@objectstack/platform-objects 5.1.0 → 5.2.0

package/dist/index.js

@@ -3268,6 +3268,20 @@ var defaultPermissionSets = [
         operation: "select",
         using: "id = current_user.id"
       },
+      // Org collaborators: members can see other users in the same
+      // organization. Without this, owner/assignee lookups, @-mention
+      // suggestions, reviewer pickers and team-roster surfaces all
+      // collapse to just the current user. `org_user_ids` is
+      // pre-resolved by runtime/resolve-execution-context from
+      // `sys_member` for the active organization. Sensitive credential
+      // tables (`sys_account`, `sys_session`, `sys_api_key`, …) keep
+      // their stricter self-only carve-outs above.
+      {
+        name: "sys_user_org_members",
+        object: "sys_user",
+        operation: "select",
+        using: "id IN (current_user.org_user_ids)"
+      },
       {
         name: "sys_session_self",
         object: "sys_session",
@@ -3365,8 +3379,14 @@ var defaultPermissionSets = [
         operation: "select",
         using: "id = current_user.id"
       },
-      // ── Per-user visibility on better-auth tables that lack
-      //    `organization_id` (matches the `member_default` carve-outs).
+      // Org collaborators (read-only): see `sys_user_org_members` in
+      // `member_default` for rationale.
+      {
+        name: "sys_user_org_members",
+        object: "sys_user",
+        operation: "select",
+        using: "id IN (current_user.org_user_ids)"
+      },
       {
         name: "sys_session_self",
         object: "sys_session",
@@ -4093,13 +4113,56 @@ var SysNotification = data.ObjectSchema.create({
   displayNameField: "title",
   titleFormat: "{title}",
   compactLayout: ["title", "type", "is_read", "created_at"],
+  /**
+   * Row-level inbox actions. Use `visible` CEL expressions to ensure
+   * `mark_read` only shows on unread rows and vice-versa, mirroring the
+   * mark-as-read affordances in GitHub / Linear inboxes. The toolbar-level
+   * `mark_all_read` is intentionally omitted server-side: it requires a
+   * bulk update primitive that doesn't yet exist on the REST surface, and
+   * the popover already handles the multi-row case client-side via N
+   * single-row PATCHes (see `InboxPopover.tsx` -> AppHeader `markAllRead`).
+   */
+  actions: [
+    {
+      name: "mark_read",
+      label: "Mark as Read",
+      icon: "check",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_notification/{id}",
+      bodyExtra: { is_read: true },
+      visible: "!record.is_read",
+      successMessage: "Notification marked as read",
+      refreshAfter: true
+    },
+    {
+      name: "mark_unread",
+      label: "Mark as Unread",
+      icon: "bell-dot",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_notification/{id}",
+      bodyExtra: { is_read: false, read_at: null },
+      visible: "record.is_read",
+      successMessage: "Notification marked as unread",
+      refreshAfter: true
+    }
+  ],
   listViews: {
     unread: {
       type: "grid",
       name: "unread",
       label: "Unread",
       data: { provider: "object", object: "sys_notification" },
-      columns: ["type", "title", "recipient_id", "created_at"],
+      // Title + actor first (the "who/what" the user actually scans);
+      // type stays as a categorising chip; created_at right-aligned.
+      columns: ["title", "actor_name", "type", "created_at"],
       filter: [
         { field: "recipient_id", operator: "equals", value: "{current_user_id}" },
         { field: "is_read", operator: "equals", value: false }
@@ -4113,17 +4176,21 @@ var SysNotification = data.ObjectSchema.create({
       name: "mine",
       label: "Mine",
       data: { provider: "object", object: "sys_notification" },
-      columns: ["type", "title", "is_read", "created_at"],
+      columns: ["title", "actor_name", "type", "is_read", "created_at"],
       filter: [{ field: "recipient_id", operator: "equals", value: "{current_user_id}" }],
       sort: [{ field: "created_at", order: "desc" }],
-      pagination: { pageSize: 50 }
+      pagination: { pageSize: 50 },
+      // Group by notification category so mention/assignment storms don't
+      // hide system or task_due rows. Users still toggle to flat via the
+      // toolbar Group control if they prefer chronology only.
+      grouping: { fields: [{ field: "type", order: "asc", collapsed: false }] }
     },
     all_notifications: {
       type: "grid",
       name: "all_notifications",
       label: "All",
       data: { provider: "object", object: "sys_notification" },
-      columns: ["type", "title", "recipient_id", "is_read", "created_at"],
+      columns: ["title", "recipient_id", "actor_name", "type", "is_read", "created_at"],
       sort: [{ field: "created_at", order: "desc" }],
       pagination: { pageSize: 100 }
     }
@@ -4976,6 +5043,14 @@ var SysApprovalRequest = data.ObjectSchema.create({
       description: "Record snapshot at submission time",
       group: "State"
     }),
+    process_hash: data.Field.text({
+      label: "Process Hash",
+      required: false,
+      maxLength: 80,
+      readonly: true,
+      description: "sha256 of the approval process body at submit time (ADR-0009 execution pinning). Resolved through sys_metadata_history so process upgrades do not affect in-flight requests.",
+      group: "State"
+    }),
     completed_at: data.Field.datetime({
       label: "Completed At",
       required: false,
@@ -6262,6 +6337,28 @@ var SETUP_APP = {
         { id: "nav_notifications", type: "object", label: "Notifications", objectName: "sys_notification", icon: "bell", requiresObject: "sys_notification" }
       ]
     },
+    {
+      id: "group_integrations",
+      type: "group",
+      label: "Integrations",
+      icon: "plug",
+      children: [
+        // Outbound HTTP integrations. `sys_webhook` always ships with
+        // platform-objects, so the Webhooks entry is always visible.
+        // `sys_webhook_delivery` is the durable outbox row from
+        // `@objectstack/plugin-webhooks/schema` — gated on `requiresObject`
+        // so the Deliveries entry only renders when the plugin has been
+        // wired into `defineStack({ objects: [SysWebhookDelivery, ...] })`.
+        //
+        // This is the canonical demonstration of "everything is an object":
+        // managing webhooks (configuration) and inspecting deliveries
+        // (operational telemetry) reuses the same generic ObjectView /
+        // ObjectListView UI as any business object — no bespoke webhook
+        // admin page.
+        { id: "nav_webhooks", type: "object", label: "Webhooks", objectName: "sys_webhook", icon: "webhook", requiresObject: "sys_webhook" },
+        { id: "nav_webhook_deliveries", type: "object", label: "Webhook Deliveries", objectName: "sys_webhook_delivery", icon: "send", requiresObject: "sys_webhook_delivery" }
+      ]
+    },
     {
       id: "group_advanced",
       type: "group",