@objectstack/platform-objects 7.0.0 → 7.1.0

package/dist/index.js

@@ -2397,7 +2397,7 @@ var SysOauthApplication = data.ObjectSchema.create({
       locations: ["list_toolbar"],
       type: "api",
       method: "POST",
-      target: "/api/v1/auth/oauth2/register",
+      target: "/api/v1/auth/sys-oauth-application/register",
       refreshAfter: true,
       params: [
         { name: "name", label: "Application Name", type: "text", required: true },
@@ -4206,6 +4206,16 @@ var defaultPermissionSets = [
         operation: "all",
         using: "user_id = current_user.id"
       },
+      // OAuth applications a user has registered themselves (self-service
+      // developer flow exposed in the Account app's Developer section).
+      // `sys_oauth_application` has no `organization_id` so the wildcard
+      // `tenant_isolation` policy would otherwise deny every row.
+      {
+        name: "sys_oauth_application_self",
+        object: "sys_oauth_application",
+        operation: "all",
+        using: "user_id = current_user.id"
+      },
       // Org-scoped visibility for organization-owned identity-adjacent
       // tables. Org admins may inspect their own org's invitations and
       // memberships (read; writes still flow through better-auth).
@@ -4358,6 +4368,16 @@ var defaultPermissionSets = [
         object: "sys_oauth_consent",
         operation: "all",
         using: "user_id = current_user.id"
+      },
+      // OAuth applications a user has registered themselves (Account →
+      // Developer → OAuth Applications). `sys_oauth_application` has no
+      // `organization_id`, so without this carve-out the wildcard
+      // `tenant_isolation` policy returns zero rows even for the owner.
+      {
+        name: "sys_oauth_application_self",
+        object: "sys_oauth_application",
+        operation: "all",
+        using: "user_id = current_user.id"
       }
     ]
   }),
@@ -7787,21 +7807,20 @@ var ACCOUNT_APP = {
   // manage their own 2FA / linked accounts / personal OAuth apps. RLS on
   // each object scopes rows to the caller.
   navigation: [
-    // Profile is the canonical landing — name, email, avatar, verification
-    // status. Uses `type: 'object' + recordId: '{current_user_id}'` so it
-    // resolves to the sys_user record page; the slotted SysUserDetailPage
-    // (kind: 'slotted', isDefault: true) tailors that page into a proper
-    // self-service profile (highlight chips, grouped detail sections, no
-    // Discussion thread) without losing the record-context features
-    // (related lists, header actions, RLS-aware edit).
+    // Profile is the canonical landing — a hand-written React settings card
+    // (Vercel/Linear style) registered in the Console SPA as
+    // `account:profile_card`. The renderer reads the current user via
+    // `useAuth()` and writes via `client.auth.updateUser`, so there is no
+    // sys_user record context here — this is intentional. The admin-facing
+    // sys_user record page (see `pages/sys-user.page.ts`) stays focused on
+    // record browsing (Identity/Audit fields, related lists, admin actions)
+    // and is reached through Setup, never from the Account App.
     {
       id: "nav_account_profile",
-      type: "object",
+      type: "component",
       label: "Profile",
-      objectName: "sys_user",
-      recordId: "{current_user_id}",
-      icon: "user-circle",
-      requiresObject: "sys_user"
+      componentRef: "account:profile_card",
+      icon: "user-circle"
     },
     // --- Inbox & work assigned to me -----------------------------------
     // Notifications, approvals waiting on me, and the orgs I belong to.
@@ -7905,16 +7924,14 @@ var ACCOUNT_APP = {
           requiresObject: "sys_oauth_application"
         }
       ]
-    },
-    {
-      id: "nav_account_preferences",
-      type: "object",
-      label: "Preferences",
-      objectName: "sys_user_preference",
-      viewName: "mine",
-      icon: "sliders-horizontal",
-      requiresObject: "sys_user_preference"
     }
+    // Note: `sys_user_preference` is intentionally NOT exposed in the
+    // Account App. It's an internal key-value store the UI uses for state
+    // like `ui.recent`, `ui.favorites`, theme, sidebar collapse — not
+    // a user-curatable settings surface. A future
+    // `account:preferences_card` React component should provide the
+    // curated theme / locale / timezone / notifications toggles when we
+    // need them; until then there is no nav entry.
   ]
 };
 var SystemOverviewDashboard = ui.Dashboard.create({
@@ -11133,8 +11150,7 @@ var en = {
         nav_account_linked: { label: "Linked Accounts" },
         nav_account_sessions: { label: "Active Sessions" },
         nav_account_api_keys: { label: "API Keys" },
-        nav_account_oauth_apps: { label: "OAuth Applications" },
-        nav_account_preferences: { label: "Preferences" }
+        nav_account_oauth_apps: { label: "OAuth Applications" }
       }
     },
     setup: {
@@ -14345,8 +14361,7 @@ var zhCN = {
         nav_account_linked: { label: "\u5DF2\u5173\u8054\u8D26\u6237" },
         nav_account_sessions: { label: "\u6D3B\u52A8\u4F1A\u8BDD" },
         nav_account_api_keys: { label: "API \u5BC6\u94A5" },
-        nav_account_oauth_apps: { label: "OAuth \u5E94\u7528" },
-        nav_account_preferences: { label: "\u504F\u597D\u8BBE\u7F6E" }
+        nav_account_oauth_apps: { label: "OAuth \u5E94\u7528" }
       }
     },
     setup: {
@@ -17518,8 +17533,7 @@ var jaJP = {
         nav_account_linked: { label: "\u9023\u643A\u30A2\u30AB\u30A6\u30F3\u30C8" },
         nav_account_sessions: { label: "\u30A2\u30AF\u30C6\u30A3\u30D6\u30BB\u30C3\u30B7\u30E7\u30F3" },
         nav_account_api_keys: { label: "API \u30AD\u30FC" },
-        nav_account_oauth_apps: { label: "OAuth \u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3" },
-        nav_account_preferences: { label: "\u74B0\u5883\u8A2D\u5B9A" }
+        nav_account_oauth_apps: { label: "OAuth \u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3" }
       }
     },
     setup: {
@@ -20691,8 +20705,7 @@ var esES = {
         nav_account_linked: { label: "Cuentas vinculadas" },
         nav_account_sessions: { label: "Sesiones activas" },
         nav_account_api_keys: { label: "Claves API" },
-        nav_account_oauth_apps: { label: "Aplicaciones OAuth" },
-        nav_account_preferences: { label: "Preferencias" }
+        nav_account_oauth_apps: { label: "Aplicaciones OAuth" }
       }
     },
     setup: {