@objectstack/objectql 7.1.0 → 7.2.1

package/dist/index.mjs

@@ -1,7 +1,9 @@
 // src/registry.ts
 import { ObjectSchema } from "@objectstack/spec/data";
+import { readEnvWithDeprecation } from "@objectstack/types";
 import { ManifestSchema, InstalledPackageSchema } from "@objectstack/spec/kernel";
 import { AppSchema } from "@objectstack/spec/ui";
+import { applyProtection } from "@objectstack/spec/shared";
 var RESERVED_NAMESPACES = /* @__PURE__ */ new Set(["base", "system"]);
 var DEFAULT_OWNER_PRIORITY = 100;
 var DEFAULT_EXTENDER_PRIORITY = 200;
@@ -129,7 +131,7 @@ var SchemaRegistry = class {
     if (options.multiTenant !== void 0) {
       this.multiTenant = options.multiTenant;
     } else {
-      this.multiTenant = String(process.env.OS_MULTI_TENANT ?? "false").toLowerCase() !== "false";
+      this.multiTenant = String(readEnvWithDeprecation("OS_MULTI_ORG_ENABLED", "OS_MULTI_TENANT") ?? "false").toLowerCase() !== "false";
     }
   }
   get logLevel() {
@@ -231,6 +233,7 @@ var SchemaRegistry = class {
         contributors.splice(idx, 1);
       }
     }
+    applyProtection(schema, { packageId });
     const contributor = {
       packageId,
       namespace: namespace || "",
@@ -378,9 +381,7 @@ var SchemaRegistry = class {
     }
     const collection = this.metadata.get(type);
     const baseName = String(item[keyField]);
-    if (packageId) {
-      item._packageId = packageId;
-    }
+    applyProtection(item, { packageId });
     try {
       this.validate(type, item);
     } catch (e) {
@@ -454,7 +455,9 @@ var SchemaRegistry = class {
     const direct = collection.get(name);
     if (direct) return direct;
     for (const [key, item] of collection) {
-      if (key.endsWith(`:${name}`)) return item;
+      if (key.endsWith(`:${name}`)) {
+        return item;
+      }
     }
     return void 0;
   }
@@ -627,8 +630,12 @@ var SchemaRegistry = class {
   }
 };
 
+// src/protocol.ts
+import { readEnvWithDeprecation as readEnvWithDeprecation3 } from "@objectstack/types";
+
 // src/sys-metadata-repository.ts
 import { hashSpec, ConflictError } from "@objectstack/metadata-core";
+import { readEnvWithDeprecation as readEnvWithDeprecation2 } from "@objectstack/types";
 import { DEFAULT_METADATA_TYPE_REGISTRY } from "@objectstack/spec/kernel";
 import { PLURAL_TO_SINGULAR, SINGULAR_TO_PLURAL } from "@objectstack/spec/shared";
 var OVERLAY_ALLOWED_TYPES = new Set(
@@ -643,7 +650,7 @@ var RUNTIME_CREATE_ALLOWED_TYPES = new Set(
 var _envWritableMetadataTypes = null;
 function envWritableMetadataTypes() {
   if (_envWritableMetadataTypes !== null) return _envWritableMetadataTypes;
-  const raw = typeof process !== "undefined" && process?.env?.OBJECTSTACK_METADATA_WRITABLE || "";
+  const raw = readEnvWithDeprecation2("OS_METADATA_WRITABLE", "OBJECTSTACK_METADATA_WRITABLE") || "";
   const set = /* @__PURE__ */ new Set();
   for (const tok of raw.split(",")) {
     const t = tok.trim();
@@ -1170,7 +1177,7 @@ var SysMetadataRepository = class {
    * at `(type, name)`. In that case we accept types with
    * `allowRuntimeCreate: true`, even when `allowOrgOverride` is false.
    *
-   * The env-var escape hatch (`OBJECTSTACK_METADATA_WRITABLE`) still
+   * The env-var escape hatch (`OS_METADATA_WRITABLE`) still
    * applies to BOTH intents, so operators can opt into artifact
    * overrides at runtime for emergency fixes.
    */
@@ -1195,7 +1202,7 @@ var SysMetadataRepository = class {
     const code = intent === "runtime-only" ? "not_creatable" : "not_overridable";
     const detail = intent === "runtime-only" ? `'${type}' has neither allowOrgOverride nor allowRuntimeCreate in the registry. ` : `'${type}' is not allowOrgOverride in the registry. `;
     const err = new Error(
-      `[${code}] ${detail}Overlay-allowed: ${Array.from(new Set(allowed)).join(", ") || "(none)"}. Set OBJECTSTACK_METADATA_WRITABLE to enable additional types at runtime.`
+      `[${code}] ${detail}Overlay-allowed: ${Array.from(new Set(allowed)).join(", ") || "(none)"}. Set OS_METADATA_WRITABLE to enable additional types at runtime.`
     );
     err.code = code;
     err.status = 403;
@@ -1306,6 +1313,12 @@ import { parseFilterAST, isFilterAST } from "@objectstack/spec/data";
 import { PLURAL_TO_SINGULAR as PLURAL_TO_SINGULAR3, SINGULAR_TO_PLURAL as SINGULAR_TO_PLURAL2 } from "@objectstack/spec/shared";
 import { METADATA_FORM_REGISTRY } from "@objectstack/spec/system";
 import { DEFAULT_METADATA_TYPE_REGISTRY as DEFAULT_METADATA_TYPE_REGISTRY2, getMetadataTypeSchema as getMetadataTypeSchema2 } from "@objectstack/spec/kernel";
+import {
+  extractProtection,
+  evaluateLockForWrite,
+  evaluateLockForDelete,
+  resolveLockState
+} from "@objectstack/spec/kernel";
 import { z } from "zod";
 
 // src/metadata-diagnostics.ts
@@ -1553,6 +1566,21 @@ function resolveOverlaySchema(type, _item) {
   const singular = PLURAL_TO_SINGULAR3[type] ?? type;
   return getMetadataTypeSchema2(singular) ?? null;
 }
+function mergeArtifactProtection(item, artifactItem) {
+  if (item === void 0 || item === null) return item;
+  if (artifactItem === void 0 || artifactItem === null) return item;
+  const a = artifactItem;
+  if (typeof a !== "object") return item;
+  const out = { ...item };
+  if (a._lock !== void 0) out._lock = a._lock;
+  if (a._lockReason !== void 0) out._lockReason = a._lockReason;
+  if (a._lockDocsUrl !== void 0) out._lockDocsUrl = a._lockDocsUrl;
+  if (a._lockSource !== void 0) out._lockSource = a._lockSource;
+  if (a._packageId !== void 0) out._packageId = a._packageId;
+  if (a._packageVersion !== void 0) out._packageVersion = a._packageVersion;
+  if (a._provenance !== void 0) out._provenance = a._provenance;
+  return out;
+}
 function simpleHash(str) {
   let hash = 0;
   for (let i = 0; i < str.length; i++) {
@@ -2044,6 +2072,7 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
     const includeWarnings = request.severity === "warning";
     const targetTypes = request.type ? [request.type] : DEFAULT_METADATA_TYPE_REGISTRY2.filter((e) => getMetadataTypeSchema2(e.type)).map((e) => e.type);
     const entries = [];
+    const stats = {};
     let scannedItems = 0;
     for (const t of targetTypes) {
       let listed;
@@ -2057,8 +2086,14 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
         continue;
       }
       const items = Array.isArray(listed?.items) ? listed.items : Array.isArray(listed) ? listed : [];
+      const pkgSet = /* @__PURE__ */ new Set();
+      let lockedCount = 0;
       for (const item of items) {
         scannedItems += 1;
+        const pkg = item?._packageId ?? null;
+        if (pkg) pkgSet.add(pkg);
+        const lock = item?._lock;
+        if (lock && lock !== "none") lockedCount += 1;
         const diag = item?._diagnostics ?? computeMetadataDiagnostics(t, item);
         if (!diag) continue;
         if (diag.valid && !includeWarnings) continue;
@@ -2069,12 +2104,14 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
           diagnostics: diag
         });
       }
+      stats[t] = { count: items.length, locked: lockedCount, packages: [...pkgSet].sort() };
     }
     return {
       entries,
       total: entries.length,
       scannedTypes: targetTypes.length,
-      scannedItems
+      scannedItems,
+      stats
     };
   }
   async getMetaItems(request) {
@@ -2171,7 +2208,16 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
     }
     return {
       type: request.type,
-      items: decorateMetadataItems(request.type, items)
+      items: decorateMetadataItems(
+        request.type,
+        items.map((it) => {
+          const a = this.lookupArtifactItem(
+            request.type,
+            it?.name
+          );
+          return mergeArtifactProtection(it, a);
+        })
+      )
     };
   }
   async getMetaItem(request) {
@@ -2245,10 +2291,27 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
         if (alt) item = this.engine.registry.getItem(alt, request.name);
       }
     }
+    const artifactItem = this.lookupArtifactItem(request.type, request.name);
+    const decorated = decorateMetadataItem(
+      request.type,
+      mergeArtifactProtection(item, artifactItem)
+    );
+    const artifactBacked = this.isArtifactBacked(request.type, request.name);
+    const lockState = resolveLockState(decorated, artifactBacked);
     return {
       type: request.type,
       name: request.name,
-      item: decorateMetadataItem(request.type, item)
+      item: decorated,
+      lock: lockState.lock,
+      ...lockState.lockReason !== void 0 ? { lockReason: lockState.lockReason } : {},
+      ...lockState.lockSource !== void 0 ? { lockSource: lockState.lockSource } : {},
+      ...lockState.lockDocsUrl !== void 0 ? { lockDocsUrl: lockState.lockDocsUrl } : {},
+      ...lockState.provenance !== void 0 ? { provenance: lockState.provenance } : {},
+      ...lockState.packageId !== void 0 ? { packageId: lockState.packageId } : {},
+      ...lockState.packageVersion !== void 0 ? { packageVersion: lockState.packageVersion } : {},
+      editable: lockState.editable,
+      deletable: lockState.deletable,
+      resettable: lockState.resettable
     };
   }
   /**
@@ -2328,6 +2391,9 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
     }
     const effective = overlay ?? code;
     const _diagnostics = effective !== null && effective !== void 0 ? computeMetadataDiagnostics(request.type, effective) : void 0;
+    const artifactBacked = this.isArtifactBacked(request.type, request.name);
+    const lockSource = code ?? overlay ?? {};
+    const lockState = resolveLockState(lockSource, artifactBacked);
     return {
       type: request.type,
       name: request.name,
@@ -2335,9 +2401,70 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
       overlay,
       overlayScope,
       effective,
-      ..._diagnostics ? { _diagnostics } : {}
+      ..._diagnostics ? { _diagnostics } : {},
+      lock: lockState.lock,
+      ...lockState.lockReason !== void 0 ? { lockReason: lockState.lockReason } : {},
+      ...lockState.lockSource !== void 0 ? { lockSource: lockState.lockSource } : {},
+      ...lockState.lockDocsUrl !== void 0 ? { lockDocsUrl: lockState.lockDocsUrl } : {},
+      ...lockState.provenance !== void 0 ? { provenance: lockState.provenance } : {},
+      ...lockState.packageId !== void 0 ? { packageId: lockState.packageId } : {},
+      ...lockState.packageVersion !== void 0 ? { packageVersion: lockState.packageVersion } : {},
+      editable: lockState.editable,
+      deletable: lockState.deletable,
+      resettable: lockState.resettable
     };
   }
+  /**
+   * ADR-0010 §3.6 / Phase 4.1 — read the metadata-protection audit log
+   * for a single item. Returns the most-recent rows of
+   * `sys_metadata_audit` for this (type, name) tuple, sorted newest
+   * first. Refused (`denied`) and forced (`forced`) writes both appear
+   * here — they never reach the `history` endpoint, which only tracks
+   * successful body snapshots.
+   *
+   * The table is provisioned by `platform-objects` and is the
+   * compliance surface for the lock-enforcement story. When the
+   * environment has not yet provisioned the table (legacy install
+   * prior to ADR-0010) the call returns `{ events: [] }` instead of
+   * raising, keeping the Studio tab harmless.
+   */
+  async auditMetaItem(request) {
+    const singular = PLURAL_TO_SINGULAR3[request.type] ?? request.type;
+    const limit = Math.min(
+      Math.max(1, request.limit ?? 100),
+      500
+    );
+    try {
+      const where = {
+        type: singular,
+        name: request.name
+      };
+      const rows = await this.engine.find("sys_metadata_audit", {
+        where,
+        orderBy: [{ field: "occurred_at", direction: "desc" }],
+        limit
+      });
+      const events = (Array.isArray(rows) ? rows : []).map((r) => ({
+        id: r.id,
+        occurredAt: typeof r.occurred_at === "string" ? r.occurred_at : r.occurred_at instanceof Date ? r.occurred_at.toISOString() : String(r.occurred_at ?? ""),
+        actor: String(r.actor ?? "system"),
+        source: r.source ?? null,
+        operation: r.operation,
+        outcome: r.outcome,
+        code: String(r.code ?? ""),
+        lockState: r.lock_state ?? null,
+        lockOverridden: Boolean(r.lock_overridden),
+        requestId: r.request_id ?? null,
+        note: r.note ?? null
+      }));
+      return { events };
+    } catch (err) {
+      console.warn(
+        `[Protocol] auditMetaItem read failed for ${request.type}/${request.name}: ${err?.message ?? err}`
+      );
+      return { events: [] };
+    }
+  }
   async getUiView(request) {
     const schema = this.engine.registry.getObject(request.object);
     if (!schema) throw new Error(`Object ${request.object} not found`);
@@ -3211,7 +3338,7 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
   }
   static envWritableTypes() {
     if (this._envWritableTypes !== null) return this._envWritableTypes;
-    const raw = typeof process !== "undefined" && process?.env?.OBJECTSTACK_METADATA_WRITABLE || "";
+    const raw = readEnvWithDeprecation3("OS_METADATA_WRITABLE", "OBJECTSTACK_METADATA_WRITABLE") || "";
     const set = /* @__PURE__ */ new Set();
     for (const tok of raw.split(",")) {
       const t = tok.trim();
@@ -3273,6 +3400,158 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
     if (!item || !item._packageId) return false;
     return item._packageId !== "sys_metadata";
   }
+  // ───────────────────────────────────────────────────────────────────
+  // ADR-0010 — metadata protection (Phase 1: L3 item-level lock)
+  // ───────────────────────────────────────────────────────────────────
+  /**
+   * Look up an item from the artifact registry across both the requested
+   * type and its singular/plural twin. Returns `undefined` when the
+   * registry is unavailable or the item is not artifact-backed.
+   */
+  lookupArtifactItem(type, name) {
+    const registry = this.engine?.registry;
+    if (!registry || typeof registry.getItem !== "function") return void 0;
+    const singular = PLURAL_TO_SINGULAR3[type] ?? type;
+    return registry.getItem(singular, name) ?? registry.getItem(type, name);
+  }
+  /**
+   * Resolve the effective `_lock` for an item by consulting the
+   * artifact registry first, then the persisted overlay row. Artifact
+   * always wins — by design, an overlay cannot loosen a packaged
+   * lock (ADR-0010 §3.3).
+   *
+   * Returns `'none'` when nothing is locked, which is the common
+   * case. Safe to call when `environmentId` is undefined (control-
+   * plane bootstrap) — the lock check is only meaningful in tenant
+   * scope and the caller is expected to also gate on `environmentId`.
+   */
+  async getEffectiveLock(type, name, organizationId) {
+    const registry = this.engine?.registry;
+    const singular = PLURAL_TO_SINGULAR3[type] ?? type;
+    let artifactItem;
+    if (registry && typeof registry.getItem === "function") {
+      artifactItem = registry.getItem(singular, name) ?? registry.getItem(type, name);
+    }
+    if (artifactItem && artifactItem._packageId && artifactItem._packageId !== "sys_metadata") {
+      const p = extractProtection(artifactItem);
+      if (p.lock !== "none") {
+        return { lock: p.lock, lockReason: p.lockReason, lockSource: "artifact" };
+      }
+    }
+    try {
+      const where = {
+        type,
+        name,
+        state: "active",
+        organization_id: organizationId ?? null
+      };
+      const row = await this.engine.findOne("sys_metadata", { where });
+      if (row) {
+        const body = typeof row.metadata === "string" ? JSON.parse(row.metadata) : row.metadata;
+        const p = extractProtection(body);
+        if (p.lock !== "none") {
+          return { lock: p.lock, lockReason: p.lockReason, lockSource: "overlay" };
+        }
+      }
+    } catch {
+    }
+    return { lock: "none", lockReason: void 0, lockSource: void 0 };
+  }
+  /**
+   * Best-effort audit-row writer (ADR-0010 §3.6). Failures here are
+   * logged but never block the underlying decision: an environment
+   * without the audit table provisioned (legacy installs before this
+   * ADR landed) still answers normal API calls, just without the
+   * compliance trail. Phase 2 will make the audit table a hard
+   * dependency.
+   */
+  async recordMetadataAudit(entry) {
+    try {
+      await this.engine.insert("sys_metadata_audit", {
+        occurred_at: (/* @__PURE__ */ new Date()).toISOString(),
+        actor: entry.actor ?? "system",
+        source: entry.source ?? "protocol",
+        type: PLURAL_TO_SINGULAR3[entry.type] ?? entry.type,
+        name: entry.name,
+        organization_id: entry.organizationId ?? null,
+        operation: entry.operation,
+        outcome: entry.outcome,
+        code: entry.code,
+        lock_state: entry.lockState ?? "none",
+        lock_overridden: entry.lockOverridden ?? false,
+        request_id: entry.requestId ?? null,
+        note: entry.note ?? null
+      });
+    } catch (err) {
+      console.warn(
+        `[Protocol] sys_metadata_audit write failed for ${entry.type}/${entry.name}: ${err?.message ?? err}`
+      );
+    }
+  }
+  /**
+   * Phase 1 L3 enforcement for write operations (save / publish /
+   * rollback). Returns null on allow. Returns the structured `Error`
+   * the caller should `throw` on deny — also records the denial in
+   * the audit log so refused attempts are visible in compliance
+   * reports (refused writes never reach sys_metadata_history).
+   */
+  async assertLockAllowsWrite(args) {
+    if (this.environmentId === void 0) return null;
+    const state = await this.getEffectiveLock(args.type, args.name, args.organizationId ?? null);
+    const refusal = evaluateLockForWrite(state.lock);
+    if (!refusal) return null;
+    const reason = state.lockReason ?? refusal.reason;
+    const err = new Error(
+      `[item_locked] ${args.type}/${args.name} is locked (_lock=${state.lock}${state.lockSource ? `, source=${state.lockSource}` : ""}). ${reason} \u2014 See ADR-0010 \xA73.3.`
+    );
+    err.code = "item_locked";
+    err.status = 403;
+    err.lock = state.lock;
+    err.lockReason = reason;
+    await this.recordMetadataAudit({
+      type: args.type,
+      name: args.name,
+      organizationId: args.organizationId ?? null,
+      operation: args.operation,
+      outcome: "denied",
+      code: "item_locked",
+      lockState: state.lock,
+      actor: args.actor,
+      source: args.source ?? `protocol.${args.operation}MetaItem`,
+      requestId: args.requestId,
+      note: reason
+    });
+    return err;
+  }
+  /** Counterpart of {@link assertLockAllowsWrite} for delete. */
+  async assertLockAllowsDelete(args) {
+    if (this.environmentId === void 0) return null;
+    const state = await this.getEffectiveLock(args.type, args.name, args.organizationId ?? null);
+    const refusal = evaluateLockForDelete(state.lock);
+    if (!refusal) return null;
+    const reason = state.lockReason ?? refusal.reason;
+    const err = new Error(
+      `[item_locked] ${args.type}/${args.name} is locked (_lock=${state.lock}${state.lockSource ? `, source=${state.lockSource}` : ""}). ${reason} \u2014 See ADR-0010 \xA73.3.`
+    );
+    err.code = "item_locked";
+    err.status = 403;
+    err.lock = state.lock;
+    err.lockReason = reason;
+    await this.recordMetadataAudit({
+      type: args.type,
+      name: args.name,
+      organizationId: args.organizationId ?? null,
+      operation: "delete",
+      outcome: "denied",
+      code: "item_locked",
+      lockState: state.lock,
+      actor: args.actor,
+      source: args.source ?? "protocol.deleteMetaItem",
+      requestId: args.requestId,
+      note: reason
+    });
+    return err;
+  }
   /**
    * Mirror an object-type overlay write into the in-memory engine
    * registry so subsequent CRUD finds the new schema. Idempotent and
@@ -3305,7 +3584,7 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
       const artifactBacked = this.isArtifactBacked(request.type, request.name);
       if (artifactBacked && !overlayAllowed) {
         const err = new Error(
-          `[not_overridable] Metadata item '${request.type}/${request.name}' is provided by a code package and the type has not opted into per-org overlay writes (allowOrgOverride=false). Edit the source artifact and redeploy, or set OBJECTSTACK_METADATA_WRITABLE to grant a runtime escape hatch. See docs/adr/0005-metadata-customization-overlay.md.`
+          `[not_overridable] Metadata item '${request.type}/${request.name}' is provided by a code package and the type has not opted into per-org overlay writes (allowOrgOverride=false). Edit the source artifact and redeploy, or set OS_METADATA_WRITABLE to grant a runtime escape hatch. See docs/adr/0005-metadata-customization-overlay.md.`
         );
         err.code = "not_overridable";
         err.status = 403;
@@ -3319,6 +3598,15 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
         err.status = 403;
         throw err;
       }
+      const lockErr = await this.assertLockAllowsWrite({
+        type: request.type,
+        name: request.name,
+        ...request.organizationId ? { organizationId: request.organizationId } : {},
+        operation: "save",
+        ...request.actor ? { actor: request.actor } : {},
+        source: "protocol.saveMetaItem"
+      });
+      if (lockErr) throw lockErr;
     }
     const singularType = PLURAL_TO_SINGULAR3[request.type] ?? request.type;
     if (!request.force && (singularType === "object" || singularType === "field")) {
@@ -3346,6 +3634,18 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
         if (err?.code === "destructive_change") throw err;
       }
     }
+    {
+      const it = request.item;
+      const looksLikeLayeredEnvelope = it && typeof it === "object" && !Array.isArray(it) && "code" in it && "overlay" in it && "overlayScope" in it && "effective" in it;
+      if (looksLikeLayeredEnvelope) {
+        const err = new Error(
+          `[invalid_metadata] ${request.type}/${request.name}: the request body is a layered read envelope ({ code, overlay, overlayScope, effective }), not a metadata body. Unwrap and send the effective/overlay document instead \u2014 the layered shape is read-only (GET ?layers=true) and must never be persisted.`
+        );
+        err.code = "invalid_metadata";
+        err.status = 422;
+        throw err;
+      }
+    }
     {
       const schema = resolveOverlaySchema(request.type, request.item);
       if (schema) {
@@ -3400,6 +3700,17 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
         if (mode === "publish") {
           this.applyObjectRegistryMutation(request);
         }
+        await this.recordMetadataAudit({
+          type: request.type,
+          name: request.name,
+          organizationId: orgId,
+          operation: "save",
+          outcome: "allowed",
+          code: "ok",
+          ...request.actor ? { actor: request.actor } : {},
+          source: "protocol.saveMetaItem",
+          note: mode === "draft" ? "draft" : "active"
+        });
         return {
           success: true,
           version: result.version,
@@ -3522,6 +3833,15 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
       err.status = 403;
       throw err;
     }
+    const _publishLockErr = await this.assertLockAllowsWrite({
+      type: request.type,
+      name: request.name,
+      ...request.organizationId ? { organizationId: request.organizationId } : {},
+      operation: "publish",
+      ...request.actor ? { actor: request.actor } : {},
+      source: "protocol.publishMetaItem"
+    });
+    if (_publishLockErr) throw _publishLockErr;
     await this.ensureOverlayIndex();
     const orgId = request.organizationId ?? null;
     const repo = this.getOverlayRepo(orgId);
@@ -3589,6 +3909,15 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
       err.status = 403;
       throw err;
     }
+    const _rollbackLockErr = await this.assertLockAllowsWrite({
+      type: request.type,
+      name: request.name,
+      ...request.organizationId ? { organizationId: request.organizationId } : {},
+      operation: "rollback",
+      ...request.actor ? { actor: request.actor } : {},
+      source: "protocol.rollbackMetaItem"
+    });
+    if (_rollbackLockErr) throw _rollbackLockErr;
     await this.ensureOverlayIndex();
     const orgId = request.organizationId ?? null;
     const repo = this.getOverlayRepo(orgId);
@@ -3735,6 +4064,14 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
         err.status = 403;
         throw err;
       }
+      const lockErr = await this.assertLockAllowsDelete({
+        type: request.type,
+        name: request.name,
+        ...request.organizationId ? { organizationId: request.organizationId } : {},
+        ...request.actor ? { actor: request.actor } : {},
+        source: "protocol.deleteMetaItem"
+      });
+      if (lockErr) throw lockErr;
     }
     const singularTypeForRepo = PLURAL_TO_SINGULAR3[request.type] ?? request.type;
     const overlayAllowedForRepoDel = _ObjectStackProtocolImplementation.isOverlayAllowed(singularTypeForRepo);
@@ -3779,6 +4116,17 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
           } catch {
           }
         }
+        await this.recordMetadataAudit({
+          type: request.type,
+          name: request.name,
+          organizationId: orgId,
+          operation: "delete",
+          outcome: "allowed",
+          code: "ok",
+          ...request.actor ? { actor: request.actor } : {},
+          source: "protocol.deleteMetaItem",
+          note: targetState
+        });
         return {
           success: true,
           reset: true,
@@ -4095,7 +4443,7 @@ _ObjectStackProtocolImplementation.OVERLAY_ALLOWED_TYPES = (() => {
   return out;
 })();
 /**
- * Phase 3a-env-writable: parse `OBJECTSTACK_METADATA_WRITABLE` once.
+ * Phase 3a-env-writable: parse `OS_METADATA_WRITABLE` once.
  * Comma-separated singular type names. When the env var is set, the
  * listed types get treated as `allowOrgOverride: true` regardless of
  * their static registry entry. This is the runtime escape hatch admins