignatureHeaders for reuse, and exposes bundle/types from packages/storage server entrypoint. Includes unit tests covering validation, request construction, auth modes (SigV4 vs session token/namespace), and HTTP/body error handling.

^{Reviewed by Cursor Bugbot for commit 9d77718. Bugbot is set up for automated code reviews on this repo. Configure here.}

[greptile-apps]

Greptile Summary

This PR adds a bundle() function to the Tigris Storage SDK that POSTs a list of object keys to /{bucket}?bundle and returns a streaming tar archive, with optional gzip/zstd compression and configurable missing-object error handling. The plumbing changes (new TigrisHeaders bundle constants, re-exporting generateSignatureHeaders, and adding the exports to server.ts) are clean and consistent with existing patterns.

Key highlights:

• Auth logic (SigV4 when static key credentials are present, session-token/namespace headers otherwise) mirrors the existing createTigrisHttpClient pattern exactly.
• Previously flagged issues — header constants not being used and credentialProvider not being handled — appear to have been addressed in this revision.
• 8 unit tests cover validation, request shape, both auth paths, HTTP error responses, and the no-body edge case.
• Minor: the JSDoc documents a "max 5,000 keys" limit that is not enforced client-side; callers exceeding the limit will receive a raw server error rather than a descriptive validation message.

Confidence Score: 5/5

This PR is safe to merge; all remaining findings are P2 style suggestions.

The only open finding is a P2 suggestion to enforce the documented 5,000-key limit client-side. All previously flagged P1 concerns (header constant usage, credentialProvider) have been resolved. The implementation is consistent with the existing codebase patterns and well-tested.

No files require special attention.

Important Files Changed

Filename	Overview
packages/storage/src/lib/object/bundle.ts	New bundle() implementation with SigV4/session-token auth; auth logic is consistent with http-client.ts, but the documented "max 5,000 keys" limit has no client-side enforcement.
packages/storage/src/lib/object/bundle.test.ts	Good test coverage across validation, request construction, both auth paths, HTTP error handling, and missing-body edge case.
shared/headers.ts	Adds three BUNDLE_* header constants to the TigrisHeaders enum; straightforward and consistent with existing entries.
shared/index.ts	Re-exports generateSignatureHeaders for use by bundle.ts; minimal, correct change.
packages/storage/src/server.ts	Exports bundle, BundleOptions, and BundleResponse from the server entrypoint; correct and complete.

_{Reviews (2): Last reviewed commit: "feat(storage): add Bundle API support fo..." | Re-trigger Greptile}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 0ab6d53. Configure here.}

[efirs]

@greptileai review and summarize

[github-actions]

🎉 This PR is included in version 2.16.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 2.0.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 2.0.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 2.0.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀