@objectstack/platform-objects 7.1.0 → 7.2.0

package/dist/index.mjs

@@ -10,6 +10,9 @@ var SysUser = ObjectSchema.create({
   icon: "user",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 — identity table is managed by better-auth, schema must not drift.
+  _lock: "full",
+  _lockReason: "Identity table managed by better-auth \u2014 see ADR-0010.",
   description: "User accounts for authentication",
   displayNameField: "name",
   titleFormat: "{name}",
@@ -601,7 +604,7 @@ var SysAccount = ObjectSchema.create({
       mode: "create",
       locations: ["list_toolbar"],
       type: "url",
-      target: "/api/v1/auth/sign-in/social?provider=${param.provider}&callbackURL=${ctx.origin}/apps/account/sys_account",
+      target: "/api/v1/auth/sign-in/social?provider=${param.provider}&callbackURL=${ctx.origin}/_console/apps/account/sys_account",
       params: [
         {
           name: "provider",
@@ -6922,6 +6925,135 @@ var SysMetadataHistoryObject = ObjectSchema.create({
     trash: false
   }
 });
+var SysMetadataAuditObject = ObjectSchema.create({
+  name: "sys_metadata_audit",
+  label: "Metadata Audit",
+  pluralLabel: "Metadata Audit",
+  icon: "shield-check",
+  isSystem: true,
+  managedBy: "append-only",
+  description: "Append-only audit trail of metadata write decisions (ADR-0010).",
+  fields: {
+    /** Primary Key (UUID) */
+    id: Field.text({
+      label: "ID",
+      required: true,
+      readonly: true
+    }),
+    /** When the decision was made (ISO-8601 UTC). */
+    occurred_at: Field.datetime({
+      label: "Occurred At",
+      required: true,
+      readonly: true
+    }),
+    /** Acting principal (user id, system id, or 'system'). */
+    actor: Field.text({
+      label: "Actor",
+      required: true,
+      readonly: true,
+      maxLength: 255,
+      description: 'Acting principal \u2014 user id, system id, or "system".'
+    }),
+    /** Code path that produced the decision (e.g. `protocol.saveMetaItem`). */
+    source: Field.text({
+      label: "Source",
+      required: false,
+      readonly: true,
+      maxLength: 128
+    }),
+    /** Metadata type (singular, e.g. `app`, `object`, `view`). */
+    type: Field.text({
+      label: "Metadata Type",
+      required: true,
+      readonly: true,
+      searchable: true,
+      maxLength: 100
+    }),
+    /** Item machine name. */
+    name: Field.text({
+      label: "Name",
+      required: true,
+      readonly: true,
+      searchable: true,
+      maxLength: 255
+    }),
+    /** Organization for multi-tenant filtering. NULL for env-wide writes. */
+    organization_id: Field.lookup("sys_organization", {
+      label: "Organization",
+      required: false,
+      readonly: true
+    }),
+    /** Operation kind. */
+    operation: Field.select(["save", "publish", "rollback", "delete", "reset"], {
+      label: "Operation",
+      required: true,
+      readonly: true
+    }),
+    /** Decision outcome — allowed, denied (refused), or forced (bypassed via override). */
+    outcome: Field.select(["allowed", "denied", "forced"], {
+      label: "Outcome",
+      required: true,
+      readonly: true
+    }),
+    /**
+     * Machine-readable code for the decision:
+     *  - on `allowed`: `'ok'`
+     *  - on `denied`: `'not_overridable'` | `'not_creatable'` |
+     *    `'item_locked'` | `'invalid_metadata'` | `'destructive_change'` |
+     *    `'metadata_conflict'`
+     *  - on `forced`: `'lock_override'` (Phase 3)
+     */
+    code: Field.text({
+      label: "Code",
+      required: true,
+      readonly: true,
+      maxLength: 64
+    }),
+    /**
+     * Lock state observed at the time of the decision (`none` if the
+     * item carried no `_lock`). Captured even on `allowed` rows so
+     * later compliance queries can see "what was the lock state when
+     * this write succeeded".
+     */
+    lock_state: Field.select(["none", "no-overlay", "no-delete", "full"], {
+      label: "Lock State",
+      required: false,
+      readonly: true
+    }),
+    /** True when the write succeeded by bypassing a lock (Phase 3). */
+    lock_overridden: Field.boolean({
+      label: "Lock Overridden",
+      required: false,
+      readonly: true
+    }),
+    /** Optional request correlation id for tracing. */
+    request_id: Field.text({
+      label: "Request ID",
+      required: false,
+      readonly: true,
+      maxLength: 128
+    }),
+    /** Optional free-form context (e.g. brief diff summary). */
+    note: Field.textarea({
+      label: "Note",
+      required: false,
+      readonly: true
+    })
+  },
+  indexes: [
+    { fields: ["organization_id", "occurred_at"] },
+    { fields: ["type", "name", "occurred_at"] },
+    { fields: ["actor", "occurred_at"] },
+    { fields: ["outcome"] }
+  ],
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list"],
+    trash: false
+  }
+});
 var SysSetting = ObjectSchema.create({
   name: "sys_setting",
   label: "Setting",
@@ -7315,6 +7447,9 @@ var SETUP_APP = {
   icon: "settings",
   active: true,
   isDefault: false,
+  // ADR-0010 — core admin UI must not be overlay-edited or deleted.
+  _lock: "full",
+  _lockReason: "Core admin UI shipped by @objectstack/platform-objects \u2014 see ADR-0010.",
   branding: {
     primaryColor: "#475569"
     // Slate-600 — neutral admin palette
@@ -26000,6 +26135,6 @@ function createPlatformObjectsPlugin() {
   return new PlatformObjectsPlugin();
 }
 
-export { ACCOUNT_APP, MetadataFormsTranslations, PlatformObjectsPlugin, SETUP_APP, STUDIO_APP, SetupAppTranslations, SysAccount, SysActivity, SysApiKey, SysApprovalAction, SysApprovalProcess, SysApprovalRequest, SysAttachment, SysAuditLog, SysComment, SysDepartment, SysDepartmentMember, SysDeviceCode, SysEmail, SysEmailTemplate, SysInvitation, SysJob, SysJobQueue, SysJobRun, SysJwks, SysMember, SysMetadataObject as SysMetadata, SysMetadataHistoryObject, SysMetadataObject, SysNotification, SysOauthAccessToken, SysOauthApplication, SysOauthConsent, SysOauthRefreshToken, SysOrganization, SysOrganizationDetailPage, SysPermissionSet, SysPresence, SysRecordShare, SysReportSchedule, SysRole, SysRolePermissionSet, SysSavedReport, SysSecret, SysSession, SysSetting, SysSettingAudit, SysShareLink, SysSharingRule, SysTeam, SysTeamMember, SysTwoFactor, SysUser, SysUserDetailPage, SysUserPermissionSet, SysUserPreference, SysVerification, SysWebhook, SystemOverviewDashboard, createPlatformObjectsPlugin, defaultPermissionSets, en, esES, jaJP, zhCN };
+export { ACCOUNT_APP, MetadataFormsTranslations, PlatformObjectsPlugin, SETUP_APP, STUDIO_APP, SetupAppTranslations, SysAccount, SysActivity, SysApiKey, SysApprovalAction, SysApprovalProcess, SysApprovalRequest, SysAttachment, SysAuditLog, SysComment, SysDepartment, SysDepartmentMember, SysDeviceCode, SysEmail, SysEmailTemplate, SysInvitation, SysJob, SysJobQueue, SysJobRun, SysJwks, SysMember, SysMetadataObject as SysMetadata, SysMetadataAuditObject, SysMetadataHistoryObject, SysMetadataObject, SysNotification, SysOauthAccessToken, SysOauthApplication, SysOauthConsent, SysOauthRefreshToken, SysOrganization, SysOrganizationDetailPage, SysPermissionSet, SysPresence, SysRecordShare, SysReportSchedule, SysRole, SysRolePermissionSet, SysSavedReport, SysSecret, SysSession, SysSetting, SysSettingAudit, SysShareLink, SysSharingRule, SysTeam, SysTeamMember, SysTwoFactor, SysUser, SysUserDetailPage, SysUserPermissionSet, SysUserPreference, SysVerification, SysWebhook, SystemOverviewDashboard, createPlatformObjectsPlugin, defaultPermissionSets, en, esES, jaJP, zhCN };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map