npm - @objectstack/platform-objects - Versions diffs - 0.1.0 - Mend

@objectstack/platform-objects 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/LICENSE +202 -0
package/dist/apps/index.d.mts +427 -0
package/dist/apps/index.d.ts +427 -0
package/dist/apps/index.js +520 -0
package/dist/apps/index.js.map +1 -0
package/dist/apps/index.mjs +510 -0
package/dist/apps/index.mjs.map +1 -0
package/dist/audit/index.d.mts +9507 -0
package/dist/audit/index.d.ts +9507 -0
package/dist/audit/index.js +492 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/index.mjs +487 -0
package/dist/audit/index.mjs.map +1 -0
package/dist/identity/index.d.mts +32482 -0
package/dist/identity/index.d.ts +32482 -0
package/dist/identity/index.js +1404 -0
package/dist/identity/index.js.map +1 -0
package/dist/identity/index.mjs +1385 -0
package/dist/identity/index.mjs.map +1 -0
package/dist/index.d.mts +10 -0
package/dist/index.d.ts +10 -0
package/dist/index.js +4209 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +4160 -0
package/dist/index.mjs.map +1 -0
package/dist/metadata/index.d.mts +25601 -0
package/dist/metadata/index.d.ts +25601 -0
package/dist/metadata/index.js +911 -0
package/dist/metadata/index.js.map +1 -0
package/dist/metadata/index.mjs +902 -0
package/dist/metadata/index.mjs.map +1 -0
package/dist/security/index.d.mts +3554 -0
package/dist/security/index.d.ts +3554 -0
package/dist/security/index.js +178 -0
package/dist/security/index.js.map +1 -0
package/dist/security/index.mjs +175 -0
package/dist/security/index.mjs.map +1 -0
package/dist/state-machine.zod-BFg-VE0M.d-Ek3_yo9P.d.mts +41 -0
package/dist/state-machine.zod-BFg-VE0M.d-Ek3_yo9P.d.ts +41 -0
package/dist/tenant/index.d.mts +16454 -0
package/dist/tenant/index.d.ts +16454 -0
package/dist/tenant/index.js +741 -0
package/dist/tenant/index.js.map +1 -0
package/dist/tenant/index.mjs +733 -0
package/dist/tenant/index.mjs.map +1 -0
package/package.json +84 -0

package/dist/security/index.js ADDED Viewed

@@ -0,0 +1,178 @@
+'use strict';
+var data = require('@objectstack/spec/data');
+// src/security/sys-role.object.ts
+var SysRole = data.ObjectSchema.create({
+  name: "sys_role",
+  label: "Role",
+  pluralLabel: "Roles",
+  icon: "shield",
+  isSystem: true,
+  description: "Role definitions for RBAC access control",
+  displayNameField: "label",
+  titleFormat: "{label}",
+  compactLayout: ["label", "name", "active", "is_default"],
+  fields: {
+    // ── Identity ─────────────────────────────────────────────────
+    label: data.Field.text({
+      label: "Display Name",
+      required: true,
+      searchable: true,
+      maxLength: 255,
+      group: "Identity"
+    }),
+    name: data.Field.text({
+      label: "API Name",
+      required: true,
+      searchable: true,
+      maxLength: 100,
+      description: "Unique machine name for the role (e.g. admin, editor, viewer)",
+      group: "Identity"
+    }),
+    description: data.Field.textarea({
+      label: "Description",
+      required: false,
+      group: "Identity"
+    }),
+    // ── Configuration ────────────────────────────────────────────
+    permissions: data.Field.textarea({
+      label: "Permissions",
+      required: false,
+      description: "JSON-serialized array of permission strings",
+      group: "Configuration"
+    }),
+    // ── Status ───────────────────────────────────────────────────
+    active: data.Field.boolean({
+      label: "Active",
+      defaultValue: true,
+      group: "Status"
+    }),
+    is_default: data.Field.boolean({
+      label: "Default Role",
+      defaultValue: false,
+      description: "Automatically assigned to new users",
+      group: "Status"
+    }),
+    // ── System ───────────────────────────────────────────────────
+    id: data.Field.text({
+      label: "Role ID",
+      required: true,
+      readonly: true,
+      group: "System"
+    }),
+    created_at: data.Field.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    }),
+    updated_at: data.Field.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    })
+  },
+  indexes: [
+    { fields: ["name"], unique: true },
+    { fields: ["active"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: true
+  }
+});
+var SysPermissionSet = data.ObjectSchema.create({
+  name: "sys_permission_set",
+  label: "Permission Set",
+  pluralLabel: "Permission Sets",
+  icon: "lock",
+  isSystem: true,
+  description: "Named permission groupings for fine-grained access control",
+  displayNameField: "label",
+  titleFormat: "{label}",
+  compactLayout: ["label", "name", "active"],
+  fields: {
+    // ── Identity ─────────────────────────────────────────────────
+    label: data.Field.text({
+      label: "Display Name",
+      required: true,
+      searchable: true,
+      maxLength: 255,
+      group: "Identity"
+    }),
+    name: data.Field.text({
+      label: "API Name",
+      required: true,
+      searchable: true,
+      maxLength: 100,
+      description: "Unique machine name for the permission set",
+      group: "Identity"
+    }),
+    description: data.Field.textarea({
+      label: "Description",
+      required: false,
+      group: "Identity"
+    }),
+    // ── Permissions ──────────────────────────────────────────────
+    object_permissions: data.Field.textarea({
+      label: "Object Permissions",
+      required: false,
+      description: "JSON-serialized object-level CRUD permissions",
+      group: "Permissions"
+    }),
+    field_permissions: data.Field.textarea({
+      label: "Field Permissions",
+      required: false,
+      description: "JSON-serialized field-level read/write permissions",
+      group: "Permissions"
+    }),
+    // ── Status ───────────────────────────────────────────────────
+    active: data.Field.boolean({
+      label: "Active",
+      defaultValue: true,
+      group: "Status"
+    }),
+    // ── System ───────────────────────────────────────────────────
+    id: data.Field.text({
+      label: "Permission Set ID",
+      required: true,
+      readonly: true,
+      group: "System"
+    }),
+    created_at: data.Field.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    }),
+    updated_at: data.Field.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    })
+  },
+  indexes: [
+    { fields: ["name"], unique: true },
+    { fields: ["active"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: true
+  }
+});
+exports.SysPermissionSet = SysPermissionSet;
+exports.SysRole = SysRole;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/security/sys-role.object.ts","../../src/security/sys-permission-set.object.ts"],"names":["ObjectSchema","Field"],"mappings":";;;;;AAYO,IAAM,OAAA,GAAUA,kBAAa,MAAA,CAAO;AAAA,EACzC,IAAA,EAAM,UAAA;AAAA,EACN,KAAA,EAAO,MAAA;AAAA,EACP,WAAA,EAAa,OAAA;AAAA,EACb,IAAA,EAAM,QAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,WAAA,EAAa,0CAAA;AAAA,EACb,gBAAA,EAAkB,OAAA;AAAA,EAClB,WAAA,EAAa,SAAA;AAAA,EACb,aAAA,EAAe,CAAC,OAAA,EAAS,MAAA,EAAQ,UAAU,YAAY,CAAA;AAAA,EAEvD,MAAA,EAAQ;AAAA;AAAA,IAEN,KAAA,EAAOC,WAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,IAAA,EAAMA,WAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa,+DAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,WAAA,EAAaA,WAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,WAAA,EAAaA,WAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa,6CAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQA,WAAM,OAAA,CAAQ;AAAA,MACpB,KAAA,EAAO,QAAA;AAAA,MACP,YAAA,EAAc,IAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,OAAA,CAAQ;AAAA,MACxB,KAAA,EAAO,cAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EAAa,qCAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,EAAA,EAAIA,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA,IACP,EAAE,MAAA,EAAQ,CAAC,MAAM,CAAA,EAAG,QAAQ,IAAA,EAAK;AAAA,IACjC,EAAE,MAAA,EAAQ,CAAC,QAAQ,CAAA;AAAE,GACvB;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,YAAY,CAAC,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,UAAU,QAAQ,CAAA;AAAA,IACxD,KAAA,EAAO,IAAA;AAAA,IACP,GAAA,EAAK;AAAA;AAET,CAAC;AC7FM,IAAM,gBAAA,GAAmBD,kBAAa,MAAA,CAAO;AAAA,EAClD,IAAA,EAAM,oBAAA;AAAA,EACN,KAAA,EAAO,gBAAA;AAAA,EACP,WAAA,EAAa,iBAAA;AAAA,EACb,IAAA,EAAM,MAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,WAAA,EAAa,4DAAA;AAAA,EACb,gBAAA,EAAkB,OAAA;AAAA,EAClB,WAAA,EAAa,SAAA;AAAA,EACb,aAAA,EAAe,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAEzC,MAAA,EAAQ;AAAA;AAAA,IAEN,KAAA,EAAOC,WAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,IAAA,EAAMA,WAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa,4CAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,WAAA,EAAaA,WAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,kBAAA,EAAoBA,WAAM,QAAA,CAAS;AAAA,MACjC,KAAA,EAAO,oBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa,+CAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,iBAAA,EAAmBA,WAAM,QAAA,CAAS;AAAA,MAChC,KAAA,EAAO,mBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa,oDAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQA,WAAM,OAAA,CAAQ;AAAA,MACpB,KAAA,EAAO,QAAA;AAAA,MACP,YAAA,EAAc,IAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,EAAA,EAAIA,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,mBAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA,IACP,EAAE,MAAA,EAAQ,CAAC,MAAM,CAAA,EAAG,QAAQ,IAAA,EAAK;AAAA,IACjC,EAAE,MAAA,EAAQ,CAAC,QAAQ,CAAA;AAAE,GACvB;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,YAAY,CAAC,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,UAAU,QAAQ,CAAA;AAAA,IACxD,KAAA,EAAO,IAAA;AAAA,IACP,GAAA,EAAK;AAAA;AAET,CAAC","file":"index.js","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_role — System Role Object\n *\n * RBAC role definition for the ObjectStack platform.\n * Roles group permissions and are assigned to users or members.\n *\n * @namespace sys\n */\nexport const SysRole = ObjectSchema.create({\n name: 'sys_role',\n label: 'Role',\n pluralLabel: 'Roles',\n icon: 'shield',\n isSystem: true,\n description: 'Role definitions for RBAC access control',\n displayNameField: 'label',\n titleFormat: '{label}',\n compactLayout: ['label', 'name', 'active', 'is_default'],\n\n fields: {\n // ── Identity ─────────────────────────────────────────────────\n label: Field.text({\n label: 'Display Name',\n required: true,\n searchable: true,\n maxLength: 255,\n group: 'Identity',\n }),\n\n name: Field.text({\n label: 'API Name',\n required: true,\n searchable: true,\n maxLength: 100,\n description: 'Unique machine name for the role (e.g. admin, editor, viewer)',\n group: 'Identity',\n }),\n\n description: Field.textarea({\n label: 'Description',\n required: false,\n group: 'Identity',\n }),\n\n // ── Configuration ────────────────────────────────────────────\n permissions: Field.textarea({\n label: 'Permissions',\n required: false,\n description: 'JSON-serialized array of permission strings',\n group: 'Configuration',\n }),\n\n // ── Status ───────────────────────────────────────────────────\n active: Field.boolean({\n label: 'Active',\n defaultValue: true,\n group: 'Status',\n }),\n\n is_default: Field.boolean({\n label: 'Default Role',\n defaultValue: false,\n description: 'Automatically assigned to new users',\n group: 'Status',\n }),\n\n // ── System ───────────────────────────────────────────────────\n id: Field.text({\n label: 'Role ID',\n required: true,\n readonly: true,\n group: 'System',\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n },\n\n indexes: [\n { fields: ['name'], unique: true },\n { fields: ['active'] },\n ],\n\n enable: {\n trackHistory: true,\n searchable: true,\n apiEnabled: true,\n apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n trash: true,\n mru: true,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_permission_set — System Permission Set Object\n *\n * Named groupings of fine-grained permissions.\n * Permission sets can be assigned to roles or directly to users\n * for granular access control.\n *\n * @namespace sys\n */\nexport const SysPermissionSet = ObjectSchema.create({\n name: 'sys_permission_set',\n label: 'Permission Set',\n pluralLabel: 'Permission Sets',\n icon: 'lock',\n isSystem: true,\n description: 'Named permission groupings for fine-grained access control',\n displayNameField: 'label',\n titleFormat: '{label}',\n compactLayout: ['label', 'name', 'active'],\n\n fields: {\n // ── Identity ─────────────────────────────────────────────────\n label: Field.text({\n label: 'Display Name',\n required: true,\n searchable: true,\n maxLength: 255,\n group: 'Identity',\n }),\n\n name: Field.text({\n label: 'API Name',\n required: true,\n searchable: true,\n maxLength: 100,\n description: 'Unique machine name for the permission set',\n group: 'Identity',\n }),\n\n description: Field.textarea({\n label: 'Description',\n required: false,\n group: 'Identity',\n }),\n\n // ── Permissions ──────────────────────────────────────────────\n object_permissions: Field.textarea({\n label: 'Object Permissions',\n required: false,\n description: 'JSON-serialized object-level CRUD permissions',\n group: 'Permissions',\n }),\n\n field_permissions: Field.textarea({\n label: 'Field Permissions',\n required: false,\n description: 'JSON-serialized field-level read/write permissions',\n group: 'Permissions',\n }),\n\n // ── Status ───────────────────────────────────────────────────\n active: Field.boolean({\n label: 'Active',\n defaultValue: true,\n group: 'Status',\n }),\n\n // ── System ───────────────────────────────────────────────────\n id: Field.text({\n label: 'Permission Set ID',\n required: true,\n readonly: true,\n group: 'System',\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n },\n\n indexes: [\n { fields: ['name'], unique: true },\n { fields: ['active'] },\n ],\n\n enable: {\n trackHistory: true,\n searchable: true,\n apiEnabled: true,\n apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n trash: true,\n mru: true,\n },\n});\n"]}

package/dist/security/index.mjs ADDED Viewed

@@ -0,0 +1,175 @@
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+// src/security/sys-role.object.ts
+var SysRole = ObjectSchema.create({
+  name: "sys_role",
+  label: "Role",
+  pluralLabel: "Roles",
+  icon: "shield",
+  isSystem: true,
+  description: "Role definitions for RBAC access control",
+  displayNameField: "label",
+  titleFormat: "{label}",
+  compactLayout: ["label", "name", "active", "is_default"],
+  fields: {
+    // ── Identity ─────────────────────────────────────────────────
+    label: Field.text({
+      label: "Display Name",
+      required: true,
+      searchable: true,
+      maxLength: 255,
+      group: "Identity"
+    }),
+    name: Field.text({
+      label: "API Name",
+      required: true,
+      searchable: true,
+      maxLength: 100,
+      description: "Unique machine name for the role (e.g. admin, editor, viewer)",
+      group: "Identity"
+    }),
+    description: Field.textarea({
+      label: "Description",
+      required: false,
+      group: "Identity"
+    }),
+    // ── Configuration ────────────────────────────────────────────
+    permissions: Field.textarea({
+      label: "Permissions",
+      required: false,
+      description: "JSON-serialized array of permission strings",
+      group: "Configuration"
+    }),
+    // ── Status ───────────────────────────────────────────────────
+    active: Field.boolean({
+      label: "Active",
+      defaultValue: true,
+      group: "Status"
+    }),
+    is_default: Field.boolean({
+      label: "Default Role",
+      defaultValue: false,
+      description: "Automatically assigned to new users",
+      group: "Status"
+    }),
+    // ── System ───────────────────────────────────────────────────
+    id: Field.text({
+      label: "Role ID",
+      required: true,
+      readonly: true,
+      group: "System"
+    }),
+    created_at: Field.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    }),
+    updated_at: Field.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    })
+  },
+  indexes: [
+    { fields: ["name"], unique: true },
+    { fields: ["active"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: true
+  }
+});
+var SysPermissionSet = ObjectSchema.create({
+  name: "sys_permission_set",
+  label: "Permission Set",
+  pluralLabel: "Permission Sets",
+  icon: "lock",
+  isSystem: true,
+  description: "Named permission groupings for fine-grained access control",
+  displayNameField: "label",
+  titleFormat: "{label}",
+  compactLayout: ["label", "name", "active"],
+  fields: {
+    // ── Identity ─────────────────────────────────────────────────
+    label: Field.text({
+      label: "Display Name",
+      required: true,
+      searchable: true,
+      maxLength: 255,
+      group: "Identity"
+    }),
+    name: Field.text({
+      label: "API Name",
+      required: true,
+      searchable: true,
+      maxLength: 100,
+      description: "Unique machine name for the permission set",
+      group: "Identity"
+    }),
+    description: Field.textarea({
+      label: "Description",
+      required: false,
+      group: "Identity"
+    }),
+    // ── Permissions ──────────────────────────────────────────────
+    object_permissions: Field.textarea({
+      label: "Object Permissions",
+      required: false,
+      description: "JSON-serialized object-level CRUD permissions",
+      group: "Permissions"
+    }),
+    field_permissions: Field.textarea({
+      label: "Field Permissions",
+      required: false,
+      description: "JSON-serialized field-level read/write permissions",
+      group: "Permissions"
+    }),
+    // ── Status ───────────────────────────────────────────────────
+    active: Field.boolean({
+      label: "Active",
+      defaultValue: true,
+      group: "Status"
+    }),
+    // ── System ───────────────────────────────────────────────────
+    id: Field.text({
+      label: "Permission Set ID",
+      required: true,
+      readonly: true,
+      group: "System"
+    }),
+    created_at: Field.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    }),
+    updated_at: Field.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    })
+  },
+  indexes: [
+    { fields: ["name"], unique: true },
+    { fields: ["active"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: true
+  }
+});
+export { SysPermissionSet, SysRole };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/security/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/security/sys-role.object.ts","../../src/security/sys-permission-set.object.ts"],"names":["ObjectSchema","Field"],"mappings":";;;AAYO,IAAM,OAAA,GAAU,aAAa,MAAA,CAAO;AAAA,EACzC,IAAA,EAAM,UAAA;AAAA,EACN,KAAA,EAAO,MAAA;AAAA,EACP,WAAA,EAAa,OAAA;AAAA,EACb,IAAA,EAAM,QAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,WAAA,EAAa,0CAAA;AAAA,EACb,gBAAA,EAAkB,OAAA;AAAA,EAClB,WAAA,EAAa,SAAA;AAAA,EACb,aAAA,EAAe,CAAC,OAAA,EAAS,MAAA,EAAQ,UAAU,YAAY,CAAA;AAAA,EAEvD,MAAA,EAAQ;AAAA;AAAA,IAEN,KAAA,EAAO,MAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,IAAA,EAAM,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa,+DAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,WAAA,EAAa,MAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,WAAA,EAAa,MAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa,6CAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQ,MAAM,OAAA,CAAQ;AAAA,MACpB,KAAA,EAAO,QAAA;AAAA,MACP,YAAA,EAAc,IAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAY,MAAM,OAAA,CAAQ;AAAA,MACxB,KAAA,EAAO,cAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EAAa,qCAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,EAAA,EAAI,MAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAY,MAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAY,MAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA,IACP,EAAE,MAAA,EAAQ,CAAC,MAAM,CAAA,EAAG,QAAQ,IAAA,EAAK;AAAA,IACjC,EAAE,MAAA,EAAQ,CAAC,QAAQ,CAAA;AAAE,GACvB;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,YAAY,CAAC,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,UAAU,QAAQ,CAAA;AAAA,IACxD,KAAA,EAAO,IAAA;AAAA,IACP,GAAA,EAAK;AAAA;AAET,CAAC;AC7FM,IAAM,gBAAA,GAAmBA,aAAa,MAAA,CAAO;AAAA,EAClD,IAAA,EAAM,oBAAA;AAAA,EACN,KAAA,EAAO,gBAAA;AAAA,EACP,WAAA,EAAa,iBAAA;AAAA,EACb,IAAA,EAAM,MAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,WAAA,EAAa,4DAAA;AAAA,EACb,gBAAA,EAAkB,OAAA;AAAA,EAClB,WAAA,EAAa,SAAA;AAAA,EACb,aAAA,EAAe,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAEzC,MAAA,EAAQ;AAAA;AAAA,IAEN,KAAA,EAAOC,MAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa,4CAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,WAAA,EAAaA,MAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,kBAAA,EAAoBA,MAAM,QAAA,CAAS;AAAA,MACjC,KAAA,EAAO,oBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa,+CAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,iBAAA,EAAmBA,MAAM,QAAA,CAAS;AAAA,MAChC,KAAA,EAAO,mBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa,oDAAA;AAAA,MACb,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQA,MAAM,OAAA,CAAQ;AAAA,MACpB,KAAA,EAAO,QAAA;AAAA,MACP,YAAA,EAAc,IAAA;AAAA,MACd,KAAA,EAAO;AAAA,KACR,CAAA;AAAA;AAAA,IAGD,EAAA,EAAIA,MAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,mBAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,MAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,IAED,UAAA,EAAYA,MAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU,IAAA;AAAA,MACV,KAAA,EAAO;AAAA,KACR;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA,IACP,EAAE,MAAA,EAAQ,CAAC,MAAM,CAAA,EAAG,QAAQ,IAAA,EAAK;AAAA,IACjC,EAAE,MAAA,EAAQ,CAAC,QAAQ,CAAA;AAAE,GACvB;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,YAAY,CAAC,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,UAAU,QAAQ,CAAA;AAAA,IACxD,KAAA,EAAO,IAAA;AAAA,IACP,GAAA,EAAK;AAAA;AAET,CAAC","file":"index.mjs","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_role — System Role Object\n *\n * RBAC role definition for the ObjectStack platform.\n * Roles group permissions and are assigned to users or members.\n *\n * @namespace sys\n */\nexport const SysRole = ObjectSchema.create({\n name: 'sys_role',\n label: 'Role',\n pluralLabel: 'Roles',\n icon: 'shield',\n isSystem: true,\n description: 'Role definitions for RBAC access control',\n displayNameField: 'label',\n titleFormat: '{label}',\n compactLayout: ['label', 'name', 'active', 'is_default'],\n\n fields: {\n // ── Identity ─────────────────────────────────────────────────\n label: Field.text({\n label: 'Display Name',\n required: true,\n searchable: true,\n maxLength: 255,\n group: 'Identity',\n }),\n\n name: Field.text({\n label: 'API Name',\n required: true,\n searchable: true,\n maxLength: 100,\n description: 'Unique machine name for the role (e.g. admin, editor, viewer)',\n group: 'Identity',\n }),\n\n description: Field.textarea({\n label: 'Description',\n required: false,\n group: 'Identity',\n }),\n\n // ── Configuration ────────────────────────────────────────────\n permissions: Field.textarea({\n label: 'Permissions',\n required: false,\n description: 'JSON-serialized array of permission strings',\n group: 'Configuration',\n }),\n\n // ── Status ───────────────────────────────────────────────────\n active: Field.boolean({\n label: 'Active',\n defaultValue: true,\n group: 'Status',\n }),\n\n is_default: Field.boolean({\n label: 'Default Role',\n defaultValue: false,\n description: 'Automatically assigned to new users',\n group: 'Status',\n }),\n\n // ── System ───────────────────────────────────────────────────\n id: Field.text({\n label: 'Role ID',\n required: true,\n readonly: true,\n group: 'System',\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n },\n\n indexes: [\n { fields: ['name'], unique: true },\n { fields: ['active'] },\n ],\n\n enable: {\n trackHistory: true,\n searchable: true,\n apiEnabled: true,\n apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n trash: true,\n mru: true,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_permission_set — System Permission Set Object\n *\n * Named groupings of fine-grained permissions.\n * Permission sets can be assigned to roles or directly to users\n * for granular access control.\n *\n * @namespace sys\n */\nexport const SysPermissionSet = ObjectSchema.create({\n name: 'sys_permission_set',\n label: 'Permission Set',\n pluralLabel: 'Permission Sets',\n icon: 'lock',\n isSystem: true,\n description: 'Named permission groupings for fine-grained access control',\n displayNameField: 'label',\n titleFormat: '{label}',\n compactLayout: ['label', 'name', 'active'],\n\n fields: {\n // ── Identity ─────────────────────────────────────────────────\n label: Field.text({\n label: 'Display Name',\n required: true,\n searchable: true,\n maxLength: 255,\n group: 'Identity',\n }),\n\n name: Field.text({\n label: 'API Name',\n required: true,\n searchable: true,\n maxLength: 100,\n description: 'Unique machine name for the permission set',\n group: 'Identity',\n }),\n\n description: Field.textarea({\n label: 'Description',\n required: false,\n group: 'Identity',\n }),\n\n // ── Permissions ──────────────────────────────────────────────\n object_permissions: Field.textarea({\n label: 'Object Permissions',\n required: false,\n description: 'JSON-serialized object-level CRUD permissions',\n group: 'Permissions',\n }),\n\n field_permissions: Field.textarea({\n label: 'Field Permissions',\n required: false,\n description: 'JSON-serialized field-level read/write permissions',\n group: 'Permissions',\n }),\n\n // ── Status ───────────────────────────────────────────────────\n active: Field.boolean({\n label: 'Active',\n defaultValue: true,\n group: 'Status',\n }),\n\n // ── System ───────────────────────────────────────────────────\n id: Field.text({\n label: 'Permission Set ID',\n required: true,\n readonly: true,\n group: 'System',\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n defaultValue: 'NOW()',\n readonly: true,\n group: 'System',\n }),\n },\n\n indexes: [\n { fields: ['name'], unique: true },\n { fields: ['active'] },\n ],\n\n enable: {\n trackHistory: true,\n searchable: true,\n apiEnabled: true,\n apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n trash: true,\n mru: true,\n },\n});\n"]}

package/dist/state-machine.zod-BFg-VE0M.d-Ek3_yo9P.d.mts ADDED Viewed

@@ -0,0 +1,41 @@
+import { z } from 'zod';
+declare const ActionRefSchema: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
+    type: z.ZodString;
+    params: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.core.$strip>]>;
+/**
+ * State Transition Definition
+ * "When EVENT happens, if GUARD is true, go to TARGET and run ACTIONS"
+ */
+declare const TransitionSchema: z.ZodObject<{
+    target: z.ZodOptional<z.ZodString>;
+    cond: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
+        type: z.ZodString;
+        params: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>]>>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
+        type: z.ZodString;
+        params: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>]>>>;
+    description: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+type ActionRef = z.infer<typeof ActionRefSchema>;
+type Transition = z.infer<typeof TransitionSchema>;
+type StateNodeConfig = {
+    type?: 'atomic' | 'compound' | 'parallel' | 'final' | 'history';
+    entry?: ActionRef[];
+    exit?: ActionRef[];
+    on?: Record<string, string | Transition | Transition[]>;
+    always?: Transition[];
+    initial?: string;
+    states?: Record<string, StateNodeConfig>;
+    meta?: {
+        label?: string;
+        description?: string;
+        color?: string;
+        aiInstructions?: string;
+    };
+};
+export type { StateNodeConfig as S };

package/dist/state-machine.zod-BFg-VE0M.d-Ek3_yo9P.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { z } from 'zod';
+declare const ActionRefSchema: z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
+    type: z.ZodString;
+    params: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.core.$strip>]>;
+/**
+ * State Transition Definition
+ * "When EVENT happens, if GUARD is true, go to TARGET and run ACTIONS"
+ */
+declare const TransitionSchema: z.ZodObject<{
+    target: z.ZodOptional<z.ZodString>;
+    cond: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
+        type: z.ZodString;
+        params: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>]>>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodString, z.ZodObject<{
+        type: z.ZodString;
+        params: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>]>>>;
+    description: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+type ActionRef = z.infer<typeof ActionRefSchema>;
+type Transition = z.infer<typeof TransitionSchema>;
+type StateNodeConfig = {
+    type?: 'atomic' | 'compound' | 'parallel' | 'final' | 'history';
+    entry?: ActionRef[];
+    exit?: ActionRef[];
+    on?: Record<string, string | Transition | Transition[]>;
+    always?: Transition[];
+    initial?: string;
+    states?: Record<string, StateNodeConfig>;
+    meta?: {
+        label?: string;
+        description?: string;
+        color?: string;
+        aiInstructions?: string;
+    };
+};
+export type { StateNodeConfig as S };