@objectstack/platform-objects 7.1.0 → 7.2.1

package/dist/index.d.mts

@@ -2,7 +2,7 @@ export { SysAccount, SysApiKey, SysDepartment, SysDepartmentMember, SysDeviceCod
 export { SysPermissionSet, SysRecordShare, SysRole, SysRolePermissionSet, SysShareLink, SysSharingRule, SysUserPermissionSet, defaultPermissionSets } from './security/index.mjs';
 export { SysActivity, SysApprovalAction, SysApprovalProcess, SysApprovalRequest, SysAttachment, SysAuditLog, SysComment, SysEmail, SysEmailTemplate, SysJob, SysJobQueue, SysJobRun, SysNotification, SysPresence, SysReportSchedule, SysSavedReport } from './audit/index.mjs';
 export { SysWebhook } from './integration/index.mjs';
-export { SysMetadata, SysMetadataHistoryObject, SysMetadata as SysMetadataObject } from './metadata/index.mjs';
+export { SysMetadata, SysMetadataAuditObject, SysMetadataHistoryObject, SysMetadata as SysMetadataObject } from './metadata/index.mjs';
 export { SysSecret, SysSetting, SysSettingAudit } from './system/index.mjs';
 export { ACCOUNT_APP, SETUP_APP, STUDIO_APP, SetupAppTranslations, SystemOverviewDashboard, en, esES, jaJP, zhCN } from './apps/index.mjs';
 export { SysOrganizationDetailPage, SysUserDetailPage } from './pages/index.mjs';

package/dist/index.d.ts

@@ -2,7 +2,7 @@ export { SysAccount, SysApiKey, SysDepartment, SysDepartmentMember, SysDeviceCod
 export { SysPermissionSet, SysRecordShare, SysRole, SysRolePermissionSet, SysShareLink, SysSharingRule, SysUserPermissionSet, defaultPermissionSets } from './security/index.js';
 export { SysActivity, SysApprovalAction, SysApprovalProcess, SysApprovalRequest, SysAttachment, SysAuditLog, SysComment, SysEmail, SysEmailTemplate, SysJob, SysJobQueue, SysJobRun, SysNotification, SysPresence, SysReportSchedule, SysSavedReport } from './audit/index.js';
 export { SysWebhook } from './integration/index.js';
-export { SysMetadata, SysMetadataHistoryObject, SysMetadata as SysMetadataObject } from './metadata/index.js';
+export { SysMetadata, SysMetadataAuditObject, SysMetadataHistoryObject, SysMetadata as SysMetadataObject } from './metadata/index.js';
 export { SysSecret, SysSetting, SysSettingAudit } from './system/index.js';
 export { ACCOUNT_APP, SETUP_APP, STUDIO_APP, SetupAppTranslations, SystemOverviewDashboard, en, esES, jaJP, zhCN } from './apps/index.js';
 export { SysOrganizationDetailPage, SysUserDetailPage } from './pages/index.js';

package/dist/index.js

@@ -12,6 +12,12 @@ var SysUser = data.ObjectSchema.create({
   icon: "user",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — identity table is managed by better-auth; schema must not drift.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "User accounts for authentication",
   displayNameField: "name",
   titleFormat: "{name}",
@@ -424,6 +430,14 @@ var SysSession = data.ObjectSchema.create({
   icon: "key",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Active user sessions",
   displayNameField: "user_id",
   titleFormat: "Session \u2014 {user_id}",
@@ -579,6 +593,14 @@ var SysAccount = data.ObjectSchema.create({
   icon: "link",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "OAuth and authentication provider accounts",
   titleFormat: "{provider_id} - {account_id}",
   compactLayout: ["provider_id", "user_id", "account_id"],
@@ -603,7 +625,7 @@ var SysAccount = data.ObjectSchema.create({
       mode: "create",
       locations: ["list_toolbar"],
       type: "url",
-      target: "/api/v1/auth/sign-in/social?provider=${param.provider}&callbackURL=${ctx.origin}/apps/account/sys_account",
+      target: "/api/v1/auth/sign-in/social?provider=${param.provider}&callbackURL=${ctx.origin}/_console/apps/account/sys_account",
       params: [
         {
           name: "provider",
@@ -752,6 +774,14 @@ var SysVerification = data.ObjectSchema.create({
   icon: "shield-check",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Email and phone verification tokens",
   titleFormat: "Verification for {identifier}",
   compactLayout: ["identifier", "expires_at", "created_at"],
@@ -807,6 +837,14 @@ var SysOrganization = data.ObjectSchema.create({
   icon: "building-2",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Organizations for multi-tenant grouping",
   displayNameField: "name",
   titleFormat: "{name}",
@@ -1009,6 +1047,14 @@ var SysMember = data.ObjectSchema.create({
   icon: "user-check",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Organization membership records",
   titleFormat: "{user_id} in {organization_id}",
   compactLayout: ["user_id", "organization_id", "role"],
@@ -1158,6 +1204,14 @@ var SysInvitation = data.ObjectSchema.create({
   icon: "mail",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Organization invitations for user onboarding",
   titleFormat: "Invitation to {organization_id}",
   compactLayout: ["email", "organization_id", "status"],
@@ -1358,6 +1412,14 @@ var SysTeam = data.ObjectSchema.create({
   icon: "users",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Teams within organizations for fine-grained grouping",
   displayNameField: "name",
   titleFormat: "{name}",
@@ -1495,6 +1557,14 @@ var SysTeamMember = data.ObjectSchema.create({
   icon: "user-plus",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Team membership records linking users to teams",
   titleFormat: "{user_id} in {team_id}",
   compactLayout: ["user_id", "team_id", "created_at"],
@@ -1822,6 +1892,14 @@ var SysApiKey = data.ObjectSchema.create({
   icon: "key-round",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "API keys for programmatic access",
   displayNameField: "name",
   titleFormat: "{name}",
@@ -2004,6 +2082,14 @@ var SysTwoFactor = data.ObjectSchema.create({
   icon: "smartphone",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Two-factor authentication credentials",
   titleFormat: "Two-factor for {user_id}",
   compactLayout: ["user_id", "created_at"],
@@ -2150,6 +2236,14 @@ var SysDeviceCode = data.ObjectSchema.create({
   icon: "key-round",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "OAuth 2.0 Device Authorization Grant (RFC 8628) pending requests",
   titleFormat: "{user_code}",
   compactLayout: ["user_code", "status", "client_id", "expires_at"],
@@ -2329,6 +2423,14 @@ var SysOauthApplication = data.ObjectSchema.create({
   icon: "key-round",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Registered OAuth/OIDC client applications",
   displayNameField: "name",
   titleFormat: "{name}",
@@ -2723,6 +2825,14 @@ var SysOauthAccessToken = data.ObjectSchema.create({
   icon: "ticket",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Opaque OAuth access tokens issued to client applications",
   compactLayout: ["client_id", "user_id", "expires_at"],
   fields: {
@@ -2801,6 +2911,14 @@ var SysOauthRefreshToken = data.ObjectSchema.create({
   icon: "refresh-cw",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Opaque OAuth refresh tokens (linked to a session)",
   compactLayout: ["client_id", "user_id", "expires_at"],
   fields: {
@@ -2883,6 +3001,14 @@ var SysOauthConsent = data.ObjectSchema.create({
   icon: "shield-check",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "User consent records for OAuth client applications",
   compactLayout: ["client_id", "user_id", "scopes"],
   fields: {
@@ -2943,6 +3069,14 @@ var SysJwks = data.ObjectSchema.create({
   icon: "key",
   isSystem: true,
   managedBy: "better-auth",
+  // ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
+  // but may add overlay row-level config. Use `no-overlay` if you need to
+  // forbid sys_metadata overlays entirely.
+  protection: {
+    lock: "full",
+    reason: "Identity table managed by better-auth \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Asymmetric key pairs used to sign and verify issued JWTs",
   compactLayout: ["id", "created_at", "expires_at"],
   fields: {
@@ -2990,6 +3124,13 @@ var SysRole = data.ObjectSchema.create({
   icon: "shield",
   isSystem: true,
   managedBy: "config",
+  // ADR-0010 §3.7 — RBAC primitive; tenants may add custom rows
+  // (created via UI / API) but the schema itself is locked.
+  protection: {
+    lock: "no-overlay",
+    reason: "RBAC schema is platform-defined \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Role definitions for RBAC access control",
   displayNameField: "label",
   titleFormat: "{label}",
@@ -3193,6 +3334,13 @@ var SysPermissionSet = data.ObjectSchema.create({
   icon: "lock",
   isSystem: true,
   managedBy: "config",
+  // ADR-0010 §3.7 — RBAC primitive; tenants may add custom rows
+  // (created via UI / API) but the schema itself is locked.
+  protection: {
+    lock: "no-overlay",
+    reason: "RBAC schema is platform-defined \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   description: "Named permission groupings for fine-grained access control",
   displayNameField: "label",
   titleFormat: "{label}",
@@ -6924,6 +7072,135 @@ var SysMetadataHistoryObject = data.ObjectSchema.create({
     trash: false
   }
 });
+var SysMetadataAuditObject = data.ObjectSchema.create({
+  name: "sys_metadata_audit",
+  label: "Metadata Audit",
+  pluralLabel: "Metadata Audit",
+  icon: "shield-check",
+  isSystem: true,
+  managedBy: "append-only",
+  description: "Append-only audit trail of metadata write decisions (ADR-0010).",
+  fields: {
+    /** Primary Key (UUID) */
+    id: data.Field.text({
+      label: "ID",
+      required: true,
+      readonly: true
+    }),
+    /** When the decision was made (ISO-8601 UTC). */
+    occurred_at: data.Field.datetime({
+      label: "Occurred At",
+      required: true,
+      readonly: true
+    }),
+    /** Acting principal (user id, system id, or 'system'). */
+    actor: data.Field.text({
+      label: "Actor",
+      required: true,
+      readonly: true,
+      maxLength: 255,
+      description: 'Acting principal \u2014 user id, system id, or "system".'
+    }),
+    /** Code path that produced the decision (e.g. `protocol.saveMetaItem`). */
+    source: data.Field.text({
+      label: "Source",
+      required: false,
+      readonly: true,
+      maxLength: 128
+    }),
+    /** Metadata type (singular, e.g. `app`, `object`, `view`). */
+    type: data.Field.text({
+      label: "Metadata Type",
+      required: true,
+      readonly: true,
+      searchable: true,
+      maxLength: 100
+    }),
+    /** Item machine name. */
+    name: data.Field.text({
+      label: "Name",
+      required: true,
+      readonly: true,
+      searchable: true,
+      maxLength: 255
+    }),
+    /** Organization for multi-tenant filtering. NULL for env-wide writes. */
+    organization_id: data.Field.lookup("sys_organization", {
+      label: "Organization",
+      required: false,
+      readonly: true
+    }),
+    /** Operation kind. */
+    operation: data.Field.select(["save", "publish", "rollback", "delete", "reset"], {
+      label: "Operation",
+      required: true,
+      readonly: true
+    }),
+    /** Decision outcome — allowed, denied (refused), or forced (bypassed via override). */
+    outcome: data.Field.select(["allowed", "denied", "forced"], {
+      label: "Outcome",
+      required: true,
+      readonly: true
+    }),
+    /**
+     * Machine-readable code for the decision:
+     *  - on `allowed`: `'ok'`
+     *  - on `denied`: `'not_overridable'` | `'not_creatable'` |
+     *    `'item_locked'` | `'invalid_metadata'` | `'destructive_change'` |
+     *    `'metadata_conflict'`
+     *  - on `forced`: `'lock_override'` (Phase 3)
+     */
+    code: data.Field.text({
+      label: "Code",
+      required: true,
+      readonly: true,
+      maxLength: 64
+    }),
+    /**
+     * Lock state observed at the time of the decision (`none` if the
+     * item carried no `_lock`). Captured even on `allowed` rows so
+     * later compliance queries can see "what was the lock state when
+     * this write succeeded".
+     */
+    lock_state: data.Field.select(["none", "no-overlay", "no-delete", "full"], {
+      label: "Lock State",
+      required: false,
+      readonly: true
+    }),
+    /** True when the write succeeded by bypassing a lock (Phase 3). */
+    lock_overridden: data.Field.boolean({
+      label: "Lock Overridden",
+      required: false,
+      readonly: true
+    }),
+    /** Optional request correlation id for tracing. */
+    request_id: data.Field.text({
+      label: "Request ID",
+      required: false,
+      readonly: true,
+      maxLength: 128
+    }),
+    /** Optional free-form context (e.g. brief diff summary). */
+    note: data.Field.textarea({
+      label: "Note",
+      required: false,
+      readonly: true
+    })
+  },
+  indexes: [
+    { fields: ["organization_id", "occurred_at"] },
+    { fields: ["type", "name", "occurred_at"] },
+    { fields: ["actor", "occurred_at"] },
+    { fields: ["outcome"] }
+  ],
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list"],
+    trash: false
+  }
+});
 var SysSetting = data.ObjectSchema.create({
   name: "sys_setting",
   label: "Setting",
@@ -7317,6 +7594,13 @@ var SETUP_APP = {
   icon: "settings",
   active: true,
   isDefault: false,
+  // ADR-0010 §3.7 — author-facing protection block. Loader translates
+  // this into the `_lock` envelope at registration time.
+  protection: {
+    lock: "full",
+    reason: "Core admin UI shipped by @objectstack/platform-objects \u2014 see ADR-0010.",
+    docsUrl: "https://docs.objectstack.ai/adr/0010-metadata-protection"
+  },
   branding: {
     primaryColor: "#475569"
     // Slate-600 — neutral admin palette
@@ -7548,6 +7832,31 @@ var STUDIO_APP = {
     // Indigo-500 — distinct from Setup's slate
   },
   requiredPermissions: ["studio.access"],
+  contextSelectors: [
+    {
+      // Package scope — pinned to the sidebar header. Selecting a package
+      // injects `{active_package}` into every `metadata:resource` nav
+      // item below, so the whole workbench filters to that package in
+      // one click. Options come from the installed-packages REST surface,
+      // narrowed to project-scoped packages: this dropdown exists so
+      // third-party developers can scope to *their* custom package, so we
+      // deliberately hide the platform's own system/cloud kernel packages
+      // (auth, security, audit, queue, …) which are not user-authored.
+      id: "active_package",
+      label: "Package",
+      icon: "package",
+      optionsSource: {
+        endpoint: "/api/v1/packages",
+        valueKey: "manifest.id",
+        labelKey: "manifest.name",
+        filter: [{ key: "manifest.scope", op: "nin", value: ["system", "cloud"] }]
+      },
+      includeAll: true,
+      allValue: "",
+      persist: "query",
+      placement: "sidebar_header"
+    }
+  ],
   navigation: [
     {
       id: "group_overview",
@@ -7578,7 +7887,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Objects",
           componentRef: "metadata:resource",
-          params: { type: "object" },
+          params: { type: "object", package: "{active_package}" },
           icon: "box"
         },
         {
@@ -7586,7 +7895,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Validations",
           componentRef: "metadata:resource",
-          params: { type: "validation" },
+          params: { type: "validation", package: "{active_package}" },
           icon: "check-square"
         }
       ]
@@ -7603,7 +7912,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Apps",
           componentRef: "metadata:resource",
-          params: { type: "app" },
+          params: { type: "app", package: "{active_package}" },
           icon: "app-window"
         },
         {
@@ -7611,7 +7920,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Views",
           componentRef: "metadata:resource",
-          params: { type: "view" },
+          params: { type: "view", package: "{active_package}" },
           icon: "table"
         },
         {
@@ -7619,7 +7928,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Pages",
           componentRef: "metadata:resource",
-          params: { type: "page" },
+          params: { type: "page", package: "{active_package}" },
           icon: "file-text"
         },
         {
@@ -7627,7 +7936,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Dashboards",
           componentRef: "metadata:resource",
-          params: { type: "dashboard" },
+          params: { type: "dashboard", package: "{active_package}" },
           icon: "layout-dashboard"
         },
         {
@@ -7635,7 +7944,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Reports",
           componentRef: "metadata:resource",
-          params: { type: "report" },
+          params: { type: "report", package: "{active_package}" },
           icon: "bar-chart-3"
         }
       ]
@@ -7652,7 +7961,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Actions",
           componentRef: "metadata:resource",
-          params: { type: "action" },
+          params: { type: "action", package: "{active_package}" },
           icon: "mouse-pointer-click"
         },
         {
@@ -7660,7 +7969,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Hooks",
           componentRef: "metadata:resource",
-          params: { type: "hook" },
+          params: { type: "hook", package: "{active_package}" },
           icon: "webhook"
         }
       ]
@@ -7677,7 +7986,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Flows",
           componentRef: "metadata:resource",
-          params: { type: "flow" },
+          params: { type: "flow", package: "{active_package}" },
           icon: "git-branch"
         },
         {
@@ -7685,7 +7994,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Workflow Rules",
           componentRef: "metadata:resource",
-          params: { type: "workflow" },
+          params: { type: "workflow", package: "{active_package}" },
           icon: "zap"
         },
         {
@@ -7693,7 +8002,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Approval Processes",
           componentRef: "metadata:resource",
-          params: { type: "approval" },
+          params: { type: "approval", package: "{active_package}" },
           icon: "check-circle"
         }
       ]
@@ -7712,7 +8021,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Agents",
           componentRef: "metadata:resource",
-          params: { type: "agent" },
+          params: { type: "agent", package: "{active_package}" },
           icon: "bot"
         },
         {
@@ -7720,7 +8029,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Tools",
           componentRef: "metadata:resource",
-          params: { type: "tool" },
+          params: { type: "tool", package: "{active_package}" },
           icon: "wrench"
         },
         {
@@ -7728,7 +8037,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Skills",
           componentRef: "metadata:resource",
-          params: { type: "skill" },
+          params: { type: "skill", package: "{active_package}" },
           icon: "brain"
         }
       ]
@@ -7781,7 +8090,7 @@ var STUDIO_APP = {
           type: "component",
           label: "Email Templates",
           componentRef: "metadata:resource",
-          params: { type: "email_template" },
+          params: { type: "email_template", package: "{active_package}" },
           icon: "mail"
         }
       ]
@@ -26029,6 +26338,7 @@ exports.SysJobRun = SysJobRun;
 exports.SysJwks = SysJwks;
 exports.SysMember = SysMember;
 exports.SysMetadata = SysMetadataObject;
+exports.SysMetadataAuditObject = SysMetadataAuditObject;
 exports.SysMetadataHistoryObject = SysMetadataHistoryObject;
 exports.SysMetadataObject = SysMetadataObject;
 exports.SysNotification = SysNotification;