@checkstack/catalog-backend 0.0.2

package/CHANGELOG.md

@@ -0,0 +1,68 @@
+# @checkstack/catalog-backend
+
+## 0.0.2
+
+### Patch Changes
+
+- d20d274: Initial release of all @checkstack packages. Rebranded from Checkmate to Checkstack with new npm organization @checkstack and domain checkstack.dev.
+- Updated dependencies [d20d274]
+  - @checkstack/backend-api@0.0.2
+  - @checkstack/catalog-common@0.0.2
+  - @checkstack/command-backend@0.0.2
+  - @checkstack/common@0.0.2
+  - @checkstack/notification-common@0.0.2
+
+## 0.1.0
+
+### Minor Changes
+
+- a65e002: Add command palette commands and deep-linking support
+
+  **Backend Changes:**
+
+  - `healthcheck-backend`: Add "Manage Health Checks" (⇧⌘H) and "Create Health Check" commands
+  - `catalog-backend`: Add "Manage Systems" (⇧⌘S) and "Create System" commands
+  - `integration-backend`: Add "Manage Integrations" (⇧⌘G), "Create Integration Subscription", and "View Integration Logs" commands
+  - `auth-backend`: Add "Manage Users" (⇧⌘U), "Create User", "Manage Roles", and "Manage Applications" commands
+  - `command-backend`: Auto-cleanup command registrations when plugins are deregistered
+
+  **Frontend Changes:**
+
+  - `HealthCheckConfigPage`: Handle `?action=create` URL parameter
+  - `CatalogConfigPage`: Handle `?action=create` URL parameter
+  - `IntegrationsPage`: Handle `?action=create` URL parameter
+  - `AuthSettingsPage`: Handle `?tab=` and `?action=create` URL parameters
+
+### Patch Changes
+
+- Updated dependencies [b4eb432]
+- Updated dependencies [a65e002]
+- Updated dependencies [a65e002]
+  - @checkstack/backend-api@1.1.0
+  - @checkstack/common@0.2.0
+  - @checkstack/command-backend@0.1.0
+  - @checkstack/catalog-common@0.1.2
+  - @checkstack/notification-common@0.1.1
+
+## 0.0.3
+
+### Patch Changes
+
+- @checkstack/catalog-common@0.1.1
+
+## 0.0.2
+
+### Patch Changes
+
+- Updated dependencies [ffc28f6]
+- Updated dependencies [4dd644d]
+- Updated dependencies [71275dd]
+- Updated dependencies [ae19ff6]
+- Updated dependencies [b55fae6]
+- Updated dependencies [b354ab3]
+- Updated dependencies [81f3f85]
+  - @checkstack/common@0.1.0
+  - @checkstack/backend-api@1.0.0
+  - @checkstack/catalog-common@0.1.0
+  - @checkstack/notification-common@0.1.0
+  - @checkstack/command-backend@0.0.2

package/drizzle/0000_purple_doomsday.sql

@@ -0,0 +1,35 @@
+CREATE TABLE "groups" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"metadata" json DEFAULT '{}'::json,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "systems" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"owner" text,
+	"metadata" json DEFAULT '{}'::json,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "systems_groups" (
+	"system_id" text NOT NULL,
+	"group_id" text NOT NULL,
+	CONSTRAINT "systems_groups_system_id_group_id_pk" PRIMARY KEY("system_id","group_id")
+);
+--> statement-breakpoint
+CREATE TABLE "views" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"configuration" json DEFAULT '[]'::json NOT NULL,
+	"created_at" timestamp DEFAULT now() NOT NULL,
+	"updated_at" timestamp DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "systems_groups" ADD CONSTRAINT "systems_groups_system_id_systems_id_fk" FOREIGN KEY ("system_id") REFERENCES "systems"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "systems_groups" ADD CONSTRAINT "systems_groups_group_id_groups_id_fk" FOREIGN KEY ("group_id") REFERENCES "groups"("id") ON DELETE cascade ON UPDATE no action;

package/drizzle/meta/0000_snapshot.json

@@ -0,0 +1,235 @@
+{
+  "id": "79e86bc7-76a2-429f-815c-2d6c263aab8f",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.groups": {
+      "name": "groups",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'::json"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.systems": {
+      "name": "systems",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "owner": {
+          "name": "owner",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": false,
+          "default": "'{}'::json"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.systems_groups": {
+      "name": "systems_groups",
+      "schema": "",
+      "columns": {
+        "system_id": {
+          "name": "system_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "group_id": {
+          "name": "group_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "systems_groups_system_id_systems_id_fk": {
+          "name": "systems_groups_system_id_systems_id_fk",
+          "tableFrom": "systems_groups",
+          "tableTo": "systems",
+          "columnsFrom": [
+            "system_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "systems_groups_group_id_groups_id_fk": {
+          "name": "systems_groups_group_id_groups_id_fk",
+          "tableFrom": "systems_groups",
+          "tableTo": "groups",
+          "columnsFrom": [
+            "group_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "systems_groups_system_id_group_id_pk": {
+          "name": "systems_groups_system_id_group_id_pk",
+          "columns": [
+            "system_id",
+            "group_id"
+          ]
+        }
+      },
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    },
+    "public.views": {
+      "name": "views",
+      "schema": "",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false
+        },
+        "configuration": {
+          "name": "configuration",
+          "type": "json",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "'[]'::json"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "timestamp",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "now()"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "policies": {},
+      "checkConstraints": {},
+      "isRLSEnabled": false
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": {
+    "columns": {},
+    "schemas": {},
+    "tables": {}
+  }
+}

package/drizzle/meta/_journal.json

@@ -0,0 +1,13 @@
+{
+  "version": "7",
+  "dialect": "postgresql",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "7",
+      "when": 1767319091249,
+      "tag": "0000_purple_doomsday",
+      "breakpoints": true
+    }
+  ]
+}

package/drizzle.config.ts

@@ -0,0 +1,7 @@
+import { defineConfig } from "drizzle-kit";
+
+export default defineConfig({
+  schema: "./src/schema.ts",
+  out: "./drizzle",
+  dialect: "postgresql",
+});

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@checkstack/catalog-backend",
+  "version": "0.0.2",
+  "type": "module",
+  "main": "src/index.ts",
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "generate": "drizzle-kit generate",
+    "lint": "bun run lint:code",
+    "lint:code": "eslint . --max-warnings 0"
+  },
+  "dependencies": {
+    "@checkstack/backend-api": "workspace:*",
+    "@checkstack/catalog-common": "workspace:*",
+    "@checkstack/command-backend": "workspace:*",
+    "@checkstack/notification-common": "workspace:*",
+    "@orpc/server": "^1.13.2",
+    "drizzle-orm": "^0.45.1",
+    "hono": "^4.0.0",
+    "uuid": "^13.0.0",
+    "zod": "^4.2.1",
+    "@checkstack/common": "workspace:*"
+  },
+  "devDependencies": {
+    "@checkstack/drizzle-helper": "workspace:*",
+    "@checkstack/scripts": "workspace:*",
+    "@checkstack/tsconfig": "workspace:*",
+    "@types/bun": "^1.3.5",
+    "@types/node": "^20.0.0",
+    "@types/uuid": "^11.0.0",
+    "drizzle-kit": "^0.31.8",
+    "typescript": "^5.0.0"
+  }
+}

package/src/hooks.ts

@@ -0,0 +1,24 @@
+import { createHook } from "@checkstack/backend-api";
+
+/**
+ * Catalog hooks for cross-plugin communication
+ */
+export const catalogHooks = {
+  /**
+   * Emitted when a system is deleted.
+   * Plugins can subscribe (work-queue mode) to clean up related data.
+   */
+  systemDeleted: createHook<{
+    systemId: string;
+    systemName?: string;
+  }>("catalog.system.deleted"),
+
+  /**
+   * Emitted when a group is deleted.
+   * Plugins can subscribe (work-queue mode) to clean up related data.
+   */
+  groupDeleted: createHook<{
+    groupId: string;
+    groupName?: string;
+  }>("catalog.group.deleted"),
+} as const;

package/src/index.ts

@@ -0,0 +1,164 @@
+import { createBackendPlugin } from "@checkstack/backend-api";
+import { type NodePgDatabase } from "drizzle-orm/node-postgres";
+import { coreServices } from "@checkstack/backend-api";
+import {
+  permissionList,
+  pluginMetadata,
+  catalogContract,
+  catalogRoutes,
+  permissions,
+} from "@checkstack/catalog-common";
+import { createCatalogRouter } from "./router";
+import { NotificationApi } from "@checkstack/notification-common";
+import { resolveRoute, type InferClient } from "@checkstack/common";
+import { registerSearchProvider } from "@checkstack/command-backend";
+
+// Database schema is still needed for types in creating the router
+import * as schema from "./schema";
+
+export let db: NodePgDatabase<typeof schema> | undefined;
+
+// Export hooks for other plugins to subscribe to
+export { catalogHooks } from "./hooks";
+
+export default createBackendPlugin({
+  metadata: pluginMetadata,
+  register(env) {
+    env.registerPermissions(permissionList);
+
+    env.registerInit({
+      schema,
+      deps: {
+        rpc: coreServices.rpc,
+        rpcClient: coreServices.rpcClient,
+        logger: coreServices.logger,
+      },
+      // Phase 2: Register router only - no RPC calls to other plugins
+      init: async ({ database, rpc, rpcClient, logger }) => {
+        logger.debug("Initializing Catalog Backend...");
+
+        const typedDb = database as NodePgDatabase<typeof schema>;
+
+        // Get notification client for group management and sending notifications
+        const notificationClient = rpcClient.forPlugin(NotificationApi);
+
+        // Register oRPC router with notification client
+        const catalogRouter = createCatalogRouter({
+          database: typedDb,
+          notificationClient,
+          pluginId: pluginMetadata.pluginId,
+        });
+        rpc.registerRouter(catalogRouter, catalogContract);
+
+        // Register catalog systems as searchable in the command palette
+        registerSearchProvider({
+          pluginMetadata,
+          provider: {
+            id: "systems",
+            name: "Systems",
+            priority: 100, // High priority - systems are primary search target
+            search: async (query) => {
+              const systems = await typedDb.select().from(schema.systems);
+              const q = query.toLowerCase();
+
+              return systems
+                .filter(
+                  (s) =>
+                    !q ||
+                    s.name.toLowerCase().includes(q) ||
+                    s.description?.toLowerCase().includes(q)
+                )
+                .map((s) => ({
+                  id: s.id,
+                  type: "entity" as const,
+                  title: s.name,
+                  subtitle: s.description ?? undefined,
+                  category: "Systems",
+                  iconName: "Activity",
+                  route: resolveRoute(catalogRoutes.routes.systemDetail, {
+                    systemId: s.id,
+                  }),
+                }));
+            },
+          },
+          commands: [
+            {
+              id: "create",
+              title: "Create System",
+              subtitle: "Add a new system to the catalog",
+              iconName: "Activity",
+              route:
+                resolveRoute(catalogRoutes.routes.config) + "?action=create",
+              requiredPermissions: [permissions.catalogManage],
+            },
+            {
+              id: "manage",
+              title: "Manage Systems",
+              subtitle: "Manage systems in the catalog",
+              iconName: "Activity",
+              shortcuts: ["meta+shift+s", "ctrl+shift+s"],
+              route: resolveRoute(catalogRoutes.routes.config),
+              requiredPermissions: [permissions.catalogManage],
+            },
+          ],
+        });
+
+        logger.debug("✅ Catalog Backend initialized.");
+      },
+      // Phase 3: Safe to make RPC calls after all plugins are ready
+      afterPluginsReady: async ({ database, rpcClient, logger }) => {
+        const typedDb = database as NodePgDatabase<typeof schema>;
+        const notificationClient = rpcClient.forPlugin(NotificationApi);
+
+        // Bootstrap: Create notification groups for existing systems and groups
+        await bootstrapNotificationGroups(typedDb, notificationClient, logger);
+      },
+    });
+  },
+});
+
+/**
+ * Bootstrap notification groups for existing catalog entities
+ */
+async function bootstrapNotificationGroups(
+  database: NodePgDatabase<typeof schema>,
+  notificationClient: InferClient<typeof NotificationApi>,
+  logger: { debug: (msg: string) => void }
+) {
+  try {
+    // Get all existing systems and groups
+    const systems = await database.select().from(schema.systems);
+    const groups = await database.select().from(schema.groups);
+
+    // Create notification groups for each system
+    for (const system of systems) {
+      await notificationClient.createGroup({
+        groupId: `system.${system.id}`,
+        name: `${system.name} Notifications`,
+        description: `Notifications for the ${system.name} system`,
+        ownerPlugin: pluginMetadata.pluginId,
+      });
+    }
+
+    // Create notification groups for each catalog group
+    for (const group of groups) {
+      await notificationClient.createGroup({
+        groupId: `group.${group.id}`,
+        name: `${group.name} Notifications`,
+        description: `Notifications for the ${group.name} group`,
+        ownerPlugin: pluginMetadata.pluginId,
+      });
+    }
+
+    logger.debug(
+      `Bootstrapped notification groups for ${systems.length} systems and ${groups.length} groups`
+    );
+  } catch (error) {
+    // Don't fail startup if notification service is unavailable
+    logger.debug(
+      `Failed to bootstrap notification groups: ${
+        error instanceof Error ? error.message : "Unknown error"
+      }`
+    );
+  }
+}

package/src/router.ts

@@ -0,0 +1,313 @@
+import { implement, ORPCError } from "@orpc/server";
+import {
+  autoAuthMiddleware,
+  type RpcContext,
+} from "@checkstack/backend-api";
+import { catalogContract } from "@checkstack/catalog-common";
+import { EntityService } from "./services/entity-service";
+import type { NodePgDatabase } from "drizzle-orm/node-postgres";
+import * as schema from "./schema";
+import { NotificationApi } from "@checkstack/notification-common";
+import type { InferClient } from "@checkstack/common";
+import { catalogHooks } from "./hooks";
+import { eq } from "drizzle-orm";
+
+/**
+ * Creates the catalog router using contract-based implementation.
+ *
+ * Auth and permissions are automatically enforced via autoAuthMiddleware
+ * based on the contract's meta.userType and meta.permissions.
+ */
+const os = implement(catalogContract)
+  .$context<RpcContext>()
+  .use(autoAuthMiddleware);
+
+export interface CatalogRouterDeps {
+  database: NodePgDatabase<typeof schema>;
+  notificationClient: InferClient<typeof NotificationApi>;
+  pluginId: string;
+}
+
+export const createCatalogRouter = ({
+  database,
+  notificationClient,
+  pluginId,
+}: CatalogRouterDeps) => {
+  const entityService = new EntityService(database);
+
+  // Helper to create notification group for an entity
+  const createNotificationGroup = async (
+    type: "system" | "group",
+    id: string,
+    name: string
+  ) => {
+    try {
+      await notificationClient.createGroup({
+        groupId: `${type}.${id}`,
+        name: `${name} Notifications`,
+        description: `Notifications for the ${name} ${type}`,
+        ownerPlugin: pluginId,
+      });
+    } catch (error) {
+      // Log but don't fail the operation
+      console.warn(
+        `Failed to create notification group for ${type} ${id}:`,
+        error
+      );
+    }
+  };
+
+  // Helper to delete notification group for an entity
+  const deleteNotificationGroup = async (
+    type: "system" | "group",
+    id: string
+  ) => {
+    try {
+      await notificationClient.deleteGroup({
+        groupId: `${pluginId}.${type}.${id}`,
+        ownerPlugin: pluginId,
+      });
+    } catch (error) {
+      // Log but don't fail the operation
+      console.warn(
+        `Failed to delete notification group for ${type} ${id}:`,
+        error
+      );
+    }
+  };
+
+  // Implement each contract method
+  const getEntities = os.getEntities.handler(async () => {
+    const systems = await entityService.getSystems();
+    const groups = await entityService.getGroups();
+    // Cast to match contract - Drizzle json() returns unknown, but we expect Record | null
+    return {
+      systems: systems as unknown as Array<
+        (typeof systems)[number] & {
+          metadata: Record<string, unknown> | null;
+        }
+      >,
+      groups: groups as unknown as Array<
+        (typeof groups)[number] & { metadata: Record<string, unknown> | null }
+      >,
+    };
+  });
+
+  const getSystems = os.getSystems.handler(async () => {
+    const systems = await entityService.getSystems();
+    return systems as unknown as Array<
+      (typeof systems)[number] & { metadata: Record<string, unknown> | null }
+    >;
+  });
+
+  const getSystem = os.getSystem.handler(async ({ input }) => {
+    const system = await entityService.getSystem(input.systemId);
+    if (!system) {
+      // oRPC contract uses .nullable() which requires null
+      // eslint-disable-next-line unicorn/no-null
+      return null;
+    }
+    return system as typeof system & {
+      metadata: Record<string, unknown> | null;
+    };
+  });
+
+  const getGroups = os.getGroups.handler(async () => {
+    const groups = await entityService.getGroups();
+    return groups as unknown as Array<
+      (typeof groups)[number] & { metadata: Record<string, unknown> | null }
+    >;
+  });
+
+  const createSystem = os.createSystem.handler(async ({ input }) => {
+    const result = await entityService.createSystem(input);
+
+    // Create a notification group for this system
+    await createNotificationGroup("system", result.id, result.name);
+
+    return result as typeof result & {
+      metadata: Record<string, unknown> | null;
+    };
+  });
+
+  const updateSystem = os.updateSystem.handler(async ({ input }) => {
+    // Convert null to undefined and filter out fields
+    const cleanData: Partial<{
+      name: string;
+      description?: string;
+      owner?: string;
+      metadata?: Record<string, unknown>;
+    }> = {};
+    if (input.data.name !== undefined) cleanData.name = input.data.name;
+    if (input.data.description !== undefined)
+      cleanData.description = input.data.description ?? undefined;
+    if (input.data.owner !== undefined)
+      cleanData.owner = input.data.owner ?? undefined;
+    if (input.data.metadata !== undefined)
+      cleanData.metadata = input.data.metadata ?? undefined;
+
+    const result = await entityService.updateSystem(input.id, cleanData);
+    if (!result) {
+      throw new ORPCError("NOT_FOUND", {
+        message: "System not found",
+      });
+    }
+    return result as typeof result & {
+      metadata: Record<string, unknown> | null;
+    };
+  });
+
+  const deleteSystem = os.deleteSystem.handler(async ({ input, context }) => {
+    await entityService.deleteSystem(input);
+
+    // Delete the notification group for this system
+    await deleteNotificationGroup("system", input);
+
+    // Emit hook for other plugins to clean up related data
+    await context.emitHook(catalogHooks.systemDeleted, { systemId: input });
+
+    return { success: true };
+  });
+
+  const createGroup = os.createGroup.handler(async ({ input }) => {
+    const result = await entityService.createGroup({
+      name: input.name,
+      metadata: input.metadata,
+    });
+
+    // Create a notification group for this catalog group
+    await createNotificationGroup("group", result.id, result.name);
+
+    // New groups have no systems yet
+    return {
+      ...result,
+      systemIds: [],
+      metadata: result.metadata as Record<string, unknown> | null,
+    };
+  });
+
+  const updateGroup = os.updateGroup.handler(async ({ input }) => {
+    // Convert null to undefined for optional fields
+    const cleanData = {
+      ...input.data,
+      metadata: input.data.metadata ?? undefined,
+    };
+    const result = await entityService.updateGroup(input.id, cleanData);
+    if (!result) {
+      throw new ORPCError("NOT_FOUND", {
+        message: "Group not found",
+      });
+    }
+    // Get the full group with systemIds after update
+    const groups = await entityService.getGroups();
+    const fullGroup = groups.find((g) => g.id === result.id);
+    if (!fullGroup) {
+      throw new ORPCError("INTERNAL_SERVER_ERROR", {
+        message: "Group not found after update",
+      });
+    }
+    return fullGroup as unknown as typeof fullGroup & {
+      metadata: Record<string, unknown> | null;
+    };
+  });
+
+  const deleteGroup = os.deleteGroup.handler(async ({ input, context }) => {
+    await entityService.deleteGroup(input);
+
+    // Delete the notification group for this catalog group
+    await deleteNotificationGroup("group", input);
+
+    // Emit hook for other plugins to clean up related data
+    await context.emitHook(catalogHooks.groupDeleted, { groupId: input });
+
+    return { success: true };
+  });
+
+  const addSystemToGroup = os.addSystemToGroup.handler(async ({ input }) => {
+    await entityService.addSystemToGroup(input);
+    return { success: true };
+  });
+
+  const removeSystemFromGroup = os.removeSystemFromGroup.handler(
+    async ({ input }) => {
+      await entityService.removeSystemFromGroup(input);
+      return { success: true };
+    }
+  );
+
+  const getViews = os.getViews.handler(async () => entityService.getViews());
+
+  const createView = os.createView.handler(async ({ input }) => {
+    return entityService.createView({
+      name: input.name,
+      type: "custom",
+      config: input.configuration as Record<string, unknown>,
+    });
+  });
+
+  /**
+   * Notify all users subscribed to a system (and optionally its groups).
+   * Delegates deduplication to notification-backend via notifyGroups RPC.
+   */
+  const notifySystemSubscribers = os.notifySystemSubscribers.handler(
+    async ({ input }) => {
+      const {
+        systemId,
+        title,
+        body,
+        importance,
+        action,
+        includeGroupSubscribers,
+      } = input;
+
+      // Collect all notification group IDs to notify
+      // Start with the system's notification group
+      const groupIds = [`${pluginId}.system.${systemId}`];
+
+      // If includeGroupSubscribers is true, add groups containing this system
+      if (includeGroupSubscribers) {
+        const systemGroups = await database
+          .select({ groupId: schema.systemsGroups.groupId })
+          .from(schema.systemsGroups)
+          .where(eq(schema.systemsGroups.systemId, systemId));
+
+        // Spread to avoid mutation
+        groupIds.push(
+          ...systemGroups.map(({ groupId }) => `${pluginId}.group.${groupId}`)
+        );
+      }
+
+      // 3. Send to notification-backend, which handles deduplication
+      const result = await notificationClient.notifyGroups({
+        groupIds,
+        title,
+        body,
+        importance: importance ?? "info",
+        action,
+      });
+
+      return { notifiedCount: result.notifiedCount };
+    }
+  );
+
+  // Build and return the router
+  return os.router({
+    getEntities,
+    getSystems,
+    getSystem,
+    getGroups,
+    createSystem,
+    updateSystem,
+    deleteSystem,
+    createGroup,
+    updateGroup,
+    deleteGroup,
+    addSystemToGroup,
+    removeSystemFromGroup,
+    getViews,
+    createView,
+    notifySystemSubscribers,
+  });
+};
+
+export type CatalogRouter = ReturnType<typeof createCatalogRouter>;

package/src/schema.ts

@@ -0,0 +1,51 @@
+import {
+  pgTable,
+  text,
+  timestamp,
+  json,
+  primaryKey,
+} from "drizzle-orm/pg-core";
+
+// Tables use pgTable (schemaless) - runtime schema is set via search_path
+export const systems = pgTable("systems", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+  description: text("description"),
+  owner: text("owner"), // user_id or group_id reference? Keeping as text for now.
+  metadata: json("metadata").default({}),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+});
+
+export const groups = pgTable("groups", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+
+  metadata: json("metadata").default({}),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+});
+
+export const systemsGroups = pgTable(
+  "systems_groups",
+  {
+    systemId: text("system_id")
+      .notNull()
+      .references(() => systems.id, { onDelete: "cascade" }),
+    groupId: text("group_id")
+      .notNull()
+      .references(() => groups.id, { onDelete: "cascade" }),
+  },
+  (t) => ({
+    pk: primaryKey(t.systemId, t.groupId),
+  })
+);
+
+export const views = pgTable("views", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+  description: text("description"),
+  configuration: json("configuration").default([]).notNull(), // List of group_ids to show
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  updatedAt: timestamp("updated_at").defaultNow().notNull(),
+});

package/src/services/entity-service.test.ts

@@ -0,0 +1,86 @@
+import { describe, it, expect, mock } from "bun:test";
+import { EntityService } from "./entity-service";
+import * as schema from "../schema";
+import { NodePgDatabase } from "drizzle-orm/node-postgres";
+
+describe("EntityService", () => {
+  const mockDb = {
+    select: mock(() => ({
+      from: mock(() => []),
+    })),
+    insert: mock(() => ({
+      values: mock(() => ({
+        returning: mock(() => []),
+      })),
+    })),
+    update: mock(() => ({
+      set: mock(() => ({
+        where: mock(() => ({
+          returning: mock(() => []),
+        })),
+      })),
+    })),
+    delete: mock(() => ({
+      where: mock(() => Promise.resolve()),
+    })),
+  } as unknown as NodePgDatabase<typeof schema>;
+
+  const service = new EntityService(mockDb);
+
+  it("should get systems", async () => {
+    await service.getSystems();
+    expect(mockDb.select).toHaveBeenCalled();
+  });
+
+  it("should create system", async () => {
+    const data = { id: "test", name: "Test" };
+    const fullSystem = {
+      ...data,
+      description: null,
+      owner: null,
+      status: "healthy" as "healthy" | "degraded" | "unhealthy",
+      metadata: {},
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    (mockDb.insert as any).mockReturnValue({
+      values: mock(() => ({
+        returning: mock(() => [fullSystem]),
+      })),
+    });
+
+    const result = await service.createSystem(data);
+    expect(result).toEqual(fullSystem);
+    expect(mockDb.insert).toHaveBeenCalledWith(schema.systems);
+  });
+
+  it("should update system", async () => {
+    const data = { name: "Updated" };
+    const fullSystem = {
+      id: "test",
+      name: "Updated",
+      description: null,
+      owner: null,
+      status: "healthy" as "healthy" | "degraded" | "unhealthy",
+      metadata: {},
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    };
+    (mockDb.update as any).mockReturnValue({
+      set: mock(() => ({
+        where: mock(() => ({
+          returning: mock(() => [fullSystem]),
+        })),
+      })),
+    });
+
+    const result = await service.updateSystem("test", data);
+    expect(result).toEqual(fullSystem);
+    expect(mockDb.update).toHaveBeenCalledWith(schema.systems);
+  });
+
+  it("should delete system", async () => {
+    await service.deleteSystem("test");
+    expect(mockDb.delete).toHaveBeenCalledWith(schema.systems);
+  });
+});

package/src/services/entity-service.ts

@@ -0,0 +1,152 @@
+import { eq, and } from "drizzle-orm";
+import * as schema from "../schema";
+import { NodePgDatabase } from "drizzle-orm/node-postgres";
+import { v4 as uuidv4 } from "uuid";
+
+// Type aliases for entity creation
+type NewSystem = {
+  name: string;
+  description?: string;
+  owner?: string;
+  metadata?: Record<string, unknown>;
+};
+
+type NewGroup = {
+  name: string;
+  metadata?: Record<string, unknown>;
+};
+
+type NewView = {
+  name: string;
+  type: string;
+  config: Record<string, unknown>;
+};
+
+export class EntityService {
+  private database: NodePgDatabase<typeof schema>;
+
+  constructor(database: NodePgDatabase<typeof schema>) {
+    this.database = database;
+  }
+
+  // Systems
+  async getSystems() {
+    return this.database.select().from(schema.systems);
+  }
+
+  async getSystem(id: string) {
+    const result = await this.database
+      .select()
+      .from(schema.systems)
+      .where(eq(schema.systems.id, id));
+    return result[0];
+  }
+
+  async createSystem(data: NewSystem) {
+    const result = await this.database
+      .insert(schema.systems)
+      .values({ id: uuidv4(), ...data })
+      .returning();
+    return result[0];
+  }
+
+  async updateSystem(id: string, data: Partial<NewSystem>) {
+    const result = await this.database
+      .update(schema.systems)
+      .set({ ...data, updatedAt: new Date() })
+      .where(eq(schema.systems.id, id))
+      .returning();
+    return result[0];
+  }
+
+  async deleteSystem(id: string) {
+    await this.database.delete(schema.systems).where(eq(schema.systems.id, id));
+  }
+
+  // Groups
+  async getGroups() {
+    // Fetch all groups
+    const allGroups = await this.database.select().from(schema.groups);
+
+    // Fetch all system-group associations
+    const associations = await this.database
+      .select()
+      .from(schema.systemsGroups);
+
+    // Build a map of groupId -> systemIds[]
+    const groupSystemsMap = new Map<string, string[]>();
+    for (const assoc of associations) {
+      const existing = groupSystemsMap.get(assoc.groupId) ?? [];
+      existing.push(assoc.systemId);
+      groupSystemsMap.set(assoc.groupId, existing);
+    }
+
+    // Attach systemIds to each group
+    return allGroups.map((group) => ({
+      ...group,
+      systemIds: groupSystemsMap.get(group.id) ?? [],
+    }));
+  }
+
+  async createGroup(data: NewGroup) {
+    const result = await this.database
+      .insert(schema.groups)
+      .values({ id: uuidv4(), ...data })
+      .returning();
+    return result[0];
+  }
+
+  async updateGroup(id: string, data: Partial<NewGroup>) {
+    const result = await this.database
+      .update(schema.groups)
+      .set({ ...data, updatedAt: new Date() })
+      .where(eq(schema.groups.id, id))
+      .returning();
+    return result[0];
+  }
+
+  async deleteGroup(id: string) {
+    await this.database.delete(schema.groups).where(eq(schema.groups.id, id));
+  }
+
+  async addSystemToGroup(props: { groupId: string; systemId: string }) {
+    const { groupId, systemId } = props;
+    await this.database
+      .insert(schema.systemsGroups)
+      .values({ groupId, systemId })
+      .onConflictDoNothing();
+  }
+
+  async removeSystemFromGroup(props: { groupId: string; systemId: string }) {
+    const { groupId, systemId } = props;
+    await this.database
+      .delete(schema.systemsGroups)
+      .where(
+        and(
+          eq(schema.systemsGroups.groupId, groupId),
+          eq(schema.systemsGroups.systemId, systemId)
+        )
+      );
+  }
+
+  // Views
+  async getViews() {
+    return this.database.select().from(schema.views);
+  }
+
+  async getView(id: string) {
+    const result = await this.database
+      .select()
+      .from(schema.views)
+      .where(eq(schema.views.id, id));
+    return result[0];
+  }
+
+  async createView(data: NewView) {
+    const result = await this.database
+      .insert(schema.views)
+      .values({ id: uuidv4(), ...data })
+      .returning();
+    return result[0];
+  }
+}

package/tsconfig.json

@@ -0,0 +1,6 @@
+{
+  "extends": "@checkstack/tsconfig/backend.json",
+  "include": [
+    "src"
+  ]
+}