@objectstack/platform-objects 4.0.5 → 4.1.0

package/dist/apps/index.js

@@ -27,197 +27,120 @@ var SETUP_APP = {
       ]
     },
     {
-      id: "group_administration",
+      id: "group_people_org",
       type: "group",
-      label: "Administration",
-      icon: "shield",
+      label: "People & Organization",
+      icon: "users",
       children: [
-        { id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "users" },
-        { id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2" },
+        // HR-shaped grouping: who exists, where they sit in the org chart,
+        // and which tenants/teams they belong to. `sys_department` is the
+        // platform-owned org skeleton (M10.17.1); `sys_team` is better-auth's
+        // flat collaboration grouping.
+        //
+        // M10.30b: removed top-level Department Members / Team Members /
+        // Org Members entries — they are M:N join tables and the natural
+        // entry point is the parent record's detail page.
+        { id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "user" },
+        { id: "nav_departments", type: "object", label: "Departments", objectName: "sys_department", icon: "building", requiresObject: "sys_department" },
         { id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
-        { id: "nav_api_keys", type: "object", label: "API Keys", objectName: "sys_api_key", icon: "key" },
+        { id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2" },
+        { id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail" }
+      ]
+    },
+    {
+      id: "group_access_control",
+      type: "group",
+      label: "Access Control",
+      icon: "shield",
+      children: [
+        // M10.30b: removed top-level User Permission Sets / Role Permission
+        // Sets entries — same M:N → parent-detail-tab argument as the
+        // People & Org cleanup.
         { id: "nav_roles", type: "object", label: "Roles", objectName: "sys_role", icon: "shield-check" },
         { id: "nav_permission_sets", type: "object", label: "Permission Sets", objectName: "sys_permission_set", icon: "lock" },
-        { id: "nav_user_permission_sets", type: "object", label: "User Permission Sets", objectName: "sys_user_permission_set", icon: "user-check" },
-        { id: "nav_role_permission_sets", type: "object", label: "Role Permission Sets", objectName: "sys_role_permission_set", icon: "shield-plus" },
-        { id: "nav_oauth_apps", type: "object", label: "OAuth Apps", objectName: "sys_oauth_application", icon: "app-window" },
-        { id: "nav_jwks", type: "object", label: "Signing Keys", objectName: "sys_jwks", icon: "key-round" }
+        { id: "nav_sharing_rules", type: "object", label: "Sharing Rules", objectName: "sys_sharing_rule", icon: "share-2", requiresObject: "sys_sharing_rule" },
+        { id: "nav_record_shares", type: "object", label: "Record Shares", objectName: "sys_record_share", icon: "link", requiresObject: "sys_record_share" },
+        { id: "nav_api_keys", type: "object", label: "API Keys", objectName: "sys_api_key", icon: "key" }
       ]
     },
     {
-      id: "group_platform",
+      id: "group_approvals",
       type: "group",
-      label: "Platform",
-      icon: "layers",
+      label: "Approvals",
+      icon: "check-circle",
       children: [
-        { id: "nav_objects", type: "object", label: "Objects", objectName: "sys_object", icon: "database" },
-        { id: "nav_views", type: "object", label: "Views", objectName: "sys_view", icon: "table" },
-        { id: "nav_flows", type: "object", label: "Flows", objectName: "sys_flow", icon: "workflow" },
-        { id: "nav_agents", type: "object", label: "AI Agents", objectName: "sys_agent", icon: "bot" },
-        { id: "nav_tools", type: "object", label: "AI Tools", objectName: "sys_tool", icon: "wrench" },
-        { id: "nav_apps", type: "object", label: "Apps", objectName: "sys_app", icon: "layout-grid" },
-        { id: "nav_packages", type: "object", label: "Packages", objectName: "sys_package", icon: "package" },
-        { id: "nav_package_installations", type: "object", label: "Installations", objectName: "sys_package_installation", icon: "package-check" },
-        { id: "nav_metadata", type: "object", label: "All Metadata", objectName: "sys_metadata", icon: "file-cog" }
+        { id: "nav_approval_processes", type: "object", label: "Processes", objectName: "sys_approval_process", icon: "workflow", requiresObject: "sys_approval_process" },
+        { id: "nav_approval_requests", type: "object", label: "Requests", objectName: "sys_approval_request", icon: "inbox", requiresObject: "sys_approval_request" },
+        { id: "nav_approval_actions", type: "object", label: "Action History", objectName: "sys_approval_action", icon: "history", requiresObject: "sys_approval_action" }
+      ]
+    },
+    {
+      id: "group_configuration",
+      type: "group",
+      label: "Configuration",
+      icon: "sliders-horizontal",
+      children: [
+        // Metadata-driven settings hub. Each entry maps to a SettingsManifest
+        // namespace exposed by @objectstack/service-settings. URL navigation
+        // is used (not `object`) because settings are stored in a generic
+        // K/V table (`sys_setting`) rather than per-namespace objects, and
+        // the renderer is a dedicated <SettingsView> page in objectui.
+        { id: "nav_settings_hub", type: "url", label: "All Settings", url: "/apps/setup/system/settings", icon: "settings-2" },
+        { id: "nav_settings_mail", type: "url", label: "Email", url: "/apps/setup/system/settings/mail", icon: "mail" },
+        { id: "nav_settings_branding", type: "url", label: "Branding", url: "/apps/setup/system/settings/branding", icon: "palette" },
+        { id: "nav_settings_feature_flags", type: "url", label: "Feature Flags", url: "/apps/setup/system/settings/feature_flags", icon: "flag" }
       ]
     },
     {
-      id: "group_system",
+      id: "group_diagnostics",
       type: "group",
-      label: "System",
-      icon: "settings",
+      label: "Diagnostics",
+      icon: "stethoscope",
       children: [
+        // Day-to-day observability surfaces. M10.30b removed `sys_activity`
+        // and `sys_comment` — both are CRM operational data authored from
+        // record pages, not platform admin surfaces.
         { id: "nav_sessions", type: "object", label: "Sessions", objectName: "sys_session", icon: "monitor" },
         { id: "nav_audit_logs", type: "object", label: "Audit Logs", objectName: "sys_audit_log", icon: "scroll-text" },
-        { id: "nav_activity", type: "object", label: "Activity", objectName: "sys_activity", icon: "activity" },
-        { id: "nav_comments", type: "object", label: "Comments", objectName: "sys_comment", icon: "message-square" }
+        { id: "nav_notifications", type: "object", label: "Notifications", objectName: "sys_notification", icon: "bell", requiresObject: "sys_notification" }
+      ]
+    },
+    {
+      id: "group_advanced",
+      type: "group",
+      label: "Advanced",
+      icon: "wrench",
+      expanded: false,
+      children: [
+        // Better-auth internals — rarely useful for humans, but exposed
+        // so support engineers can inspect token state without dropping
+        // to SQL. The objectui sidebar collapses this group by default;
+        // edits should hit the read-only banner since these are all
+        // `managedBy: 'better-auth'`.
+        //
+        // M10.30b changes:
+        //  - Removed the 3 OAuth satellite menus (access tokens / refresh
+        //    tokens / consents). They live under their parent OAuth App.
+        //  - Renamed "Linked Accounts" → "Identity Links" to distinguish
+        //    from sys_user / org members.
+        //  - Demoted "All Metadata" from the (now-deleted) Platform group
+        //    to this Advanced/debug bucket.
+        //  - The marketplace-only `sys_app` / `sys_package` /
+        //    `sys_package_installation` menus have been removed entirely;
+        //    they are contributed by `@objectstack/service-tenant`
+        //    (control-plane) and are not present in single-project runtimes.
+        { id: "nav_oauth_apps", type: "object", label: "OAuth Applications", objectName: "sys_oauth_application", icon: "app-window" },
+        { id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round" },
+        { id: "nav_verifications", type: "object", label: "Verifications", objectName: "sys_verification", icon: "mail-check" },
+        { id: "nav_two_factor", type: "object", label: "Two-Factor", objectName: "sys_two_factor", icon: "smartphone" },
+        { id: "nav_device_codes", type: "object", label: "Device Codes", objectName: "sys_device_code", icon: "qr-code" },
+        { id: "nav_accounts", type: "object", label: "Identity Links", objectName: "sys_account", icon: "link-2" },
+        { id: "nav_user_preferences", type: "object", label: "User Preferences", objectName: "sys_user_preference", icon: "sliders" },
+        { id: "nav_metadata", type: "object", label: "All Metadata", objectName: "sys_metadata", icon: "file-cog" }
       ]
     }
   ]
 };
-
-// src/apps/views/users.view.ts
-var UsersView = {
-  name: "users",
-  label: "Users",
-  type: "grid",
-  data: {
-    provider: "object",
-    object: "sys_user"
-  },
-  columns: [
-    { field: "name", label: "Name", sortable: true },
-    { field: "email", label: "Email", sortable: true },
-    { field: "phone", label: "Phone" },
-    { field: "status", label: "Status", sortable: true },
-    { field: "active", label: "Active", sortable: true },
-    { field: "created_at", label: "Created", sortable: true }
-  ],
-  sort: [{ field: "created_at", order: "desc" }],
-  filter: [],
-  searchableFields: ["name", "email"],
-  pagination: {
-    pageSize: 20
-  }
-};
-
-// src/apps/views/organizations.view.ts
-var OrganizationsView = {
-  name: "organizations",
-  label: "Organizations",
-  type: "grid",
-  data: {
-    provider: "object",
-    object: "sys_organization"
-  },
-  columns: [
-    { field: "name", label: "Name", sortable: true },
-    { field: "status", label: "Status", sortable: true },
-    { field: "plan_tier", label: "Plan Tier" },
-    { field: "member_count", label: "Members" },
-    { field: "created_at", label: "Created", sortable: true }
-  ],
-  sort: [{ field: "created_at", order: "desc" }],
-  filter: [],
-  searchableFields: ["name"],
-  pagination: {
-    pageSize: 20
-  }
-};
-
-// src/apps/views/roles.view.ts
-var RolesView = {
-  name: "roles",
-  label: "Roles",
-  type: "grid",
-  data: {
-    provider: "object",
-    object: "sys_role"
-  },
-  columns: [
-    { field: "name", label: "Name", sortable: true },
-    { field: "description", label: "Description" },
-    { field: "is_system", label: "System Role" },
-    { field: "created_at", label: "Created", sortable: true }
-  ],
-  sort: [{ field: "created_at", order: "desc" }],
-  filter: [],
-  searchableFields: ["name", "description"],
-  pagination: {
-    pageSize: 20
-  }
-};
-
-// src/apps/views/sessions.view.ts
-var SessionsView = {
-  name: "sessions",
-  label: "Sessions",
-  type: "grid",
-  data: {
-    provider: "object",
-    object: "sys_session"
-  },
-  columns: [
-    { field: "user_id", label: "User", sortable: true },
-    { field: "ip_address", label: "IP Address" },
-    { field: "created_at", label: "Created", sortable: true },
-    { field: "expires_at", label: "Expires", sortable: true }
-  ],
-  sort: [{ field: "created_at", order: "desc" }],
-  filter: [],
-  searchableFields: ["user_id"],
-  pagination: {
-    pageSize: 20
-  }
-};
-
-// src/apps/views/audit_logs.view.ts
-var AuditLogsView = {
-  name: "audit_logs",
-  label: "Audit Logs",
-  type: "grid",
-  data: {
-    provider: "object",
-    object: "sys_audit_log"
-  },
-  columns: [
-    { field: "created_at", label: "Timestamp", sortable: true },
-    { field: "action", label: "Action", sortable: true },
-    { field: "user_id", label: "Actor" },
-    { field: "object_name", label: "Object" },
-    { field: "record_id", label: "Record ID" }
-  ],
-  sort: [{ field: "created_at", order: "desc" }],
-  filter: [],
-  searchableFields: ["action", "object_name", "record_id"],
-  pagination: {
-    pageSize: 20
-  }
-};
-
-// src/apps/views/package_installations.view.ts
-var PackageInstallationsView = {
-  name: "package_installations",
-  label: "Package Installations",
-  type: "grid",
-  data: {
-    provider: "object",
-    object: "sys_package_installation"
-  },
-  columns: [
-    { field: "package_id", label: "Package", sortable: true },
-    { field: "project_id", label: "Project", sortable: true },
-    { field: "package_version_id", label: "Version" },
-    { field: "status", label: "Status", sortable: true },
-    { field: "installed_at", label: "Installed", sortable: true }
-  ],
-  sort: [{ field: "installed_at", order: "desc" }],
-  filter: [],
-  searchableFields: ["package_id", "project_id"],
-  pagination: {
-    pageSize: 20
-  }
-};
 var SystemOverviewDashboard = ui.Dashboard.create({
   name: "system_overview",
   label: "System Overview",
@@ -283,25 +206,29 @@ var SystemOverviewDashboard = ui.Dashboard.create({
       title: "Packages Installed",
       type: "metric",
       object: "sys_package_installation",
+      // Cloud-only object — only registered when service-tenant is loaded.
+      // Hide this widget gracefully in single-project runtimes.
+      requiresObject: "sys_package_installation",
       layout: {
         x: 9,
         y: 0,
         w: 3,
         h: 2
       },
-      filter: {
-        field: "status",
-        operator: "equals",
-        value: "installed"
-      },
+      filter: { status: "installed" },
       aggregate: "count",
       colorVariant: "success",
       description: "Active package installations across projects"
     },
-    // ── Audit Actions by Type (last 7 days) ─────────────────────────
+    // ── Audit Actions by Type ───────────────────────────────────────
+    // Note: relative date filters like `NOW() - INTERVAL 7 DAY` are not
+    // currently substituted by the analytics layer (see
+    // service-analytics/strategies/filter-normalizer.ts). The dashboard's
+    // `globalFilters` date-range bar at the bottom is the supported way
+    // to scope this widget.
     {
       id: "widget_audit_actions",
-      title: "Audit Actions (7d)",
+      title: "Audit Actions",
       description: "Distribution of audit events by action type",
       type: "pie",
       object: "sys_audit_log",
@@ -312,12 +239,7 @@ var SystemOverviewDashboard = ui.Dashboard.create({
         h: 4
       },
       categoryField: "action",
-      aggregate: "count",
-      filter: {
-        field: "created_at",
-        operator: "gte",
-        value: "NOW() - INTERVAL 7 DAY"
-      }
+      aggregate: "count"
     },
     // ── Session Status Overview ─────────────────────────────────────
     {
@@ -336,20 +258,27 @@ var SystemOverviewDashboard = ui.Dashboard.create({
       aggregate: "count"
     },
     // ── Recent Audit Log (Table) ────────────────────────────────────
+    // `type: 'table'` renders the underlying rows directly, so this
+    // panel actually shows the latest events instead of just repeating
+    // the total-count metric. `valueField`/`aggregate` are intentionally
+    // omitted — table widgets pull raw records.
     {
       id: "widget_recent_events",
       title: "Recent Audit Events",
       description: "Latest platform events",
-      type: "metric",
+      type: "table",
       object: "sys_audit_log",
       layout: {
         x: 0,
         y: 6,
         w: 12,
-        h: 3
+        h: 4
       },
-      aggregate: "count",
-      colorVariant: "default"
+      options: {
+        columns: ["created_at", "user_id", "action", "object_name", "record_id"],
+        sort: [{ field: "created_at", order: "desc" }],
+        pageSize: 20
+      }
     }
   ],
   globalFilters: [
@@ -370,10 +299,14 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
   columns: 12,
   gap: 4,
   widgets: [
-    // ── Failed Login Attempts Widget ────────────────────────────────
+    // ── Login Events Widget ─────────────────────────────────────────
+    // The `sys_audit_log.action` enum doesn't distinguish failed vs
+    // successful logins (both fold into `action='login'`). Surfacing a
+    // total Login Events count is honest; a "Failed Logins" widget will
+    // need a richer enum or a separate detail field first.
     {
-      id: "widget_failed_logins",
-      title: "Failed Login Attempts",
+      id: "widget_login_events",
+      title: "Login Events",
       type: "metric",
       object: "sys_audit_log",
       layout: {
@@ -382,14 +315,10 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
         w: 3,
         h: 2
       },
-      filter: {
-        field: "action",
-        operator: "equals",
-        value: "login"
-      },
+      filter: { action: "login" },
       aggregate: "count",
-      colorVariant: "danger",
-      description: "Failed authentication attempts (24h)"
+      colorVariant: "blue",
+      description: "Authentication events recorded by the audit log"
     },
     // ── Permission Changes Widget ───────────────────────────────────
     {
@@ -403,11 +332,7 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
         w: 3,
         h: 2
       },
-      filter: {
-        field: "action",
-        operator: "equals",
-        value: "permission_change"
-      },
+      filter: { action: "permission_change" },
       aggregate: "count",
       colorVariant: "warning",
       description: "Recent permission and role modifications"
@@ -424,11 +349,7 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
         w: 3,
         h: 2
       },
-      filter: {
-        field: "action",
-        operator: "equals",
-        value: "config_change"
-      },
+      filter: { action: "config_change" },
       aggregate: "count",
       colorVariant: "blue",
       description: "System configuration modifications"
@@ -482,20 +403,27 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
       aggregate: "count"
     },
     // ── Recent Security Events (Table) ──────────────────────────────
+    // Real table widget — pulls the latest permission/config rows.
     {
       id: "widget_recent_security_events",
       title: "Recent Security Events",
       description: "Latest permission and config changes",
-      type: "metric",
+      type: "table",
       object: "sys_audit_log",
       layout: {
         x: 0,
         y: 6,
         w: 12,
-        h: 3
+        h: 4
       },
-      aggregate: "count",
-      colorVariant: "default"
+      filter: {
+        action: { $in: ["login", "logout", "permission_change", "config_change"] }
+      },
+      options: {
+        columns: ["created_at", "user_id", "action", "object_name", "record_id"],
+        sort: [{ field: "created_at", order: "desc" }],
+        pageSize: 20
+      }
     }
   ],
   globalFilters: [
@@ -509,14 +437,8 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
   ]
 });
 
-exports.AuditLogsView = AuditLogsView;
-exports.OrganizationsView = OrganizationsView;
-exports.PackageInstallationsView = PackageInstallationsView;
-exports.RolesView = RolesView;
 exports.SETUP_APP = SETUP_APP;
 exports.SecurityOverviewDashboard = SecurityOverviewDashboard;
-exports.SessionsView = SessionsView;
 exports.SystemOverviewDashboard = SystemOverviewDashboard;
-exports.UsersView = UsersView;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map