@objectql/types 1.5.0 → 1.6.0

package/dist/permission.d.ts

@@ -0,0 +1,391 @@
+/**
+ * Permission and Security Metadata Types
+ *
+ * This module defines the TypeScript interfaces for ObjectQL's permission system,
+ * implementing role-based access control (RBAC), field-level security, and
+ * record-level rules.
+ *
+ * Based on specification: docs/spec/permission.md
+ */
+/**
+ * Basic CRUD operations for object-level permissions
+ */
+export type ObjectOperation = 'create' | 'read' | 'update' | 'delete' | 'view_all' | 'modify_all';
+/**
+ * Field-level operations
+ */
+export type FieldOperation = 'read' | 'update';
+/**
+ * Comparison operators for permission conditions
+ */
+export type PermissionOperator = '=' | '!=' | '>' | '>=' | '<' | '<=' | 'in' | 'not_in' | 'contains' | 'not_contains' | 'starts_with' | 'ends_with';
+/**
+ * Object-level permissions controlling CRUD operations
+ */
+export interface ObjectPermissions {
+    /** Roles that can create new records */
+    create?: string[];
+    /** Roles that can view records */
+    read?: string[];
+    /** Roles that can update records */
+    update?: string[];
+    /** Roles that can delete records */
+    delete?: string[];
+    /** Roles that can view all records (bypass ownership rules) */
+    view_all?: string[];
+    /** Roles that can modify all records (bypass ownership rules) */
+    modify_all?: string[];
+}
+/**
+ * Field-level permissions for a specific field
+ */
+export interface FieldPermission {
+    /** Roles that can read this field */
+    read?: string[];
+    /** Roles that can update this field */
+    update?: string[];
+}
+/**
+ * Map of field names to their permissions
+ */
+export type FieldPermissions = Record<string, FieldPermission>;
+/**
+ * Condition type for record-level rules
+ */
+export type ConditionType = 'simple' | 'complex' | 'formula' | 'lookup';
+/**
+ * Simple condition for a single field comparison
+ */
+export interface SimpleCondition {
+    type?: 'simple';
+    /** Field to check */
+    field: string;
+    /** Comparison operator */
+    operator: PermissionOperator;
+    /** Value to compare against (can include variables like $current_user.id) */
+    value: any;
+}
+/**
+ * Simple condition element (inline form for complex expressions)
+ */
+export interface ConditionElement {
+    field: string;
+    operator: PermissionOperator;
+    value: any;
+}
+/**
+ * Expression element in complex conditions
+ */
+export type ConditionExpression = SimpleCondition | ConditionElement | 'and' | 'or';
+/**
+ * Complex condition with multiple clauses
+ */
+export interface ComplexCondition {
+    type: 'complex';
+    /** Array of conditions and logical operators */
+    expression: ConditionExpression[];
+}
+/**
+ * Formula-based condition using custom logic
+ */
+export interface FormulaCondition {
+    type: 'formula';
+    /** JavaScript expression or formula */
+    formula: string;
+}
+/**
+ * Lookup condition checking related record data
+ */
+export interface LookupCondition {
+    type: 'lookup';
+    /** Related object to check */
+    object: string;
+    /** Field linking to related object */
+    via: string;
+    /** Condition to check on related object */
+    condition: RecordRuleCondition;
+}
+/**
+ * Union type for all condition types
+ */
+export type RecordRuleCondition = SimpleCondition | ComplexCondition | FormulaCondition | LookupCondition;
+/**
+ * Permissions granted by a record rule
+ */
+export interface RecordRulePermissions {
+    /** Grant read permission */
+    read?: boolean;
+    /** Grant update permission */
+    update?: boolean;
+    /** Grant delete permission */
+    delete?: boolean;
+}
+/**
+ * Record-level rule for dynamic access control
+ */
+export interface RecordRule {
+    /** Unique name of the rule */
+    name: string;
+    /** Priority (higher priority rules take precedence, default: 0) */
+    priority?: number;
+    /** Human-readable description */
+    description?: string;
+    /** Condition for applying this rule */
+    condition: RecordRuleCondition;
+    /** Permissions granted when condition matches */
+    permissions: RecordRulePermissions;
+}
+/**
+ * Sharing rule type
+ */
+export type SharingRuleType = 'manual' | 'criteria' | 'team';
+/**
+ * Who to share with
+ */
+export interface SharedWith {
+    type: 'role' | 'team' | 'user' | 'group';
+    roles?: string[];
+    teams?: string[];
+    users?: string[];
+    groups?: string[];
+}
+/**
+ * Base sharing rule
+ */
+export interface BaseSharingRule {
+    /** Unique name of the rule */
+    name: string;
+    /** Type of sharing rule */
+    type: SharingRuleType;
+    /** Description */
+    description?: string;
+    /** Whether this rule is enabled */
+    enabled?: boolean;
+    /** Permissions granted through sharing */
+    permissions: RecordRulePermissions;
+}
+/**
+ * Manual sharing rule - users can manually share records
+ */
+export interface ManualSharingRule extends BaseSharingRule {
+    type: 'manual';
+}
+/**
+ * Criteria-based sharing rule - automatic sharing
+ */
+export interface CriteriaSharingRule extends BaseSharingRule {
+    type: 'criteria';
+    /** Condition for automatic sharing */
+    condition: RecordRuleCondition;
+    /** Who to share with */
+    shared_with: SharedWith;
+}
+/**
+ * Team-based sharing rule
+ */
+export interface TeamSharingRule extends BaseSharingRule {
+    type: 'team';
+    /** Field containing team ID */
+    team_field: string;
+}
+/**
+ * Union type for all sharing rules
+ */
+export type SharingRule = ManualSharingRule | CriteriaSharingRule | TeamSharingRule;
+/**
+ * Condition for action execution
+ */
+export interface ActionCondition {
+    /** Field to check */
+    field: string;
+    /** Comparison operator */
+    operator: PermissionOperator;
+    /** Value to compare */
+    value: any;
+}
+/**
+ * Rate limiting configuration for actions
+ */
+export interface ActionRateLimit {
+    /** Maximum requests per hour */
+    requests_per_hour?: number;
+    /** Maximum requests per day */
+    requests_per_day?: number;
+}
+/**
+ * Permission configuration for a specific action
+ */
+export interface ActionPermission {
+    /** Roles that can execute this action */
+    execute: string[];
+    /** Conditions that must be met for execution */
+    conditions?: ActionCondition[];
+    /** Rate limiting */
+    rate_limit?: ActionRateLimit;
+}
+/**
+ * Map of action names to their permissions
+ */
+export type ActionPermissions = Record<string, ActionPermission>;
+/**
+ * Field restrictions for a view
+ */
+export interface ViewFieldRestriction {
+    /** Field name */
+    [fieldName: string]: {
+        /** Roles that can see this field in the view */
+        visible_to: string[];
+    };
+}
+/**
+ * Permission configuration for a specific view
+ */
+export interface ViewPermission {
+    /** Roles that can access this view */
+    access: string[];
+    /** Field-level restrictions within the view */
+    field_restrictions?: ViewFieldRestriction;
+}
+/**
+ * Map of view names to their permissions
+ */
+export type ViewPermissions = Record<string, ViewPermission>;
+/**
+ * Row-level security configuration
+ */
+export interface RowLevelSecurity {
+    /** Whether RLS is enabled */
+    enabled: boolean;
+    /** Default rule applied to all users */
+    default_rule?: SimpleCondition;
+    /** Exceptions to the default rule */
+    exceptions?: Array<{
+        /** Role to apply exception to */
+        role: string;
+        /** Whether to bypass RLS entirely */
+        bypass?: boolean;
+        /** Custom condition for this role */
+        condition?: RecordRuleCondition;
+    }>;
+}
+/**
+ * Field masking configuration for a specific field
+ */
+export interface FieldMaskConfig {
+    /** Mask format (e.g., "****-****-****-{last4}") */
+    mask_format: string;
+    /** Roles that can see the unmasked value */
+    visible_to: string[];
+}
+/**
+ * Map of field names to their masking configuration
+ */
+export type FieldMasking = Record<string, FieldMaskConfig>;
+/**
+ * Audit event type
+ */
+export type AuditEventType = 'permission_grant' | 'permission_revoke' | 'access_denied' | 'sensitive_field_access';
+/**
+ * Alert configuration for suspicious activity
+ */
+export interface AuditAlert {
+    /** Event type to alert on */
+    event: AuditEventType;
+    /** Number of events to trigger alert */
+    threshold: number;
+    /** Time window in minutes */
+    window_minutes: number;
+    /** Who to notify (roles or user IDs) */
+    notify: string[];
+}
+/**
+ * Audit trail configuration
+ */
+export interface AuditConfig {
+    /** Whether auditing is enabled */
+    enabled: boolean;
+    /** Events to log */
+    events?: AuditEventType[];
+    /** Retention period in days */
+    retention_days?: number;
+    /** Alert configurations */
+    alerts?: AuditAlert[];
+}
+/**
+ * Complete permission configuration for an object
+ */
+export interface PermissionConfig {
+    /** Unique name of the permission configuration */
+    name: string;
+    /** Object this permission applies to */
+    object: string;
+    /** Description */
+    description?: string;
+    /**
+     * Roles referenced in this permission configuration.
+     *
+     * Best Practice: Define roles centrally in ApplicationConfig and reference them here.
+     * This field serves to:
+     * 1. Document which roles apply to this object
+     * 2. Validate that only defined roles are used
+     * 3. Support standalone usage without application context
+     *
+     * Example:
+     * - Define in app: permissions.roles: [admin, manager, user]
+     * - Reference here: roles: [admin, manager, user]
+     */
+    roles?: string[];
+    /** Object-level permissions */
+    object_permissions?: ObjectPermissions;
+    /** Field-level security */
+    field_permissions?: FieldPermissions;
+    /** Record-level access rules */
+    record_rules?: RecordRule[];
+    /** Sharing rules */
+    sharing_rules?: SharingRule[];
+    /** Action permissions */
+    action_permissions?: ActionPermissions;
+    /** View permissions */
+    view_permissions?: ViewPermissions;
+    /** Row-level security */
+    row_level_security?: RowLevelSecurity;
+    /** Field masking */
+    field_masking?: FieldMasking;
+    /** Audit configuration */
+    audit?: AuditConfig;
+}
+/**
+ * Context for permission checks
+ */
+export interface PermissionCheckContext {
+    /** Current user */
+    user: {
+        id: string;
+        /** User roles (array for consistency, single role represented as one-element array) */
+        roles?: string[];
+        department_id?: string;
+        team_id?: string;
+        [key: string]: any;
+    };
+    /** Object name */
+    object: string;
+    /** Operation to check */
+    operation: ObjectOperation | FieldOperation;
+    /** Record ID (for record-level checks) */
+    recordId?: string;
+    /** Field name (for field-level checks) */
+    field?: string;
+    /** Record data (for condition evaluation) */
+    record?: any;
+}
+/**
+ * Result of a permission check
+ */
+export interface PermissionCheckResult {
+    /** Whether permission is granted */
+    granted: boolean;
+    /** Reason if denied */
+    reason?: string;
+    /** Rule that granted/denied access */
+    rule?: string;
+}

package/dist/permission.js

@@ -0,0 +1,12 @@
+"use strict";
+/**
+ * Permission and Security Metadata Types
+ *
+ * This module defines the TypeScript interfaces for ObjectQL's permission system,
+ * implementing role-based access control (RBAC), field-level security, and
+ * record-level rules.
+ *
+ * Based on specification: docs/spec/permission.md
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=permission.js.map

package/dist/permission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.js","sourceRoot":"","sources":["../src/permission.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG"}

package/dist/registry.js

@@ -13,7 +13,10 @@ class MetadataRegistry {
         this.store.get(type).set(metadata.id, metadata);
     }
     unregister(type, id) {
-        this.store.get(type)?.delete(id);
+        const map = this.store.get(type);
+        if (map) {
+            map.delete(id);
+        }
     }
     unregisterPackage(packageName) {
         for (const [type, map] of this.store.entries()) {
@@ -30,7 +33,11 @@ class MetadataRegistry {
         }
     }
     get(type, id) {
-        return this.store.get(type)?.get(id)?.content;
+        const map = this.store.get(type);
+        if (!map)
+            return undefined;
+        const entry = map.get(id);
+        return entry ? entry.content : undefined;
     }
     list(type) {
         const map = this.store.get(type);
@@ -39,7 +46,8 @@ class MetadataRegistry {
         return Array.from(map.values()).map(m => m.content);
     }
     getEntry(type, id) {
-        return this.store.get(type)?.get(id);
+        const map = this.store.get(type);
+        return map ? map.get(id) : undefined;
     }
 }
 exports.MetadataRegistry = MetadataRegistry;

package/dist/registry.js.map

@@ -1 +1 @@
-{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":";;;AAQA,MAAa,gBAAgB;IAA7B;QACI,+BAA+B;QACvB,UAAK,GAAuC,IAAI,GAAG,EAAE,CAAC;IA2ClE,CAAC;IAzCG,QAAQ,CAAC,IAAY,EAAE,QAAkB;QACrC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,UAAU,CAAC,IAAY,EAAE,EAAU;QAC/B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,iBAAiB,CAAC,WAAmB;QACjC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;oBAC/B,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC7B,CAAC;YACL,CAAC;YAED,+BAA+B;YAC/B,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;gBAC/B,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACnB,CAAC;QACL,CAAC;IACL,CAAC;IAED,GAAG,CAAU,IAAY,EAAE,EAAU;QACjC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,OAAY,CAAC;IACvD,CAAC;IAED,IAAI,CAAU,IAAY;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAC;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAY,CAAC,CAAC;IAC7D,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,EAAU;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;CACJ;AA7CD,4CA6CC"}
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":";;;AAQA,MAAa,gBAAgB;IAA7B;QACI,+BAA+B;QACvB,UAAK,GAAuC,IAAI,GAAG,EAAE,CAAC;IAkDlE,CAAC;IAhDG,QAAQ,CAAC,IAAY,EAAE,QAAkB;QACrC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,UAAU,CAAC,IAAY,EAAE,EAAU;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,GAAG,EAAE,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,WAAmB;QACjC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,KAAK,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;oBAC/B,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC7B,CAAC;YACL,CAAC;YAED,+BAA+B;YAC/B,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;gBAC/B,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACnB,CAAC;QACL,CAAC;IACL,CAAC;IAED,GAAG,CAAU,IAAY,EAAE,EAAU;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,OAAO,SAAS,CAAC;QAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1B,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAY,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAED,IAAI,CAAU,IAAY;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAC;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAY,CAAC,CAAC;IAC7D,CAAC;IAED,QAAQ,CAAC,IAAY,EAAE,EAAU;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjC,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzC,CAAC;CACJ;AApDD,4CAoDC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@objectql/types",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "dependencies": {},

package/src/app.ts

@@ -10,18 +10,10 @@ export interface IObjectQL {
     getConfigs(): Record<string, ObjectConfig>;
     datasource(name: string): Driver;
     init(): Promise<void>;
-    addPackage(name: string): void;
     removePackage(name: string): void;
     metadata: MetadataRegistry; 
 
     registerObject(object: ObjectConfig): void;
-    loadFromDirectory(dir: string): void;
-    addLoader(plugin: LoaderPlugin): void;
-    /**
-     * Updates and persists metadata content.
-     * Only works if the metadata was loaded from a writable file source (e.g. local disk).
-     */
-    updateMetadata(type: string, id: string, content: any): Promise<void>;
 
     on(event: HookName, objectName: string, handler: HookHandler): void;
     triggerHook(event: HookName, objectName: string, ctx: HookContext): Promise<void>;

package/src/application.ts

@@ -0,0 +1,46 @@
+export interface AppConfig {
+    /**
+     * Unique identifier for the application
+     */
+    name: string;
+    
+    /**
+     * Display label for the application
+     */
+    label: string;
+    
+    /**
+     * Description of what this application does
+     */
+    description?: string;
+    
+    /**
+     * Icon name/class for the application
+     */
+    icon?: string;
+
+    /**
+     * URL to the application logo
+     */
+    logo?: string;
+
+    /**
+     * Default path to redirect when opening the app
+     */
+    homepage?: string;
+
+    /**
+     * Sort order for display
+     */
+    sort_no?: number;
+    
+    /**
+     * Whether the application is enabled
+     */
+    is_active?: boolean;
+
+    /**
+     * Custom metadata/settings
+     */
+    [key: string]: any;
+}

package/src/field.ts

@@ -135,4 +135,15 @@ export interface FieldConfig {
     // Vector properties
     /** Dimension of the vector for 'vector' type fields. */
     dimension?: number;
+
+    // Formula & Summary
+    /** Formula expression. */
+    formula?: string;
+    /** Object to summarize. */
+    summary_object?: string;
+    /** Field on the summary object. */
+    summary_field?: string;
+    /** Type of summary (count, sum, min, max, avg). */
+    summary_type?: string;
+    filters?: any[];
 }

package/src/index.ts

@@ -11,6 +11,8 @@ export * from './plugin';
 export * from './config';
 export * from './context';
 export * from './validation';
-
-
+export * from './permission';
+export * from './page';
 export * from './loader';
+export * from './application';
+export * from './menu';

package/src/menu.ts

@@ -0,0 +1,102 @@
+export type MenuType = 'sidebar' | 'topnav' | 'context' | 'mobile' | 'admin';
+
+export type MenuItemType = 'page' | 'section' | 'url' | 'folder' | 'object' | 'action';
+
+export interface MenuItem {
+    /**
+     * Unique identifier for the menu item
+     */
+    name: string;
+
+    /**
+     * Display label
+     */
+    label: string;
+
+    /**
+     * Icon name
+     */
+    icon?: string;
+
+    /**
+     * Item type
+     */
+    type?: MenuItemType;
+
+    /**
+     * Navigation path (for type: page/url)
+     */
+    path?: string;
+
+    /**
+     * Associated Object name (for type: object)
+     */
+    object?: string;
+
+    /**
+     * Object View name (for type: object)
+     */
+    view?: string;
+
+    /**
+     * Nested menu items
+     */
+    items?: MenuItem[];
+
+    /**
+     * Link target (e.g. _blank)
+     */
+    target?: string;
+
+    /**
+     * Visibility condition
+     */
+    hidden?: boolean | string;
+
+    /**
+     * Badge value or expression
+     */
+    badge?: string;
+    
+    /**
+     * Custom properties
+     */
+    [key: string]: any;
+}
+
+export interface MenuConfig {
+    /**
+     * Unique identifier for the menu
+     */
+    name: string;
+
+    /**
+     * Display label
+     */
+    label: string;
+
+    /**
+     * Menu type/location
+     */
+    type?: MenuType;
+
+    /**
+     * The application this menu belongs to
+     */
+    app?: string; 
+    
+    /**
+     * Menu items
+     */
+    items: MenuItem[];
+    
+    /**
+     * Whether the menu is active
+     */
+    is_active?: boolean;
+
+    /**
+     * Custom properties
+     */
+    [key: string]: any;
+}