@objectstack/platform-objects 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/LICENSE +202 -0
  2. package/dist/apps/index.d.mts +427 -0
  3. package/dist/apps/index.d.ts +427 -0
  4. package/dist/apps/index.js +520 -0
  5. package/dist/apps/index.js.map +1 -0
  6. package/dist/apps/index.mjs +510 -0
  7. package/dist/apps/index.mjs.map +1 -0
  8. package/dist/audit/index.d.mts +9507 -0
  9. package/dist/audit/index.d.ts +9507 -0
  10. package/dist/audit/index.js +492 -0
  11. package/dist/audit/index.js.map +1 -0
  12. package/dist/audit/index.mjs +487 -0
  13. package/dist/audit/index.mjs.map +1 -0
  14. package/dist/identity/index.d.mts +32482 -0
  15. package/dist/identity/index.d.ts +32482 -0
  16. package/dist/identity/index.js +1404 -0
  17. package/dist/identity/index.js.map +1 -0
  18. package/dist/identity/index.mjs +1385 -0
  19. package/dist/identity/index.mjs.map +1 -0
  20. package/dist/index.d.mts +10 -0
  21. package/dist/index.d.ts +10 -0
  22. package/dist/index.js +4209 -0
  23. package/dist/index.js.map +1 -0
  24. package/dist/index.mjs +4160 -0
  25. package/dist/index.mjs.map +1 -0
  26. package/dist/metadata/index.d.mts +25601 -0
  27. package/dist/metadata/index.d.ts +25601 -0
  28. package/dist/metadata/index.js +911 -0
  29. package/dist/metadata/index.js.map +1 -0
  30. package/dist/metadata/index.mjs +902 -0
  31. package/dist/metadata/index.mjs.map +1 -0
  32. package/dist/security/index.d.mts +3554 -0
  33. package/dist/security/index.d.ts +3554 -0
  34. package/dist/security/index.js +178 -0
  35. package/dist/security/index.js.map +1 -0
  36. package/dist/security/index.mjs +175 -0
  37. package/dist/security/index.mjs.map +1 -0
  38. package/dist/state-machine.zod-BFg-VE0M.d-Ek3_yo9P.d.mts +41 -0
  39. package/dist/state-machine.zod-BFg-VE0M.d-Ek3_yo9P.d.ts +41 -0
  40. package/dist/tenant/index.d.mts +16454 -0
  41. package/dist/tenant/index.d.ts +16454 -0
  42. package/dist/tenant/index.js +741 -0
  43. package/dist/tenant/index.js.map +1 -0
  44. package/dist/tenant/index.mjs +733 -0
  45. package/dist/tenant/index.mjs.map +1 -0
  46. package/package.json +84 -0
package/dist/index.mjs ADDED
@@ -0,0 +1,4160 @@
1
+ import { ObjectSchema, Field } from '@objectstack/spec/data';
2
+ import { Dashboard } from '@objectstack/spec/ui';
3
+
4
+ // src/identity/sys-user.object.ts
5
+ var SysUser = ObjectSchema.create({
6
+ name: "sys_user",
7
+ label: "User",
8
+ pluralLabel: "Users",
9
+ icon: "user",
10
+ isSystem: true,
11
+ description: "User accounts for authentication",
12
+ displayNameField: "name",
13
+ titleFormat: "{name}",
14
+ compactLayout: ["name", "email", "email_verified"],
15
+ fields: {
16
+ // ── Identity (primary business fields) ───────────────────────
17
+ name: Field.text({
18
+ label: "Name",
19
+ required: true,
20
+ searchable: true,
21
+ maxLength: 255,
22
+ group: "Identity"
23
+ }),
24
+ email: Field.email({
25
+ label: "Email",
26
+ required: true,
27
+ searchable: true,
28
+ group: "Identity"
29
+ }),
30
+ email_verified: Field.boolean({
31
+ label: "Email Verified",
32
+ defaultValue: false,
33
+ group: "Identity"
34
+ }),
35
+ two_factor_enabled: Field.boolean({
36
+ label: "Two-Factor Enabled",
37
+ defaultValue: false,
38
+ group: "Identity",
39
+ description: "Whether two-factor authentication is enabled for this user. Maintained by the better-auth `twoFactor` plugin."
40
+ }),
41
+ // ── Profile ──────────────────────────────────────────────────
42
+ image: Field.url({
43
+ label: "Profile Image",
44
+ required: false,
45
+ group: "Profile"
46
+ }),
47
+ // ── System (auto-managed, hidden from create/edit forms) ─────
48
+ id: Field.text({
49
+ label: "User ID",
50
+ required: true,
51
+ readonly: true,
52
+ group: "System"
53
+ }),
54
+ created_at: Field.datetime({
55
+ label: "Created At",
56
+ defaultValue: "NOW()",
57
+ readonly: true,
58
+ group: "System"
59
+ }),
60
+ updated_at: Field.datetime({
61
+ label: "Updated At",
62
+ defaultValue: "NOW()",
63
+ readonly: true,
64
+ group: "System"
65
+ })
66
+ },
67
+ indexes: [
68
+ { fields: ["email"], unique: true },
69
+ { fields: ["created_at"], unique: false }
70
+ ],
71
+ enable: {
72
+ trackHistory: true,
73
+ searchable: true,
74
+ apiEnabled: true,
75
+ apiMethods: ["get", "list", "create", "update", "delete"],
76
+ trash: true,
77
+ mru: true
78
+ },
79
+ validations: [
80
+ {
81
+ name: "email_unique",
82
+ type: "unique",
83
+ severity: "error",
84
+ message: "Email must be unique",
85
+ fields: ["email"],
86
+ caseSensitive: false
87
+ }
88
+ ]
89
+ });
90
+ var SysSession = ObjectSchema.create({
91
+ name: "sys_session",
92
+ label: "Session",
93
+ pluralLabel: "Sessions",
94
+ icon: "key",
95
+ isSystem: true,
96
+ description: "Active user sessions",
97
+ displayNameField: "user_id",
98
+ titleFormat: "Session \u2014 {user_id}",
99
+ compactLayout: ["user_id", "ip_address", "expires_at"],
100
+ fields: {
101
+ // ── Session owner & expiry ──────────────────────────────────
102
+ user_id: Field.lookup("sys_user", {
103
+ label: "User",
104
+ required: true,
105
+ searchable: true,
106
+ group: "Session"
107
+ }),
108
+ expires_at: Field.datetime({
109
+ label: "Expires At",
110
+ required: true,
111
+ group: "Session"
112
+ }),
113
+ // ── Active context (multi-org/team) ──────────────────────────
114
+ active_organization_id: Field.lookup("sys_organization", {
115
+ label: "Active Organization",
116
+ required: false,
117
+ group: "Context"
118
+ }),
119
+ active_team_id: Field.lookup("sys_team", {
120
+ label: "Active Team",
121
+ required: false,
122
+ group: "Context"
123
+ }),
124
+ // ── Client fingerprint ───────────────────────────────────────
125
+ ip_address: Field.text({
126
+ label: "IP Address",
127
+ required: false,
128
+ maxLength: 45,
129
+ // Support IPv6
130
+ group: "Client"
131
+ }),
132
+ user_agent: Field.textarea({
133
+ label: "User Agent",
134
+ required: false,
135
+ group: "Client"
136
+ }),
137
+ // ── Secret (hidden by default) ──────────────────────────────
138
+ token: Field.text({
139
+ label: "Session Token",
140
+ required: true,
141
+ hidden: true,
142
+ readonly: true,
143
+ description: "Opaque session token \u2014 never exposed in UI",
144
+ group: "Secret"
145
+ }),
146
+ // ── System ───────────────────────────────────────────────────
147
+ id: Field.text({
148
+ label: "Session ID",
149
+ required: true,
150
+ readonly: true,
151
+ group: "System"
152
+ }),
153
+ created_at: Field.datetime({
154
+ label: "Created At",
155
+ defaultValue: "NOW()",
156
+ readonly: true,
157
+ group: "System"
158
+ }),
159
+ updated_at: Field.datetime({
160
+ label: "Updated At",
161
+ defaultValue: "NOW()",
162
+ readonly: true,
163
+ group: "System"
164
+ })
165
+ },
166
+ indexes: [
167
+ { fields: ["token"], unique: true },
168
+ { fields: ["user_id"], unique: false },
169
+ { fields: ["expires_at"], unique: false }
170
+ ],
171
+ enable: {
172
+ trackHistory: false,
173
+ searchable: false,
174
+ apiEnabled: true,
175
+ apiMethods: ["get", "list", "create", "delete"],
176
+ trash: false,
177
+ mru: false,
178
+ clone: false
179
+ }
180
+ });
181
+ var SysAccount = ObjectSchema.create({
182
+ name: "sys_account",
183
+ label: "Account",
184
+ pluralLabel: "Accounts",
185
+ icon: "link",
186
+ isSystem: true,
187
+ description: "OAuth and authentication provider accounts",
188
+ titleFormat: "{provider_id} - {account_id}",
189
+ compactLayout: ["provider_id", "user_id", "account_id"],
190
+ fields: {
191
+ id: Field.text({
192
+ label: "Account ID",
193
+ required: true,
194
+ readonly: true
195
+ }),
196
+ created_at: Field.datetime({
197
+ label: "Created At",
198
+ defaultValue: "NOW()",
199
+ readonly: true
200
+ }),
201
+ updated_at: Field.datetime({
202
+ label: "Updated At",
203
+ defaultValue: "NOW()",
204
+ readonly: true
205
+ }),
206
+ provider_id: Field.text({
207
+ label: "Provider ID",
208
+ required: true,
209
+ description: "OAuth provider identifier (google, github, etc.)"
210
+ }),
211
+ account_id: Field.text({
212
+ label: "Provider Account ID",
213
+ required: true,
214
+ description: "User's ID in the provider's system"
215
+ }),
216
+ user_id: Field.lookup("sys_user", {
217
+ label: "User",
218
+ required: true,
219
+ description: "Link to user table"
220
+ }),
221
+ access_token: Field.textarea({
222
+ label: "Access Token",
223
+ required: false
224
+ }),
225
+ refresh_token: Field.textarea({
226
+ label: "Refresh Token",
227
+ required: false
228
+ }),
229
+ id_token: Field.textarea({
230
+ label: "ID Token",
231
+ required: false
232
+ }),
233
+ access_token_expires_at: Field.datetime({
234
+ label: "Access Token Expires At",
235
+ required: false
236
+ }),
237
+ refresh_token_expires_at: Field.datetime({
238
+ label: "Refresh Token Expires At",
239
+ required: false
240
+ }),
241
+ scope: Field.text({
242
+ label: "OAuth Scope",
243
+ required: false
244
+ }),
245
+ password: Field.text({
246
+ label: "Password Hash",
247
+ required: false,
248
+ description: "Hashed password for email/password provider"
249
+ })
250
+ },
251
+ indexes: [
252
+ { fields: ["user_id"], unique: false },
253
+ { fields: ["provider_id", "account_id"], unique: true }
254
+ ],
255
+ enable: {
256
+ trackHistory: false,
257
+ searchable: false,
258
+ apiEnabled: true,
259
+ apiMethods: ["get", "list", "create", "update", "delete"],
260
+ trash: true,
261
+ mru: false
262
+ }
263
+ });
264
+ var SysVerification = ObjectSchema.create({
265
+ name: "sys_verification",
266
+ label: "Verification",
267
+ pluralLabel: "Verifications",
268
+ icon: "shield-check",
269
+ isSystem: true,
270
+ description: "Email and phone verification tokens",
271
+ titleFormat: "Verification for {identifier}",
272
+ compactLayout: ["identifier", "expires_at", "created_at"],
273
+ fields: {
274
+ id: Field.text({
275
+ label: "Verification ID",
276
+ required: true,
277
+ readonly: true
278
+ }),
279
+ created_at: Field.datetime({
280
+ label: "Created At",
281
+ defaultValue: "NOW()",
282
+ readonly: true
283
+ }),
284
+ updated_at: Field.datetime({
285
+ label: "Updated At",
286
+ defaultValue: "NOW()",
287
+ readonly: true
288
+ }),
289
+ value: Field.text({
290
+ label: "Verification Token",
291
+ required: true,
292
+ description: "Token or code for verification"
293
+ }),
294
+ expires_at: Field.datetime({
295
+ label: "Expires At",
296
+ required: true
297
+ }),
298
+ identifier: Field.text({
299
+ label: "Identifier",
300
+ required: true,
301
+ description: "Email address or phone number"
302
+ })
303
+ },
304
+ indexes: [
305
+ { fields: ["value"], unique: true },
306
+ { fields: ["identifier"], unique: false },
307
+ { fields: ["expires_at"], unique: false }
308
+ ],
309
+ enable: {
310
+ trackHistory: false,
311
+ searchable: false,
312
+ apiEnabled: true,
313
+ apiMethods: ["get", "create", "delete"],
314
+ trash: false,
315
+ mru: false
316
+ }
317
+ });
318
+ var SysOrganization = ObjectSchema.create({
319
+ name: "sys_organization",
320
+ label: "Organization",
321
+ pluralLabel: "Organizations",
322
+ icon: "building-2",
323
+ isSystem: true,
324
+ description: "Organizations for multi-tenant grouping",
325
+ displayNameField: "name",
326
+ titleFormat: "{name}",
327
+ compactLayout: ["name", "slug"],
328
+ fields: {
329
+ // ── Identity ─────────────────────────────────────────────────
330
+ name: Field.text({
331
+ label: "Name",
332
+ required: true,
333
+ searchable: true,
334
+ maxLength: 255,
335
+ group: "Identity"
336
+ }),
337
+ slug: Field.text({
338
+ label: "Slug",
339
+ required: false,
340
+ searchable: true,
341
+ maxLength: 255,
342
+ description: "URL-friendly identifier",
343
+ group: "Identity"
344
+ }),
345
+ // ── Branding ─────────────────────────────────────────────────
346
+ logo: Field.url({
347
+ label: "Logo",
348
+ required: false,
349
+ group: "Branding"
350
+ }),
351
+ // ── Configuration ────────────────────────────────────────────
352
+ metadata: Field.textarea({
353
+ label: "Metadata",
354
+ required: false,
355
+ description: "JSON-serialized organization metadata",
356
+ group: "Configuration"
357
+ }),
358
+ // ── System ───────────────────────────────────────────────────
359
+ id: Field.text({
360
+ label: "Organization ID",
361
+ required: true,
362
+ readonly: true,
363
+ group: "System"
364
+ }),
365
+ created_at: Field.datetime({
366
+ label: "Created At",
367
+ defaultValue: "NOW()",
368
+ readonly: true,
369
+ group: "System"
370
+ }),
371
+ updated_at: Field.datetime({
372
+ label: "Updated At",
373
+ defaultValue: "NOW()",
374
+ readonly: true,
375
+ group: "System"
376
+ })
377
+ },
378
+ indexes: [
379
+ { fields: ["slug"], unique: true },
380
+ { fields: ["name"] }
381
+ ],
382
+ enable: {
383
+ trackHistory: true,
384
+ searchable: true,
385
+ apiEnabled: true,
386
+ apiMethods: ["get", "list", "create", "update", "delete"],
387
+ trash: true,
388
+ mru: true
389
+ }
390
+ });
391
+ var SysMember = ObjectSchema.create({
392
+ name: "sys_member",
393
+ label: "Member",
394
+ pluralLabel: "Members",
395
+ icon: "user-check",
396
+ isSystem: true,
397
+ description: "Organization membership records",
398
+ titleFormat: "{user_id} in {organization_id}",
399
+ compactLayout: ["user_id", "organization_id", "role"],
400
+ fields: {
401
+ id: Field.text({
402
+ label: "Member ID",
403
+ required: true,
404
+ readonly: true
405
+ }),
406
+ created_at: Field.datetime({
407
+ label: "Created At",
408
+ defaultValue: "NOW()",
409
+ readonly: true
410
+ }),
411
+ organization_id: Field.lookup("sys_organization", {
412
+ label: "Organization",
413
+ required: true
414
+ }),
415
+ user_id: Field.lookup("sys_user", {
416
+ label: "User",
417
+ required: true
418
+ }),
419
+ role: Field.text({
420
+ label: "Role",
421
+ required: false,
422
+ description: "Member role within the organization (e.g. admin, member)",
423
+ maxLength: 100
424
+ })
425
+ },
426
+ indexes: [
427
+ { fields: ["organization_id", "user_id"], unique: true },
428
+ { fields: ["user_id"] }
429
+ ],
430
+ enable: {
431
+ trackHistory: true,
432
+ searchable: false,
433
+ apiEnabled: true,
434
+ apiMethods: ["get", "list", "create", "update", "delete"],
435
+ trash: false,
436
+ mru: false
437
+ }
438
+ });
439
+ var SysInvitation = ObjectSchema.create({
440
+ name: "sys_invitation",
441
+ label: "Invitation",
442
+ pluralLabel: "Invitations",
443
+ icon: "mail",
444
+ isSystem: true,
445
+ description: "Organization invitations for user onboarding",
446
+ titleFormat: "Invitation to {organization_id}",
447
+ compactLayout: ["email", "organization_id", "status"],
448
+ fields: {
449
+ id: Field.text({
450
+ label: "Invitation ID",
451
+ required: true,
452
+ readonly: true
453
+ }),
454
+ created_at: Field.datetime({
455
+ label: "Created At",
456
+ defaultValue: "NOW()",
457
+ readonly: true
458
+ }),
459
+ organization_id: Field.lookup("sys_organization", {
460
+ label: "Organization",
461
+ required: true
462
+ }),
463
+ email: Field.email({
464
+ label: "Email",
465
+ required: true,
466
+ description: "Email address of the invited user"
467
+ }),
468
+ role: Field.text({
469
+ label: "Role",
470
+ required: false,
471
+ maxLength: 100,
472
+ description: "Role to assign upon acceptance"
473
+ }),
474
+ status: Field.select(["pending", "accepted", "rejected", "expired", "canceled"], {
475
+ label: "Status",
476
+ required: true,
477
+ defaultValue: "pending"
478
+ }),
479
+ inviter_id: Field.lookup("sys_user", {
480
+ label: "Inviter",
481
+ required: true,
482
+ description: "User who sent the invitation"
483
+ }),
484
+ expires_at: Field.datetime({
485
+ label: "Expires At",
486
+ required: true
487
+ }),
488
+ team_id: Field.lookup("sys_team", {
489
+ label: "Team",
490
+ required: false,
491
+ description: "Optional team to assign upon acceptance"
492
+ })
493
+ },
494
+ indexes: [
495
+ { fields: ["organization_id"] },
496
+ { fields: ["email"] },
497
+ { fields: ["expires_at"] }
498
+ ],
499
+ enable: {
500
+ trackHistory: true,
501
+ searchable: false,
502
+ apiEnabled: true,
503
+ apiMethods: ["get", "list", "create", "update", "delete"],
504
+ trash: false,
505
+ mru: false
506
+ }
507
+ });
508
+ var SysTeam = ObjectSchema.create({
509
+ name: "sys_team",
510
+ label: "Team",
511
+ pluralLabel: "Teams",
512
+ icon: "users",
513
+ isSystem: true,
514
+ description: "Teams within organizations for fine-grained grouping",
515
+ displayNameField: "name",
516
+ titleFormat: "{name}",
517
+ compactLayout: ["name", "organization_id"],
518
+ fields: {
519
+ // ── Identity ─────────────────────────────────────────────────
520
+ name: Field.text({
521
+ label: "Name",
522
+ required: true,
523
+ searchable: true,
524
+ maxLength: 255,
525
+ group: "Identity"
526
+ }),
527
+ organization_id: Field.lookup("sys_organization", {
528
+ label: "Organization",
529
+ required: true,
530
+ description: "Parent organization for this team",
531
+ group: "Identity"
532
+ }),
533
+ // ── System ───────────────────────────────────────────────────
534
+ id: Field.text({
535
+ label: "Team ID",
536
+ required: true,
537
+ readonly: true,
538
+ group: "System"
539
+ }),
540
+ created_at: Field.datetime({
541
+ label: "Created At",
542
+ defaultValue: "NOW()",
543
+ readonly: true,
544
+ group: "System"
545
+ }),
546
+ updated_at: Field.datetime({
547
+ label: "Updated At",
548
+ defaultValue: "NOW()",
549
+ readonly: true,
550
+ group: "System"
551
+ })
552
+ },
553
+ indexes: [
554
+ { fields: ["organization_id"] },
555
+ { fields: ["name", "organization_id"], unique: true }
556
+ ],
557
+ enable: {
558
+ trackHistory: true,
559
+ searchable: true,
560
+ apiEnabled: true,
561
+ apiMethods: ["get", "list", "create", "update", "delete"],
562
+ trash: true,
563
+ mru: false
564
+ }
565
+ });
566
+ var SysTeamMember = ObjectSchema.create({
567
+ name: "sys_team_member",
568
+ label: "Team Member",
569
+ pluralLabel: "Team Members",
570
+ icon: "user-plus",
571
+ isSystem: true,
572
+ description: "Team membership records linking users to teams",
573
+ titleFormat: "{user_id} in {team_id}",
574
+ compactLayout: ["user_id", "team_id", "created_at"],
575
+ fields: {
576
+ id: Field.text({
577
+ label: "Team Member ID",
578
+ required: true,
579
+ readonly: true
580
+ }),
581
+ created_at: Field.datetime({
582
+ label: "Created At",
583
+ defaultValue: "NOW()",
584
+ readonly: true
585
+ }),
586
+ team_id: Field.lookup("sys_team", {
587
+ label: "Team",
588
+ required: true
589
+ }),
590
+ user_id: Field.lookup("sys_user", {
591
+ label: "User",
592
+ required: true
593
+ })
594
+ },
595
+ indexes: [
596
+ { fields: ["team_id", "user_id"], unique: true },
597
+ { fields: ["user_id"] }
598
+ ],
599
+ enable: {
600
+ trackHistory: true,
601
+ searchable: false,
602
+ apiEnabled: true,
603
+ apiMethods: ["get", "list", "create", "delete"],
604
+ trash: false,
605
+ mru: false
606
+ }
607
+ });
608
+ var SysApiKey = ObjectSchema.create({
609
+ name: "sys_api_key",
610
+ label: "API Key",
611
+ pluralLabel: "API Keys",
612
+ icon: "key-round",
613
+ isSystem: true,
614
+ description: "API keys for programmatic access",
615
+ displayNameField: "name",
616
+ titleFormat: "{name}",
617
+ compactLayout: ["name", "prefix", "user_id", "expires_at", "revoked"],
618
+ fields: {
619
+ // ── Identity ─────────────────────────────────────────────────
620
+ name: Field.text({
621
+ label: "Name",
622
+ required: true,
623
+ searchable: true,
624
+ maxLength: 255,
625
+ description: "Human-readable label for the API key",
626
+ group: "Identity"
627
+ }),
628
+ prefix: Field.text({
629
+ label: "Prefix",
630
+ required: false,
631
+ maxLength: 16,
632
+ description: 'Visible prefix for identifying the key (e.g., "osk_")',
633
+ group: "Identity"
634
+ }),
635
+ user_id: Field.lookup("sys_user", {
636
+ label: "Owner",
637
+ required: true,
638
+ description: "User who owns this API key",
639
+ group: "Identity"
640
+ }),
641
+ // ── Access ───────────────────────────────────────────────────
642
+ scopes: Field.textarea({
643
+ label: "Scopes",
644
+ required: false,
645
+ description: "JSON array of permission scopes",
646
+ group: "Access"
647
+ }),
648
+ // ── Lifecycle ────────────────────────────────────────────────
649
+ expires_at: Field.datetime({
650
+ label: "Expires At",
651
+ required: false,
652
+ group: "Lifecycle"
653
+ }),
654
+ last_used_at: Field.datetime({
655
+ label: "Last Used At",
656
+ required: false,
657
+ readonly: true,
658
+ description: "Automatically updated on each API call",
659
+ group: "Lifecycle"
660
+ }),
661
+ revoked: Field.boolean({
662
+ label: "Revoked",
663
+ defaultValue: false,
664
+ group: "Lifecycle"
665
+ }),
666
+ // ── Secret (hidden by default) ──────────────────────────────
667
+ key: Field.text({
668
+ label: "Hashed Key",
669
+ required: true,
670
+ hidden: true,
671
+ readonly: true,
672
+ description: "Hashed API key value \u2014 never exposed to clients",
673
+ group: "Secret"
674
+ }),
675
+ // ── System ───────────────────────────────────────────────────
676
+ id: Field.text({
677
+ label: "API Key ID",
678
+ required: true,
679
+ readonly: true,
680
+ group: "System"
681
+ }),
682
+ created_at: Field.datetime({
683
+ label: "Created At",
684
+ defaultValue: "NOW()",
685
+ readonly: true,
686
+ group: "System"
687
+ }),
688
+ updated_at: Field.datetime({
689
+ label: "Updated At",
690
+ defaultValue: "NOW()",
691
+ readonly: true,
692
+ group: "System"
693
+ })
694
+ },
695
+ indexes: [
696
+ { fields: ["key"], unique: true },
697
+ { fields: ["user_id"] },
698
+ { fields: ["prefix"] },
699
+ { fields: ["revoked"] }
700
+ ],
701
+ enable: {
702
+ trackHistory: true,
703
+ searchable: false,
704
+ apiEnabled: true,
705
+ apiMethods: ["get", "list", "create", "update", "delete"],
706
+ trash: false,
707
+ mru: false
708
+ }
709
+ });
710
+ var SysTwoFactor = ObjectSchema.create({
711
+ name: "sys_two_factor",
712
+ label: "Two Factor",
713
+ pluralLabel: "Two Factor Credentials",
714
+ icon: "smartphone",
715
+ isSystem: true,
716
+ description: "Two-factor authentication credentials",
717
+ titleFormat: "Two-factor for {user_id}",
718
+ compactLayout: ["user_id", "created_at"],
719
+ fields: {
720
+ id: Field.text({
721
+ label: "Two Factor ID",
722
+ required: true,
723
+ readonly: true
724
+ }),
725
+ created_at: Field.datetime({
726
+ label: "Created At",
727
+ defaultValue: "NOW()",
728
+ readonly: true
729
+ }),
730
+ updated_at: Field.datetime({
731
+ label: "Updated At",
732
+ defaultValue: "NOW()",
733
+ readonly: true
734
+ }),
735
+ user_id: Field.lookup("sys_user", {
736
+ label: "User",
737
+ required: true
738
+ }),
739
+ secret: Field.text({
740
+ label: "Secret",
741
+ required: true,
742
+ description: "TOTP secret key"
743
+ }),
744
+ backup_codes: Field.textarea({
745
+ label: "Backup Codes",
746
+ required: false,
747
+ description: "JSON-serialized backup recovery codes"
748
+ })
749
+ },
750
+ indexes: [
751
+ { fields: ["user_id"], unique: true }
752
+ ],
753
+ enable: {
754
+ trackHistory: false,
755
+ searchable: false,
756
+ apiEnabled: true,
757
+ apiMethods: ["get", "create", "update", "delete"],
758
+ trash: false,
759
+ mru: false
760
+ }
761
+ });
762
+ var SysDeviceCode = ObjectSchema.create({
763
+ name: "sys_device_code",
764
+ label: "Device Code",
765
+ pluralLabel: "Device Codes",
766
+ icon: "key-round",
767
+ isSystem: true,
768
+ description: "OAuth 2.0 Device Authorization Grant (RFC 8628) pending requests",
769
+ titleFormat: "{user_code}",
770
+ compactLayout: ["user_code", "status", "client_id", "expires_at"],
771
+ fields: {
772
+ id: Field.text({
773
+ label: "Device Code ID",
774
+ required: true,
775
+ readonly: true
776
+ }),
777
+ created_at: Field.datetime({
778
+ label: "Created At",
779
+ defaultValue: "NOW()",
780
+ readonly: true
781
+ }),
782
+ updated_at: Field.datetime({
783
+ label: "Updated At",
784
+ defaultValue: "NOW()",
785
+ readonly: true
786
+ }),
787
+ /** High-entropy token returned to the device (CLI). Polled at /device/token. */
788
+ device_code: Field.text({
789
+ label: "Device Code",
790
+ required: true,
791
+ description: "High-entropy token returned to the polling device"
792
+ }),
793
+ /** Human-readable short code displayed to the user (e.g. ABCD-EFGH). */
794
+ user_code: Field.text({
795
+ label: "User Code",
796
+ required: true,
797
+ description: "Short user-facing code (e.g. ABCD-EFGH)"
798
+ }),
799
+ /** Owning user — populated when the request is approved. */
800
+ user_id: Field.lookup("sys_user", {
801
+ label: "User",
802
+ required: false,
803
+ description: "User who approved the device authorization"
804
+ }),
805
+ expires_at: Field.datetime({
806
+ label: "Expires At",
807
+ required: true,
808
+ description: "When the device & user codes are no longer valid"
809
+ }),
810
+ /** 'pending' | 'approved' | 'denied' */
811
+ status: Field.text({
812
+ label: "Status",
813
+ required: true,
814
+ description: "Current status: 'pending' | 'approved' | 'denied'"
815
+ }),
816
+ last_polled_at: Field.datetime({
817
+ label: "Last Polled At",
818
+ required: false,
819
+ description: "Timestamp of the most recent /device/token poll"
820
+ }),
821
+ polling_interval: Field.number({
822
+ label: "Polling Interval (ms)",
823
+ required: false,
824
+ description: "Server-recommended minimum polling interval, in ms"
825
+ }),
826
+ client_id: Field.text({
827
+ label: "Client ID",
828
+ required: false,
829
+ description: "OAuth client identifier of the requesting device"
830
+ }),
831
+ scope: Field.text({
832
+ label: "Scope",
833
+ required: false,
834
+ description: "Space-separated OAuth scopes requested by the device"
835
+ })
836
+ },
837
+ indexes: [
838
+ { fields: ["device_code"], unique: true },
839
+ { fields: ["user_code"], unique: true },
840
+ { fields: ["status"], unique: false }
841
+ ],
842
+ enable: {
843
+ trackHistory: false,
844
+ searchable: false,
845
+ apiEnabled: true,
846
+ apiMethods: ["get", "create", "update", "delete"],
847
+ trash: false,
848
+ mru: false
849
+ }
850
+ });
851
+ var SysUserPreference = ObjectSchema.create({
852
+ name: "sys_user_preference",
853
+ label: "User Preference",
854
+ pluralLabel: "User Preferences",
855
+ icon: "settings",
856
+ isSystem: true,
857
+ description: "Per-user key-value preferences (theme, locale, etc.)",
858
+ titleFormat: "{key}",
859
+ compactLayout: ["user_id", "key"],
860
+ fields: {
861
+ id: Field.text({
862
+ label: "Preference ID",
863
+ required: true,
864
+ readonly: true
865
+ }),
866
+ created_at: Field.datetime({
867
+ label: "Created At",
868
+ defaultValue: "NOW()",
869
+ readonly: true
870
+ }),
871
+ updated_at: Field.datetime({
872
+ label: "Updated At",
873
+ defaultValue: "NOW()",
874
+ readonly: true
875
+ }),
876
+ user_id: Field.lookup("sys_user", {
877
+ label: "User",
878
+ required: true,
879
+ description: "Owner user of this preference"
880
+ }),
881
+ key: Field.text({
882
+ label: "Key",
883
+ required: true,
884
+ maxLength: 255,
885
+ description: "Preference key (e.g., theme, locale, plugin.ai.auto_save)"
886
+ }),
887
+ value: Field.json({
888
+ label: "Value",
889
+ description: "Preference value (any JSON-serializable type)"
890
+ })
891
+ },
892
+ indexes: [
893
+ { fields: ["user_id", "key"], unique: true },
894
+ { fields: ["user_id"], unique: false }
895
+ ],
896
+ enable: {
897
+ trackHistory: false,
898
+ searchable: false,
899
+ apiEnabled: true,
900
+ apiMethods: ["get", "list", "create", "update", "delete"],
901
+ trash: false,
902
+ mru: false
903
+ }
904
+ });
905
+ var SysOauthApplication = ObjectSchema.create({
906
+ name: "sys_oauth_application",
907
+ label: "OAuth Application",
908
+ pluralLabel: "OAuth Applications",
909
+ icon: "key-round",
910
+ isSystem: true,
911
+ description: "Registered OAuth/OIDC client applications",
912
+ displayNameField: "name",
913
+ titleFormat: "{name}",
914
+ compactLayout: ["name", "client_id", "type", "disabled"],
915
+ fields: {
916
+ // ── Identity ─────────────────────────────────────────────────
917
+ id: Field.text({
918
+ label: "ID",
919
+ required: true,
920
+ readonly: true,
921
+ group: "System"
922
+ }),
923
+ name: Field.text({
924
+ label: "Name",
925
+ required: false,
926
+ searchable: true,
927
+ maxLength: 255,
928
+ group: "Identity"
929
+ }),
930
+ icon: Field.url({
931
+ label: "Icon",
932
+ required: false,
933
+ description: "Logo URL shown on the consent screen",
934
+ group: "Identity"
935
+ }),
936
+ uri: Field.url({
937
+ label: "Home URI",
938
+ required: false,
939
+ description: "Public homepage of the registered client",
940
+ group: "Identity"
941
+ }),
942
+ contacts: Field.textarea({
943
+ label: "Contacts",
944
+ required: false,
945
+ description: "JSON-serialized list of contact email addresses",
946
+ group: "Identity"
947
+ }),
948
+ tos: Field.url({
949
+ label: "Terms of Service",
950
+ required: false,
951
+ group: "Identity"
952
+ }),
953
+ policy: Field.url({
954
+ label: "Privacy Policy",
955
+ required: false,
956
+ group: "Identity"
957
+ }),
958
+ metadata: Field.textarea({
959
+ label: "Metadata",
960
+ required: false,
961
+ description: "JSON-serialized application metadata",
962
+ group: "Identity"
963
+ }),
964
+ // ── OAuth Credentials ────────────────────────────────────────
965
+ client_id: Field.text({
966
+ label: "Client ID",
967
+ required: true,
968
+ readonly: true,
969
+ maxLength: 255,
970
+ description: "Public OAuth client identifier",
971
+ group: "Credentials"
972
+ }),
973
+ client_secret: Field.text({
974
+ label: "Client Secret",
975
+ required: false,
976
+ maxLength: 1024,
977
+ description: "OAuth client secret (hashed/encrypted at rest)",
978
+ group: "Credentials"
979
+ }),
980
+ redirect_uris: Field.textarea({
981
+ label: "Redirect URIs",
982
+ required: true,
983
+ description: "JSON-serialized list of allowed redirect URIs",
984
+ group: "Credentials"
985
+ }),
986
+ post_logout_redirect_uris: Field.textarea({
987
+ label: "Post-logout Redirect URIs",
988
+ required: false,
989
+ description: "JSON-serialized list of allowed post-logout redirect URIs",
990
+ group: "Credentials"
991
+ }),
992
+ type: Field.select(["web", "native", "user-agent-based", "public"], {
993
+ label: "Client Type",
994
+ required: false,
995
+ defaultValue: "web",
996
+ group: "Credentials"
997
+ }),
998
+ public: Field.boolean({
999
+ label: "Public Client",
1000
+ required: false,
1001
+ description: "Marks the client as a public (non-confidential) OAuth client",
1002
+ group: "Credentials"
1003
+ }),
1004
+ require_pkce: Field.boolean({
1005
+ label: "Require PKCE",
1006
+ required: false,
1007
+ group: "Credentials"
1008
+ }),
1009
+ token_endpoint_auth_method: Field.text({
1010
+ label: "Token Endpoint Auth Method",
1011
+ required: false,
1012
+ maxLength: 64,
1013
+ description: "e.g. client_secret_basic, client_secret_post, none",
1014
+ group: "Credentials"
1015
+ }),
1016
+ grant_types: Field.textarea({
1017
+ label: "Grant Types",
1018
+ required: false,
1019
+ description: "JSON-serialized list of allowed grant types",
1020
+ group: "Credentials"
1021
+ }),
1022
+ response_types: Field.textarea({
1023
+ label: "Response Types",
1024
+ required: false,
1025
+ description: "JSON-serialized list of allowed response types",
1026
+ group: "Credentials"
1027
+ }),
1028
+ scopes: Field.textarea({
1029
+ label: "Allowed Scopes",
1030
+ required: false,
1031
+ description: "JSON-serialized list of scopes the client may request",
1032
+ group: "Credentials"
1033
+ }),
1034
+ subject_type: Field.text({
1035
+ label: "Subject Type",
1036
+ required: false,
1037
+ maxLength: 32,
1038
+ description: "OIDC subject type (e.g. public, pairwise)",
1039
+ group: "Credentials"
1040
+ }),
1041
+ // ── Behaviour flags ──────────────────────────────────────────
1042
+ disabled: Field.boolean({
1043
+ label: "Disabled",
1044
+ required: false,
1045
+ defaultValue: false,
1046
+ group: "Behaviour"
1047
+ }),
1048
+ skip_consent: Field.boolean({
1049
+ label: "Skip Consent",
1050
+ required: false,
1051
+ description: "Treat as a trusted client and bypass the consent screen",
1052
+ group: "Behaviour"
1053
+ }),
1054
+ enable_end_session: Field.boolean({
1055
+ label: "Enable End Session",
1056
+ required: false,
1057
+ description: "Allow the client to call the OIDC end-session endpoint",
1058
+ group: "Behaviour"
1059
+ }),
1060
+ // ── Software statement (RFC 7591 §2.3) ───────────────────────
1061
+ software_id: Field.text({
1062
+ label: "Software ID",
1063
+ required: false,
1064
+ maxLength: 255,
1065
+ group: "Software"
1066
+ }),
1067
+ software_version: Field.text({
1068
+ label: "Software Version",
1069
+ required: false,
1070
+ maxLength: 64,
1071
+ group: "Software"
1072
+ }),
1073
+ software_statement: Field.textarea({
1074
+ label: "Software Statement",
1075
+ required: false,
1076
+ description: "Signed JWT asserting the client metadata (RFC 7591 \xA72.3)",
1077
+ group: "Software"
1078
+ }),
1079
+ // ── Ownership / system ───────────────────────────────────────
1080
+ user_id: Field.lookup("sys_user", {
1081
+ label: "Owner User",
1082
+ required: false,
1083
+ description: "User who registered this application",
1084
+ group: "System"
1085
+ }),
1086
+ reference_id: Field.text({
1087
+ label: "Reference ID",
1088
+ required: false,
1089
+ maxLength: 255,
1090
+ description: "Caller-supplied correlation identifier",
1091
+ group: "System"
1092
+ }),
1093
+ created_at: Field.datetime({
1094
+ label: "Created At",
1095
+ defaultValue: "NOW()",
1096
+ readonly: true,
1097
+ group: "System"
1098
+ }),
1099
+ updated_at: Field.datetime({
1100
+ label: "Updated At",
1101
+ defaultValue: "NOW()",
1102
+ readonly: true,
1103
+ group: "System"
1104
+ })
1105
+ },
1106
+ indexes: [
1107
+ { fields: ["client_id"], unique: true },
1108
+ { fields: ["user_id"] },
1109
+ { fields: ["reference_id"] }
1110
+ ],
1111
+ enable: {
1112
+ trackHistory: true,
1113
+ searchable: true,
1114
+ apiEnabled: true,
1115
+ apiMethods: ["get", "list", "delete"],
1116
+ trash: false,
1117
+ mru: false
1118
+ }
1119
+ });
1120
+ var SysOauthAccessToken = ObjectSchema.create({
1121
+ name: "sys_oauth_access_token",
1122
+ label: "OAuth Access Token",
1123
+ pluralLabel: "OAuth Access Tokens",
1124
+ icon: "ticket",
1125
+ isSystem: true,
1126
+ description: "Opaque OAuth access tokens issued to client applications",
1127
+ compactLayout: ["client_id", "user_id", "expires_at"],
1128
+ fields: {
1129
+ id: Field.text({
1130
+ label: "ID",
1131
+ required: true,
1132
+ readonly: true
1133
+ }),
1134
+ token: Field.text({
1135
+ label: "Token",
1136
+ required: true,
1137
+ maxLength: 1024,
1138
+ description: "Opaque access token value"
1139
+ }),
1140
+ client_id: Field.text({
1141
+ label: "Client ID",
1142
+ required: true,
1143
+ description: "Foreign key to sys_oauth_application.client_id"
1144
+ }),
1145
+ session_id: Field.lookup("sys_session", {
1146
+ label: "Session",
1147
+ required: false,
1148
+ description: "Foreign key to sys_session.id"
1149
+ }),
1150
+ user_id: Field.lookup("sys_user", {
1151
+ label: "User",
1152
+ required: false,
1153
+ description: "Foreign key to sys_user.id"
1154
+ }),
1155
+ refresh_id: Field.lookup("sys_oauth_refresh_token", {
1156
+ label: "Refresh Token",
1157
+ required: false,
1158
+ description: "Foreign key to sys_oauth_refresh_token.id"
1159
+ }),
1160
+ reference_id: Field.text({
1161
+ label: "Reference ID",
1162
+ required: false,
1163
+ maxLength: 255,
1164
+ description: "Caller-supplied correlation identifier"
1165
+ }),
1166
+ scopes: Field.textarea({
1167
+ label: "Scopes",
1168
+ required: true,
1169
+ description: "JSON-serialized list of scopes granted to this token"
1170
+ }),
1171
+ expires_at: Field.datetime({
1172
+ label: "Expires At",
1173
+ required: true
1174
+ }),
1175
+ created_at: Field.datetime({
1176
+ label: "Created At",
1177
+ defaultValue: "NOW()",
1178
+ readonly: true
1179
+ })
1180
+ },
1181
+ indexes: [
1182
+ { fields: ["token"], unique: true },
1183
+ { fields: ["client_id"] },
1184
+ { fields: ["session_id"] },
1185
+ { fields: ["user_id"] },
1186
+ { fields: ["refresh_id"] }
1187
+ ],
1188
+ enable: {
1189
+ trackHistory: false,
1190
+ searchable: false,
1191
+ apiEnabled: false,
1192
+ apiMethods: [],
1193
+ trash: false,
1194
+ mru: false
1195
+ }
1196
+ });
1197
+ var SysOauthRefreshToken = ObjectSchema.create({
1198
+ name: "sys_oauth_refresh_token",
1199
+ label: "OAuth Refresh Token",
1200
+ pluralLabel: "OAuth Refresh Tokens",
1201
+ icon: "refresh-cw",
1202
+ isSystem: true,
1203
+ description: "Opaque OAuth refresh tokens (linked to a session)",
1204
+ compactLayout: ["client_id", "user_id", "expires_at"],
1205
+ fields: {
1206
+ id: Field.text({
1207
+ label: "ID",
1208
+ required: true,
1209
+ readonly: true
1210
+ }),
1211
+ token: Field.text({
1212
+ label: "Token",
1213
+ required: true,
1214
+ maxLength: 1024,
1215
+ description: "Opaque refresh token value"
1216
+ }),
1217
+ client_id: Field.text({
1218
+ label: "Client ID",
1219
+ required: true,
1220
+ description: "Foreign key to sys_oauth_application.client_id"
1221
+ }),
1222
+ session_id: Field.lookup("sys_session", {
1223
+ label: "Session",
1224
+ required: false,
1225
+ description: "Foreign key to sys_session.id"
1226
+ }),
1227
+ user_id: Field.lookup("sys_user", {
1228
+ label: "User",
1229
+ required: true,
1230
+ description: "Foreign key to sys_user.id"
1231
+ }),
1232
+ reference_id: Field.text({
1233
+ label: "Reference ID",
1234
+ required: false,
1235
+ maxLength: 255,
1236
+ description: "Caller-supplied correlation identifier"
1237
+ }),
1238
+ scopes: Field.textarea({
1239
+ label: "Scopes",
1240
+ required: true,
1241
+ description: "JSON-serialized list of scopes granted to this token"
1242
+ }),
1243
+ expires_at: Field.datetime({
1244
+ label: "Expires At",
1245
+ required: true
1246
+ }),
1247
+ created_at: Field.datetime({
1248
+ label: "Created At",
1249
+ defaultValue: "NOW()",
1250
+ readonly: true
1251
+ }),
1252
+ revoked: Field.datetime({
1253
+ label: "Revoked At",
1254
+ required: false,
1255
+ description: "Timestamp at which this refresh token was revoked"
1256
+ }),
1257
+ auth_time: Field.datetime({
1258
+ label: "Auth Time",
1259
+ required: false,
1260
+ description: "When the user originally authenticated for this token chain"
1261
+ })
1262
+ },
1263
+ indexes: [
1264
+ { fields: ["token"], unique: true },
1265
+ { fields: ["client_id"] },
1266
+ { fields: ["session_id"] },
1267
+ { fields: ["user_id"] }
1268
+ ],
1269
+ enable: {
1270
+ trackHistory: false,
1271
+ searchable: false,
1272
+ apiEnabled: false,
1273
+ apiMethods: [],
1274
+ trash: false,
1275
+ mru: false
1276
+ }
1277
+ });
1278
+ var SysOauthConsent = ObjectSchema.create({
1279
+ name: "sys_oauth_consent",
1280
+ label: "OAuth Consent",
1281
+ pluralLabel: "OAuth Consents",
1282
+ icon: "shield-check",
1283
+ isSystem: true,
1284
+ description: "User consent records for OAuth client applications",
1285
+ compactLayout: ["client_id", "user_id", "scopes"],
1286
+ fields: {
1287
+ id: Field.text({
1288
+ label: "ID",
1289
+ required: true,
1290
+ readonly: true
1291
+ }),
1292
+ client_id: Field.text({
1293
+ label: "Client ID",
1294
+ required: true,
1295
+ description: "Foreign key to sys_oauth_application.client_id"
1296
+ }),
1297
+ user_id: Field.lookup("sys_user", {
1298
+ label: "User",
1299
+ required: false,
1300
+ description: "Foreign key to sys_user.id"
1301
+ }),
1302
+ reference_id: Field.text({
1303
+ label: "Reference ID",
1304
+ required: false,
1305
+ maxLength: 255,
1306
+ description: "Caller-supplied correlation identifier"
1307
+ }),
1308
+ scopes: Field.textarea({
1309
+ label: "Scopes",
1310
+ required: true,
1311
+ description: "JSON-serialized list of scopes the user consented to"
1312
+ }),
1313
+ created_at: Field.datetime({
1314
+ label: "Created At",
1315
+ defaultValue: "NOW()",
1316
+ readonly: true
1317
+ }),
1318
+ updated_at: Field.datetime({
1319
+ label: "Updated At",
1320
+ defaultValue: "NOW()",
1321
+ readonly: true
1322
+ })
1323
+ },
1324
+ indexes: [
1325
+ { fields: ["client_id"] },
1326
+ { fields: ["user_id"] }
1327
+ ],
1328
+ enable: {
1329
+ trackHistory: false,
1330
+ searchable: false,
1331
+ apiEnabled: false,
1332
+ apiMethods: [],
1333
+ trash: false,
1334
+ mru: false
1335
+ }
1336
+ });
1337
+ var SysJwks = ObjectSchema.create({
1338
+ name: "sys_jwks",
1339
+ label: "JWKS Key",
1340
+ pluralLabel: "JWKS Keys",
1341
+ icon: "key",
1342
+ isSystem: true,
1343
+ description: "Asymmetric key pairs used to sign and verify issued JWTs",
1344
+ compactLayout: ["id", "created_at", "expires_at"],
1345
+ fields: {
1346
+ id: Field.text({
1347
+ label: "Key ID",
1348
+ required: true,
1349
+ readonly: true,
1350
+ description: "JWK `kid` value"
1351
+ }),
1352
+ public_key: Field.textarea({
1353
+ label: "Public Key",
1354
+ required: true,
1355
+ description: "JSON-serialized JWK public key"
1356
+ }),
1357
+ private_key: Field.textarea({
1358
+ label: "Private Key",
1359
+ required: true,
1360
+ description: "JSON-serialized JWK private key (encrypted at rest)"
1361
+ }),
1362
+ created_at: Field.datetime({
1363
+ label: "Created At",
1364
+ required: true,
1365
+ defaultValue: "NOW()",
1366
+ readonly: true
1367
+ }),
1368
+ expires_at: Field.datetime({
1369
+ label: "Expires At",
1370
+ required: false,
1371
+ description: "When the key may no longer be used to verify tokens"
1372
+ })
1373
+ },
1374
+ enable: {
1375
+ trackHistory: false,
1376
+ searchable: false,
1377
+ apiEnabled: false,
1378
+ apiMethods: [],
1379
+ trash: false,
1380
+ mru: false
1381
+ }
1382
+ });
1383
+ var SysRole = ObjectSchema.create({
1384
+ name: "sys_role",
1385
+ label: "Role",
1386
+ pluralLabel: "Roles",
1387
+ icon: "shield",
1388
+ isSystem: true,
1389
+ description: "Role definitions for RBAC access control",
1390
+ displayNameField: "label",
1391
+ titleFormat: "{label}",
1392
+ compactLayout: ["label", "name", "active", "is_default"],
1393
+ fields: {
1394
+ // ── Identity ─────────────────────────────────────────────────
1395
+ label: Field.text({
1396
+ label: "Display Name",
1397
+ required: true,
1398
+ searchable: true,
1399
+ maxLength: 255,
1400
+ group: "Identity"
1401
+ }),
1402
+ name: Field.text({
1403
+ label: "API Name",
1404
+ required: true,
1405
+ searchable: true,
1406
+ maxLength: 100,
1407
+ description: "Unique machine name for the role (e.g. admin, editor, viewer)",
1408
+ group: "Identity"
1409
+ }),
1410
+ description: Field.textarea({
1411
+ label: "Description",
1412
+ required: false,
1413
+ group: "Identity"
1414
+ }),
1415
+ // ── Configuration ────────────────────────────────────────────
1416
+ permissions: Field.textarea({
1417
+ label: "Permissions",
1418
+ required: false,
1419
+ description: "JSON-serialized array of permission strings",
1420
+ group: "Configuration"
1421
+ }),
1422
+ // ── Status ───────────────────────────────────────────────────
1423
+ active: Field.boolean({
1424
+ label: "Active",
1425
+ defaultValue: true,
1426
+ group: "Status"
1427
+ }),
1428
+ is_default: Field.boolean({
1429
+ label: "Default Role",
1430
+ defaultValue: false,
1431
+ description: "Automatically assigned to new users",
1432
+ group: "Status"
1433
+ }),
1434
+ // ── System ───────────────────────────────────────────────────
1435
+ id: Field.text({
1436
+ label: "Role ID",
1437
+ required: true,
1438
+ readonly: true,
1439
+ group: "System"
1440
+ }),
1441
+ created_at: Field.datetime({
1442
+ label: "Created At",
1443
+ defaultValue: "NOW()",
1444
+ readonly: true,
1445
+ group: "System"
1446
+ }),
1447
+ updated_at: Field.datetime({
1448
+ label: "Updated At",
1449
+ defaultValue: "NOW()",
1450
+ readonly: true,
1451
+ group: "System"
1452
+ })
1453
+ },
1454
+ indexes: [
1455
+ { fields: ["name"], unique: true },
1456
+ { fields: ["active"] }
1457
+ ],
1458
+ enable: {
1459
+ trackHistory: true,
1460
+ searchable: true,
1461
+ apiEnabled: true,
1462
+ apiMethods: ["get", "list", "create", "update", "delete"],
1463
+ trash: true,
1464
+ mru: true
1465
+ }
1466
+ });
1467
+ var SysPermissionSet = ObjectSchema.create({
1468
+ name: "sys_permission_set",
1469
+ label: "Permission Set",
1470
+ pluralLabel: "Permission Sets",
1471
+ icon: "lock",
1472
+ isSystem: true,
1473
+ description: "Named permission groupings for fine-grained access control",
1474
+ displayNameField: "label",
1475
+ titleFormat: "{label}",
1476
+ compactLayout: ["label", "name", "active"],
1477
+ fields: {
1478
+ // ── Identity ─────────────────────────────────────────────────
1479
+ label: Field.text({
1480
+ label: "Display Name",
1481
+ required: true,
1482
+ searchable: true,
1483
+ maxLength: 255,
1484
+ group: "Identity"
1485
+ }),
1486
+ name: Field.text({
1487
+ label: "API Name",
1488
+ required: true,
1489
+ searchable: true,
1490
+ maxLength: 100,
1491
+ description: "Unique machine name for the permission set",
1492
+ group: "Identity"
1493
+ }),
1494
+ description: Field.textarea({
1495
+ label: "Description",
1496
+ required: false,
1497
+ group: "Identity"
1498
+ }),
1499
+ // ── Permissions ──────────────────────────────────────────────
1500
+ object_permissions: Field.textarea({
1501
+ label: "Object Permissions",
1502
+ required: false,
1503
+ description: "JSON-serialized object-level CRUD permissions",
1504
+ group: "Permissions"
1505
+ }),
1506
+ field_permissions: Field.textarea({
1507
+ label: "Field Permissions",
1508
+ required: false,
1509
+ description: "JSON-serialized field-level read/write permissions",
1510
+ group: "Permissions"
1511
+ }),
1512
+ // ── Status ───────────────────────────────────────────────────
1513
+ active: Field.boolean({
1514
+ label: "Active",
1515
+ defaultValue: true,
1516
+ group: "Status"
1517
+ }),
1518
+ // ── System ───────────────────────────────────────────────────
1519
+ id: Field.text({
1520
+ label: "Permission Set ID",
1521
+ required: true,
1522
+ readonly: true,
1523
+ group: "System"
1524
+ }),
1525
+ created_at: Field.datetime({
1526
+ label: "Created At",
1527
+ defaultValue: "NOW()",
1528
+ readonly: true,
1529
+ group: "System"
1530
+ }),
1531
+ updated_at: Field.datetime({
1532
+ label: "Updated At",
1533
+ defaultValue: "NOW()",
1534
+ readonly: true,
1535
+ group: "System"
1536
+ })
1537
+ },
1538
+ indexes: [
1539
+ { fields: ["name"], unique: true },
1540
+ { fields: ["active"] }
1541
+ ],
1542
+ enable: {
1543
+ trackHistory: true,
1544
+ searchable: true,
1545
+ apiEnabled: true,
1546
+ apiMethods: ["get", "list", "create", "update", "delete"],
1547
+ trash: true,
1548
+ mru: true
1549
+ }
1550
+ });
1551
+ var SysAuditLog = ObjectSchema.create({
1552
+ name: "sys_audit_log",
1553
+ label: "Audit Log",
1554
+ pluralLabel: "Audit Logs",
1555
+ icon: "scroll-text",
1556
+ isSystem: true,
1557
+ description: "Immutable audit trail for platform events",
1558
+ displayNameField: "action",
1559
+ titleFormat: "{action} \xB7 {object_name}",
1560
+ compactLayout: ["created_at", "action", "object_name", "record_id", "user_id"],
1561
+ fields: {
1562
+ // ── Event ────────────────────────────────────────────────────
1563
+ created_at: Field.datetime({
1564
+ label: "Timestamp",
1565
+ required: true,
1566
+ defaultValue: "NOW()",
1567
+ readonly: true,
1568
+ group: "Event"
1569
+ }),
1570
+ action: Field.select(
1571
+ ["create", "update", "delete", "restore", "login", "logout", "permission_change", "config_change", "export", "import"],
1572
+ {
1573
+ label: "Action",
1574
+ required: true,
1575
+ readonly: true,
1576
+ searchable: true,
1577
+ description: "Action type (snake_case)",
1578
+ group: "Event"
1579
+ }
1580
+ ),
1581
+ user_id: Field.lookup("sys_user", {
1582
+ label: "Actor",
1583
+ required: false,
1584
+ readonly: true,
1585
+ searchable: true,
1586
+ description: "User who performed the action (null for system actions)",
1587
+ group: "Event"
1588
+ }),
1589
+ // ── Target record ────────────────────────────────────────────
1590
+ object_name: Field.text({
1591
+ label: "Object",
1592
+ required: false,
1593
+ readonly: true,
1594
+ searchable: true,
1595
+ maxLength: 255,
1596
+ description: "Target object (e.g. sys_user, project_task)",
1597
+ group: "Target"
1598
+ }),
1599
+ record_id: Field.text({
1600
+ label: "Record ID",
1601
+ required: false,
1602
+ readonly: true,
1603
+ searchable: true,
1604
+ description: "ID of the affected record",
1605
+ group: "Target"
1606
+ }),
1607
+ // ── Change payload ───────────────────────────────────────────
1608
+ old_value: Field.textarea({
1609
+ label: "Old Value",
1610
+ required: false,
1611
+ readonly: true,
1612
+ description: "JSON-serialized previous state",
1613
+ group: "Changes"
1614
+ }),
1615
+ new_value: Field.textarea({
1616
+ label: "New Value",
1617
+ required: false,
1618
+ readonly: true,
1619
+ description: "JSON-serialized new state",
1620
+ group: "Changes"
1621
+ }),
1622
+ // ── Client fingerprint ───────────────────────────────────────
1623
+ ip_address: Field.text({
1624
+ label: "IP Address",
1625
+ required: false,
1626
+ readonly: true,
1627
+ maxLength: 45,
1628
+ group: "Client"
1629
+ }),
1630
+ user_agent: Field.textarea({
1631
+ label: "User Agent",
1632
+ required: false,
1633
+ readonly: true,
1634
+ group: "Client"
1635
+ }),
1636
+ // ── Context ──────────────────────────────────────────────────
1637
+ tenant_id: Field.lookup("sys_organization", {
1638
+ label: "Tenant",
1639
+ required: false,
1640
+ readonly: true,
1641
+ description: "Tenant context for multi-tenant isolation",
1642
+ group: "Context"
1643
+ }),
1644
+ metadata: Field.textarea({
1645
+ label: "Metadata",
1646
+ required: false,
1647
+ readonly: true,
1648
+ description: "JSON-serialized additional context",
1649
+ group: "Context"
1650
+ }),
1651
+ // ── System ───────────────────────────────────────────────────
1652
+ id: Field.text({
1653
+ label: "Audit Log ID",
1654
+ required: true,
1655
+ readonly: true,
1656
+ group: "System"
1657
+ })
1658
+ },
1659
+ indexes: [
1660
+ { fields: ["created_at"] },
1661
+ { fields: ["user_id"] },
1662
+ { fields: ["object_name", "record_id"] },
1663
+ { fields: ["action"] },
1664
+ { fields: ["tenant_id"] }
1665
+ ],
1666
+ enable: {
1667
+ trackHistory: false,
1668
+ // Audit logs are themselves the audit trail
1669
+ searchable: true,
1670
+ apiEnabled: true,
1671
+ apiMethods: ["get", "list"],
1672
+ // Read-only — creation happens via internal system hooks only
1673
+ trash: false,
1674
+ // Never soft-delete audit logs
1675
+ mru: false,
1676
+ clone: false
1677
+ }
1678
+ });
1679
+ var SysPresence = ObjectSchema.create({
1680
+ name: "sys_presence",
1681
+ label: "Presence",
1682
+ pluralLabel: "Presences",
1683
+ icon: "wifi",
1684
+ isSystem: true,
1685
+ description: "Real-time user presence and activity tracking",
1686
+ titleFormat: "{user_id} ({status})",
1687
+ compactLayout: ["user_id", "status", "last_seen"],
1688
+ fields: {
1689
+ id: Field.text({
1690
+ label: "Presence ID",
1691
+ required: true,
1692
+ readonly: true
1693
+ }),
1694
+ created_at: Field.datetime({
1695
+ label: "Created At",
1696
+ defaultValue: "NOW()",
1697
+ readonly: true
1698
+ }),
1699
+ updated_at: Field.datetime({
1700
+ label: "Updated At",
1701
+ defaultValue: "NOW()",
1702
+ readonly: true
1703
+ }),
1704
+ user_id: Field.lookup("sys_user", {
1705
+ label: "User",
1706
+ required: true,
1707
+ searchable: true
1708
+ }),
1709
+ session_id: Field.lookup("sys_session", {
1710
+ label: "Session",
1711
+ required: true
1712
+ }),
1713
+ status: Field.select({
1714
+ label: "Status",
1715
+ required: true,
1716
+ defaultValue: "online",
1717
+ options: [
1718
+ { value: "online", label: "Online" },
1719
+ { value: "away", label: "Away" },
1720
+ { value: "busy", label: "Busy" },
1721
+ { value: "offline", label: "Offline" }
1722
+ ]
1723
+ }),
1724
+ last_seen: Field.datetime({
1725
+ label: "Last Seen",
1726
+ required: true,
1727
+ defaultValue: "NOW()"
1728
+ }),
1729
+ current_location: Field.text({
1730
+ label: "Current Location",
1731
+ required: false,
1732
+ maxLength: 500
1733
+ }),
1734
+ device: Field.select({
1735
+ label: "Device",
1736
+ required: false,
1737
+ options: [
1738
+ { value: "desktop", label: "Desktop" },
1739
+ { value: "mobile", label: "Mobile" },
1740
+ { value: "tablet", label: "Tablet" },
1741
+ { value: "other", label: "Other" }
1742
+ ]
1743
+ }),
1744
+ custom_status: Field.text({
1745
+ label: "Custom Status",
1746
+ required: false,
1747
+ maxLength: 255
1748
+ }),
1749
+ metadata: Field.json({
1750
+ label: "Metadata",
1751
+ required: false,
1752
+ description: "Arbitrary JSON metadata associated with the presence state (matches PresenceStateSchema.metadata)."
1753
+ })
1754
+ },
1755
+ indexes: [
1756
+ { fields: ["user_id"], unique: false },
1757
+ { fields: ["session_id"], unique: true },
1758
+ { fields: ["status"], unique: false }
1759
+ ],
1760
+ enable: {
1761
+ trackHistory: false,
1762
+ searchable: false,
1763
+ apiEnabled: true,
1764
+ apiMethods: ["get", "list", "create", "update", "delete"],
1765
+ trash: false,
1766
+ mru: false
1767
+ }
1768
+ });
1769
+ var SysActivity = ObjectSchema.create({
1770
+ name: "sys_activity",
1771
+ label: "Activity",
1772
+ pluralLabel: "Activities",
1773
+ icon: "activity",
1774
+ isSystem: true,
1775
+ description: "Recent activity stream entries (lightweight, denormalized)",
1776
+ displayNameField: "summary",
1777
+ titleFormat: "{type} \xB7 {summary}",
1778
+ compactLayout: ["timestamp", "type", "actor_name", "summary"],
1779
+ fields: {
1780
+ id: Field.text({
1781
+ label: "Activity ID",
1782
+ required: true,
1783
+ readonly: true,
1784
+ group: "System"
1785
+ }),
1786
+ timestamp: Field.datetime({
1787
+ label: "Timestamp",
1788
+ required: true,
1789
+ defaultValue: "NOW()",
1790
+ readonly: true,
1791
+ group: "Event"
1792
+ }),
1793
+ type: Field.select(
1794
+ [
1795
+ "created",
1796
+ "updated",
1797
+ "deleted",
1798
+ "commented",
1799
+ "mentioned",
1800
+ "shared",
1801
+ "assigned",
1802
+ "completed",
1803
+ "login",
1804
+ "logout",
1805
+ "system"
1806
+ ],
1807
+ {
1808
+ label: "Type",
1809
+ required: true,
1810
+ readonly: true,
1811
+ searchable: true,
1812
+ group: "Event"
1813
+ }
1814
+ ),
1815
+ summary: Field.text({
1816
+ label: "Summary",
1817
+ required: true,
1818
+ readonly: true,
1819
+ maxLength: 500,
1820
+ searchable: true,
1821
+ description: "Human-readable one-line summary",
1822
+ group: "Event"
1823
+ }),
1824
+ // ── Actor ───────────────────────────────────────────────────
1825
+ actor_id: Field.lookup("sys_user", {
1826
+ label: "Actor",
1827
+ required: false,
1828
+ readonly: true,
1829
+ searchable: true,
1830
+ group: "Actor"
1831
+ }),
1832
+ actor_name: Field.text({
1833
+ label: "Actor Name",
1834
+ required: false,
1835
+ readonly: true,
1836
+ group: "Actor"
1837
+ }),
1838
+ actor_avatar_url: Field.url({
1839
+ label: "Actor Avatar",
1840
+ required: false,
1841
+ readonly: true,
1842
+ group: "Actor"
1843
+ }),
1844
+ // ── Target ───────────────────────────────────────────────────
1845
+ object_name: Field.text({
1846
+ label: "Object",
1847
+ required: false,
1848
+ readonly: true,
1849
+ searchable: true,
1850
+ maxLength: 255,
1851
+ description: "Target object short name (e.g. account, sys_user)",
1852
+ group: "Target"
1853
+ }),
1854
+ record_id: Field.text({
1855
+ label: "Record ID",
1856
+ required: false,
1857
+ readonly: true,
1858
+ searchable: true,
1859
+ group: "Target"
1860
+ }),
1861
+ record_label: Field.text({
1862
+ label: "Record Label",
1863
+ required: false,
1864
+ readonly: true,
1865
+ maxLength: 255,
1866
+ description: "Display label of the target record at write time",
1867
+ group: "Target"
1868
+ }),
1869
+ url: Field.url({
1870
+ label: "URL",
1871
+ required: false,
1872
+ readonly: true,
1873
+ description: "Optional deep-link to the activity target",
1874
+ group: "Target"
1875
+ }),
1876
+ // ── Context ──────────────────────────────────────────────────
1877
+ project_id: Field.lookup("sys_project", {
1878
+ label: "Project",
1879
+ required: false,
1880
+ readonly: true,
1881
+ searchable: true,
1882
+ description: "Project context (multi-project deployments)",
1883
+ group: "Context"
1884
+ }),
1885
+ metadata: Field.textarea({
1886
+ label: "Metadata",
1887
+ required: false,
1888
+ readonly: true,
1889
+ description: "JSON-serialized additional context",
1890
+ group: "Context"
1891
+ })
1892
+ },
1893
+ indexes: [
1894
+ { fields: ["timestamp"] },
1895
+ { fields: ["actor_id"] },
1896
+ { fields: ["object_name", "record_id"] },
1897
+ { fields: ["type"] },
1898
+ { fields: ["project_id"] }
1899
+ ],
1900
+ enable: {
1901
+ trackHistory: false,
1902
+ searchable: true,
1903
+ apiEnabled: true,
1904
+ apiMethods: ["get", "list"],
1905
+ trash: false,
1906
+ mru: false,
1907
+ clone: false
1908
+ }
1909
+ });
1910
+ var SysComment = ObjectSchema.create({
1911
+ name: "sys_comment",
1912
+ label: "Comment",
1913
+ pluralLabel: "Comments",
1914
+ icon: "message-square",
1915
+ isSystem: true,
1916
+ description: "Threaded comments attached to records via thread_id",
1917
+ displayNameField: "body",
1918
+ titleFormat: "{author_name}: {body}",
1919
+ compactLayout: ["created_at", "author_name", "body"],
1920
+ fields: {
1921
+ id: Field.text({
1922
+ label: "Comment ID",
1923
+ required: true,
1924
+ readonly: true,
1925
+ group: "System"
1926
+ }),
1927
+ // ── Thread ───────────────────────────────────────────────────
1928
+ thread_id: Field.text({
1929
+ label: "Thread",
1930
+ required: true,
1931
+ searchable: true,
1932
+ maxLength: 255,
1933
+ description: "Thread identifier \u2014 conventionally `{object}:{record_id}` (e.g. `sys_user:abc123`)",
1934
+ group: "Thread"
1935
+ }),
1936
+ parent_id: Field.lookup("sys_comment", {
1937
+ label: "Parent Comment",
1938
+ required: false,
1939
+ description: "Optional parent comment for nested replies",
1940
+ group: "Thread"
1941
+ }),
1942
+ reply_count: Field.number({
1943
+ label: "Reply Count",
1944
+ defaultValue: 0,
1945
+ readonly: true,
1946
+ group: "Thread"
1947
+ }),
1948
+ // ── Author ───────────────────────────────────────────────────
1949
+ author_id: Field.lookup("sys_user", {
1950
+ label: "Author",
1951
+ required: true,
1952
+ searchable: true,
1953
+ group: "Author"
1954
+ }),
1955
+ author_name: Field.text({
1956
+ label: "Author Name",
1957
+ required: false,
1958
+ group: "Author"
1959
+ }),
1960
+ author_avatar_url: Field.url({
1961
+ label: "Author Avatar",
1962
+ required: false,
1963
+ group: "Author"
1964
+ }),
1965
+ // ── Body ─────────────────────────────────────────────────────
1966
+ body: Field.textarea({
1967
+ label: "Body",
1968
+ required: true,
1969
+ searchable: true,
1970
+ description: "Comment text (Markdown supported)",
1971
+ group: "Body"
1972
+ }),
1973
+ mentions: Field.textarea({
1974
+ label: "Mentions",
1975
+ required: false,
1976
+ description: "JSON array of @mention objects",
1977
+ group: "Body"
1978
+ }),
1979
+ reactions: Field.textarea({
1980
+ label: "Reactions",
1981
+ required: false,
1982
+ description: "JSON array of emoji reaction objects",
1983
+ group: "Body"
1984
+ }),
1985
+ // ── Lifecycle ────────────────────────────────────────────────
1986
+ is_edited: Field.boolean({
1987
+ label: "Edited",
1988
+ defaultValue: false,
1989
+ group: "Lifecycle"
1990
+ }),
1991
+ edited_at: Field.datetime({
1992
+ label: "Edited At",
1993
+ required: false,
1994
+ group: "Lifecycle"
1995
+ }),
1996
+ visibility: Field.select(
1997
+ ["public", "internal", "private"],
1998
+ {
1999
+ label: "Visibility",
2000
+ defaultValue: "public",
2001
+ group: "Lifecycle"
2002
+ }
2003
+ ),
2004
+ created_at: Field.datetime({
2005
+ label: "Created At",
2006
+ required: true,
2007
+ defaultValue: "NOW()",
2008
+ readonly: true,
2009
+ group: "System"
2010
+ }),
2011
+ updated_at: Field.datetime({
2012
+ label: "Updated At",
2013
+ required: false,
2014
+ group: "System"
2015
+ })
2016
+ },
2017
+ indexes: [
2018
+ { fields: ["thread_id", "created_at"] },
2019
+ { fields: ["parent_id"] },
2020
+ { fields: ["author_id"] }
2021
+ ],
2022
+ enable: {
2023
+ trackHistory: true,
2024
+ searchable: true,
2025
+ apiEnabled: true,
2026
+ trash: true,
2027
+ mru: false,
2028
+ clone: false
2029
+ }
2030
+ });
2031
+ var SysProject = ObjectSchema.create({
2032
+ name: "sys_project",
2033
+ label: "Project",
2034
+ pluralLabel: "Projects",
2035
+ icon: "layers",
2036
+ isSystem: true,
2037
+ description: "Control-plane registry of tenant projects (prod/test/dev/sandbox).",
2038
+ titleFormat: "{display_name}",
2039
+ compactLayout: ["display_name", "status", "is_default"],
2040
+ fields: {
2041
+ id: Field.text({
2042
+ label: "Project ID",
2043
+ required: true,
2044
+ readonly: true,
2045
+ description: "UUID of the project (stable, never reused)."
2046
+ }),
2047
+ created_at: Field.datetime({
2048
+ label: "Created At",
2049
+ defaultValue: "NOW()",
2050
+ readonly: true,
2051
+ description: "Creation timestamp."
2052
+ }),
2053
+ updated_at: Field.datetime({
2054
+ label: "Updated At",
2055
+ defaultValue: "NOW()",
2056
+ readonly: true,
2057
+ description: "Last update timestamp."
2058
+ }),
2059
+ organization_id: Field.lookup("sys_organization", {
2060
+ label: "Organization",
2061
+ required: true,
2062
+ description: "Foreign key to sys_organization."
2063
+ }),
2064
+ display_name: Field.text({
2065
+ label: "Display Name",
2066
+ required: true,
2067
+ maxLength: 255,
2068
+ description: "Display name shown in Studio and APIs."
2069
+ }),
2070
+ is_default: Field.boolean({
2071
+ label: "Is Default",
2072
+ required: true,
2073
+ defaultValue: false,
2074
+ description: "Whether this is the default project for the organization. Exactly one per org."
2075
+ }),
2076
+ is_system: Field.boolean({
2077
+ label: "Is System",
2078
+ required: true,
2079
+ defaultValue: false,
2080
+ description: "Whether this is a system project (platform infrastructure, not user data)."
2081
+ }),
2082
+ plan: Field.select({
2083
+ label: "Plan",
2084
+ required: true,
2085
+ defaultValue: "free",
2086
+ description: "Plan tier applied to this project for quota and billing.",
2087
+ options: [
2088
+ { value: "free", label: "Free" },
2089
+ { value: "starter", label: "Starter" },
2090
+ { value: "pro", label: "Pro" },
2091
+ { value: "enterprise", label: "Enterprise" },
2092
+ { value: "custom", label: "Custom" }
2093
+ ]
2094
+ }),
2095
+ status: Field.select({
2096
+ label: "Status",
2097
+ required: true,
2098
+ defaultValue: "provisioning",
2099
+ description: "Project lifecycle status.",
2100
+ options: [
2101
+ { value: "provisioning", label: "Provisioning" },
2102
+ { value: "active", label: "Active" },
2103
+ { value: "suspended", label: "Suspended" },
2104
+ { value: "archived", label: "Archived" },
2105
+ { value: "failed", label: "Failed" },
2106
+ { value: "migrating", label: "Migrating" }
2107
+ ]
2108
+ }),
2109
+ created_by: Field.lookup("sys_user", {
2110
+ label: "Created By",
2111
+ required: true,
2112
+ description: "User that created the project."
2113
+ }),
2114
+ database_url: Field.url({
2115
+ label: "Database URL",
2116
+ required: false,
2117
+ description: "Connection URL for the project database (e.g. libsql://proj-uuid.turso.io). Set after provisioning."
2118
+ }),
2119
+ database_driver: Field.text({
2120
+ label: "Database Driver",
2121
+ required: false,
2122
+ maxLength: 50,
2123
+ description: "Data-plane driver key (turso, libsql, sqlite, memory, postgres)."
2124
+ }),
2125
+ storage_limit_mb: Field.number({
2126
+ label: "Storage Limit (MB)",
2127
+ required: false,
2128
+ defaultValue: 1024,
2129
+ description: "Storage quota in megabytes."
2130
+ }),
2131
+ provisioned_at: Field.datetime({
2132
+ label: "Provisioned At",
2133
+ required: false,
2134
+ description: "When the physical database was provisioned."
2135
+ }),
2136
+ metadata: Field.textarea({
2137
+ label: "Metadata",
2138
+ required: false,
2139
+ description: "JSON-serialized free-form metadata (feature flags, tags, \u2026)."
2140
+ }),
2141
+ hostname: Field.text({
2142
+ label: "Hostname",
2143
+ required: false,
2144
+ maxLength: 255,
2145
+ unique: true,
2146
+ description: "Canonical hostname for this project (e.g. acme-dev.objectstack.app or api.acme.com). UNIQUE. Auto-set on creation; can be overridden for custom domains."
2147
+ })
2148
+ },
2149
+ indexes: [
2150
+ { fields: ["organization_id"] },
2151
+ { fields: ["organization_id", "is_default"] },
2152
+ { fields: ["status"] },
2153
+ { fields: ["database_driver"] },
2154
+ { fields: ["hostname"], unique: true }
2155
+ ],
2156
+ enable: {
2157
+ trackHistory: true,
2158
+ searchable: true,
2159
+ apiEnabled: true,
2160
+ apiMethods: ["get", "list", "create", "update", "delete"],
2161
+ trash: false,
2162
+ mru: true
2163
+ }
2164
+ });
2165
+ var SysProjectMember = ObjectSchema.create({
2166
+ name: "sys_project_member",
2167
+ label: "Project Member",
2168
+ pluralLabel: "Project Members",
2169
+ icon: "users",
2170
+ isSystem: true,
2171
+ description: "Per-project user/role assignments.",
2172
+ titleFormat: "{user_id} @ {project_id}",
2173
+ compactLayout: ["user_id", "project_id", "role"],
2174
+ fields: {
2175
+ id: Field.text({
2176
+ label: "Membership ID",
2177
+ required: true,
2178
+ readonly: true,
2179
+ description: "UUID of the membership."
2180
+ }),
2181
+ created_at: Field.datetime({
2182
+ label: "Created At",
2183
+ defaultValue: "NOW()",
2184
+ readonly: true,
2185
+ description: "Creation timestamp."
2186
+ }),
2187
+ updated_at: Field.datetime({
2188
+ label: "Updated At",
2189
+ defaultValue: "NOW()",
2190
+ readonly: true,
2191
+ description: "Last update timestamp."
2192
+ }),
2193
+ project_id: Field.lookup("sys_project", {
2194
+ label: "Project",
2195
+ required: true,
2196
+ description: "Foreign key to sys_project."
2197
+ }),
2198
+ user_id: Field.lookup("sys_user", {
2199
+ label: "User",
2200
+ required: true,
2201
+ description: "Foreign key to sys_user."
2202
+ }),
2203
+ role: Field.select({
2204
+ label: "Role",
2205
+ required: true,
2206
+ description: "Per-project role (owner/admin/maker/reader/guest).",
2207
+ options: [
2208
+ { value: "owner", label: "Owner" },
2209
+ { value: "admin", label: "Administrator" },
2210
+ { value: "maker", label: "Maker / Developer" },
2211
+ { value: "reader", label: "Reader" },
2212
+ { value: "guest", label: "Guest" }
2213
+ ]
2214
+ }),
2215
+ invited_by: Field.lookup("sys_user", {
2216
+ label: "Invited By",
2217
+ required: true,
2218
+ description: "User that granted this membership."
2219
+ })
2220
+ },
2221
+ indexes: [
2222
+ { fields: ["project_id", "user_id"], unique: true },
2223
+ { fields: ["project_id"] },
2224
+ { fields: ["user_id"] },
2225
+ { fields: ["role"] }
2226
+ ],
2227
+ enable: {
2228
+ trackHistory: true,
2229
+ searchable: true,
2230
+ apiEnabled: true,
2231
+ apiMethods: ["get", "list", "create", "update", "delete"],
2232
+ trash: true,
2233
+ mru: false
2234
+ }
2235
+ });
2236
+ var SysProjectCredential = ObjectSchema.create({
2237
+ name: "sys_project_credential",
2238
+ label: "Project Credential",
2239
+ pluralLabel: "Project Credentials",
2240
+ icon: "key",
2241
+ isSystem: true,
2242
+ description: "Rotatable encrypted credentials for project databases.",
2243
+ titleFormat: "{id}",
2244
+ compactLayout: ["project_id", "status", "authorization", "expires_at"],
2245
+ fields: {
2246
+ id: Field.text({
2247
+ label: "Credential ID",
2248
+ required: true,
2249
+ readonly: true,
2250
+ description: "UUID of the credential."
2251
+ }),
2252
+ created_at: Field.datetime({
2253
+ label: "Created At",
2254
+ defaultValue: "NOW()",
2255
+ readonly: true,
2256
+ description: "Creation timestamp."
2257
+ }),
2258
+ updated_at: Field.datetime({
2259
+ label: "Updated At",
2260
+ defaultValue: "NOW()",
2261
+ readonly: true,
2262
+ description: "Last update timestamp."
2263
+ }),
2264
+ project_id: Field.lookup("sys_project", {
2265
+ label: "Project",
2266
+ required: true,
2267
+ description: "Foreign key to sys_project."
2268
+ }),
2269
+ secret_ciphertext: Field.textarea({
2270
+ label: "Secret Ciphertext",
2271
+ required: true,
2272
+ description: "Encrypted auth token or secret (never store plaintext)."
2273
+ }),
2274
+ encryption_key_id: Field.text({
2275
+ label: "Encryption Key ID",
2276
+ required: true,
2277
+ maxLength: 255,
2278
+ description: "KMS/encryption key ID that produced the ciphertext."
2279
+ }),
2280
+ authorization: Field.select({
2281
+ label: "Authorization",
2282
+ required: true,
2283
+ defaultValue: "full_access",
2284
+ description: "Authorization scope for this credential.",
2285
+ options: [
2286
+ { value: "full_access", label: "Full Access" },
2287
+ { value: "read_only", label: "Read Only" }
2288
+ ]
2289
+ }),
2290
+ status: Field.select({
2291
+ label: "Status",
2292
+ required: true,
2293
+ defaultValue: "active",
2294
+ description: "Credential lifecycle status.",
2295
+ options: [
2296
+ { value: "active", label: "Active" },
2297
+ { value: "rotating", label: "Rotating" },
2298
+ { value: "revoked", label: "Revoked" }
2299
+ ]
2300
+ }),
2301
+ expires_at: Field.datetime({
2302
+ label: "Expires At",
2303
+ required: false,
2304
+ description: "Optional expiry \u2014 after this timestamp the credential must be rotated."
2305
+ }),
2306
+ revoked_at: Field.datetime({
2307
+ label: "Revoked At",
2308
+ required: false,
2309
+ description: "Timestamp when the credential was revoked (null while active)."
2310
+ })
2311
+ },
2312
+ indexes: [
2313
+ { fields: ["project_id"] },
2314
+ { fields: ["project_id", "status"] },
2315
+ { fields: ["status"] },
2316
+ { fields: ["expires_at"] }
2317
+ ],
2318
+ enable: {
2319
+ trackHistory: true,
2320
+ searchable: false,
2321
+ apiEnabled: true,
2322
+ apiMethods: ["get", "list", "create", "update"],
2323
+ trash: false,
2324
+ mru: false
2325
+ }
2326
+ });
2327
+ var SysApp = ObjectSchema.create({
2328
+ name: "sys_app",
2329
+ label: "App",
2330
+ pluralLabel: "Apps",
2331
+ icon: "layout-grid",
2332
+ isSystem: true,
2333
+ description: "Org-scoped catalog of apps across all projects (sys_app).",
2334
+ titleFormat: "{label}",
2335
+ compactLayout: ["label", "project_name", "source", "active"],
2336
+ fields: {
2337
+ id: Field.text({
2338
+ label: "App Catalog ID",
2339
+ required: true,
2340
+ readonly: true,
2341
+ description: "UUID of this catalog entry (stable, never reused)."
2342
+ }),
2343
+ created_at: Field.datetime({
2344
+ label: "Created At",
2345
+ defaultValue: "NOW()",
2346
+ readonly: true,
2347
+ description: "Creation timestamp (ISO-8601)."
2348
+ }),
2349
+ updated_at: Field.datetime({
2350
+ label: "Updated At",
2351
+ defaultValue: "NOW()",
2352
+ readonly: true,
2353
+ description: "Last update timestamp (ISO-8601)."
2354
+ }),
2355
+ organization_id: Field.lookup("sys_organization", {
2356
+ label: "Organization",
2357
+ required: true,
2358
+ description: "Foreign key to sys_organization. Drives tenant isolation \u2014 ControlPlaneProxyDriver auto-injects this filter on all reads."
2359
+ }),
2360
+ project_id: Field.lookup("sys_project", {
2361
+ label: "Project",
2362
+ required: true,
2363
+ description: "Foreign key to sys_project. The project this app lives in."
2364
+ }),
2365
+ project_name: Field.text({
2366
+ label: "Project Name",
2367
+ required: false,
2368
+ description: "Denormalized project display name. Cached here so the catalog list avoids a JOIN against sys_project for card rendering."
2369
+ }),
2370
+ name: Field.text({
2371
+ label: "App Name",
2372
+ required: true,
2373
+ description: "Short, machine name of the app (snake_case). Unique within a project."
2374
+ }),
2375
+ label: Field.text({
2376
+ label: "Display Label",
2377
+ required: false,
2378
+ description: "Human-readable display label shown on the catalog card."
2379
+ }),
2380
+ icon: Field.text({
2381
+ label: "Icon",
2382
+ required: false,
2383
+ description: "Icon identifier (e.g. lucide name, emoji, or URL)."
2384
+ }),
2385
+ branding: Field.textarea({
2386
+ label: "Branding",
2387
+ required: false,
2388
+ description: "JSON-serialized branding subset (color, logo, \u2026) used for catalog rendering."
2389
+ }),
2390
+ is_default: Field.boolean({
2391
+ label: "Is Default",
2392
+ required: false,
2393
+ defaultValue: false,
2394
+ description: "Whether this is the default app for its project."
2395
+ }),
2396
+ active: Field.boolean({
2397
+ label: "Active",
2398
+ required: true,
2399
+ defaultValue: true,
2400
+ description: "Whether the app is currently enabled in its project kernel."
2401
+ }),
2402
+ source: Field.select({
2403
+ label: "Source",
2404
+ required: true,
2405
+ defaultValue: "package",
2406
+ description: "Where this app originates from.",
2407
+ options: [
2408
+ { value: "package", label: "Package" },
2409
+ { value: "user", label: "User" }
2410
+ ]
2411
+ }),
2412
+ package_id: Field.lookup("sys_package", {
2413
+ label: "Package",
2414
+ required: false,
2415
+ description: "Foreign key to sys_package when source = package. Null for user-created apps."
2416
+ })
2417
+ },
2418
+ indexes: [
2419
+ { fields: ["project_id", "name"], unique: true },
2420
+ { fields: ["organization_id"] },
2421
+ { fields: ["project_id"] }
2422
+ ],
2423
+ enable: {
2424
+ trackHistory: false,
2425
+ searchable: true,
2426
+ apiEnabled: true,
2427
+ apiMethods: ["get", "list", "create", "update", "delete"],
2428
+ trash: false,
2429
+ mru: false
2430
+ }
2431
+ });
2432
+ var SysPackage = ObjectSchema.create({
2433
+ name: "sys_package",
2434
+ label: "Package",
2435
+ pluralLabel: "Packages",
2436
+ icon: "package",
2437
+ isSystem: true,
2438
+ description: "Control-plane registry of installable packages / solutions (sys_package).",
2439
+ titleFormat: "{display_name}",
2440
+ compactLayout: ["display_name", "manifest_id", "visibility", "created_at"],
2441
+ fields: {
2442
+ id: Field.text({
2443
+ label: "Package ID",
2444
+ required: true,
2445
+ readonly: true,
2446
+ description: "UUID of the package (stable, never reused)."
2447
+ }),
2448
+ created_at: Field.datetime({
2449
+ label: "Created At",
2450
+ defaultValue: "NOW()",
2451
+ readonly: true,
2452
+ description: "Creation timestamp (ISO-8601)."
2453
+ }),
2454
+ updated_at: Field.datetime({
2455
+ label: "Updated At",
2456
+ defaultValue: "NOW()",
2457
+ readonly: true,
2458
+ description: "Last update timestamp (ISO-8601)."
2459
+ }),
2460
+ manifest_id: Field.text({
2461
+ label: "Manifest ID",
2462
+ required: true,
2463
+ readonly: true,
2464
+ maxLength: 255,
2465
+ description: "Globally unique reverse-domain package identifier (e.g. com.acme.crm). Immutable once set. Used as the stable public key for dependency declarations."
2466
+ }),
2467
+ owner_org_id: Field.lookup("sys_organization", {
2468
+ label: "Owner Organization",
2469
+ required: true,
2470
+ description: "Organization that owns and publishes this package."
2471
+ }),
2472
+ display_name: Field.text({
2473
+ label: "Display Name",
2474
+ required: true,
2475
+ maxLength: 128,
2476
+ description: "Human-readable name shown in Studio and Marketplace."
2477
+ }),
2478
+ description: Field.textarea({
2479
+ label: "Description",
2480
+ required: false,
2481
+ description: "Short package description shown in search results and install dialogs (max 512 chars)."
2482
+ }),
2483
+ readme: Field.textarea({
2484
+ label: "Readme",
2485
+ required: false,
2486
+ description: "Long-form package documentation (markdown). Displayed on the Marketplace detail page."
2487
+ }),
2488
+ visibility: Field.select({
2489
+ label: "Visibility",
2490
+ required: true,
2491
+ defaultValue: "private",
2492
+ description: "Controls who can discover and install the package. private = owner org only; org = all envs in owner org; marketplace = public registry.",
2493
+ options: [
2494
+ { value: "private", label: "Private" },
2495
+ { value: "org", label: "Organization" },
2496
+ { value: "marketplace", label: "Marketplace" }
2497
+ ]
2498
+ }),
2499
+ category: Field.text({
2500
+ label: "Category",
2501
+ required: false,
2502
+ maxLength: 100,
2503
+ description: "Primary category for Marketplace filtering (e.g. crm, hr, finance, devtools)."
2504
+ }),
2505
+ tags: Field.textarea({
2506
+ label: "Tags",
2507
+ required: false,
2508
+ description: 'JSON-serialized array of search/filter tags (e.g. ["salesforce","sync","crm"]).'
2509
+ }),
2510
+ icon_url: Field.url({
2511
+ label: "Icon URL",
2512
+ required: false,
2513
+ description: "URL to the package icon image displayed in Studio and Marketplace."
2514
+ }),
2515
+ homepage_url: Field.url({
2516
+ label: "Homepage URL",
2517
+ required: false,
2518
+ description: "URL to the package homepage or external documentation site."
2519
+ }),
2520
+ license: Field.text({
2521
+ label: "License",
2522
+ required: false,
2523
+ maxLength: 64,
2524
+ description: "SPDX license identifier (e.g. MIT, Apache-2.0, proprietary)."
2525
+ }),
2526
+ created_by: Field.lookup("sys_user", {
2527
+ label: "Created By",
2528
+ required: true,
2529
+ description: "User that registered this package in the Control Plane."
2530
+ })
2531
+ },
2532
+ indexes: [
2533
+ { fields: ["manifest_id"], unique: true },
2534
+ { fields: ["owner_org_id"] },
2535
+ { fields: ["visibility"] },
2536
+ { fields: ["owner_org_id", "visibility"] }
2537
+ ],
2538
+ enable: {
2539
+ trackHistory: false,
2540
+ searchable: true,
2541
+ apiEnabled: true,
2542
+ apiMethods: ["get", "list", "create", "update"],
2543
+ trash: false,
2544
+ mru: false
2545
+ }
2546
+ });
2547
+ var SysPackageVersion = ObjectSchema.create({
2548
+ name: "sys_package_version",
2549
+ label: "Package Version",
2550
+ pluralLabel: "Package Versions",
2551
+ icon: "tag",
2552
+ isSystem: true,
2553
+ description: "Immutable release snapshot of a package (sys_package_version).",
2554
+ titleFormat: "{package_id} v{version}",
2555
+ compactLayout: ["package_id", "version", "status", "published_at"],
2556
+ fields: {
2557
+ id: Field.text({
2558
+ label: "Version ID",
2559
+ required: true,
2560
+ readonly: true,
2561
+ description: "UUID of this package version row (stable, never reused)."
2562
+ }),
2563
+ created_at: Field.datetime({
2564
+ label: "Created At",
2565
+ defaultValue: "NOW()",
2566
+ readonly: true,
2567
+ description: "Creation timestamp (ISO-8601)."
2568
+ }),
2569
+ updated_at: Field.datetime({
2570
+ label: "Updated At",
2571
+ defaultValue: "NOW()",
2572
+ readonly: true,
2573
+ description: "Last update timestamp (ISO-8601). Only modified while status is draft."
2574
+ }),
2575
+ package_id: Field.lookup("sys_package", {
2576
+ label: "Package",
2577
+ required: true,
2578
+ description: "Foreign key to sys_package (the parent package)."
2579
+ }),
2580
+ version: Field.text({
2581
+ label: "Version",
2582
+ required: true,
2583
+ maxLength: 64,
2584
+ description: "Semantic version string (e.g. 1.2.3, 2.0.0-beta.1). Follows semver spec."
2585
+ }),
2586
+ status: Field.select({
2587
+ label: "Status",
2588
+ required: true,
2589
+ defaultValue: "draft",
2590
+ description: "Lifecycle status. draft = being authored, may be mutated. published = immutable snapshot, installable in any environment. deprecated = published but superseded; new installs blocked.",
2591
+ options: [
2592
+ { value: "draft", label: "Draft" },
2593
+ { value: "published", label: "Published" },
2594
+ { value: "deprecated", label: "Deprecated" }
2595
+ ]
2596
+ }),
2597
+ manifest_json: Field.textarea({
2598
+ label: "Manifest JSON",
2599
+ required: false,
2600
+ description: "Full package manifest serialized as JSON. Frozen on publish \u2014 writing to this field after status = published is rejected by the service layer."
2601
+ }),
2602
+ checksum: Field.text({
2603
+ label: "Checksum",
2604
+ required: false,
2605
+ maxLength: 64,
2606
+ readonly: true,
2607
+ description: "SHA-256 hex digest of manifest_json. Computed and set on publish. Used for tamper detection."
2608
+ }),
2609
+ release_notes: Field.textarea({
2610
+ label: "Release Notes",
2611
+ required: false,
2612
+ description: "Human-readable changelog for this version (markdown). Optional."
2613
+ }),
2614
+ min_platform_version: Field.text({
2615
+ label: "Min Platform Version",
2616
+ required: false,
2617
+ maxLength: 32,
2618
+ description: "Minimum ObjectStack platform version required to run this version (semver, e.g. 4.0.0). Denormalized from manifest_json for fast validation."
2619
+ }),
2620
+ is_pre_release: Field.boolean({
2621
+ label: "Pre-release",
2622
+ required: true,
2623
+ defaultValue: false,
2624
+ description: 'Whether this is a pre-release version (alpha, beta, rc). Pre-release versions are not installed by default when resolving "latest".'
2625
+ }),
2626
+ published_at: Field.datetime({
2627
+ label: "Published At",
2628
+ required: false,
2629
+ description: "Timestamp when this version was published. Null while status is draft."
2630
+ }),
2631
+ published_by: Field.lookup("sys_user", {
2632
+ label: "Published By",
2633
+ required: false,
2634
+ description: "User who published this version. Set on the draft \u2192 published transition."
2635
+ }),
2636
+ created_by: Field.lookup("sys_user", {
2637
+ label: "Created By",
2638
+ required: true,
2639
+ description: "User that created this version row."
2640
+ })
2641
+ },
2642
+ indexes: [
2643
+ { fields: ["package_id", "version"], unique: true },
2644
+ { fields: ["package_id"] },
2645
+ { fields: ["status"] },
2646
+ { fields: ["package_id", "status"] }
2647
+ ],
2648
+ enable: {
2649
+ trackHistory: false,
2650
+ searchable: false,
2651
+ apiEnabled: true,
2652
+ apiMethods: ["get", "list", "create", "update"],
2653
+ trash: false,
2654
+ mru: false
2655
+ }
2656
+ });
2657
+ var SysPackageInstallation = ObjectSchema.create({
2658
+ name: "sys_package_installation",
2659
+ label: "Package Installation",
2660
+ pluralLabel: "Package Installations",
2661
+ icon: "package",
2662
+ isSystem: true,
2663
+ description: "Per-project package installation registry (sys_package_installation).",
2664
+ titleFormat: "{package_id} @ {project_id}",
2665
+ compactLayout: ["package_version_id", "project_id", "status", "installed_at"],
2666
+ fields: {
2667
+ id: Field.text({
2668
+ label: "Installation ID",
2669
+ required: true,
2670
+ readonly: true,
2671
+ description: "UUID of this installation record (stable, never reused)."
2672
+ }),
2673
+ created_at: Field.datetime({
2674
+ label: "Created At",
2675
+ defaultValue: "NOW()",
2676
+ readonly: true,
2677
+ description: "Creation timestamp (ISO-8601)."
2678
+ }),
2679
+ updated_at: Field.datetime({
2680
+ label: "Updated At",
2681
+ defaultValue: "NOW()",
2682
+ readonly: true,
2683
+ description: "Last update timestamp \u2014 changes on upgrade, rollback, enable/disable (ISO-8601)."
2684
+ }),
2685
+ project_id: Field.lookup("sys_project", {
2686
+ label: "Project",
2687
+ required: true,
2688
+ description: "Foreign key to sys_project. The project that owns this installation."
2689
+ }),
2690
+ package_version_id: Field.lookup("sys_package_version", {
2691
+ label: "Package Version",
2692
+ required: true,
2693
+ description: "Foreign key to sys_package_version. The specific, immutable release snapshot currently installed in this project. Upgrading = swapping this field to a newer version. Rollback = swapping to an older version."
2694
+ }),
2695
+ package_id: Field.lookup("sys_package", {
2696
+ label: "Package",
2697
+ required: true,
2698
+ description: "Foreign key to sys_package. Denormalized from the linked package_version row at install time to enforce the UNIQUE (project_id, package_id) constraint without a JOIN."
2699
+ }),
2700
+ status: Field.select({
2701
+ label: "Status",
2702
+ required: true,
2703
+ defaultValue: "installed",
2704
+ description: "Current lifecycle status of this installation within the project.",
2705
+ options: [
2706
+ { value: "installed", label: "Installed" },
2707
+ { value: "installing", label: "Installing" },
2708
+ { value: "upgrading", label: "Upgrading" },
2709
+ { value: "disabled", label: "Disabled" },
2710
+ { value: "error", label: "Error" }
2711
+ ]
2712
+ }),
2713
+ enabled: Field.boolean({
2714
+ label: "Enabled",
2715
+ required: true,
2716
+ defaultValue: true,
2717
+ description: "Whether the package metadata is actively loaded into this project. Disabled packages are installed but their schema is not visible to the runtime."
2718
+ }),
2719
+ settings: Field.textarea({
2720
+ label: "Settings",
2721
+ required: false,
2722
+ description: "JSON-serialized per-installation configuration overrides. Keys mirror the package manifest configurationSchema.properties."
2723
+ }),
2724
+ installed_at: Field.datetime({
2725
+ label: "Installed At",
2726
+ required: true,
2727
+ defaultValue: "NOW()",
2728
+ description: "Timestamp when this installation was first created (ISO-8601)."
2729
+ }),
2730
+ installed_by: Field.lookup("sys_user", {
2731
+ label: "Installed By",
2732
+ required: false,
2733
+ description: "User who performed the initial install. Null for system-automated installs."
2734
+ }),
2735
+ error_message: Field.textarea({
2736
+ label: "Error Message",
2737
+ required: false,
2738
+ description: "Error details when status is error. Cleared on next successful install/upgrade."
2739
+ })
2740
+ },
2741
+ indexes: [
2742
+ { fields: ["project_id", "package_id"], unique: true },
2743
+ { fields: ["project_id"] },
2744
+ { fields: ["package_id"] },
2745
+ { fields: ["package_version_id"] },
2746
+ { fields: ["status"] }
2747
+ ],
2748
+ enable: {
2749
+ trackHistory: false,
2750
+ searchable: true,
2751
+ apiEnabled: true,
2752
+ apiMethods: ["get", "list", "create", "update", "delete"],
2753
+ trash: false,
2754
+ mru: false
2755
+ }
2756
+ });
2757
+ var SysMetadataObject = ObjectSchema.create({
2758
+ name: "sys_metadata",
2759
+ label: "System Metadata",
2760
+ pluralLabel: "System Metadata",
2761
+ icon: "settings",
2762
+ isSystem: true,
2763
+ description: "Stores platform and user-scope metadata records (objects, views, flows, etc.)",
2764
+ fields: {
2765
+ /** Primary Key (UUID) */
2766
+ id: Field.text({
2767
+ label: "ID",
2768
+ required: true,
2769
+ readonly: true
2770
+ }),
2771
+ /** Machine name — unique identifier used in code references */
2772
+ name: Field.text({
2773
+ label: "Name",
2774
+ required: true,
2775
+ searchable: true,
2776
+ maxLength: 255
2777
+ }),
2778
+ /** Metadata type (e.g. "object", "view", "flow") */
2779
+ type: Field.text({
2780
+ label: "Metadata Type",
2781
+ required: true,
2782
+ searchable: true,
2783
+ maxLength: 100
2784
+ }),
2785
+ /** Namespace / module grouping (e.g. "crm", "core") */
2786
+ namespace: Field.text({
2787
+ label: "Namespace",
2788
+ required: false,
2789
+ defaultValue: "default",
2790
+ maxLength: 100
2791
+ }),
2792
+ /** Package that owns/delivered this metadata (legacy string identifier, kept for compat) */
2793
+ package_id: Field.text({
2794
+ label: "Package ID",
2795
+ required: false,
2796
+ maxLength: 255,
2797
+ description: "Legacy package manifest ID string. Use package_version_id for new records."
2798
+ }),
2799
+ /**
2800
+ * FK → sys_package_version (UUID). Set for metadata that belongs to a specific
2801
+ * package release snapshot. NULL = platform-built-in or environment override.
2802
+ */
2803
+ package_version_id: Field.lookup("sys_package_version", {
2804
+ label: "Package Version",
2805
+ required: false,
2806
+ description: "Foreign key to sys_package_version (UUID). Null = platform-built-in or env-level override."
2807
+ }),
2808
+ /** Who manages this record: package, platform, or user */
2809
+ managed_by: Field.select(["package", "platform", "user"], {
2810
+ label: "Managed By",
2811
+ required: false
2812
+ }),
2813
+ /** Scope: system (code), platform (admin DB), user (personal DB) */
2814
+ scope: Field.select(["system", "platform", "user"], {
2815
+ label: "Scope",
2816
+ required: true,
2817
+ defaultValue: "platform"
2818
+ }),
2819
+ /** JSON payload — the actual metadata configuration */
2820
+ metadata: Field.textarea({
2821
+ label: "Metadata",
2822
+ required: true,
2823
+ description: "JSON-serialized metadata payload"
2824
+ }),
2825
+ /** Parent metadata name for extension/override */
2826
+ extends: Field.text({
2827
+ label: "Extends",
2828
+ required: false,
2829
+ maxLength: 255
2830
+ }),
2831
+ /** Merge strategy when extending parent metadata */
2832
+ strategy: Field.select(["merge", "replace"], {
2833
+ label: "Strategy",
2834
+ required: false,
2835
+ defaultValue: "merge"
2836
+ }),
2837
+ /** Owner user ID (for user-scope items) */
2838
+ owner: Field.text({
2839
+ label: "Owner",
2840
+ required: false,
2841
+ maxLength: 255
2842
+ }),
2843
+ /** Lifecycle state */
2844
+ state: Field.select(["draft", "active", "archived", "deprecated"], {
2845
+ label: "State",
2846
+ required: false,
2847
+ defaultValue: "active"
2848
+ }),
2849
+ /** Organization ID for multi-tenant isolation */
2850
+ organization_id: Field.lookup("sys_organization", {
2851
+ label: "Organization",
2852
+ required: false,
2853
+ description: "Organization for multi-tenant isolation."
2854
+ }),
2855
+ /** Project ID — null = platform-global, set = project-scoped */
2856
+ project_id: Field.lookup("sys_project", {
2857
+ label: "Project",
2858
+ required: false,
2859
+ description: "Foreign key to sys_project (UUID). Null = platform-global."
2860
+ }),
2861
+ /** Version number for optimistic concurrency */
2862
+ version: Field.number({
2863
+ label: "Version",
2864
+ required: false,
2865
+ defaultValue: 1
2866
+ }),
2867
+ /** Content checksum for change detection */
2868
+ checksum: Field.text({
2869
+ label: "Checksum",
2870
+ required: false,
2871
+ maxLength: 64
2872
+ }),
2873
+ /** Origin of this metadata record */
2874
+ source: Field.select(["filesystem", "database", "api", "migration"], {
2875
+ label: "Source",
2876
+ required: false
2877
+ }),
2878
+ /** Classification tags (JSON array) */
2879
+ tags: Field.textarea({
2880
+ label: "Tags",
2881
+ required: false,
2882
+ description: "JSON-serialized array of classification tags"
2883
+ }),
2884
+ /** Audit fields */
2885
+ created_by: Field.lookup("sys_user", {
2886
+ label: "Created By",
2887
+ required: false,
2888
+ readonly: true
2889
+ }),
2890
+ created_at: Field.datetime({
2891
+ label: "Created At",
2892
+ required: false,
2893
+ readonly: true
2894
+ }),
2895
+ updated_by: Field.lookup("sys_user", {
2896
+ label: "Updated By",
2897
+ required: false
2898
+ }),
2899
+ updated_at: Field.datetime({
2900
+ label: "Updated At",
2901
+ required: false
2902
+ })
2903
+ },
2904
+ indexes: [
2905
+ { fields: ["type", "name", "project_id"], unique: true },
2906
+ { fields: ["type", "scope"] },
2907
+ { fields: ["organization_id"] },
2908
+ { fields: ["project_id"] },
2909
+ { fields: ["package_version_id"] },
2910
+ { fields: ["state"] },
2911
+ { fields: ["namespace"] }
2912
+ ],
2913
+ enable: {
2914
+ trackHistory: true,
2915
+ searchable: false,
2916
+ apiEnabled: true,
2917
+ apiMethods: ["get", "list", "create", "update", "delete"],
2918
+ trash: false
2919
+ }
2920
+ });
2921
+ var SysMetadataHistoryObject = ObjectSchema.create({
2922
+ name: "sys_metadata_history",
2923
+ label: "Metadata History",
2924
+ pluralLabel: "Metadata History",
2925
+ icon: "history",
2926
+ isSystem: true,
2927
+ description: "Version history and audit trail for metadata changes",
2928
+ fields: {
2929
+ /** Primary Key (UUID) */
2930
+ id: Field.text({
2931
+ label: "ID",
2932
+ required: true,
2933
+ readonly: true
2934
+ }),
2935
+ /** Foreign key to sys_metadata.id */
2936
+ metadata_id: Field.lookup("sys_metadata", {
2937
+ label: "Metadata",
2938
+ required: true,
2939
+ readonly: true
2940
+ }),
2941
+ /** Machine name (denormalized for easier querying) */
2942
+ name: Field.text({
2943
+ label: "Name",
2944
+ required: true,
2945
+ searchable: true,
2946
+ readonly: true,
2947
+ maxLength: 255
2948
+ }),
2949
+ /** Metadata type (denormalized for easier querying) */
2950
+ type: Field.text({
2951
+ label: "Metadata Type",
2952
+ required: true,
2953
+ searchable: true,
2954
+ readonly: true,
2955
+ maxLength: 100
2956
+ }),
2957
+ /** Version number at this snapshot */
2958
+ version: Field.number({
2959
+ label: "Version",
2960
+ required: true,
2961
+ readonly: true
2962
+ }),
2963
+ /** Type of operation that created this history entry */
2964
+ operation_type: Field.select(["create", "update", "publish", "revert", "delete"], {
2965
+ label: "Operation Type",
2966
+ required: true,
2967
+ readonly: true
2968
+ }),
2969
+ /** Historical metadata snapshot (JSON payload) */
2970
+ metadata: Field.textarea({
2971
+ label: "Metadata",
2972
+ required: true,
2973
+ readonly: true,
2974
+ description: "JSON-serialized metadata snapshot at this version"
2975
+ }),
2976
+ /** SHA-256 checksum of metadata content */
2977
+ checksum: Field.text({
2978
+ label: "Checksum",
2979
+ required: true,
2980
+ readonly: true,
2981
+ maxLength: 64
2982
+ }),
2983
+ /** Checksum of the previous version */
2984
+ previous_checksum: Field.text({
2985
+ label: "Previous Checksum",
2986
+ required: false,
2987
+ readonly: true,
2988
+ maxLength: 64
2989
+ }),
2990
+ /** Human-readable description of changes */
2991
+ change_note: Field.textarea({
2992
+ label: "Change Note",
2993
+ required: false,
2994
+ readonly: true,
2995
+ description: "Description of what changed in this version"
2996
+ }),
2997
+ /** Organization ID for multi-tenant isolation */
2998
+ organization_id: Field.lookup("sys_organization", {
2999
+ label: "Organization",
3000
+ required: false,
3001
+ readonly: true,
3002
+ description: "Organization for multi-tenant isolation."
3003
+ }),
3004
+ /** Environment ID — null = platform-global, set = env-scoped */
3005
+ project_id: Field.text({
3006
+ label: "Environment ID",
3007
+ required: false,
3008
+ readonly: true,
3009
+ maxLength: 255,
3010
+ description: "Scopes this history entry to a specific environment."
3011
+ }),
3012
+ /** User who made this change */
3013
+ recorded_by: Field.lookup("sys_user", {
3014
+ label: "Recorded By",
3015
+ required: false,
3016
+ readonly: true
3017
+ }),
3018
+ /** When was this version recorded */
3019
+ recorded_at: Field.datetime({
3020
+ label: "Recorded At",
3021
+ required: true,
3022
+ readonly: true
3023
+ })
3024
+ },
3025
+ indexes: [
3026
+ { fields: ["metadata_id", "version"], unique: true },
3027
+ { fields: ["metadata_id", "recorded_at"] },
3028
+ { fields: ["type", "name"] },
3029
+ { fields: ["recorded_at"] },
3030
+ { fields: ["operation_type"] },
3031
+ { fields: ["organization_id"] },
3032
+ { fields: ["project_id"] }
3033
+ ],
3034
+ enable: {
3035
+ trackHistory: false,
3036
+ // Don't track history of history records
3037
+ searchable: false,
3038
+ apiEnabled: true,
3039
+ apiMethods: ["get", "list"],
3040
+ // Read-only via API
3041
+ trash: false
3042
+ }
3043
+ });
3044
+ var SysObject = ObjectSchema.create({
3045
+ name: "sys_object",
3046
+ label: "Object Definition",
3047
+ pluralLabel: "Object Definitions",
3048
+ description: "Metadata for business objects",
3049
+ icon: "database",
3050
+ isSystem: true,
3051
+ fields: {
3052
+ // Core Identity
3053
+ name: Field.text({
3054
+ label: "Object Name",
3055
+ required: true,
3056
+ maxLength: 255,
3057
+ description: "Machine name (snake_case)"
3058
+ }),
3059
+ project_id: Field.text({
3060
+ label: "Environment ID",
3061
+ maxLength: 255,
3062
+ description: "Project/environment scope \u2014 null = control-plane global"
3063
+ }),
3064
+ label: Field.text({
3065
+ label: "Display Label",
3066
+ required: true,
3067
+ maxLength: 255
3068
+ }),
3069
+ plural_label: Field.text({
3070
+ label: "Plural Label",
3071
+ maxLength: 255
3072
+ }),
3073
+ description: Field.textarea({
3074
+ label: "Description"
3075
+ }),
3076
+ icon: Field.text({
3077
+ label: "Icon",
3078
+ maxLength: 100
3079
+ }),
3080
+ // Classification
3081
+ namespace: Field.text({
3082
+ label: "Namespace",
3083
+ maxLength: 100,
3084
+ description: "Logical domain namespace"
3085
+ }),
3086
+ tags: Field.text({
3087
+ label: "Tags",
3088
+ description: "Comma-separated categorization tags"
3089
+ }),
3090
+ active: Field.boolean({
3091
+ label: "Active",
3092
+ defaultValue: true
3093
+ }),
3094
+ is_system: Field.boolean({
3095
+ label: "System Object",
3096
+ defaultValue: false,
3097
+ description: "Protected from deletion"
3098
+ }),
3099
+ abstract: Field.boolean({
3100
+ label: "Abstract",
3101
+ defaultValue: false,
3102
+ description: "Cannot be instantiated"
3103
+ }),
3104
+ // Storage
3105
+ datasource: Field.text({
3106
+ label: "Datasource",
3107
+ maxLength: 100,
3108
+ defaultValue: "default"
3109
+ }),
3110
+ table_name: Field.text({
3111
+ label: "Table Name",
3112
+ maxLength: 255,
3113
+ description: "Physical table/collection name"
3114
+ }),
3115
+ // Complex Data (stored as JSON)
3116
+ fields_json: Field.textarea({
3117
+ label: "Fields (JSON)",
3118
+ description: "Field definitions as JSON"
3119
+ }),
3120
+ indexes_json: Field.textarea({
3121
+ label: "Indexes (JSON)",
3122
+ description: "Index definitions as JSON"
3123
+ }),
3124
+ validations_json: Field.textarea({
3125
+ label: "Validations (JSON)",
3126
+ description: "Validation rules as JSON"
3127
+ }),
3128
+ state_machines_json: Field.textarea({
3129
+ label: "State Machines (JSON)",
3130
+ description: "State machine definitions as JSON"
3131
+ }),
3132
+ capabilities_json: Field.textarea({
3133
+ label: "Capabilities (JSON)",
3134
+ description: "Enabled system features as JSON"
3135
+ }),
3136
+ // Denormalized Fields
3137
+ field_count: Field.number({
3138
+ label: "Field Count",
3139
+ description: "Number of fields defined"
3140
+ }),
3141
+ // Display
3142
+ display_name_field: Field.text({
3143
+ label: "Display Name Field",
3144
+ maxLength: 100,
3145
+ description: "Field to use as record display name"
3146
+ }),
3147
+ title_format: Field.text({
3148
+ label: "Title Format",
3149
+ maxLength: 255,
3150
+ description: "Title expression template"
3151
+ }),
3152
+ compact_layout: Field.text({
3153
+ label: "Compact Layout",
3154
+ description: "Comma-separated field names for cards"
3155
+ }),
3156
+ // Capabilities
3157
+ track_history: Field.boolean({
3158
+ label: "Track History",
3159
+ defaultValue: false
3160
+ }),
3161
+ searchable: Field.boolean({
3162
+ label: "Searchable",
3163
+ defaultValue: true
3164
+ }),
3165
+ api_enabled: Field.boolean({
3166
+ label: "API Enabled",
3167
+ defaultValue: true
3168
+ }),
3169
+ files: Field.boolean({
3170
+ label: "Files",
3171
+ defaultValue: false
3172
+ }),
3173
+ feeds: Field.boolean({
3174
+ label: "Feeds",
3175
+ defaultValue: false
3176
+ }),
3177
+ activities: Field.boolean({
3178
+ label: "Activities",
3179
+ defaultValue: false
3180
+ }),
3181
+ trash: Field.boolean({
3182
+ label: "Trash",
3183
+ defaultValue: true
3184
+ }),
3185
+ mru: Field.boolean({
3186
+ label: "MRU",
3187
+ defaultValue: true
3188
+ }),
3189
+ clone: Field.boolean({
3190
+ label: "Clone",
3191
+ defaultValue: true
3192
+ }),
3193
+ // Package Management
3194
+ package_id: Field.lookup("sys_package", {
3195
+ label: "Package"
3196
+ }),
3197
+ managed_by: Field.select({
3198
+ label: "Managed By",
3199
+ options: [
3200
+ { value: "package", label: "Package" },
3201
+ { value: "platform", label: "Platform" },
3202
+ { value: "user", label: "User" }
3203
+ ]
3204
+ }),
3205
+ // Audit
3206
+ created_by: Field.lookup("sys_user", { label: "Created By" }),
3207
+ created_at: Field.datetime({ label: "Created At" }),
3208
+ updated_by: Field.lookup("sys_user", { label: "Updated By" }),
3209
+ updated_at: Field.datetime({ label: "Updated At" })
3210
+ },
3211
+ indexes: [
3212
+ { fields: ["name", "project_id"], unique: true },
3213
+ { fields: ["project_id"] },
3214
+ { fields: ["namespace"] },
3215
+ { fields: ["package_id"] },
3216
+ { fields: ["active"] },
3217
+ { fields: ["is_system"] }
3218
+ ],
3219
+ enable: {
3220
+ trackHistory: true,
3221
+ searchable: true,
3222
+ apiEnabled: true,
3223
+ trash: true,
3224
+ mru: true
3225
+ }
3226
+ });
3227
+ var SysView = ObjectSchema.create({
3228
+ name: "sys_view",
3229
+ label: "View Definition",
3230
+ pluralLabel: "View Definitions",
3231
+ description: "Metadata for UI views (grid, kanban, calendar, etc.)",
3232
+ icon: "layout-grid",
3233
+ isSystem: true,
3234
+ fields: {
3235
+ // Core Identity
3236
+ name: Field.text({
3237
+ label: "View Name",
3238
+ required: true,
3239
+ maxLength: 255
3240
+ }),
3241
+ project_id: Field.text({
3242
+ label: "Environment ID",
3243
+ maxLength: 255,
3244
+ description: "Project/environment scope \u2014 null = control-plane global"
3245
+ }),
3246
+ label: Field.text({
3247
+ label: "Display Label",
3248
+ required: true,
3249
+ maxLength: 255
3250
+ }),
3251
+ description: Field.textarea({
3252
+ label: "Description"
3253
+ }),
3254
+ // Reference to Object
3255
+ object_name: Field.text({
3256
+ label: "Object Name",
3257
+ required: true,
3258
+ maxLength: 255,
3259
+ description: "The object this view displays"
3260
+ }),
3261
+ // View Type
3262
+ view_type: Field.select({
3263
+ label: "View Type",
3264
+ required: true,
3265
+ options: [
3266
+ { value: "grid", label: "Grid" },
3267
+ { value: "kanban", label: "Kanban" },
3268
+ { value: "calendar", label: "Calendar" },
3269
+ { value: "gantt", label: "Gantt" },
3270
+ { value: "form", label: "Form" },
3271
+ { value: "timeline", label: "Timeline" }
3272
+ ]
3273
+ }),
3274
+ // Complex Configuration
3275
+ columns_json: Field.textarea({
3276
+ label: "Columns (JSON)",
3277
+ description: "Column definitions as JSON"
3278
+ }),
3279
+ filters_json: Field.textarea({
3280
+ label: "Filters (JSON)",
3281
+ description: "Filter definitions as JSON"
3282
+ }),
3283
+ sort_json: Field.textarea({
3284
+ label: "Sort (JSON)",
3285
+ description: "Sort configuration as JSON"
3286
+ }),
3287
+ config_json: Field.textarea({
3288
+ label: "Configuration (JSON)",
3289
+ description: "View-specific configuration as JSON"
3290
+ }),
3291
+ // Display Options
3292
+ page_size: Field.number({
3293
+ label: "Page Size",
3294
+ defaultValue: 25,
3295
+ min: 1,
3296
+ max: 200
3297
+ }),
3298
+ show_search: Field.boolean({
3299
+ label: "Show Search",
3300
+ defaultValue: true
3301
+ }),
3302
+ show_filters: Field.boolean({
3303
+ label: "Show Filters",
3304
+ defaultValue: true
3305
+ }),
3306
+ // Classification
3307
+ namespace: Field.text({
3308
+ label: "Namespace",
3309
+ maxLength: 100
3310
+ }),
3311
+ // Package Management
3312
+ package_id: Field.lookup("sys_package", {
3313
+ label: "Package"
3314
+ }),
3315
+ managed_by: Field.select({
3316
+ label: "Managed By",
3317
+ options: [
3318
+ { value: "package", label: "Package" },
3319
+ { value: "platform", label: "Platform" },
3320
+ { value: "user", label: "User" }
3321
+ ]
3322
+ }),
3323
+ // Audit
3324
+ created_by: Field.lookup("sys_user", { label: "Created By" }),
3325
+ created_at: Field.datetime({ label: "Created At" }),
3326
+ updated_by: Field.lookup("sys_user", { label: "Updated By" }),
3327
+ updated_at: Field.datetime({ label: "Updated At" })
3328
+ },
3329
+ indexes: [
3330
+ { fields: ["name", "project_id"], unique: true },
3331
+ { fields: ["project_id"] },
3332
+ { fields: ["object_name"] },
3333
+ { fields: ["view_type"] },
3334
+ { fields: ["namespace"] },
3335
+ { fields: ["package_id"] }
3336
+ ],
3337
+ enable: {
3338
+ trackHistory: true,
3339
+ searchable: true,
3340
+ apiEnabled: true,
3341
+ trash: true,
3342
+ mru: true
3343
+ }
3344
+ });
3345
+ var SysAgent = ObjectSchema.create({
3346
+ name: "sys_agent",
3347
+ label: "AI Agent",
3348
+ pluralLabel: "AI Agents",
3349
+ description: "AI agent definitions",
3350
+ icon: "bot",
3351
+ isSystem: true,
3352
+ fields: {
3353
+ // Core Identity
3354
+ name: Field.text({
3355
+ label: "Agent Name",
3356
+ required: true,
3357
+ maxLength: 255
3358
+ }),
3359
+ project_id: Field.text({
3360
+ label: "Environment ID",
3361
+ maxLength: 255,
3362
+ description: "Project/environment scope \u2014 null = control-plane global"
3363
+ }),
3364
+ label: Field.text({
3365
+ label: "Display Label",
3366
+ required: true,
3367
+ maxLength: 255
3368
+ }),
3369
+ description: Field.textarea({
3370
+ label: "Description"
3371
+ }),
3372
+ // Agent Type
3373
+ agent_type: Field.select({
3374
+ label: "Agent Type",
3375
+ options: [
3376
+ { value: "conversational", label: "Conversational" },
3377
+ { value: "task", label: "Task-Based" },
3378
+ { value: "analytical", label: "Analytical" },
3379
+ { value: "workflow", label: "Workflow" }
3380
+ ]
3381
+ }),
3382
+ // Model Configuration
3383
+ model: Field.text({
3384
+ label: "Model ID",
3385
+ maxLength: 255,
3386
+ description: "AI model identifier"
3387
+ }),
3388
+ temperature: Field.number({
3389
+ label: "Temperature",
3390
+ min: 0,
3391
+ max: 2,
3392
+ defaultValue: 0.7
3393
+ }),
3394
+ max_tokens: Field.number({
3395
+ label: "Max Tokens",
3396
+ min: 1,
3397
+ max: 1e5
3398
+ }),
3399
+ top_p: Field.number({
3400
+ label: "Top P",
3401
+ min: 0,
3402
+ max: 1
3403
+ }),
3404
+ // System Prompt
3405
+ system_prompt: Field.textarea({
3406
+ label: "System Prompt",
3407
+ description: "Instructions for the AI agent"
3408
+ }),
3409
+ // Tools Configuration
3410
+ tools_json: Field.textarea({
3411
+ label: "Tools (JSON)",
3412
+ description: "Available tools as JSON array"
3413
+ }),
3414
+ // Skills Configuration
3415
+ skills_json: Field.textarea({
3416
+ label: "Skills (JSON)",
3417
+ description: "Available skills as JSON array"
3418
+ }),
3419
+ // Memory Configuration
3420
+ memory_enabled: Field.boolean({
3421
+ label: "Memory Enabled",
3422
+ defaultValue: false
3423
+ }),
3424
+ memory_window: Field.number({
3425
+ label: "Memory Window",
3426
+ description: "Number of conversation turns to remember",
3427
+ defaultValue: 10
3428
+ }),
3429
+ // Classification
3430
+ namespace: Field.text({
3431
+ label: "Namespace",
3432
+ maxLength: 100
3433
+ }),
3434
+ // Package Management
3435
+ package_id: Field.lookup("sys_package", {
3436
+ label: "Package"
3437
+ }),
3438
+ managed_by: Field.select({
3439
+ label: "Managed By",
3440
+ options: [
3441
+ { value: "package", label: "Package" },
3442
+ { value: "platform", label: "Platform" },
3443
+ { value: "user", label: "User" }
3444
+ ]
3445
+ }),
3446
+ // Audit
3447
+ created_by: Field.lookup("sys_user", { label: "Created By" }),
3448
+ created_at: Field.datetime({ label: "Created At" }),
3449
+ updated_by: Field.lookup("sys_user", { label: "Updated By" }),
3450
+ updated_at: Field.datetime({ label: "Updated At" })
3451
+ },
3452
+ indexes: [
3453
+ { fields: ["name", "project_id"], unique: true },
3454
+ { fields: ["project_id"] },
3455
+ { fields: ["agent_type"] },
3456
+ { fields: ["namespace"] },
3457
+ { fields: ["package_id"] }
3458
+ ],
3459
+ enable: {
3460
+ trackHistory: true,
3461
+ searchable: true,
3462
+ apiEnabled: true,
3463
+ trash: true,
3464
+ mru: true
3465
+ }
3466
+ });
3467
+ var SysTool = ObjectSchema.create({
3468
+ name: "sys_tool",
3469
+ label: "AI Tool",
3470
+ pluralLabel: "AI Tools",
3471
+ description: "AI tool definitions",
3472
+ icon: "wrench",
3473
+ isSystem: true,
3474
+ fields: {
3475
+ // Core Identity
3476
+ name: Field.text({
3477
+ label: "Tool Name",
3478
+ required: true,
3479
+ maxLength: 255
3480
+ }),
3481
+ project_id: Field.text({
3482
+ label: "Environment ID",
3483
+ maxLength: 255,
3484
+ description: "Project/environment scope \u2014 null = control-plane global"
3485
+ }),
3486
+ label: Field.text({
3487
+ label: "Display Label",
3488
+ required: true,
3489
+ maxLength: 255
3490
+ }),
3491
+ description: Field.textarea({
3492
+ label: "Description",
3493
+ required: true
3494
+ }),
3495
+ // Parameters
3496
+ parameters_json: Field.textarea({
3497
+ label: "Parameters (JSON)",
3498
+ description: "Tool parameter schema as JSON"
3499
+ }),
3500
+ // Implementation
3501
+ handler_code: Field.textarea({
3502
+ label: "Handler Code",
3503
+ description: "Tool implementation code"
3504
+ }),
3505
+ // Classification
3506
+ namespace: Field.text({
3507
+ label: "Namespace",
3508
+ maxLength: 100
3509
+ }),
3510
+ // Package Management
3511
+ package_id: Field.lookup("sys_package", {
3512
+ label: "Package"
3513
+ }),
3514
+ managed_by: Field.select({
3515
+ label: "Managed By",
3516
+ options: [
3517
+ { value: "package", label: "Package" },
3518
+ { value: "platform", label: "Platform" },
3519
+ { value: "user", label: "User" }
3520
+ ]
3521
+ }),
3522
+ // Audit
3523
+ created_by: Field.lookup("sys_user", { label: "Created By" }),
3524
+ created_at: Field.datetime({ label: "Created At" }),
3525
+ updated_by: Field.lookup("sys_user", { label: "Updated By" }),
3526
+ updated_at: Field.datetime({ label: "Updated At" })
3527
+ },
3528
+ indexes: [
3529
+ { fields: ["name", "project_id"], unique: true },
3530
+ { fields: ["project_id"] },
3531
+ { fields: ["namespace"] },
3532
+ { fields: ["package_id"] }
3533
+ ],
3534
+ enable: {
3535
+ trackHistory: true,
3536
+ searchable: true,
3537
+ apiEnabled: true,
3538
+ trash: true,
3539
+ mru: true
3540
+ }
3541
+ });
3542
+ var SysFlow = ObjectSchema.create({
3543
+ name: "sys_flow",
3544
+ label: "Flow",
3545
+ pluralLabel: "Flows",
3546
+ description: "Visual logic flow definitions",
3547
+ icon: "workflow",
3548
+ isSystem: true,
3549
+ fields: {
3550
+ // Core Identity
3551
+ name: Field.text({
3552
+ label: "Flow Name",
3553
+ required: true,
3554
+ maxLength: 255
3555
+ }),
3556
+ project_id: Field.text({
3557
+ label: "Environment ID",
3558
+ maxLength: 255,
3559
+ description: "Project/environment scope \u2014 null = control-plane global"
3560
+ }),
3561
+ label: Field.text({
3562
+ label: "Display Label",
3563
+ required: true,
3564
+ maxLength: 255
3565
+ }),
3566
+ description: Field.textarea({
3567
+ label: "Description"
3568
+ }),
3569
+ // Flow Type
3570
+ flow_type: Field.select({
3571
+ label: "Flow Type",
3572
+ required: true,
3573
+ options: [
3574
+ { value: "autolaunched", label: "Autolaunched" },
3575
+ { value: "screen", label: "Screen Flow" },
3576
+ { value: "schedule", label: "Scheduled" },
3577
+ { value: "trigger", label: "Trigger-Based" }
3578
+ ]
3579
+ }),
3580
+ // Flow Definition
3581
+ nodes_json: Field.textarea({
3582
+ label: "Nodes (JSON)",
3583
+ description: "Flow nodes as JSON"
3584
+ }),
3585
+ edges_json: Field.textarea({
3586
+ label: "Edges (JSON)",
3587
+ description: "Flow edges as JSON"
3588
+ }),
3589
+ variables_json: Field.textarea({
3590
+ label: "Variables (JSON)",
3591
+ description: "Flow variables as JSON"
3592
+ }),
3593
+ // Trigger Configuration
3594
+ trigger_type: Field.select({
3595
+ label: "Trigger Type",
3596
+ options: [
3597
+ { value: "record_created", label: "Record Created" },
3598
+ { value: "record_updated", label: "Record Updated" },
3599
+ { value: "record_deleted", label: "Record Deleted" },
3600
+ { value: "schedule", label: "Schedule" },
3601
+ { value: "platform_event", label: "Platform Event" }
3602
+ ]
3603
+ }),
3604
+ trigger_object: Field.text({
3605
+ label: "Trigger Object",
3606
+ maxLength: 255
3607
+ }),
3608
+ // Status
3609
+ active: Field.boolean({
3610
+ label: "Active",
3611
+ defaultValue: false
3612
+ }),
3613
+ // Classification
3614
+ namespace: Field.text({
3615
+ label: "Namespace",
3616
+ maxLength: 100
3617
+ }),
3618
+ // Package Management
3619
+ package_id: Field.lookup("sys_package", {
3620
+ label: "Package"
3621
+ }),
3622
+ managed_by: Field.select({
3623
+ label: "Managed By",
3624
+ options: [
3625
+ { value: "package", label: "Package" },
3626
+ { value: "platform", label: "Platform" },
3627
+ { value: "user", label: "User" }
3628
+ ]
3629
+ }),
3630
+ // Audit
3631
+ created_by: Field.lookup("sys_user", { label: "Created By" }),
3632
+ created_at: Field.datetime({ label: "Created At" }),
3633
+ updated_by: Field.lookup("sys_user", { label: "Updated By" }),
3634
+ updated_at: Field.datetime({ label: "Updated At" })
3635
+ },
3636
+ indexes: [
3637
+ { fields: ["name", "project_id"], unique: true },
3638
+ { fields: ["project_id"] },
3639
+ { fields: ["flow_type"] },
3640
+ { fields: ["active"] },
3641
+ { fields: ["namespace"] },
3642
+ { fields: ["package_id"] }
3643
+ ],
3644
+ enable: {
3645
+ trackHistory: true,
3646
+ searchable: true,
3647
+ apiEnabled: true,
3648
+ trash: true,
3649
+ mru: true
3650
+ }
3651
+ });
3652
+
3653
+ // src/apps/setup.app.ts
3654
+ var SETUP_APP = {
3655
+ name: "setup",
3656
+ label: "Setup",
3657
+ description: "Platform settings and administration",
3658
+ icon: "settings",
3659
+ active: true,
3660
+ isDefault: false,
3661
+ branding: {
3662
+ primaryColor: "#475569"
3663
+ // Slate-600 — neutral admin palette
3664
+ },
3665
+ requiredPermissions: ["setup.access"],
3666
+ navigation: [
3667
+ {
3668
+ id: "group_overview",
3669
+ type: "group",
3670
+ label: "Overview",
3671
+ icon: "layout-dashboard",
3672
+ children: [
3673
+ { id: "nav_system_overview", type: "dashboard", label: "System Overview", dashboardName: "system_overview", icon: "activity" },
3674
+ { id: "nav_security_overview", type: "dashboard", label: "Security Overview", dashboardName: "security_overview", icon: "shield" }
3675
+ ]
3676
+ },
3677
+ {
3678
+ id: "group_administration",
3679
+ type: "group",
3680
+ label: "Administration",
3681
+ icon: "shield",
3682
+ children: [
3683
+ { id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "users" },
3684
+ { id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2" },
3685
+ { id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
3686
+ { id: "nav_api_keys", type: "object", label: "API Keys", objectName: "sys_api_key", icon: "key" },
3687
+ { id: "nav_roles", type: "object", label: "Roles", objectName: "sys_role", icon: "shield-check" },
3688
+ { id: "nav_permission_sets", type: "object", label: "Permission Sets", objectName: "sys_permission_set", icon: "lock" },
3689
+ { id: "nav_oauth_apps", type: "object", label: "OAuth Apps", objectName: "sys_oauth_application", icon: "app-window" },
3690
+ { id: "nav_jwks", type: "object", label: "Signing Keys", objectName: "sys_jwks", icon: "key-round" }
3691
+ ]
3692
+ },
3693
+ {
3694
+ id: "group_platform",
3695
+ type: "group",
3696
+ label: "Platform",
3697
+ icon: "layers",
3698
+ children: [
3699
+ { id: "nav_objects", type: "object", label: "Objects", objectName: "sys_object", icon: "database" },
3700
+ { id: "nav_views", type: "object", label: "Views", objectName: "sys_view", icon: "table" },
3701
+ { id: "nav_flows", type: "object", label: "Flows", objectName: "sys_flow", icon: "workflow" },
3702
+ { id: "nav_agents", type: "object", label: "AI Agents", objectName: "sys_agent", icon: "bot" },
3703
+ { id: "nav_tools", type: "object", label: "AI Tools", objectName: "sys_tool", icon: "wrench" },
3704
+ { id: "nav_apps", type: "object", label: "Apps", objectName: "sys_app", icon: "layout-grid" },
3705
+ { id: "nav_packages", type: "object", label: "Packages", objectName: "sys_package", icon: "package" },
3706
+ { id: "nav_package_installations", type: "object", label: "Installations", objectName: "sys_package_installation", icon: "package-check" },
3707
+ { id: "nav_metadata", type: "object", label: "All Metadata", objectName: "sys_metadata", icon: "file-cog" }
3708
+ ]
3709
+ },
3710
+ {
3711
+ id: "group_system",
3712
+ type: "group",
3713
+ label: "System",
3714
+ icon: "settings",
3715
+ children: [
3716
+ { id: "nav_sessions", type: "object", label: "Sessions", objectName: "sys_session", icon: "monitor" },
3717
+ { id: "nav_audit_logs", type: "object", label: "Audit Logs", objectName: "sys_audit_log", icon: "scroll-text" },
3718
+ { id: "nav_activity", type: "object", label: "Activity", objectName: "sys_activity", icon: "activity" },
3719
+ { id: "nav_comments", type: "object", label: "Comments", objectName: "sys_comment", icon: "message-square" }
3720
+ ]
3721
+ }
3722
+ ]
3723
+ };
3724
+
3725
+ // src/apps/views/users.view.ts
3726
+ var UsersView = {
3727
+ name: "users",
3728
+ label: "Users",
3729
+ type: "grid",
3730
+ data: {
3731
+ provider: "object",
3732
+ object: "sys_user"
3733
+ },
3734
+ columns: [
3735
+ { field: "name", label: "Name", sortable: true },
3736
+ { field: "email", label: "Email", sortable: true },
3737
+ { field: "phone", label: "Phone" },
3738
+ { field: "status", label: "Status", sortable: true },
3739
+ { field: "active", label: "Active", sortable: true },
3740
+ { field: "created_at", label: "Created", sortable: true }
3741
+ ],
3742
+ sort: [{ field: "created_at", order: "desc" }],
3743
+ filter: [],
3744
+ searchableFields: ["name", "email"],
3745
+ pagination: {
3746
+ pageSize: 20
3747
+ }
3748
+ };
3749
+
3750
+ // src/apps/views/organizations.view.ts
3751
+ var OrganizationsView = {
3752
+ name: "organizations",
3753
+ label: "Organizations",
3754
+ type: "grid",
3755
+ data: {
3756
+ provider: "object",
3757
+ object: "sys_organization"
3758
+ },
3759
+ columns: [
3760
+ { field: "name", label: "Name", sortable: true },
3761
+ { field: "status", label: "Status", sortable: true },
3762
+ { field: "plan_tier", label: "Plan Tier" },
3763
+ { field: "member_count", label: "Members" },
3764
+ { field: "created_at", label: "Created", sortable: true }
3765
+ ],
3766
+ sort: [{ field: "created_at", order: "desc" }],
3767
+ filter: [],
3768
+ searchableFields: ["name"],
3769
+ pagination: {
3770
+ pageSize: 20
3771
+ }
3772
+ };
3773
+
3774
+ // src/apps/views/roles.view.ts
3775
+ var RolesView = {
3776
+ name: "roles",
3777
+ label: "Roles",
3778
+ type: "grid",
3779
+ data: {
3780
+ provider: "object",
3781
+ object: "sys_role"
3782
+ },
3783
+ columns: [
3784
+ { field: "name", label: "Name", sortable: true },
3785
+ { field: "description", label: "Description" },
3786
+ { field: "is_system", label: "System Role" },
3787
+ { field: "created_at", label: "Created", sortable: true }
3788
+ ],
3789
+ sort: [{ field: "created_at", order: "desc" }],
3790
+ filter: [],
3791
+ searchableFields: ["name", "description"],
3792
+ pagination: {
3793
+ pageSize: 20
3794
+ }
3795
+ };
3796
+
3797
+ // src/apps/views/sessions.view.ts
3798
+ var SessionsView = {
3799
+ name: "sessions",
3800
+ label: "Sessions",
3801
+ type: "grid",
3802
+ data: {
3803
+ provider: "object",
3804
+ object: "sys_session"
3805
+ },
3806
+ columns: [
3807
+ { field: "user_id", label: "User", sortable: true },
3808
+ { field: "ip_address", label: "IP Address" },
3809
+ { field: "created_at", label: "Created", sortable: true },
3810
+ { field: "expires_at", label: "Expires", sortable: true }
3811
+ ],
3812
+ sort: [{ field: "created_at", order: "desc" }],
3813
+ filter: [],
3814
+ searchableFields: ["user_id"],
3815
+ pagination: {
3816
+ pageSize: 20
3817
+ }
3818
+ };
3819
+
3820
+ // src/apps/views/audit_logs.view.ts
3821
+ var AuditLogsView = {
3822
+ name: "audit_logs",
3823
+ label: "Audit Logs",
3824
+ type: "grid",
3825
+ data: {
3826
+ provider: "object",
3827
+ object: "sys_audit_log"
3828
+ },
3829
+ columns: [
3830
+ { field: "created_at", label: "Timestamp", sortable: true },
3831
+ { field: "action", label: "Action", sortable: true },
3832
+ { field: "user_id", label: "Actor" },
3833
+ { field: "object_name", label: "Object" },
3834
+ { field: "record_id", label: "Record ID" }
3835
+ ],
3836
+ sort: [{ field: "created_at", order: "desc" }],
3837
+ filter: [],
3838
+ searchableFields: ["action", "object_name", "record_id"],
3839
+ pagination: {
3840
+ pageSize: 20
3841
+ }
3842
+ };
3843
+
3844
+ // src/apps/views/package_installations.view.ts
3845
+ var PackageInstallationsView = {
3846
+ name: "package_installations",
3847
+ label: "Package Installations",
3848
+ type: "grid",
3849
+ data: {
3850
+ provider: "object",
3851
+ object: "sys_package_installation"
3852
+ },
3853
+ columns: [
3854
+ { field: "package_id", label: "Package", sortable: true },
3855
+ { field: "project_id", label: "Project", sortable: true },
3856
+ { field: "package_version_id", label: "Version" },
3857
+ { field: "status", label: "Status", sortable: true },
3858
+ { field: "installed_at", label: "Installed", sortable: true }
3859
+ ],
3860
+ sort: [{ field: "installed_at", order: "desc" }],
3861
+ filter: [],
3862
+ searchableFields: ["package_id", "project_id"],
3863
+ pagination: {
3864
+ pageSize: 20
3865
+ }
3866
+ };
3867
+ var SystemOverviewDashboard = Dashboard.create({
3868
+ name: "system_overview",
3869
+ label: "System Overview",
3870
+ description: "Platform health, sessions, and audit activity",
3871
+ // 12-column grid matches the widget `w` values below (3, 6, 12). Without
3872
+ // this, the renderer falls back to a 4-column grid and `w: 3` becomes 75%
3873
+ // width per metric — so KPI cards stack vertically instead of forming a
3874
+ // 4-up row.
3875
+ columns: 12,
3876
+ gap: 4,
3877
+ widgets: [
3878
+ // ── Active Sessions Widget ──────────────────────────────────────
3879
+ {
3880
+ id: "widget_active_sessions",
3881
+ title: "Active Sessions",
3882
+ type: "metric",
3883
+ object: "sys_session",
3884
+ layout: {
3885
+ x: 0,
3886
+ y: 0,
3887
+ w: 3,
3888
+ h: 2
3889
+ },
3890
+ aggregate: "count",
3891
+ colorVariant: "blue",
3892
+ description: "Number of currently active user sessions"
3893
+ },
3894
+ // ── Total Users Widget ──────────────────────────────────────────
3895
+ {
3896
+ id: "widget_total_users",
3897
+ title: "Total Users",
3898
+ type: "metric",
3899
+ object: "sys_user",
3900
+ layout: {
3901
+ x: 3,
3902
+ y: 0,
3903
+ w: 3,
3904
+ h: 2
3905
+ },
3906
+ aggregate: "count",
3907
+ colorVariant: "teal",
3908
+ description: "Total registered users in the system"
3909
+ },
3910
+ // ── Organizations Widget ────────────────────────────────────────
3911
+ {
3912
+ id: "widget_organizations",
3913
+ title: "Organizations",
3914
+ type: "metric",
3915
+ object: "sys_organization",
3916
+ layout: {
3917
+ x: 6,
3918
+ y: 0,
3919
+ w: 3,
3920
+ h: 2
3921
+ },
3922
+ aggregate: "count",
3923
+ colorVariant: "orange",
3924
+ description: "Total organizations on the platform"
3925
+ },
3926
+ // ── Packages Installed Widget ───────────────────────────────────
3927
+ {
3928
+ id: "widget_packages_installed",
3929
+ title: "Packages Installed",
3930
+ type: "metric",
3931
+ object: "sys_package_installation",
3932
+ layout: {
3933
+ x: 9,
3934
+ y: 0,
3935
+ w: 3,
3936
+ h: 2
3937
+ },
3938
+ filter: {
3939
+ field: "status",
3940
+ operator: "equals",
3941
+ value: "installed"
3942
+ },
3943
+ aggregate: "count",
3944
+ colorVariant: "success",
3945
+ description: "Active package installations across projects"
3946
+ },
3947
+ // ── Audit Actions by Type (last 7 days) ─────────────────────────
3948
+ {
3949
+ id: "widget_audit_actions",
3950
+ title: "Audit Actions (7d)",
3951
+ description: "Distribution of audit events by action type",
3952
+ type: "pie",
3953
+ object: "sys_audit_log",
3954
+ layout: {
3955
+ x: 0,
3956
+ y: 2,
3957
+ w: 6,
3958
+ h: 4
3959
+ },
3960
+ categoryField: "action",
3961
+ aggregate: "count",
3962
+ filter: {
3963
+ field: "created_at",
3964
+ operator: "gte",
3965
+ value: "NOW() - INTERVAL 7 DAY"
3966
+ }
3967
+ },
3968
+ // ── Session Status Overview ─────────────────────────────────────
3969
+ {
3970
+ id: "widget_active_orgs",
3971
+ title: "Sessions by Organization",
3972
+ description: "Active sessions grouped by organization",
3973
+ type: "bar",
3974
+ object: "sys_session",
3975
+ layout: {
3976
+ x: 6,
3977
+ y: 2,
3978
+ w: 6,
3979
+ h: 4
3980
+ },
3981
+ categoryField: "active_organization_id",
3982
+ aggregate: "count"
3983
+ },
3984
+ // ── Recent Audit Log (Table) ────────────────────────────────────
3985
+ {
3986
+ id: "widget_recent_events",
3987
+ title: "Recent Audit Events",
3988
+ description: "Latest platform events",
3989
+ type: "metric",
3990
+ object: "sys_audit_log",
3991
+ layout: {
3992
+ x: 0,
3993
+ y: 6,
3994
+ w: 12,
3995
+ h: 3
3996
+ },
3997
+ aggregate: "count",
3998
+ colorVariant: "default"
3999
+ }
4000
+ ],
4001
+ globalFilters: [
4002
+ {
4003
+ field: "created_at",
4004
+ type: "date",
4005
+ label: "Date Range",
4006
+ scope: "dashboard",
4007
+ defaultValue: "last_7_days"
4008
+ }
4009
+ ]
4010
+ });
4011
+ var SecurityOverviewDashboard = Dashboard.create({
4012
+ name: "security_overview",
4013
+ label: "Security Overview",
4014
+ description: "Security events, authentication, and audit trails",
4015
+ // 12-column grid matches the widget `w` values below.
4016
+ columns: 12,
4017
+ gap: 4,
4018
+ widgets: [
4019
+ // ── Failed Login Attempts Widget ────────────────────────────────
4020
+ {
4021
+ id: "widget_failed_logins",
4022
+ title: "Failed Login Attempts",
4023
+ type: "metric",
4024
+ object: "sys_audit_log",
4025
+ layout: {
4026
+ x: 0,
4027
+ y: 0,
4028
+ w: 3,
4029
+ h: 2
4030
+ },
4031
+ filter: {
4032
+ field: "action",
4033
+ operator: "equals",
4034
+ value: "login"
4035
+ },
4036
+ aggregate: "count",
4037
+ colorVariant: "danger",
4038
+ description: "Failed authentication attempts (24h)"
4039
+ },
4040
+ // ── Permission Changes Widget ───────────────────────────────────
4041
+ {
4042
+ id: "widget_permission_changes",
4043
+ title: "Permission Changes",
4044
+ type: "metric",
4045
+ object: "sys_audit_log",
4046
+ layout: {
4047
+ x: 3,
4048
+ y: 0,
4049
+ w: 3,
4050
+ h: 2
4051
+ },
4052
+ filter: {
4053
+ field: "action",
4054
+ operator: "equals",
4055
+ value: "permission_change"
4056
+ },
4057
+ aggregate: "count",
4058
+ colorVariant: "warning",
4059
+ description: "Recent permission and role modifications"
4060
+ },
4061
+ // ── System Config Changes Widget ────────────────────────────────
4062
+ {
4063
+ id: "widget_config_changes",
4064
+ title: "Config Changes",
4065
+ type: "metric",
4066
+ object: "sys_audit_log",
4067
+ layout: {
4068
+ x: 6,
4069
+ y: 0,
4070
+ w: 3,
4071
+ h: 2
4072
+ },
4073
+ filter: {
4074
+ field: "action",
4075
+ operator: "equals",
4076
+ value: "config_change"
4077
+ },
4078
+ aggregate: "count",
4079
+ colorVariant: "blue",
4080
+ description: "System configuration modifications"
4081
+ },
4082
+ // ── Active Sessions Widget ──────────────────────────────────────
4083
+ {
4084
+ id: "widget_active_sessions",
4085
+ title: "Active Sessions",
4086
+ type: "metric",
4087
+ object: "sys_session",
4088
+ layout: {
4089
+ x: 9,
4090
+ y: 0,
4091
+ w: 3,
4092
+ h: 2
4093
+ },
4094
+ aggregate: "count",
4095
+ colorVariant: "success",
4096
+ description: "Currently active user sessions"
4097
+ },
4098
+ // ── Audit Events by Type ────────────────────────────────────────
4099
+ {
4100
+ id: "widget_events_by_type",
4101
+ title: "Audit Events by Type",
4102
+ description: "Distribution of security and audit events",
4103
+ type: "pie",
4104
+ object: "sys_audit_log",
4105
+ layout: {
4106
+ x: 0,
4107
+ y: 2,
4108
+ w: 6,
4109
+ h: 4
4110
+ },
4111
+ categoryField: "action",
4112
+ aggregate: "count"
4113
+ },
4114
+ // ── Audit Events by User ────────────────────────────────────────
4115
+ {
4116
+ id: "widget_events_by_user",
4117
+ title: "Events by User",
4118
+ description: "Activity distribution across users",
4119
+ type: "bar",
4120
+ object: "sys_audit_log",
4121
+ layout: {
4122
+ x: 6,
4123
+ y: 2,
4124
+ w: 6,
4125
+ h: 4
4126
+ },
4127
+ categoryField: "user_id",
4128
+ aggregate: "count"
4129
+ },
4130
+ // ── Recent Security Events (Table) ──────────────────────────────
4131
+ {
4132
+ id: "widget_recent_security_events",
4133
+ title: "Recent Security Events",
4134
+ description: "Latest permission and config changes",
4135
+ type: "metric",
4136
+ object: "sys_audit_log",
4137
+ layout: {
4138
+ x: 0,
4139
+ y: 6,
4140
+ w: 12,
4141
+ h: 3
4142
+ },
4143
+ aggregate: "count",
4144
+ colorVariant: "default"
4145
+ }
4146
+ ],
4147
+ globalFilters: [
4148
+ {
4149
+ field: "created_at",
4150
+ type: "date",
4151
+ label: "Date Range",
4152
+ scope: "dashboard",
4153
+ defaultValue: "last_7_days"
4154
+ }
4155
+ ]
4156
+ });
4157
+
4158
+ export { AuditLogsView, OrganizationsView, PackageInstallationsView, RolesView, SETUP_APP, SecurityOverviewDashboard, SessionsView, SysAccount, SysActivity, SysAgent, SysApiKey, SysApp, SysAuditLog, SysComment, SysDeviceCode, SysFlow, SysInvitation, SysJwks, SysMember, SysMetadataObject as SysMetadata, SysMetadataHistoryObject, SysMetadataObject, SysOauthAccessToken, SysOauthApplication, SysOauthConsent, SysOauthRefreshToken, SysObject, SysOrganization, SysPackage, SysPackageInstallation, SysPackageVersion, SysPermissionSet, SysPresence, SysProject, SysProjectCredential, SysProjectMember, SysRole, SysSession, SysTeam, SysTeamMember, SysTool, SysTwoFactor, SysUser, SysUserPreference, SysVerification, SysView, SystemOverviewDashboard, UsersView };
4159
+ //# sourceMappingURL=index.mjs.map
4160
+ //# sourceMappingURL=index.mjs.map