@atscript/moost-wf 0.1.58

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Artem Maltsev <artem@maltsev.nl>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,32 @@
+# @atscript/moost-wf
+
+Server-side workflow integration for [Moost](https://github.com/moostjs/moost) — decorators, interceptors, and serialization that pair with [`@atscript/vue-wf`](../vue-wf) to drive multi-step forms from atscript-annotated `.as` types.
+
+Part of the [atscript-ui](https://github.com/moostjs/atscript-ui) monorepo.
+
+## What it provides
+
+- Workflow decorators that wrap Moost handlers and expose them as `@atscript/vue-wf`-compatible endpoints
+- Interceptors that serialize / deserialize workflow state across HTTP requests
+- `@AsWfState` storage abstraction with a default `@atscript/db`-backed implementation
+
+## Install
+
+```sh
+pnpm add @atscript/moost-wf
+```
+
+Peer requirements: `moost`, `@moostjs/event-wf`, `@atscript/core`, `@atscript/typescript`.
+
+## Entry points
+
+| Subpath                       | What it exports                                                                    |
+| ----------------------------- | ---------------------------------------------------------------------------------- |
+| `@atscript/moost-wf`          | Workflow decorators, interceptors, runtime                                         |
+| `@atscript/moost-wf/plugin`   | atscript build-time plugin                                                         |
+| `@atscript/moost-wf/store`    | Generated runtime for `AsWfStateRecord`                                            |
+| `@atscript/moost-wf/store.as` | Raw `.as` source for the workflow-state record — re-import if you customize fields |
+
+## License
+
+MIT © Artem Maltsev

package/dist/as-wf-state-DD5Ot4HG.mjs

@@ -0,0 +1,24 @@
+import { defineAnnotatedType, throwFeatureDisabled } from "@atscript/typescript/utils";
+//#region src/store/as-wf-state.as
+var JsonValue = class {
+	static __is_atscript_annotated_type = true;
+	static type = {};
+	static metadata = /* @__PURE__ */ new Map();
+	static id = "JsonValue";
+	static toJsonSchema() {
+		throwFeatureDisabled("JSON Schema", "jsonSchema", "emit.jsonSchema");
+	}
+};
+var AsWfStateRecord = class {
+	static __is_atscript_annotated_type = true;
+	static type = {};
+	static metadata = /* @__PURE__ */ new Map();
+	static id = "AsWfStateRecord";
+	static toJsonSchema() {
+		throwFeatureDisabled("JSON Schema", "jsonSchema", "emit.jsonSchema");
+	}
+};
+defineAnnotatedType("union", JsonValue).item(defineAnnotatedType().designType("string").tags("string").$type).item(defineAnnotatedType().designType("number").tags("number").$type).item(defineAnnotatedType().designType("boolean").tags("boolean").$type).item(defineAnnotatedType().designType("null").tags("null").$type).item(defineAnnotatedType("array").of(defineAnnotatedType().refTo(JsonValue).$type).$type).item(defineAnnotatedType("object").propPattern(/^.+$/, defineAnnotatedType().refTo(JsonValue).$type).$type);
+defineAnnotatedType("object", AsWfStateRecord).prop("handle", defineAnnotatedType().designType("string").tags("string").annotate("ui.table.hidden", true).annotate("db.index.unique", "handle_idx", true).annotate("expect.maxLength", { length: 256 }).$type).prop("schemaId", defineAnnotatedType().designType("string").tags("string").annotate("db.index.plain", { name: "schema_idx" }, true).annotate("expect.maxLength", { length: 256 }).$type).prop("state", defineAnnotatedType("object").prop("context", defineAnnotatedType().refTo(JsonValue).$type).prop("indexes", defineAnnotatedType("array").of(defineAnnotatedType().designType("number").tags("number").$type).$type).prop("meta", defineAnnotatedType("object").propPattern(/^.+$/, defineAnnotatedType().refTo(JsonValue).$type).optional().$type).annotate("ui.table.hidden", true).annotate("db.json", true).$type).prop("expiresAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("db.index.plain", { name: "expires_idx" }, true).annotate("expect.int", true).optional().$type).prop("updatedAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("db.default.now", true).annotate("db.index.plain", { name: "updated_idx" }, true).annotate("expect.int", true).$type).prop("createdAt", defineAnnotatedType().designType("number").tags("timestamp", "number").annotate("expect.int", true).$type).prop("createdBy", defineAnnotatedType().designType("string").tags("string").annotate("ui.table.hidden", true).annotate("expect.maxLength", { length: 128 }).optional().$type).prop("lastUpdatedBy", defineAnnotatedType().designType("string").tags("string").annotate("ui.table.hidden", true).annotate("expect.maxLength", { length: 128 }).optional().$type);
+//#endregion
+export { AsWfStateRecord as t };

package/dist/index.d.mts

@@ -0,0 +1,152 @@
+import { TInterceptorDef } from "moost";
+import { TAtscriptAnnotatedType } from "@atscript/typescript/utils";
+
+//#region src/form-input/required.d.ts
+/**
+ * Thrown by @FormInput() to signal that the workflow should pause
+ * and request form input from the client.
+ *
+ * Caught by {@link formInputInterceptor} and converted to an
+ * `inputRequired` outlet response.
+ */
+declare class FormInputRequired {
+  readonly schema: unknown;
+  readonly errors?: Record<string, string> | undefined;
+  readonly context?: Record<string, unknown> | undefined;
+  constructor(schema: unknown, errors?: Record<string, string> | undefined, context?: Record<string, unknown> | undefined);
+}
+//#endregion
+//#region src/form-input/use.d.ts
+/**
+ * Composable that provides access to form data and the `requireInput()` helper
+ * inside workflow step handlers.
+ *
+ * Called by the `@FormInput()` Resolve callback. Can also be used standalone
+ * when you need to manually re-pause with errors:
+ *
+ * ```ts
+ * const { requireInput } = useFormInput()
+ * throw requireInput({ password: 'Invalid credentials' })
+ * ```
+ */
+declare function useFormInput(type?: TAtscriptAnnotatedType): {
+  data: <T = unknown>() => T | undefined;
+  requireInput: (errors?: Record<string, string>) => FormInputRequired;
+};
+//#endregion
+//#region src/form-input/decorator.d.ts
+/**
+ * Parameter decorator for workflow steps that need form input.
+ *
+ * Combines parameter injection (via Resolve) with a method interceptor
+ * (via Intercept) that validates input before the step handler executes.
+ *
+ * The injected value is `{ data(), requireInput(errors?) }`.
+ *
+ * @example
+ * ```ts
+ * @Step('login')
+ * async login(@FormInput() form: TFormInput<LoginForm>) {
+ *   const input = form.data()
+ *   try {
+ *     await this.auth.login(input.username, input.password)
+ *   } catch (e) {
+ *     throw form.requireInput({ password: 'Invalid credentials' })
+ *   }
+ * }
+ * ```
+ */
+declare function FormInput(): ParameterDecorator;
+type TFormInput<_T = unknown> = ReturnType<typeof useFormInput>;
+//#endregion
+//#region src/form-input/alt-action.decorator.d.ts
+/**
+ * Parameter decorator that resolves the action name from the current
+ * workflow event context. Returns `undefined` for normal form submits.
+ *
+ * @example
+ * ```ts
+ * @Step('mfa-verify')
+ * async mfaVerify(
+ *   @FormInput() form: TFormInput<PincodeForm>,
+ *   @AltAction() action: string | undefined,
+ * ) {
+ *   if (action === 'resend') {
+ *     await this.sendOtp(ctx.email)
+ *     return
+ *   }
+ *   await this.verifyCode(form.data().code)
+ * }
+ * ```
+ */
+declare const AltAction: () => ParameterDecorator & PropertyDecorator;
+//#endregion
+//#region src/form-input/interceptor.d.ts
+/**
+ * Global interceptor that catches {@link FormInputRequired} signals
+ * thrown by step handlers (via `form.requireInput()`) and converts them
+ * to `inputRequired` outlet responses.
+ *
+ * Apply globally:
+ * ```ts
+ * app.applyGlobalInterceptors(formInputInterceptor())
+ * ```
+ */
+declare function formInputInterceptor(): TInterceptorDef;
+//#endregion
+//#region src/form-input/serialize.d.ts
+/**
+ * Serialize an atscript annotated type to a JSON-transportable form schema.
+ *
+ * Delegates to `serializeAnnotatedType` from `@atscript/typescript`,
+ * stripping server-only `@wf.context.pass` annotations from the output.
+ * Results are cached per type identity.
+ *
+ * FK fields ship with a shallow ref: the target's identity (`id`) and
+ * interface-level `metadata` (including `db.http.path` when present) are
+ * included, but the target's structural body (`kind`, `props`, etc.) is
+ * omitted. This is sufficient for client pickers to resolve value-help
+ * endpoints without dragging the full target tree onto the wire. See the
+ * `wf-serialize-shallow-ref` design for rationale.
+ */
+declare function serializeFormSchema(type: TAtscriptAnnotatedType): unknown;
+//#endregion
+//#region src/form-input/context.d.ts
+interface TFormActions {
+  actions: string[];
+  actionsWithData: string[];
+}
+/**
+ * Extract whitelisted context keys from workflow state.
+ * Reads `@wf.context.pass` annotations from the form type metadata.
+ */
+declare function extractPassContext(type: TAtscriptAnnotatedType, wfContext: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Read declared action names from `@ui.form.action` and `@wf.action.withData` annotations.
+ * Also reads legacy `@ui.altAction` as a stateless action fallback.
+ * Results are cached per type identity.
+ */
+declare function getFormActions(type: TAtscriptAnnotatedType): TFormActions;
+//#endregion
+//#region src/form-input/use-wf-action.d.ts
+/**
+ * Composable that reads and writes the workflow action from the event context.
+ *
+ * **In the HTTP trigger** (to set the action from the request body):
+ * ```ts
+ * const { setAction } = useWfAction()
+ * setAction(body.action)
+ * ```
+ *
+ * **In step handlers** (to read the action — prefer `@AltAction()` decorator):
+ * ```ts
+ * const { getAction } = useWfAction()
+ * const action = getAction()
+ * ```
+ */
+declare function useWfAction(): {
+  getAction: () => string | undefined;
+  setAction: (action: string | undefined) => void;
+};
+//#endregion
+export { AltAction, FormInput, FormInputRequired, type TFormInput, extractPassContext, formInputInterceptor, getFormActions, serializeFormSchema, useFormInput, useWfAction };

package/dist/index.mjs

@@ -0,0 +1,334 @@
+import { useWfState } from "@moostjs/event-wf";
+import { Intercept, Resolve, TInterceptorPriority, useControllerContext } from "moost";
+import { isAnnotatedType, serializeAnnotatedType } from "@atscript/typescript/utils";
+import { current, key } from "@wooksjs/event-core";
+//#region src/form-input/context.ts
+const WF_CONTEXT_PASS = "wf.context.pass";
+const UI_FORM_ACTION = "ui.form.action";
+const WF_ACTION_WITH_DATA = "wf.action.withData";
+const UI_ALT_ACTION = "ui.altAction";
+const formActionsCache = /* @__PURE__ */ new WeakMap();
+/**
+* Extract whitelisted context keys from workflow state.
+* Reads `@wf.context.pass` annotations from the form type metadata.
+*/
+function extractPassContext(type, wfContext) {
+	const passKeys = type.metadata.get(WF_CONTEXT_PASS);
+	if (!passKeys?.length) return {};
+	const context = {};
+	for (const key of passKeys) if (key in wfContext) context[key] = wfContext[key];
+	return context;
+}
+/**
+* Read declared action names from `@ui.form.action` and `@wf.action.withData` annotations.
+* Also reads legacy `@ui.altAction` as a stateless action fallback.
+* Results are cached per type identity.
+*/
+function getFormActions(type) {
+	const cached = formActionsCache.get(type);
+	if (cached) return cached;
+	const actions = [];
+	const actionsWithData = [];
+	if (type.type.kind !== "object") {
+		const result = {
+			actions,
+			actionsWithData
+		};
+		formActionsCache.set(type, result);
+		return result;
+	}
+	const objectType = type;
+	for (const [, fieldType] of objectType.type.props) {
+		const formAction = fieldType.metadata.get(UI_FORM_ACTION);
+		if (formAction) {
+			actions.push(typeof formAction === "string" ? formAction : formAction.id);
+			continue;
+		}
+		const wfAction = fieldType.metadata.get(WF_ACTION_WITH_DATA);
+		if (wfAction) {
+			actionsWithData.push(wfAction);
+			continue;
+		}
+		const altAction = fieldType.metadata.get(UI_ALT_ACTION);
+		if (altAction) actions.push(typeof altAction === "string" ? altAction : altAction.id);
+	}
+	const result = {
+		actions,
+		actionsWithData
+	};
+	formActionsCache.set(type, result);
+	return result;
+}
+//#endregion
+//#region src/form-input/serialize.ts
+const schemaCache = /* @__PURE__ */ new WeakMap();
+/**
+* Serialize an atscript annotated type to a JSON-transportable form schema.
+*
+* Delegates to `serializeAnnotatedType` from `@atscript/typescript`,
+* stripping server-only `@wf.context.pass` annotations from the output.
+* Results are cached per type identity.
+*
+* FK fields ship with a shallow ref: the target's identity (`id`) and
+* interface-level `metadata` (including `db.http.path` when present) are
+* included, but the target's structural body (`kind`, `props`, etc.) is
+* omitted. This is sufficient for client pickers to resolve value-help
+* endpoints without dragging the full target tree onto the wire. See the
+* `wf-serialize-shallow-ref` design for rationale.
+*/
+function serializeFormSchema(type) {
+	const cached = schemaCache.get(type);
+	if (cached) return cached;
+	const schema = serializeAnnotatedType(type, {
+		ignoreAnnotations: [WF_CONTEXT_PASS],
+		refDepth: .5
+	});
+	schemaCache.set(type, schema);
+	return schema;
+}
+//#endregion
+//#region src/form-input/required.ts
+/**
+* Thrown by @FormInput() to signal that the workflow should pause
+* and request form input from the client.
+*
+* Caught by {@link formInputInterceptor} and converted to an
+* `inputRequired` outlet response.
+*/
+var FormInputRequired = class {
+	constructor(schema, errors, context) {
+		this.schema = schema;
+		this.errors = errors;
+		this.context = context;
+	}
+};
+//#endregion
+//#region src/form-input/use.ts
+/**
+* Composable that provides access to form data and the `requireInput()` helper
+* inside workflow step handlers.
+*
+* Called by the `@FormInput()` Resolve callback. Can also be used standalone
+* when you need to manually re-pause with errors:
+*
+* ```ts
+* const { requireInput } = useFormInput()
+* throw requireInput({ password: 'Invalid credentials' })
+* ```
+*/
+function useFormInput(type) {
+	const wfState = useWfState();
+	/**
+	* Returns the current form input data from the workflow event.
+	*/
+	function data() {
+		return wfState.input();
+	}
+	/**
+	* Creates a FormInputRequired signal that re-pauses the workflow
+	* with the serialized form schema, whitelisted context, and optional errors.
+	*
+	* Usage: `throw requireInput({ fieldName: 'Error message' })`
+	*/
+	function requireInput(errors) {
+		if (!type || !isAnnotatedType(type)) throw new Error("useFormInput(): no atscript type available. Ensure @FormInput() is applied on the same method parameter.");
+		const wfContext = wfState.ctx();
+		return new FormInputRequired(serializeFormSchema(type), errors, extractPassContext(type, wfContext));
+	}
+	return {
+		data,
+		requireInput
+	};
+}
+//#endregion
+//#region src/form-input/wf-keys.ts
+/**
+* Event context key for the workflow action name.
+*
+* The HTTP trigger should set this before calling `wf.resume()`:
+* ```ts
+* import { current } from '@wooksjs/event-core'
+* import { actionKey } from '@atscript/moost-wf'
+* current().set(actionKey, body.action)
+* ```
+*
+* `@AltAction()` and `@FormInput()` read from this key.
+*/
+const actionKey = key("wf.action");
+//#endregion
+//#region src/form-input/use-wf-action.ts
+/**
+* Composable that reads and writes the workflow action from the event context.
+*
+* **In the HTTP trigger** (to set the action from the request body):
+* ```ts
+* const { setAction } = useWfAction()
+* setAction(body.action)
+* ```
+*
+* **In step handlers** (to read the action — prefer `@AltAction()` decorator):
+* ```ts
+* const { getAction } = useWfAction()
+* const action = getAction()
+* ```
+*/
+function useWfAction() {
+	const ctx = current();
+	return {
+		getAction: () => ctx.has(actionKey) ? ctx.get(actionKey) : void 0,
+		setAction: (action) => ctx.set(actionKey, action)
+	};
+}
+//#endregion
+//#region src/form-input/decorator.ts
+/**
+* Parameter decorator for workflow steps that need form input.
+*
+* Combines parameter injection (via Resolve) with a method interceptor
+* (via Intercept) that validates input before the step handler executes.
+*
+* The injected value is `{ data(), requireInput(errors?) }`.
+*
+* @example
+* ```ts
+* @Step('login')
+* async login(@FormInput() form: TFormInput<LoginForm>) {
+*   const input = form.data()
+*   try {
+*     await this.auth.login(input.username, input.password)
+*   } catch (e) {
+*     throw form.requireInput({ password: 'Invalid credentials' })
+*   }
+* }
+* ```
+*/
+function FormInput() {
+	return (target, key, index) => {
+		if (typeof index !== "number") return;
+		Resolve((metas) => {
+			const type = metas?.targetMeta?.type;
+			return useFormInput(type);
+		}, "FormInput")(target, key, index);
+		Intercept(formInputCheckFn())(target, key, Object.getOwnPropertyDescriptor(target, key));
+	};
+}
+function formInputCheckFn() {
+	return {
+		priority: TInterceptorPriority.INTERCEPTOR,
+		async before(reply) {
+			const wfState = useWfState();
+			const input = wfState.input();
+			const action = useWfAction().getAction();
+			const { getMethodMeta } = useControllerContext();
+			const paramMetas = getMethodMeta()?.params;
+			let type;
+			if (paramMetas) {
+				for (const param of paramMetas) if (param?.targetMeta?.type && isAnnotatedType(param.targetMeta.type)) {
+					type = param.targetMeta.type;
+					break;
+				}
+			}
+			if (!type) return;
+			if (input === void 0 && !action) {
+				reply(toInputRequired(type, wfState));
+				return;
+			}
+			if (action) {
+				const { actions, actionsWithData } = getFormActions(type);
+				if (actionsWithData.includes(action)) {
+					validateOrReply(type, wfState, input ?? {}, {
+						partial: "deep",
+						unknownProps: "strip"
+					}, reply);
+					return;
+				}
+				if (actions.includes(action)) return;
+				reply(toInputRequired(type, wfState, { __form: `Action "${action}" is not supported` }));
+				return;
+			}
+			validateOrReply(type, wfState, input, { unknownProps: "strip" }, reply);
+		}
+	};
+}
+function validateOrReply(type, wfState, input, validatorOpts, reply) {
+	const validator = type.validator(validatorOpts);
+	try {
+		validator.validate(input);
+	} catch (err) {
+		if (isValidatorError(err)) {
+			reply(toInputRequired(type, wfState, flattenErrors(err)));
+			return;
+		}
+		throw err;
+	}
+}
+function toInputRequired(type, wfState, errors) {
+	const passedContext = extractPassContext(type, wfState.ctx());
+	return { inputRequired: {
+		payload: serializeFormSchema(type),
+		transport: "http",
+		context: errors ? {
+			...passedContext,
+			errors
+		} : { ...passedContext }
+	} };
+}
+function flattenErrors(err) {
+	const errors = {};
+	for (const e of err.errors) errors[e.path] = e.message;
+	return errors;
+}
+function isValidatorError(err) {
+	return err !== null && typeof err === "object" && "errors" in err && Array.isArray(err.errors);
+}
+//#endregion
+//#region src/form-input/alt-action.decorator.ts
+/**
+* Parameter decorator that resolves the action name from the current
+* workflow event context. Returns `undefined` for normal form submits.
+*
+* @example
+* ```ts
+* @Step('mfa-verify')
+* async mfaVerify(
+*   @FormInput() form: TFormInput<PincodeForm>,
+*   @AltAction() action: string | undefined,
+* ) {
+*   if (action === 'resend') {
+*     await this.sendOtp(ctx.email)
+*     return
+*   }
+*   await this.verifyCode(form.data().code)
+* }
+* ```
+*/
+const AltAction = () => Resolve(() => useWfAction().getAction(), "AltAction");
+//#endregion
+//#region src/form-input/interceptor.ts
+/**
+* Global interceptor that catches {@link FormInputRequired} signals
+* thrown by step handlers (via `form.requireInput()`) and converts them
+* to `inputRequired` outlet responses.
+*
+* Apply globally:
+* ```ts
+* app.applyGlobalInterceptors(formInputInterceptor())
+* ```
+*/
+function formInputInterceptor() {
+	return {
+		priority: TInterceptorPriority.CATCH_ERROR,
+		error(error, reply) {
+			if (error instanceof FormInputRequired) reply({ inputRequired: {
+				payload: error.schema,
+				transport: "http",
+				context: error.errors ? {
+					...error.context,
+					errors: error.errors
+				} : { ...error.context }
+			} });
+		}
+	};
+}
+//#endregion
+export { AltAction, FormInput, FormInputRequired, extractPassContext, formInputInterceptor, getFormActions, serializeFormSchema, useFormInput, useWfAction };

package/dist/plugin.d.mts

@@ -0,0 +1,22 @@
+import { TAtscriptPlugin } from "@atscript/core";
+
+//#region src/plugin.d.ts
+/**
+ * ATScript plugin that registers workflow-specific annotations:
+ * - `@wf.context.pass` — whitelist context keys to send to the client form
+ * - `@wf.action.withData` — action that sends form data with deep-partial validation
+ * - `@wf.store.fromContext` — wf-store: copy a context value into a top-level
+ *   column on every `set()` (shadow column for indexable queries)
+ *
+ * Install in your `atscript.config.ts`:
+ * ```ts
+ * import wfPlugin from '@atscript/moost-wf/plugin'
+ *
+ * export default {
+ *   plugins: [wfPlugin()],
+ * }
+ * ```
+ */
+declare function wfPlugin(): TAtscriptPlugin;
+//#endregion
+export { wfPlugin as default };

package/dist/plugin.mjs

@@ -0,0 +1,108 @@
+import { AnnotationSpec, isPrimitive, isRef } from "@atscript/core";
+//#region src/plugin.ts
+const PATH_RE = /^[a-zA-Z_$][a-zA-Z0-9_$]*(\.[a-zA-Z_$][a-zA-Z0-9_$]*)*$/;
+const COPY_PRIMITIVES = [
+	"string",
+	"number",
+	"boolean"
+];
+/**
+* ATScript plugin that registers workflow-specific annotations:
+* - `@wf.context.pass` — whitelist context keys to send to the client form
+* - `@wf.action.withData` — action that sends form data with deep-partial validation
+* - `@wf.store.fromContext` — wf-store: copy a context value into a top-level
+*   column on every `set()` (shadow column for indexable queries)
+*
+* Install in your `atscript.config.ts`:
+* ```ts
+* import wfPlugin from '@atscript/moost-wf/plugin'
+*
+* export default {
+*   plugins: [wfPlugin()],
+* }
+* ```
+*/
+function wfPlugin() {
+	return {
+		name: "moost-wf",
+		config() {
+			return { annotations: { wf: {
+				context: { pass: new AnnotationSpec({
+					description: "Whitelist a workflow context key to pass to the client form. Only keys listed here are extracted from workflow state and included in the `inputRequired` response. Prevents accidental leakage of internal state to the browser.",
+					nodeType: ["interface", "type"],
+					multiple: true,
+					mergeStrategy: "append",
+					argument: {
+						name: "key",
+						type: "string",
+						description: "Context key name to whitelist"
+					}
+				}) },
+				action: { withData: new AnnotationSpec({
+					description: "Form action that sends partial form data with deep-partial validation. Workflow-only — the server validates filled fields but allows missing ones. Use for actions like 'save draft' where partial data is useful.",
+					nodeType: ["prop", "type"],
+					argument: {
+						name: "id",
+						type: "string",
+						description: "The action name"
+					}
+				}) },
+				store: { fromContext: new AnnotationSpec({
+					description: "Copy a value from `state.context` to a top-level column on every `set()`. Use to add indexable shadow columns (e.g. `approver`) for UIs and queries without forking the base wf-state schema. The JSON `state` blob remains the source of truth — columns are derived. Path: dot-notation only (`approval.approver`); no array indices or wildcards. Field type must be string | number | boolean. Field must be optional or have a default — context shape varies between flow steps and a path-miss writes null.",
+					nodeType: ["prop"],
+					multiple: false,
+					argument: {
+						name: "path",
+						type: "string",
+						description: "Dot-notation path into state.context (e.g. 'approver' or 'approval.approver')."
+					},
+					validate: validateStoreFromContext
+				}) }
+			} } };
+		}
+	};
+}
+const validateStoreFromContext = (token, args, doc) => {
+	const errors = [];
+	const field = token.parentNode;
+	if (!field) return errors;
+	const ann = "@wf.store.fromContext";
+	const path = args[0]?.text;
+	if (path !== void 0 && !PATH_RE.test(path)) errors.push({
+		message: `${ann} '${path}': invalid path — only plain dot-notation is supported (e.g. 'a.b'); arrays, wildcards, and bracket access are not`,
+		severity: 1,
+		range: token.range
+	});
+	if (field.countAnnotations("meta.id") > 0) errors.push({
+		message: `${ann} cannot be applied to @meta.id (primary key) fields — shadow columns must not overwrite the row identifier`,
+		severity: 1,
+		range: token.range
+	});
+	const isOptional = field.has("optional");
+	const hasDefault = field.countAnnotations("meta.default") > 0 || field.countAnnotations("db.default") > 0;
+	if (!isOptional && !hasDefault) errors.push({
+		message: `${ann}: field must be optional (\`?:\`) or carry @meta.default / @db.default — workflow context shape varies between steps and path-misses write null`,
+		severity: 1,
+		range: token.range
+	});
+	const def = field.getDefinition();
+	if (def && isRef(def) && def.id !== void 0) {
+		const unwound = doc.unwindType(def.id, def.chain);
+		if (unwound && isPrimitive(unwound.def)) {
+			const ct = unwound.def.config.type;
+			const baseType = typeof ct === "object" && ct !== null ? ct.kind === "final" ? ct.value : ct.kind : ct;
+			if (!COPY_PRIMITIVES.includes(baseType)) errors.push({
+				message: `${ann} is not compatible with type "${baseType}" — only ${COPY_PRIMITIVES.join(" | ")} are supported (no arrays, objects, decimal, or timestamp)`,
+				severity: 1,
+				range: token.range
+			});
+		} else if (unwound && !isPrimitive(unwound.def)) errors.push({
+			message: `${ann}: field must be a primitive — got non-primitive type`,
+			severity: 1,
+			range: token.range
+		});
+	}
+	return errors;
+};
+//#endregion
+export { wfPlugin as default };

package/dist/store.d.mts

@@ -0,0 +1,180 @@
+import { t as AsWfStateRecord } from "./as-wf-state-DD5Ot4HG.mjs";
+import { TAtscriptAnnotatedType } from "@atscript/typescript/utils";
+import { AtscriptDbTable } from "@atscript/db";
+
+//#region ../../node_modules/.pnpm/@prostojs+wf@0.1.1/node_modules/@prostojs/wf/dist/types-DQ7U9zZ5.d.mts
+interface TFlowState<T> {
+  schemaId: string;
+  context: T;
+  indexes: number[];
+  meta?: Record<string, unknown>;
+}
+//#endregion
+//#region ../../node_modules/.pnpm/@prostojs+wf@0.1.1/node_modules/@prostojs/wf/dist/outlets/index.d.mts
+//#region src/outlets/types.d.ts
+type WfState = TFlowState<unknown>;
+//#endregion
+//#region src/outlets/state/store.d.ts
+interface WfStateStore {
+  set(handle: string, state: WfState, expiresAt?: number): Promise<void>;
+  get(handle: string): Promise<{
+    state: WfState;
+    expiresAt?: number;
+  } | null>;
+  delete(handle: string): Promise<void>;
+  getAndDelete(handle: string): Promise<{
+    state: WfState;
+    expiresAt?: number;
+  } | null>;
+  cleanup?(): Promise<number>;
+} //#endregion
+//#region src/outlets/state/handle.d.ts
+//#endregion
+//#region src/store/wf-store.d.ts
+/** Internal row shape — only the columns the store reads back from the table. */
+type StoredRow = {
+  schemaId: string;
+  state: Omit<WfState, "schemaId">;
+  expiresAt?: number | null;
+  createdAt: number;
+  createdBy?: string;
+};
+/** Per-field spec built once by {@link AsWfStore.scanShadowFields}. */
+interface ShadowFieldSpec {
+  /** Column name on the row. */
+  field: string;
+  /** Pre-split dot-path into `state.context`. */
+  path: string[];
+  /** Expected primitive type, validated against the runtime value. */
+  expectedType: "string" | "number" | "boolean";
+  /** Whether the field is declared optional (`?:`) on the schema. */
+  optional: boolean;
+}
+/**
+ * Options for {@link AsWfStore}.
+ *
+ * The store implements `WfStateStore` from `@prostojs/wf/outlets` against a
+ * consumer-provided `AtscriptDbTable` whose row shape extends
+ * `AsWfStateRecord` with their own `@meta.id`-bearing primary key column.
+ */
+interface AsWfStoreOptions {
+  /**
+   * Consumer's `@meta.id`-bearing extension of `AsWfStateRecord`.
+   *
+   * Typed as `AtscriptDbTable<any>` because the consumer's extended class
+   * (e.g. `extends AsWfStateRecord` plus `@meta.id`) is structurally a
+   * different annotated type than the base — `AtscriptDbTable<typeof
+   * AsWfStateRecord>` would not accept the subtype, and there is no public
+   * variance helper. The store only touches base columns + any
+   * `@wf.store.fromContext`-annotated shadow columns, so the loose generic is safe.
+   */
+  table: AtscriptDbTable<any>;
+  /** Optional clock for testability. Default: `{ now: () => Date.now() }`. */
+  clock?: {
+    now(): number;
+  };
+  /**
+   * Returns the actor stamping `createdBy` / `lastUpdatedBy` on each write.
+   * Invoked at write time. If the resolver is omitted or returns `undefined`,
+   * the columns stay unset (null).
+   */
+  actor?: () => string | undefined;
+}
+/**
+ * Persistent {@link WfStateStore} backed by an atscript-db table.
+ *
+ * The full `WfState` is stored as-is in the `state` column (`@db.json` blob).
+ * `state.schemaId` is lifted to a top-level indexed column so `schema_idx` can
+ * enumerate flows by schema. Consumers may add **shadow columns** by annotating
+ * fields on their schema extension with `@wf.store.fromContext 'path.in.context'` —
+ * those columns are populated from `state.context` on every `set()` and made
+ * available for filtering, sorting, and indexing.
+ *
+ * Subclass-friendly: most behaviour lives in `protected` methods. When
+ * overriding `findRow`, preserve the `getAndDelete` contract (deleteMany +
+ * `deletedCount === 1` race gate) — see method docstring.
+ */
+declare class AsWfStore implements WfStateStore {
+  #private;
+  protected readonly table: AtscriptDbTable<any>;
+  protected readonly clock: {
+    now(): number;
+  };
+  constructor(opts: AsWfStoreOptions);
+  set(handle: string, state: WfState, expiresAt?: number): Promise<void>;
+  get(handle: string): Promise<{
+    state: WfState;
+    expiresAt?: number;
+  } | null>;
+  delete(handle: string): Promise<void>;
+  /**
+   * Race-safe single-use consume.
+   *
+   * **Contract** (do not violate when overriding `findRow`):
+   *   `findRow` → `deleteMany({ handle })` → `deletedCount === 1` gate.
+   * Two concurrent callers: only one's delete returns `1`; the other returns
+   * `null` (its delete found 0 rows).
+   */
+  getAndDelete(handle: string): Promise<{
+    state: WfState;
+    expiresAt?: number;
+  } | null>;
+  /**
+   * Delete expired rows.
+   *
+   * - `retention` absent or `0`: drop rows where `expiresAt <= now()`.
+   * - `retention > 0`: drop rows where `expiresAt <= now() - retention` (grace).
+   * - `retention === Number.POSITIVE_INFINITY`: no-op (return 0).
+   */
+  cleanup(opts?: {
+    retention?: number;
+  }): Promise<number>;
+  /**
+   * Re-apply `@wf.store.fromContext` shadow columns to existing rows.
+   *
+   * Use after adding a new annotation to backfill old rows without waiting for
+   * each workflow to next pause. Returns the count of rows whose shadows were
+   * (re-)written. Filter narrows the scan; defaults to all rows.
+   *
+   * No-op when the schema declares no `@wf.store.fromContext` fields.
+   */
+  heal(opts?: {
+    filter?: Record<string, unknown>;
+    batchSize?: number;
+  }): Promise<number>;
+  /** Resolve the actor stamping createdBy/lastUpdatedBy. Override for custom auth. */
+  protected getActor(): string | undefined;
+  /** Storage primitive: load a row by handle. Override for sharded/multi-tenant tables. */
+  protected findRow(handle: string): Promise<StoredRow | null>;
+  /** Re-attach `schemaId` to the JSON `state` blob and add expiresAt if set. */
+  protected assembleResult(row: StoredRow): {
+    state: WfState;
+    expiresAt?: number;
+  };
+  /** Compose the row payload written on `set()`. Override to add custom columns. */
+  protected buildSetPayload(handle: string, state: WfState, opts: {
+    expiresAt?: number;
+    existing: StoredRow | null;
+    now: number;
+    actor?: string;
+  }): Record<string, unknown>;
+  /**
+   * Copy values from `state.context` onto the payload using cached specs.
+   * Optional fields get `null` on path-miss / type-mismatch (clears stale
+   * values). Non-optional default-bearing fields are *omitted* on miss — DB
+   * defaults fire on insert, prior value sticks on update.
+   */
+  protected applyShadows(payload: Record<string, unknown>, state: WfState): void;
+  /** Dot-path resolver. Returns `undefined` on miss, array hit, or non-object. */
+  protected resolvePath(obj: unknown, path: string[]): unknown;
+  /** Validate primitive type. `undefined` means "do not write" — applyShadows decides null vs omit. */
+  protected coerceShadowValue(raw: unknown, spec: ShadowFieldSpec): unknown;
+  /** Type-mismatch diagnostic. Fires once per field per store instance. */
+  protected onShadowTypeMismatch(field: string, expected: string, actual: unknown): void;
+  /** Lazily build shadow specs from `@wf.store.fromContext` annotations. Override for a different source annotation. */
+  protected scanShadowFields(): ShadowFieldSpec[];
+  /** Resolve a field's runtime primitive type, or `undefined` if not a copy-supported primitive. */
+  protected resolveFieldPrimitive(fieldType: TAtscriptAnnotatedType): "string" | "number" | "boolean" | undefined;
+}
+//#endregion
+export { AsWfStateRecord, AsWfStore };

package/dist/store.mjs

@@ -0,0 +1,239 @@
+import { t as AsWfStateRecord } from "./as-wf-state-DD5Ot4HG.mjs";
+//#region src/store/wf-store.ts
+const defaultClock = { now: () => Date.now() };
+/**
+* Persistent {@link WfStateStore} backed by an atscript-db table.
+*
+* The full `WfState` is stored as-is in the `state` column (`@db.json` blob).
+* `state.schemaId` is lifted to a top-level indexed column so `schema_idx` can
+* enumerate flows by schema. Consumers may add **shadow columns** by annotating
+* fields on their schema extension with `@wf.store.fromContext 'path.in.context'` —
+* those columns are populated from `state.context` on every `set()` and made
+* available for filtering, sorting, and indexing.
+*
+* Subclass-friendly: most behaviour lives in `protected` methods. When
+* overriding `findRow`, preserve the `getAndDelete` contract (deleteMany +
+* `deletedCount === 1` race gate) — see method docstring.
+*/
+var AsWfStore = class {
+	table;
+	clock;
+	#actor;
+	#shadowFieldsCache = null;
+	#warnedFields = /* @__PURE__ */ new Set();
+	constructor(opts) {
+		this.table = opts.table;
+		this.clock = opts.clock ?? defaultClock;
+		this.#actor = opts.actor;
+	}
+	async set(handle, state, expiresAt) {
+		const now = this.clock.now();
+		const actor = this.getActor();
+		const existing = await this.findRow(handle);
+		const payload = this.buildSetPayload(handle, state, {
+			expiresAt,
+			existing,
+			now,
+			actor
+		});
+		if (existing) await this.table.replaceMany({ handle }, payload);
+		else await this.table.insertOne(payload);
+	}
+	async get(handle) {
+		const row = await this.findRow(handle);
+		if (!row) return null;
+		const expiresAt = row.expiresAt ?? void 0;
+		if (expiresAt !== void 0 && expiresAt <= this.clock.now()) {
+			this.delete(handle);
+			return null;
+		}
+		return this.assembleResult(row);
+	}
+	async delete(handle) {
+		await this.table.deleteMany({ handle });
+	}
+	/**
+	* Race-safe single-use consume.
+	*
+	* **Contract** (do not violate when overriding `findRow`):
+	*   `findRow` → `deleteMany({ handle })` → `deletedCount === 1` gate.
+	* Two concurrent callers: only one's delete returns `1`; the other returns
+	* `null` (its delete found 0 rows).
+	*/
+	async getAndDelete(handle) {
+		const row = await this.findRow(handle);
+		if (!row) return null;
+		if ((await this.table.deleteMany({ handle })).deletedCount !== 1) return null;
+		const expiresAt = row.expiresAt ?? void 0;
+		if (expiresAt !== void 0 && expiresAt <= this.clock.now()) return null;
+		return this.assembleResult(row);
+	}
+	/**
+	* Delete expired rows.
+	*
+	* - `retention` absent or `0`: drop rows where `expiresAt <= now()`.
+	* - `retention > 0`: drop rows where `expiresAt <= now() - retention` (grace).
+	* - `retention === Number.POSITIVE_INFINITY`: no-op (return 0).
+	*/
+	async cleanup(opts) {
+		const retention = opts?.retention;
+		if (retention === Number.POSITIVE_INFINITY) return 0;
+		const now = this.clock.now();
+		const cutoff = retention && retention > 0 ? now - retention : now;
+		return (await this.table.deleteMany({ expiresAt: { $lte: cutoff } })).deletedCount;
+	}
+	/**
+	* Re-apply `@wf.store.fromContext` shadow columns to existing rows.
+	*
+	* Use after adding a new annotation to backfill old rows without waiting for
+	* each workflow to next pause. Returns the count of rows whose shadows were
+	* (re-)written. Filter narrows the scan; defaults to all rows.
+	*
+	* No-op when the schema declares no `@wf.store.fromContext` fields.
+	*/
+	async heal(opts) {
+		if (this.scanShadowFields().length === 0) return 0;
+		const batchSize = opts?.batchSize ?? 100;
+		const baseFilter = opts?.filter ?? {};
+		let healed = 0;
+		let skip = 0;
+		while (true) {
+			const rows = await this.table.findMany({
+				filter: baseFilter,
+				controls: {
+					$skip: skip,
+					$limit: batchSize,
+					$sort: { handle: 1 },
+					$select: [
+						"handle",
+						"schemaId",
+						"state"
+					]
+				}
+			});
+			if (rows.length === 0) break;
+			for (const row of rows) {
+				const wfState = {
+					schemaId: row.schemaId,
+					...row.state
+				};
+				const shadowPatch = {};
+				this.applyShadows(shadowPatch, wfState);
+				if (Object.keys(shadowPatch).length > 0) {
+					await this.table.updateMany({ handle: row.handle }, shadowPatch);
+					healed++;
+				}
+			}
+			if (rows.length < batchSize) break;
+			skip += rows.length;
+		}
+		return healed;
+	}
+	/** Resolve the actor stamping createdBy/lastUpdatedBy. Override for custom auth. */
+	getActor() {
+		return this.#actor?.();
+	}
+	/** Storage primitive: load a row by handle. Override for sharded/multi-tenant tables. */
+	async findRow(handle) {
+		return await this.table.findOne({ filter: { handle } });
+	}
+	/** Re-attach `schemaId` to the JSON `state` blob and add expiresAt if set. */
+	assembleResult(row) {
+		const state = {
+			schemaId: row.schemaId,
+			...row.state
+		};
+		const expiresAt = row.expiresAt ?? void 0;
+		return expiresAt === void 0 ? { state } : {
+			state,
+			expiresAt
+		};
+	}
+	/** Compose the row payload written on `set()`. Override to add custom columns. */
+	buildSetPayload(handle, state, opts) {
+		const { schemaId, ...stateBlob } = state;
+		const { existing, actor } = opts;
+		const createdBy = existing ? existing.createdBy : actor;
+		const payload = {
+			handle,
+			schemaId,
+			state: stateBlob,
+			updatedAt: opts.now,
+			createdAt: existing ? existing.createdAt : opts.now
+		};
+		if (opts.expiresAt !== void 0) payload.expiresAt = opts.expiresAt;
+		if (actor !== void 0) payload.lastUpdatedBy = actor;
+		if (createdBy !== void 0) payload.createdBy = createdBy;
+		this.applyShadows(payload, state);
+		return payload;
+	}
+	/**
+	* Copy values from `state.context` onto the payload using cached specs.
+	* Optional fields get `null` on path-miss / type-mismatch (clears stale
+	* values). Non-optional default-bearing fields are *omitted* on miss — DB
+	* defaults fire on insert, prior value sticks on update.
+	*/
+	applyShadows(payload, state) {
+		const specs = this.scanShadowFields();
+		if (specs.length === 0) return;
+		const ctx = state.context;
+		for (const spec of specs) {
+			const raw = this.resolvePath(ctx, spec.path);
+			const coerced = this.coerceShadowValue(raw, spec);
+			if (coerced !== void 0) payload[spec.field] = coerced;
+			else if (spec.optional) payload[spec.field] = null;
+		}
+	}
+	/** Dot-path resolver. Returns `undefined` on miss, array hit, or non-object. */
+	resolvePath(obj, path) {
+		let cur = obj;
+		for (const seg of path) {
+			if (cur === null || cur === void 0) return void 0;
+			if (typeof cur !== "object") return void 0;
+			if (Array.isArray(cur)) return void 0;
+			cur = cur[seg];
+		}
+		return cur;
+	}
+	/** Validate primitive type. `undefined` means "do not write" — applyShadows decides null vs omit. */
+	coerceShadowValue(raw, spec) {
+		if (raw === void 0 || raw === null) return void 0;
+		if (typeof raw === spec.expectedType) return raw;
+		this.onShadowTypeMismatch(spec.field, spec.expectedType, raw);
+	}
+	/** Type-mismatch diagnostic. Fires once per field per store instance. */
+	onShadowTypeMismatch(field, expected, actual) {
+		if (this.#warnedFields.has(field)) return;
+		this.#warnedFields.add(field);
+		console.warn(`[AsWfStore] @wf.store.fromContext field "${field}" expected ${expected} but got ${typeof actual} — writing null. Subsequent mismatches on this field are silent.`);
+	}
+	/** Lazily build shadow specs from `@wf.store.fromContext` annotations. Override for a different source annotation. */
+	scanShadowFields() {
+		if (this.#shadowFieldsCache !== null) return this.#shadowFieldsCache;
+		const specs = [];
+		const tableType = this.table.type;
+		if (tableType?.type?.kind === "object") for (const [fieldName, fieldType] of tableType.type.props) {
+			const path = fieldType.metadata.get("wf.store.fromContext");
+			if (!path) continue;
+			const expectedType = this.resolveFieldPrimitive(fieldType);
+			if (expectedType === void 0) continue;
+			specs.push({
+				field: fieldName,
+				path: path.split("."),
+				expectedType,
+				optional: fieldType.optional === true
+			});
+		}
+		this.#shadowFieldsCache = specs;
+		return specs;
+	}
+	/** Resolve a field's runtime primitive type, or `undefined` if not a copy-supported primitive. */
+	resolveFieldPrimitive(fieldType) {
+		const def = fieldType.type;
+		if (def.kind !== "") return void 0;
+		const { designType } = def;
+		if (designType === "string" || designType === "number" || designType === "boolean") return designType;
+	}
+};
+//#endregion
+export { AsWfStateRecord, AsWfStore };

package/package.json

@@ -0,0 +1,78 @@
+{
+  "name": "@atscript/moost-wf",
+  "version": "0.1.58",
+  "description": "Workflow form integration for moost — decorators, interceptors, and serialization driven by atscript type metadata",
+  "keywords": [
+    "atscript",
+    "decorators",
+    "interceptors",
+    "metadata",
+    "moost",
+    "type-driven",
+    "typescript",
+    "wf",
+    "workflow"
+  ],
+  "homepage": "https://github.com/moostjs/atscript-ui/tree/main/packages/moost-wf#readme",
+  "bugs": {
+    "url": "https://github.com/moostjs/atscript-ui/issues"
+  },
+  "license": "MIT",
+  "author": "Artem Maltsev <artem@maltsev.nl>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/moostjs/atscript-ui.git",
+    "directory": "packages/moost-wf"
+  },
+  "files": [
+    "dist",
+    "src/store/as-wf-state.as"
+  ],
+  "type": "module",
+  "main": "dist/index.mjs",
+  "types": "dist/index.d.mts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs"
+    },
+    "./plugin": {
+      "types": "./dist/plugin.d.mts",
+      "import": "./dist/plugin.mjs"
+    },
+    "./store": {
+      "types": "./dist/store.d.mts",
+      "import": "./dist/store.mjs"
+    },
+    "./store.as": "./src/store/as-wf-state.as",
+    "./package.json": "./package.json"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "@atscript/core": "^0.1.54",
+    "@atscript/db": "^0.1.75",
+    "@atscript/db-sqlite": "^0.1.75",
+    "@atscript/typescript": "^0.1.54",
+    "@moostjs/event-wf": "^0.6.9",
+    "@prostojs/wf": "^0.1.1",
+    "@wooksjs/event-core": "^0.7.11",
+    "moost": "^0.6.9",
+    "unplugin-atscript": "^0.1.54",
+    "vitest": "npm:@voidzero-dev/vite-plus-test@latest",
+    "@atscript/ui": "^0.1.58"
+  },
+  "peerDependencies": {
+    "@atscript/core": "^0.1.54",
+    "@atscript/typescript": "^0.1.54",
+    "@moostjs/event-wf": "^0.6.9",
+    "moost": "^0.6.9"
+  },
+  "scripts": {
+    "build": "vp pack",
+    "dev": "vp pack --watch",
+    "test": "vp test",
+    "check": "vp check"
+  }
+}

package/src/store/as-wf-state.as

@@ -0,0 +1,44 @@
+/**
+ * Stand-in for `unknown` (atscript has no such primitive). Used inside
+ * the `@db.json` blob below, so this widens the typing surface only —
+ * the column stores opaque JSON and runtime never validates per-key.
+ */
+export type JsonValue = string | number | boolean | null | JsonValue[] | { [/^.+$/]: JsonValue }
+
+export interface AsWfStateRecord {
+    // Opaque correlation token — uninteresting in a list view.
+    @ui.table.hidden
+    @db.index.unique 'handle_idx'
+    @expect.maxLength 256
+    handle: string
+
+    @db.index.plain 'schema_idx'
+    @expect.maxLength 256
+    schemaId: string
+
+    // Large JSON snapshot — too noisy for a list view; fetch via getOne.
+    @ui.table.hidden
+    @db.json
+    state: {
+        context: JsonValue
+        indexes: number[]
+        meta?: { [/^.+$/]: JsonValue }
+    }
+
+    @db.index.plain 'expires_idx'
+    expiresAt?: number.timestamp
+
+    @db.default.now
+    @db.index.plain 'updated_idx'
+    updatedAt: number.timestamp
+
+    createdAt: number.timestamp
+
+    @ui.table.hidden
+    @expect.maxLength 128
+    createdBy?: string
+
+    @ui.table.hidden
+    @expect.maxLength 128
+    lastUpdatedBy?: string
+}