@objectstack/platform-objects 6.5.1 → 6.7.0

package/dist/index.js

@@ -425,6 +425,30 @@ var SysAccount = data.ObjectSchema.create({
   description: "OAuth and authentication provider accounts",
   titleFormat: "{provider_id} - {account_id}",
   compactLayout: ["provider_id", "user_id", "account_id"],
+  // Custom actions — sysadmins routinely need to revoke a user's OAuth
+  // link (e.g. when an SSO provider is decommissioned or the user
+  // requests it). Better-auth exposes `/unlink-account { providerId,
+  // accountId }` for this. The form is locked to the row's values so
+  // it acts as a one-click confirmation rather than a free-form edit.
+  actions: [
+    {
+      name: "unlink_account",
+      label: "Unlink Account",
+      icon: "unlink",
+      variant: "danger",
+      mode: "delete",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      target: "/api/v1/auth/unlink-account",
+      confirmText: "Unlink this identity link? The user will no longer be able to sign in with this provider until they re-link it from their account settings.",
+      successMessage: "Identity link removed",
+      refreshAfter: true,
+      params: [
+        { name: "providerId", field: "provider_id", defaultFromRow: true, required: true },
+        { name: "accountId", field: "account_id", defaultFromRow: true, required: true }
+      ]
+    }
+  ],
   listViews: {
     mine: {
       type: "grid",
@@ -1979,6 +2003,96 @@ var SysOauthApplication = data.ObjectSchema.create({
   displayNameField: "name",
   titleFormat: "{name}",
   compactLayout: ["name", "client_id", "type", "disabled"],
+  // Custom actions — all OAuth-application mutations are routed through
+  // better-auth's `@better-auth/oauth-provider` endpoints (and a thin
+  // ObjectStack-added auth route for the enable/disable toggle) rather
+  // than the generic data layer, so server-side validation, secret
+  // hashing, and audit hooks all run. The generic `delete` API method
+  // is intentionally dropped from `apiMethods` below so the only delete
+  // path is the better-auth wrapper.
+  //
+  // Upstream gap (better-auth 1.6.11): the stock `/admin/oauth2/update-client`
+  // endpoint's Zod body schema does NOT accept the `disabled` flag, even
+  // though the column exists and the runtime honours it. We bridge the
+  // gap with `POST /api/v1/auth/admin/oauth2/toggle-disabled`, registered
+  // by plugin-auth, which writes through better-auth's own adapter under
+  // the auth namespace (no generic data-layer bypass). When upstream
+  // ships `disabled` support, retarget the enable/disable actions and
+  // delete the bridge route.
+  actions: [
+    {
+      name: "disable_oauth_application",
+      label: "Disable OAuth Application",
+      icon: "pause-circle",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/auth/admin/oauth2/toggle-disabled",
+      confirmText: "Disable this OAuth application? Active access/refresh tokens issued to it will continue to be rejected at the token, authorize, and introspect endpoints. Existing integrations will stop working immediately.",
+      successMessage: "OAuth application disabled",
+      refreshAfter: true,
+      visible: "!record.disabled",
+      bodyExtra: { disabled: true },
+      params: [
+        { name: "client_id", field: "client_id", defaultFromRow: true, required: true }
+      ]
+    },
+    {
+      name: "enable_oauth_application",
+      label: "Enable OAuth Application",
+      icon: "play-circle",
+      variant: "primary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/auth/admin/oauth2/toggle-disabled",
+      confirmText: "Re-enable this OAuth application? Token issuance, authorization, and introspection will resume immediately.",
+      successMessage: "OAuth application enabled",
+      refreshAfter: true,
+      visible: "record.disabled",
+      bodyExtra: { disabled: false },
+      params: [
+        { name: "client_id", field: "client_id", defaultFromRow: true, required: true }
+      ]
+    },
+    {
+      name: "rotate_client_secret",
+      label: "Rotate Client Secret",
+      icon: "refresh-cw",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/auth/oauth2/client/rotate-secret",
+      confirmText: "Rotate this OAuth client's secret? The previous secret will stop working immediately and any integrations using it will break until they are updated with the new secret. The new secret is shown only once.",
+      successMessage: "Client secret rotated \u2014 copy the new value from the response now.",
+      refreshAfter: true,
+      params: [
+        { name: "client_id", field: "client_id", defaultFromRow: true, required: true }
+      ]
+    },
+    {
+      name: "delete_oauth_application",
+      label: "Delete OAuth Application",
+      icon: "trash-2",
+      variant: "danger",
+      mode: "delete",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/auth/oauth2/delete-client",
+      confirmText: "Permanently delete this OAuth application? All issued tokens and consents will be invalidated and integrations using this client_id will stop working immediately. This cannot be undone.",
+      successMessage: "OAuth application deleted",
+      refreshAfter: true,
+      params: [
+        { name: "client_id", field: "client_id", defaultFromRow: true, required: true }
+      ]
+    }
+  ],
   listViews: {
     active: {
       type: "grid",
@@ -2210,7 +2324,12 @@ var SysOauthApplication = data.ObjectSchema.create({
     trackHistory: true,
     searchable: true,
     apiEnabled: true,
-    apiMethods: ["get", "list", "delete"],
+    // All mutations (create/update/delete) must go through better-auth's
+    // oauth-provider endpoints under /api/v1/auth/{admin/,}oauth2/* — the
+    // generic data layer is read-only for this object so sysadmins cannot
+    // bypass server-side OAuth validation. The Delete row action above is
+    // wired to /api/v1/auth/oauth2/delete-client.
+    apiMethods: ["get", "list"],
     trash: false,
     mru: false
   }
@@ -2493,6 +2612,83 @@ var SysRole = data.ObjectSchema.create({
   displayNameField: "label",
   titleFormat: "{label}",
   compactLayout: ["label", "name", "active", "is_default"],
+  // Custom actions — system roles drive RBAC and are edited rarely but
+  // require the four high-frequency sysadmin affordances every IdP
+  // (Salesforce, ServiceNow, Okta) ships: activate/deactivate (lifecycle
+  // without losing assignments), mark default (auto-assign to new users),
+  // and clone (template for new roles). All operations hit the generic
+  // data CRUD endpoint exposed by `apiEnabled` — no custom server route
+  // required because `managedBy: 'config'` allows direct mutation.
+  actions: [
+    {
+      name: "activate_role",
+      label: "Activate Role",
+      icon: "circle-check",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_role/{id}",
+      bodyExtra: { active: true },
+      successMessage: "Role activated",
+      refreshAfter: true
+    },
+    {
+      name: "deactivate_role",
+      label: "Deactivate Role",
+      icon: "circle-off",
+      variant: "danger",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_role/{id}",
+      bodyExtra: { active: false },
+      confirmText: "Deactivate this role? Users with the role keep their assignment but the role stops granting permissions until re-activated.",
+      successMessage: "Role deactivated",
+      refreshAfter: true
+    },
+    {
+      name: "set_default_role",
+      label: "Set as Default",
+      icon: "star",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_role/{id}",
+      bodyExtra: { is_default: true },
+      confirmText: "Make this the default role for new users? Existing users are unaffected.",
+      successMessage: "Default role updated",
+      refreshAfter: true
+    },
+    {
+      // Clone — POST a new sys_role row pre-filled from the source. The
+      // dialog asks only for the new API name / label so the operator
+      // can rename atomically; permissions JSON is copied wholesale via
+      // defaultFromRow.
+      name: "clone_role",
+      label: "Clone Role",
+      icon: "copy",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/data/sys_role",
+      bodyExtra: { is_default: false, active: true },
+      successMessage: "Role cloned",
+      refreshAfter: true,
+      params: [
+        { name: "label", label: "New Display Name", type: "text", required: true },
+        { name: "name", label: "New API Name", type: "text", required: true, helpText: "Unique snake_case machine name" },
+        { field: "description", defaultFromRow: true },
+        { field: "permissions", defaultFromRow: true }
+      ]
+    }
+  ],
   listViews: {
     active: {
       type: "grid",
@@ -2619,6 +2815,64 @@ var SysPermissionSet = data.ObjectSchema.create({
   displayNameField: "label",
   titleFormat: "{label}",
   compactLayout: ["label", "name", "active"],
+  // Custom actions — permission sets are templates assigned to roles or
+  // users (via sys_role_permission_set / sys_user_permission_set). The
+  // sysadmin operations that don't live on the parent-detail tabs are
+  // lifecycle (activate/deactivate without losing assignments) and
+  // clone (build a new permset by tweaking an existing one). Both hit
+  // the generic data CRUD endpoint — managedBy: 'config' permits it.
+  actions: [
+    {
+      name: "activate_permission_set",
+      label: "Activate",
+      icon: "circle-check",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_permission_set/{id}",
+      bodyExtra: { active: true },
+      successMessage: "Permission set activated",
+      refreshAfter: true
+    },
+    {
+      name: "deactivate_permission_set",
+      label: "Deactivate",
+      icon: "circle-off",
+      variant: "danger",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_permission_set/{id}",
+      bodyExtra: { active: false },
+      confirmText: "Deactivate this permission set? Existing assignments stay in place but stop granting access until re-activated.",
+      successMessage: "Permission set deactivated",
+      refreshAfter: true
+    },
+    {
+      name: "clone_permission_set",
+      label: "Clone",
+      icon: "copy",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/data/sys_permission_set",
+      bodyExtra: { active: true },
+      successMessage: "Permission set cloned",
+      refreshAfter: true,
+      params: [
+        { name: "label", label: "New Display Name", type: "text", required: true },
+        { name: "name", label: "New API Name", type: "text", required: true, helpText: "Unique snake_case machine name" },
+        { field: "description", defaultFromRow: true },
+        { field: "object_permissions", defaultFromRow: true },
+        { field: "field_permissions", defaultFromRow: true }
+      ]
+    }
+  ],
   listViews: {
     active: {
       type: "grid",
@@ -6254,8 +6508,7 @@ var SETUP_APP = {
       label: "Overview",
       icon: "layout-dashboard",
       children: [
-        { id: "nav_system_overview", type: "dashboard", label: "System Overview", dashboardName: "system_overview", icon: "activity" },
-        { id: "nav_security_overview", type: "dashboard", label: "Security Overview", dashboardName: "security_overview", icon: "shield" }
+        { id: "nav_system_overview", type: "dashboard", label: "System Overview", dashboardName: "system_overview", icon: "activity" }
       ]
     },
     {
@@ -6317,9 +6570,17 @@ var SETUP_APP = {
         // is used (not `object`) because settings are stored in a generic
         // K/V table (`sys_setting`) rather than per-namespace objects, and
         // the renderer is a dedicated <SettingsView> page in objectui.
+        //
+        // Order mirrors `builtinSettingsManifests` so left-nav order matches
+        // the All-Settings index. AI groups chat + embedder under one entry
+        // because operators reason about them together; Knowledge is its
+        // own entry because the adapter selection is independent.
         { id: "nav_settings_hub", type: "url", label: "All Settings", url: "/apps/setup/system/settings", icon: "settings-2" },
-        { id: "nav_settings_mail", type: "url", label: "Email", url: "/apps/setup/system/settings/mail", icon: "mail" },
         { id: "nav_settings_branding", type: "url", label: "Branding", url: "/apps/setup/system/settings/branding", icon: "palette" },
+        { id: "nav_settings_mail", type: "url", label: "Email", url: "/apps/setup/system/settings/mail", icon: "mail" },
+        { id: "nav_settings_storage", type: "url", label: "File Storage", url: "/apps/setup/system/settings/storage", icon: "hard-drive" },
+        { id: "nav_settings_ai", type: "url", label: "AI & Embedder", url: "/apps/setup/system/settings/ai", icon: "sparkles" },
+        { id: "nav_settings_knowledge", type: "url", label: "Knowledge", url: "/apps/setup/system/settings/knowledge", icon: "book-open" },
         { id: "nav_settings_feature_flags", type: "url", label: "Feature Flags", url: "/apps/setup/system/settings/feature_flags", icon: "flag" }
       ]
     },
@@ -6398,63 +6659,42 @@ var SETUP_APP = {
 var SystemOverviewDashboard = ui.Dashboard.create({
   name: "system_overview",
   label: "System Overview",
-  description: "Platform health, sessions, and audit activity",
-  // 12-column grid matches the widget `w` values below (3, 6, 12). Without
-  // this, the renderer falls back to a 4-column grid and `w: 3` becomes 75%
-  // width per metric — so KPI cards stack vertically instead of forming a
-  // 4-up row.
+  description: "Platform health, security activity, and recent audit events",
+  // 12-column grid matches the widget `w` values below.
   columns: 12,
   gap: 4,
   widgets: [
-    // ── Active Sessions Widget ──────────────────────────────────────
-    {
-      id: "widget_active_sessions",
-      title: "Active Sessions",
-      type: "metric",
-      object: "sys_session",
-      layout: {
-        x: 0,
-        y: 0,
-        w: 3,
-        h: 2
-      },
-      aggregate: "count",
-      colorVariant: "blue",
-      description: "Number of currently active user sessions"
-    },
-    // ── Total Users Widget ──────────────────────────────────────────
+    // ── Row 1: Platform KPIs ────────────────────────────────────────
     {
       id: "widget_total_users",
       title: "Total Users",
       type: "metric",
       object: "sys_user",
-      layout: {
-        x: 3,
-        y: 0,
-        w: 3,
-        h: 2
-      },
+      layout: { x: 0, y: 0, w: 3, h: 2 },
       aggregate: "count",
       colorVariant: "teal",
       description: "Total registered users in the system"
     },
-    // ── Organizations Widget ────────────────────────────────────────
     {
       id: "widget_organizations",
       title: "Organizations",
       type: "metric",
       object: "sys_organization",
-      layout: {
-        x: 6,
-        y: 0,
-        w: 3,
-        h: 2
-      },
+      layout: { x: 3, y: 0, w: 3, h: 2 },
       aggregate: "count",
       colorVariant: "orange",
       description: "Total organizations on the platform"
     },
-    // ── Packages Installed Widget ───────────────────────────────────
+    {
+      id: "widget_active_sessions",
+      title: "Active Sessions",
+      type: "metric",
+      object: "sys_session",
+      layout: { x: 6, y: 0, w: 3, h: 2 },
+      aggregate: "count",
+      colorVariant: "blue",
+      description: "Number of currently active user sessions"
+    },
     {
       id: "widget_packages_installed",
       title: "Packages Installed",
@@ -6463,97 +6703,13 @@ var SystemOverviewDashboard = ui.Dashboard.create({
       // Cloud-only object — only registered when service-tenant is loaded.
       // Hide this widget gracefully in single-environment runtimes.
       requiresObject: "sys_package_installation",
-      layout: {
-        x: 9,
-        y: 0,
-        w: 3,
-        h: 2
-      },
+      layout: { x: 9, y: 0, w: 3, h: 2 },
       filter: { status: "installed" },
       aggregate: "count",
       colorVariant: "success",
       description: "Active package installations across projects"
     },
-    // ── Audit Actions by Type ───────────────────────────────────────
-    // Note: relative date filters like `NOW() - INTERVAL 7 DAY` are not
-    // currently substituted by the analytics layer (see
-    // service-analytics/strategies/filter-normalizer.ts). The dashboard's
-    // `globalFilters` date-range bar at the bottom is the supported way
-    // to scope this widget.
-    {
-      id: "widget_audit_actions",
-      title: "Audit Actions",
-      description: "Distribution of audit events by action type",
-      type: "pie",
-      object: "sys_audit_log",
-      layout: {
-        x: 0,
-        y: 2,
-        w: 6,
-        h: 4
-      },
-      categoryField: "action",
-      aggregate: "count"
-    },
-    // ── Session Status Overview ─────────────────────────────────────
-    {
-      id: "widget_active_orgs",
-      title: "Sessions by Organization",
-      description: "Active sessions grouped by organization",
-      type: "bar",
-      object: "sys_session",
-      layout: {
-        x: 6,
-        y: 2,
-        w: 6,
-        h: 4
-      },
-      categoryField: "active_organization_id",
-      aggregate: "count"
-    },
-    // ── Recent Audit Log (Table) ────────────────────────────────────
-    // `type: 'table'` renders the underlying rows directly, so this
-    // panel actually shows the latest events instead of just repeating
-    // the total-count metric. `valueField`/`aggregate` are intentionally
-    // omitted — table widgets pull raw records.
-    {
-      id: "widget_recent_events",
-      title: "Recent Audit Events",
-      description: "Latest platform events",
-      type: "table",
-      object: "sys_audit_log",
-      layout: {
-        x: 0,
-        y: 6,
-        w: 12,
-        h: 4
-      },
-      options: {
-        columns: ["created_at", "user_id", "action", "object_name", "record_id"],
-        sort: [{ field: "created_at", order: "desc" }],
-        pageSize: 20
-      }
-    }
-  ],
-  globalFilters: [
-    {
-      field: "created_at",
-      type: "date",
-      label: "Date Range",
-      scope: "dashboard",
-      defaultValue: "last_7_days"
-    }
-  ]
-});
-var SecurityOverviewDashboard = ui.Dashboard.create({
-  name: "security_overview",
-  label: "Security Overview",
-  description: "Security events, authentication, and audit trails",
-  // 12-column grid matches the widget `w` values below.
-  columns: 12,
-  gap: 4,
-  widgets: [
-    // ── Login Events Widget ─────────────────────────────────────────
+    // ── Row 2: Security KPIs ────────────────────────────────────────
     // The `sys_audit_log.action` enum doesn't distinguish failed vs
     // successful logins (both fold into `action='login'`). Surfacing a
     // total Login Events count is honest; a "Failed Logins" widget will
@@ -6563,116 +6719,72 @@ var SecurityOverviewDashboard = ui.Dashboard.create({
       title: "Login Events",
       type: "metric",
       object: "sys_audit_log",
-      layout: {
-        x: 0,
-        y: 0,
-        w: 3,
-        h: 2
-      },
+      layout: { x: 0, y: 2, w: 4, h: 2 },
       filter: { action: "login" },
       aggregate: "count",
       colorVariant: "blue",
       description: "Authentication events recorded by the audit log"
     },
-    // ── Permission Changes Widget ───────────────────────────────────
     {
       id: "widget_permission_changes",
       title: "Permission Changes",
       type: "metric",
       object: "sys_audit_log",
-      layout: {
-        x: 3,
-        y: 0,
-        w: 3,
-        h: 2
-      },
+      layout: { x: 4, y: 2, w: 4, h: 2 },
       filter: { action: "permission_change" },
       aggregate: "count",
       colorVariant: "warning",
       description: "Recent permission and role modifications"
     },
-    // ── System Config Changes Widget ────────────────────────────────
     {
       id: "widget_config_changes",
       title: "Config Changes",
       type: "metric",
       object: "sys_audit_log",
-      layout: {
-        x: 6,
-        y: 0,
-        w: 3,
-        h: 2
-      },
+      layout: { x: 8, y: 2, w: 4, h: 2 },
       filter: { action: "config_change" },
       aggregate: "count",
       colorVariant: "blue",
       description: "System configuration modifications"
     },
-    // ── Active Sessions Widget ──────────────────────────────────────
-    {
-      id: "widget_active_sessions",
-      title: "Active Sessions",
-      type: "metric",
-      object: "sys_session",
-      layout: {
-        x: 9,
-        y: 0,
-        w: 3,
-        h: 2
-      },
-      aggregate: "count",
-      colorVariant: "success",
-      description: "Currently active user sessions"
-    },
-    // ── Audit Events by Type ────────────────────────────────────────
+    // ── Row 3: Distribution charts ──────────────────────────────────
+    // Note: relative date filters like `NOW() - INTERVAL 7 DAY` are not
+    // currently substituted by the analytics layer (see
+    // service-analytics/strategies/filter-normalizer.ts). The dashboard's
+    // `globalFilters` date-range bar at the bottom is the supported way
+    // to scope these widgets.
     {
       id: "widget_events_by_type",
-      title: "Audit Events by Type",
-      description: "Distribution of security and audit events",
+      title: "Audit Events by Action",
+      description: "Distribution of audit events by action type",
       type: "pie",
       object: "sys_audit_log",
-      layout: {
-        x: 0,
-        y: 2,
-        w: 6,
-        h: 4
-      },
+      layout: { x: 0, y: 4, w: 6, h: 4 },
       categoryField: "action",
       aggregate: "count"
     },
-    // ── Audit Events by User ────────────────────────────────────────
     {
       id: "widget_events_by_user",
       title: "Events by User",
       description: "Activity distribution across users",
       type: "bar",
       object: "sys_audit_log",
-      layout: {
-        x: 6,
-        y: 2,
-        w: 6,
-        h: 4
-      },
+      layout: { x: 6, y: 4, w: 6, h: 4 },
       categoryField: "user_id",
       aggregate: "count"
     },
-    // ── Recent Security Events (Table) ──────────────────────────────
-    // Real table widget — pulls the latest permission/config rows.
+    // ── Row 4: Recent audit events table ────────────────────────────
+    // `type: 'table'` renders the underlying rows directly, so this
+    // panel actually shows the latest events instead of just repeating
+    // the total-count metric. `valueField`/`aggregate` are intentionally
+    // omitted — table widgets pull raw records.
     {
-      id: "widget_recent_security_events",
-      title: "Recent Security Events",
-      description: "Latest permission and config changes",
+      id: "widget_recent_events",
+      title: "Recent Audit Events",
+      description: "Latest platform events (login, permission, config, \u2026)",
       type: "table",
       object: "sys_audit_log",
-      layout: {
-        x: 0,
-        y: 6,
-        w: 12,
-        h: 4
-      },
-      filter: {
-        action: { $in: ["login", "logout", "permission_change", "config_change"] }
-      },
+      layout: { x: 0, y: 8, w: 12, h: 4 },
       options: {
         columns: ["created_at", "user_id", "action", "object_name", "record_id"],
         sort: [{ field: "created_at", order: "desc" }],
@@ -9616,7 +9728,6 @@ var en = {
         group_advanced: { label: "Advanced" },
         // Overview
         nav_system_overview: { label: "System Overview" },
-        nav_security_overview: { label: "Security Overview" },
         // People & Organization
         nav_users: { label: "Users" },
         nav_departments: { label: "Departments" },
@@ -9657,12 +9768,8 @@ var en = {
   dashboards: {
     system_overview: {
       label: "System Overview",
-      description: "Platform health, sessions, and audit activity",
+      description: "Platform health, security activity, and recent audit events",
       widgets: {
-        widget_active_sessions: {
-          title: "Active Sessions",
-          description: "Number of currently active user sessions"
-        },
         widget_total_users: {
           title: "Total Users",
           description: "Total registered users in the system"
@@ -9671,28 +9778,14 @@ var en = {
           title: "Organizations",
           description: "Total organizations on the platform"
         },
+        widget_active_sessions: {
+          title: "Active Sessions",
+          description: "Number of currently active user sessions"
+        },
         widget_packages_installed: {
           title: "Packages Installed",
           description: "Active package installations across projects"
         },
-        widget_audit_actions: {
-          title: "Audit Actions",
-          description: "Distribution of audit events by action type"
-        },
-        widget_active_orgs: {
-          title: "Sessions by Organization",
-          description: "Active sessions grouped by organization"
-        },
-        widget_recent_events: {
-          title: "Recent Audit Events",
-          description: "Latest platform events"
-        }
-      }
-    },
-    security_overview: {
-      label: "Security Overview",
-      description: "Security events, authentication, and audit trails",
-      widgets: {
         widget_login_events: {
           title: "Login Events",
           description: "Authentication events recorded by the audit log"
@@ -9705,21 +9798,17 @@ var en = {
           title: "Config Changes",
           description: "System configuration modifications"
         },
-        widget_active_sessions: {
-          title: "Active Sessions",
-          description: "Currently active user sessions"
-        },
         widget_events_by_type: {
-          title: "Audit Events by Type",
-          description: "Distribution of security and audit events"
+          title: "Audit Events by Action",
+          description: "Distribution of audit events by action type"
         },
         widget_events_by_user: {
           title: "Events by User",
           description: "Activity distribution across users"
         },
-        widget_recent_security_events: {
-          title: "Recent Security Events",
-          description: "Latest permission and config changes"
+        widget_recent_events: {
+          title: "Recent Audit Events",
+          description: "Latest platform events (login, permission, config, \u2026)"
         }
       }
     }
@@ -12653,7 +12742,6 @@ var zhCN = {
         group_diagnostics: { label: "\u8BCA\u65AD" },
         group_advanced: { label: "\u9AD8\u7EA7" },
         nav_system_overview: { label: "\u7CFB\u7EDF\u6982\u89C8" },
-        nav_security_overview: { label: "\u5B89\u5168\u6982\u89C8" },
         nav_users: { label: "\u7528\u6237" },
         nav_departments: { label: "\u90E8\u95E8" },
         nav_teams: { label: "\u56E2\u961F" },
@@ -12688,28 +12776,18 @@ var zhCN = {
   dashboards: {
     system_overview: {
       label: "\u7CFB\u7EDF\u6982\u89C8",
-      description: "\u5E73\u53F0\u8FD0\u884C\u72B6\u51B5\u3001\u4F1A\u8BDD\u4E0E\u5BA1\u8BA1\u6D3B\u52A8",
+      description: "\u5E73\u53F0\u8FD0\u884C\u72B6\u51B5\u3001\u5B89\u5168\u6D3B\u52A8\u4E0E\u6700\u8FD1\u5BA1\u8BA1\u4E8B\u4EF6",
       widgets: {
-        widget_active_sessions: { title: "\u6D3B\u8DC3\u4F1A\u8BDD", description: "\u5F53\u524D\u6D3B\u8DC3\u7528\u6237\u4F1A\u8BDD\u6570\u91CF" },
         widget_total_users: { title: "\u7528\u6237\u603B\u6570", description: "\u7CFB\u7EDF\u4E2D\u5DF2\u6CE8\u518C\u7684\u7528\u6237\u603B\u6570" },
         widget_organizations: { title: "\u7EC4\u7EC7\u6570", description: "\u5E73\u53F0\u4E0A\u7684\u7EC4\u7EC7\u603B\u6570" },
+        widget_active_sessions: { title: "\u6D3B\u8DC3\u4F1A\u8BDD", description: "\u5F53\u524D\u6D3B\u8DC3\u7528\u6237\u4F1A\u8BDD\u6570\u91CF" },
         widget_packages_installed: { title: "\u5DF2\u5B89\u88C5\u5305", description: "\u9879\u76EE\u4E2D\u5DF2\u6FC0\u6D3B\u7684\u5B89\u88C5\u5305\u6570" },
-        widget_audit_actions: { title: "\u5BA1\u8BA1\u64CD\u4F5C", description: "\u6309\u64CD\u4F5C\u7C7B\u578B\u5206\u5E03\u7684\u5BA1\u8BA1\u4E8B\u4EF6" },
-        widget_active_orgs: { title: "\u6309\u7EC4\u7EC7\u5212\u5206\u4F1A\u8BDD", description: "\u6309\u7EC4\u7EC7\u5206\u7EC4\u7684\u6D3B\u8DC3\u4F1A\u8BDD" },
-        widget_recent_events: { title: "\u6700\u8FD1\u5BA1\u8BA1\u4E8B\u4EF6", description: "\u6700\u65B0\u7684\u5E73\u53F0\u4E8B\u4EF6" }
-      }
-    },
-    security_overview: {
-      label: "\u5B89\u5168\u6982\u89C8",
-      description: "\u5B89\u5168\u4E8B\u4EF6\u3001\u8EAB\u4EFD\u8BA4\u8BC1\u4E0E\u5BA1\u8BA1\u8FFD\u8E2A",
-      widgets: {
         widget_login_events: { title: "\u767B\u5F55\u4E8B\u4EF6", description: "\u5BA1\u8BA1\u65E5\u5FD7\u4E2D\u8BB0\u5F55\u7684\u8BA4\u8BC1\u4E8B\u4EF6" },
         widget_permission_changes: { title: "\u6743\u9650\u53D8\u66F4", description: "\u6700\u8FD1\u7684\u6743\u9650\u548C\u89D2\u8272\u4FEE\u6539" },
         widget_config_changes: { title: "\u914D\u7F6E\u53D8\u66F4", description: "\u7CFB\u7EDF\u914D\u7F6E\u4FEE\u6539" },
-        widget_active_sessions: { title: "\u6D3B\u8DC3\u4F1A\u8BDD", description: "\u5F53\u524D\u6D3B\u8DC3\u7528\u6237\u4F1A\u8BDD" },
-        widget_events_by_type: { title: "\u6309\u7C7B\u578B\u5206\u5E03\u7684\u5BA1\u8BA1\u4E8B\u4EF6", description: "\u5B89\u5168\u4E0E\u5BA1\u8BA1\u4E8B\u4EF6\u5206\u5E03" },
+        widget_events_by_type: { title: "\u6309\u64CD\u4F5C\u5206\u5E03\u7684\u5BA1\u8BA1\u4E8B\u4EF6", description: "\u5BA1\u8BA1\u4E8B\u4EF6\u6309\u64CD\u4F5C\u7C7B\u578B\u5206\u5E03" },
         widget_events_by_user: { title: "\u6309\u7528\u6237\u5206\u5E03\u7684\u4E8B\u4EF6", description: "\u7528\u6237\u6D3B\u52A8\u5206\u5E03" },
-        widget_recent_security_events: { title: "\u6700\u8FD1\u5B89\u5168\u4E8B\u4EF6", description: "\u6700\u65B0\u7684\u6743\u9650\u4E0E\u914D\u7F6E\u53D8\u66F4" }
+        widget_recent_events: { title: "\u6700\u8FD1\u5BA1\u8BA1\u4E8B\u4EF6", description: "\u6700\u65B0\u7684\u5E73\u53F0\u4E8B\u4EF6\uFF08\u767B\u5F55\u3001\u6743\u9650\u3001\u914D\u7F6E\u7B49\uFF09" }
       }
     }
   }
@@ -15638,7 +15716,6 @@ var jaJP = {
         group_diagnostics: { label: "\u8A3A\u65AD" },
         group_advanced: { label: "\u8A73\u7D30" },
         nav_system_overview: { label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981" },
-        nav_security_overview: { label: "\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u6982\u8981" },
         nav_users: { label: "\u30E6\u30FC\u30B6\u30FC" },
         nav_departments: { label: "\u90E8\u7F72" },
         nav_teams: { label: "\u30C1\u30FC\u30E0" },
@@ -15673,28 +15750,18 @@ var jaJP = {
   dashboards: {
     system_overview: {
       label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981",
-      description: "\u30D7\u30E9\u30C3\u30C8\u30D5\u30A9\u30FC\u30E0\u306E\u5065\u5168\u6027\u3001\u30BB\u30C3\u30B7\u30E7\u30F3\u3001\u76E3\u67FB\u30A2\u30AF\u30C6\u30A3\u30D3\u30C6\u30A3",
+      description: "\u30D7\u30E9\u30C3\u30C8\u30D5\u30A9\u30FC\u30E0\u306E\u5065\u5168\u6027\u3001\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u6D3B\u52D5\u3001\u6700\u8FD1\u306E\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8",
       widgets: {
-        widget_active_sessions: { title: "\u30A2\u30AF\u30C6\u30A3\u30D6\u30BB\u30C3\u30B7\u30E7\u30F3", description: "\u73FE\u5728\u30A2\u30AF\u30C6\u30A3\u30D6\u306A\u30E6\u30FC\u30B6\u30FC\u30BB\u30C3\u30B7\u30E7\u30F3\u6570" },
         widget_total_users: { title: "\u30E6\u30FC\u30B6\u30FC\u7DCF\u6570", description: "\u30B7\u30B9\u30C6\u30E0\u306B\u767B\u9332\u3055\u308C\u305F\u30E6\u30FC\u30B6\u30FC\u306E\u7DCF\u6570" },
         widget_organizations: { title: "\u7D44\u7E54", description: "\u30D7\u30E9\u30C3\u30C8\u30D5\u30A9\u30FC\u30E0\u4E0A\u306E\u7D44\u7E54\u7DCF\u6570" },
+        widget_active_sessions: { title: "\u30A2\u30AF\u30C6\u30A3\u30D6\u30BB\u30C3\u30B7\u30E7\u30F3", description: "\u73FE\u5728\u30A2\u30AF\u30C6\u30A3\u30D6\u306A\u30E6\u30FC\u30B6\u30FC\u30BB\u30C3\u30B7\u30E7\u30F3\u6570" },
         widget_packages_installed: { title: "\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u6E08\u307F\u30D1\u30C3\u30B1\u30FC\u30B8", description: "\u30D7\u30ED\u30B8\u30A7\u30AF\u30C8\u3067\u30A2\u30AF\u30C6\u30A3\u30D6\u306A\u30D1\u30C3\u30B1\u30FC\u30B8\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u6570" },
-        widget_audit_actions: { title: "\u76E3\u67FB\u30A2\u30AF\u30B7\u30E7\u30F3", description: "\u30A2\u30AF\u30B7\u30E7\u30F3\u30BF\u30A4\u30D7\u5225\u306E\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8\u5206\u5E03" },
-        widget_active_orgs: { title: "\u7D44\u7E54\u5225\u30BB\u30C3\u30B7\u30E7\u30F3", description: "\u7D44\u7E54\u5225\u306B\u30B0\u30EB\u30FC\u30D7\u5316\u3055\u308C\u305F\u30A2\u30AF\u30C6\u30A3\u30D6\u30BB\u30C3\u30B7\u30E7\u30F3" },
-        widget_recent_events: { title: "\u6700\u8FD1\u306E\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8", description: "\u6700\u65B0\u306E\u30D7\u30E9\u30C3\u30C8\u30D5\u30A9\u30FC\u30E0\u30A4\u30D9\u30F3\u30C8" }
-      }
-    },
-    security_overview: {
-      label: "\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u6982\u8981",
-      description: "\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30A4\u30D9\u30F3\u30C8\u3001\u8A8D\u8A3C\u3001\u76E3\u67FB\u8A3C\u8DE1",
-      widgets: {
         widget_login_events: { title: "\u30ED\u30B0\u30A4\u30F3\u30A4\u30D9\u30F3\u30C8", description: "\u76E3\u67FB\u30ED\u30B0\u306B\u8A18\u9332\u3055\u308C\u305F\u8A8D\u8A3C\u30A4\u30D9\u30F3\u30C8" },
         widget_permission_changes: { title: "\u6A29\u9650\u5909\u66F4", description: "\u6700\u8FD1\u306E\u6A29\u9650\u3068\u30ED\u30FC\u30EB\u306E\u5909\u66F4" },
         widget_config_changes: { title: "\u69CB\u6210\u5909\u66F4", description: "\u30B7\u30B9\u30C6\u30E0\u69CB\u6210\u306E\u5909\u66F4" },
-        widget_active_sessions: { title: "\u30A2\u30AF\u30C6\u30A3\u30D6\u30BB\u30C3\u30B7\u30E7\u30F3", description: "\u73FE\u5728\u30A2\u30AF\u30C6\u30A3\u30D6\u306A\u30E6\u30FC\u30B6\u30FC\u30BB\u30C3\u30B7\u30E7\u30F3" },
-        widget_events_by_type: { title: "\u30BF\u30A4\u30D7\u5225\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8", description: "\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u3068\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8\u306E\u5206\u5E03" },
+        widget_events_by_type: { title: "\u30A2\u30AF\u30B7\u30E7\u30F3\u5225\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8", description: "\u30A2\u30AF\u30B7\u30E7\u30F3\u30BF\u30A4\u30D7\u5225\u306E\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8\u5206\u5E03" },
         widget_events_by_user: { title: "\u30E6\u30FC\u30B6\u30FC\u5225\u30A4\u30D9\u30F3\u30C8", description: "\u30E6\u30FC\u30B6\u30FC\u5225\u30A2\u30AF\u30C6\u30A3\u30D3\u30C6\u30A3\u5206\u5E03" },
-        widget_recent_security_events: { title: "\u6700\u8FD1\u306E\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3\u30A4\u30D9\u30F3\u30C8", description: "\u6700\u65B0\u306E\u6A29\u9650\u3068\u69CB\u6210\u306E\u5909\u66F4" }
+        widget_recent_events: { title: "\u6700\u8FD1\u306E\u76E3\u67FB\u30A4\u30D9\u30F3\u30C8", description: "\u6700\u65B0\u306E\u30D7\u30E9\u30C3\u30C8\u30D5\u30A9\u30FC\u30E0\u30A4\u30D9\u30F3\u30C8\uFF08\u30ED\u30B0\u30A4\u30F3\u3001\u6A29\u9650\u3001\u69CB\u6210\u306A\u3069\uFF09" }
       }
     }
   }
@@ -18623,7 +18690,6 @@ var esES = {
         group_diagnostics: { label: "Diagn\xF3stico" },
         group_advanced: { label: "Avanzado" },
         nav_system_overview: { label: "Resumen del Sistema" },
-        nav_security_overview: { label: "Resumen de Seguridad" },
         nav_users: { label: "Usuarios" },
         nav_departments: { label: "Departamentos" },
         nav_teams: { label: "Equipos" },
@@ -18658,28 +18724,18 @@ var esES = {
   dashboards: {
     system_overview: {
       label: "Resumen del Sistema",
-      description: "Estado de la plataforma, sesiones y actividad de auditor\xEDa",
+      description: "Estado de la plataforma, actividad de seguridad y eventos de auditor\xEDa recientes",
       widgets: {
-        widget_active_sessions: { title: "Sesiones Activas", description: "N\xFAmero de sesiones de usuario activas en este momento" },
         widget_total_users: { title: "Usuarios Totales", description: "Total de usuarios registrados en el sistema" },
         widget_organizations: { title: "Organizaciones", description: "Total de organizaciones en la plataforma" },
+        widget_active_sessions: { title: "Sesiones Activas", description: "N\xFAmero de sesiones de usuario activas en este momento" },
         widget_packages_installed: { title: "Paquetes Instalados", description: "Instalaciones de paquetes activas en los proyectos" },
-        widget_audit_actions: { title: "Acciones de Auditor\xEDa", description: "Distribuci\xF3n de eventos de auditor\xEDa por tipo de acci\xF3n" },
-        widget_active_orgs: { title: "Sesiones por Organizaci\xF3n", description: "Sesiones activas agrupadas por organizaci\xF3n" },
-        widget_recent_events: { title: "Eventos de Auditor\xEDa Recientes", description: "\xDAltimos eventos de la plataforma" }
-      }
-    },
-    security_overview: {
-      label: "Resumen de Seguridad",
-      description: "Eventos de seguridad, autenticaci\xF3n y registros de auditor\xEDa",
-      widgets: {
         widget_login_events: { title: "Eventos de Inicio de Sesi\xF3n", description: "Eventos de autenticaci\xF3n registrados por el log de auditor\xEDa" },
         widget_permission_changes: { title: "Cambios de Permisos", description: "Modificaciones recientes de permisos y roles" },
         widget_config_changes: { title: "Cambios de Configuraci\xF3n", description: "Modificaciones de configuraci\xF3n del sistema" },
-        widget_active_sessions: { title: "Sesiones Activas", description: "Sesiones de usuario actualmente activas" },
-        widget_events_by_type: { title: "Eventos de Auditor\xEDa por Tipo", description: "Distribuci\xF3n de eventos de seguridad y auditor\xEDa" },
+        widget_events_by_type: { title: "Eventos de Auditor\xEDa por Acci\xF3n", description: "Distribuci\xF3n de eventos de auditor\xEDa por tipo de acci\xF3n" },
         widget_events_by_user: { title: "Eventos por Usuario", description: "Distribuci\xF3n de actividad entre usuarios" },
-        widget_recent_security_events: { title: "Eventos de Seguridad Recientes", description: "\xDAltimos cambios de permisos y configuraci\xF3n" }
+        widget_recent_events: { title: "Eventos de Auditor\xEDa Recientes", description: "\xDAltimos eventos de la plataforma (inicio de sesi\xF3n, permisos, configuraci\xF3n, \u2026)" }
       }
     }
   }
@@ -18694,7 +18750,6 @@ var SetupAppTranslations = {
 };
 
 exports.SETUP_APP = SETUP_APP;
-exports.SecurityOverviewDashboard = SecurityOverviewDashboard;
 exports.SetupAppTranslations = SetupAppTranslations;
 exports.SysAccount = SysAccount;
 exports.SysActivity = SysActivity;