@objectstack/platform-objects 7.6.0 → 7.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.d.mts +1 -1
- package/dist/apps/index.d.ts +1 -1
- package/dist/audit/index.d.mts +18 -18
- package/dist/audit/index.d.ts +18 -18
- package/dist/identity/index.d.mts +40 -40
- package/dist/identity/index.d.ts +40 -40
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +25 -597
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +6 -593
- package/dist/index.mjs.map +1 -1
- package/dist/metadata/index.d.mts +1 -15012
- package/dist/metadata/index.d.ts +1 -15012
- package/dist/metadata/index.js +19 -588
- package/dist/metadata/index.js.map +1 -1
- package/dist/metadata/index.mjs +1 -589
- package/dist/metadata/index.mjs.map +1 -1
- package/dist/security/index.d.mts +1 -2
- package/dist/security/index.d.ts +1 -2
- package/dist/system/index.d.mts +13 -17
- package/dist/system/index.d.ts +13 -17
- package/dist/system/index.js +4 -8
- package/dist/system/index.js.map +1 -1
- package/dist/system/index.mjs +4 -8
- package/dist/system/index.mjs.map +1 -1
- package/package.json +3 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/metadata/sys-metadata.object.ts","../../src/metadata/sys-metadata-history.object.ts","../../src/metadata/sys-metadata-audit.object.ts","../../src/metadata/sys-view-definition.object.ts"],"names":["ObjectSchema","Field"],"mappings":";;;AAgBO,IAAM,iBAAA,GAAoB,aAAa,MAAA,CAAO;AAAA,EACnD,IAAA,EAAM,cAAA;AAAA,EACN,KAAA,EAAO,iBAAA;AAAA,EACP,WAAA,EAAa,iBAAA;AAAA,EACb,IAAA,EAAM,UAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,+EAAA;AAAA,EAEb,MAAA,EAAQ;AAAA;AAAA,IAEN,EAAA,EAAI,MAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,IAAA,EAAM,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,IAAA,EAAM,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,eAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,SAAA,EAAW,MAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,YAAA,EAAc,SAAA;AAAA,MACd,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,UAAA,EAAY,MAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMD,kBAAA,EAAoB,KAAA,CAAM,MAAA,CAAO,qBAAA,EAAuB;AAAA,MACtD,KAAA,EAAO,iBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EACE;AAAA,KACH,CAAA;AAAA;AAAA,IAGD,YAAY,KAAA,CAAM,MAAA,CAAO,CAAC,SAAA,EAAW,UAAA,EAAY,MAAM,CAAA,EAAG;AAAA,MACxD,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,OAAO,KAAA,CAAM,MAAA,CAAO,CAAC,QAAA,EAAU,UAAA,EAAY,MAAM,CAAA,EAAG;AAAA,MAClD,KAAA,EAAO,OAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,QAAA,EAAU,MAAM,QAAA,CAAS;AAAA,MACvB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,OAAA,EAAS,MAAM,IAAA,CAAK;AAAA,MAClB,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,UAAU,KAAA,CAAM,MAAA,CAAO,CAAC,OAAA,EAAS,SAAS,CAAA,EAAG;AAAA,MAC3C,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,KAAA,EAAO,MAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,OAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,KAAA,EAAO,MAAM,MAAA,CAAO,CAAC,SAAS,QAAA,EAAU,UAAA,EAAY,YAAY,CAAA,EAAG;AAAA,MACjE,KAAA,EAAO,OAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,eAAA,EAAiB,KAAA,CAAM,MAAA,CAAO,kBAAA,EAAoB;AAAA,MAChD,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQD,cAAA,EAAgB,KAAA,CAAM,MAAA,CAAO,iBAAA,EAAmB;AAAA,MAC9C,KAAA,EAAO,0BAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,OAAA,EAAS,MAAM,MAAA,CAAO;AAAA,MACpB,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,QAAA,EAAU,MAAM,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQ,MAAM,MAAA,CAAO,CAAC,cAAc,UAAA,EAAY,KAAA,EAAO,WAAW,CAAA,EAAG;AAAA,MACnE,KAAA,EAAO,QAAA;AAAA,MACP,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,IAAA,EAAM,MAAM,QAAA,CAAS;AAAA,MACnB,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACnC,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAY,MAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAY,KAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACnC,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAY,MAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU;AAAA,KACX;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOP;AAAA,MACE,IAAA,EAAM,iCAAA;AAAA,MACN,MAAA,EAAQ,CAAC,MAAA,EAAQ,MAAA,EAAQ,iBAAiB,CAAA;AAAA,MAC1C,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS;AAAA,KACX;AAAA,IACA,EAAE,IAAA,EAAM,2BAAA,EAA6B,QAAQ,CAAC,iBAAA,EAAmB,MAAM,CAAA,EAAE;AAAA,IACzE,EAAE,MAAA,EAAQ,CAAC,MAAA,EAAQ,OAAO,CAAA,EAAE;AAAA,IAC5B,EAAE,MAAA,EAAQ,CAAC,oBAAoB,CAAA,EAAE;AAAA,IACjC,EAAE,MAAA,EAAQ,CAAC,OAAO,CAAA,EAAE;AAAA,IACpB,EAAE,MAAA,EAAQ,CAAC,WAAW,CAAA;AAAE,GAC1B;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,YAAY,CAAC,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,UAAU,QAAQ,CAAA;AAAA,IACxD,KAAA,EAAO;AAAA,GACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,SAAA,EAAW;AAAA,IACT,YAAA,EAAc;AAAA,MACZ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,SAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,cAAA,EAAe;AAAA,MACnD,SAAS,CAAC,MAAA,EAAQ,aAAa,OAAA,EAAS,YAAA,EAAc,SAAS,YAAY,CAAA;AAAA,MAC3E,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,QAAQ,QAAA,EAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,CAAA;AAAA,MAC/D,MAAM,CAAC,EAAE,OAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,CAAA;AAAA,MACtC,UAAA,EAAY,EAAE,QAAA,EAAU,EAAA;AAAG,KAC7B;AAAA,IACA,WAAA,EAAa;AAAA,MACX,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,aAAA;AAAA,MACN,KAAA,EAAO,QAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,cAAA,EAAe;AAAA,MACnD,SAAS,CAAC,MAAA,EAAQ,aAAa,OAAA,EAAS,YAAA,EAAc,SAAS,YAAY,CAAA;AAAA,MAC3E,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,QAAQ,QAAA,EAAU,QAAA,EAAU,KAAA,EAAO,OAAA,EAAS,CAAA;AAAA,MAC9D,MAAM,CAAC,EAAE,OAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,CAAA;AAAA,MACtC,UAAA,EAAY,EAAE,QAAA,EAAU,EAAA;AAAG,KAC7B;AAAA,IACA,YAAA,EAAc;AAAA,MACZ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,KAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,cAAA,EAAe;AAAA,MACnD,SAAS,CAAC,MAAA,EAAQ,QAAQ,WAAA,EAAa,OAAA,EAAS,SAAS,YAAY,CAAA;AAAA,MACrE,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,MAC7C,UAAA,EAAY,EAAE,QAAA,EAAU,EAAA;AAAG;AAC7B;AAEJ,CAAC;AChOM,IAAM,wBAAA,GAA2BA,aAAa,MAAA,CAAO;AAAA,EAC1D,IAAA,EAAM,sBAAA;AAAA,EACN,KAAA,EAAO,kBAAA;AAAA,EACP,WAAA,EAAa,kBAAA;AAAA,EACb,IAAA,EAAM,SAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,sEAAA;AAAA,EAEb,MAAA,EAAQ;AAAA;AAAA,IAEN,EAAA,EAAIC,MAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,SAAA,EAAWA,MAAM,MAAA,CAAO;AAAA,MACtB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,eAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,OAAA,EAASA,MAAM,MAAA,CAAO;AAAA,MACpB,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,cAAA,EAAgBA,MAAM,MAAA,CAAO,CAAC,UAAU,QAAA,EAAU,SAAA,EAAW,QAAA,EAAU,QAAQ,CAAA,EAAG;AAAA,MAChF,KAAA,EAAO,gBAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMD,QAAA,EAAUA,MAAM,QAAA,CAAS;AAAA,MACvB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,QAAA,EAAUA,MAAM,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,iBAAA,EAAmBA,MAAM,IAAA,CAAK;AAAA,MAC5B,KAAA,EAAO,mBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,WAAA,EAAaA,MAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOD,MAAA,EAAQA,MAAM,IAAA,CAAK;AAAA,MACjB,KAAA,EAAO,QAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,eAAA,EAAiBA,KAAAA,CAAM,MAAA,CAAO,kBAAA,EAAoB;AAAA,MAChD,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,WAAA,EAAaA,KAAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACpC,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,WAAA,EAAaA,MAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA,IACP,EAAE,MAAA,EAAQ,CAAC,mBAAmB,WAAW,CAAA,EAAG,QAAQ,IAAA,EAAK;AAAA,IACzD,EAAE,QAAQ,CAAC,iBAAA,EAAmB,QAAQ,MAAA,EAAQ,SAAS,CAAA,EAAG,MAAA,EAAQ,IAAA,EAAK;AAAA,IACvE,EAAE,MAAA,EAAQ,CAAC,mBAAmB,MAAA,EAAQ,MAAA,EAAQ,aAAa,CAAA,EAAE;AAAA;AAAA;AAAA,IAG7D,EAAE,MAAA,EAAQ,CAAC,mBAAmB,MAAA,EAAQ,MAAA,EAAQ,UAAU,CAAA,EAAE;AAAA,IAC1D,EAAE,MAAA,EAAQ,CAAC,MAAA,EAAQ,MAAM,CAAA,EAAE;AAAA,IAC3B,EAAE,MAAA,EAAQ,CAAC,aAAa,CAAA,EAAE;AAAA,IAC1B,EAAE,MAAA,EAAQ,CAAC,gBAAgB,CAAA;AAAE,GAC/B;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,KAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,CAAC,KAAA,EAAO,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO;AAAA;AAEX,CAAC;AC5JM,IAAM,sBAAA,GAAyBD,aAAa,MAAA,CAAO;AAAA,EACxD,IAAA,EAAM,oBAAA;AAAA,EACN,KAAA,EAAO,gBAAA;AAAA,EACP,WAAA,EAAa,gBAAA;AAAA,EACb,IAAA,EAAM,cAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,aAAA;AAAA,EACX,WAAA,EAAa,iEAAA;AAAA,EAEb,MAAA,EAAQ;AAAA;AAAA,IAEN,EAAA,EAAIC,MAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,WAAA,EAAaA,MAAM,QAAA,CAAS;AAAA,MAC1B,KAAA,EAAO,aAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,KAAA,EAAOA,MAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,OAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQA,MAAM,IAAA,CAAK;AAAA,MACjB,KAAA,EAAO,QAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,eAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,eAAA,EAAiBA,KAAAA,CAAM,MAAA,CAAO,kBAAA,EAAoB;AAAA,MAChD,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,SAAA,EAAWA,MAAM,MAAA,CAAO,CAAC,QAAQ,SAAA,EAAW,UAAA,EAAY,QAAA,EAAU,OAAO,CAAA,EAAG;AAAA,MAC1E,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,SAASA,KAAAA,CAAM,MAAA,CAAO,CAAC,SAAA,EAAW,QAAA,EAAU,QAAQ,CAAA,EAAG;AAAA,MACrD,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUD,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQD,UAAA,EAAYA,MAAM,MAAA,CAAO,CAAC,QAAQ,YAAA,EAAc,WAAA,EAAa,MAAM,CAAA,EAAG;AAAA,MACpE,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,eAAA,EAAiBA,MAAM,OAAA,CAAQ;AAAA,MAC7B,KAAA,EAAO,iBAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA;AAAA,IAGD,UAAA,EAAYA,MAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,IAAA,EAAMA,MAAM,QAAA,CAAS;AAAA,MACnB,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA,IACP,EAAE,MAAA,EAAQ,CAAC,iBAAA,EAAmB,aAAa,CAAA,EAAE;AAAA,IAC7C,EAAE,MAAA,EAAQ,CAAC,MAAA,EAAQ,MAAA,EAAQ,aAAa,CAAA,EAAE;AAAA,IAC1C,EAAE,MAAA,EAAQ,CAAC,OAAA,EAAS,aAAa,CAAA,EAAE;AAAA,IACnC,EAAE,MAAA,EAAQ,CAAC,SAAS,CAAA;AAAE,GACxB;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,KAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,CAAC,KAAA,EAAO,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO;AAAA;AAEX,CAAC;ACrJM,IAAM,uBAAA,GAA0BD,aAAa,MAAA,CAAO;AAAA,EACzD,IAAA,EAAM,qBAAA;AAAA,EACN,KAAA,EAAO,iBAAA;AAAA,EACP,WAAA,EAAa,kBAAA;AAAA,EACb,IAAA,EAAM,aAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,WAAA,EACE,oGAAA;AAAA,EAEF,MAAA,EAAQ;AAAA;AAAA,IAEN,EAAA,EAAIC,KAAAA,CAAM,IAAA,CAAK,EAAE,KAAA,EAAO,MAAM,QAAA,EAAU,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAO9D,IAAA,EAAMA,MAAM,IAAA,CAAK;AAAA,MACf,KAAA,EAAO,MAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,MAAA,EAAQA,MAAM,IAAA,CAAK;AAAA,MACjB,KAAA,EAAO,QAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,UAAA,EAAY,IAAA;AAAA,MACZ,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA;AAAA,IAGD,WAAWA,KAAAA,CAAM,MAAA,CAAO,CAAC,MAAA,EAAQ,MAAM,CAAA,EAAG;AAAA,MACxC,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,KAAA,EAAOA,KAAAA,CAAM,IAAA,CAAK,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,KAAA,EAAO,SAAA,EAAW,GAAA,EAAK,CAAA;AAAA;AAAA,IAGrE,UAAA,EAAYA,KAAAA,CAAM,OAAA,CAAQ,EAAE,KAAA,EAAO,cAAc,QAAA,EAAU,KAAA,EAAO,YAAA,EAAc,KAAA,EAAO,CAAA;AAAA;AAAA,IAGvF,UAAA,EAAYA,KAAAA,CAAM,MAAA,CAAO,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,KAAA,EAAO,YAAA,EAAc,CAAA,EAAG,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAM7E,OAAOA,KAAAA,CAAM,MAAA,CAAO,CAAC,QAAA,EAAU,UAAU,CAAA,EAAG;AAAA,MAC1C,KAAA,EAAO,OAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,KAAA,EAAOA,KAAAA,CAAM,IAAA,CAAK,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,KAAA,EAAO,SAAA,EAAW,GAAA,EAAK,CAAA;AAAA;AAAA,IAGrE,MAAA,EAAQA,KAAAA,CAAM,OAAA,CAAQ,EAAE,KAAA,EAAO,UAAU,QAAA,EAAU,KAAA,EAAO,YAAA,EAAc,KAAA,EAAO,CAAA;AAAA;AAAA,IAG/E,MAAA,EAAQA,MAAM,IAAA,CAAK;AAAA,MACjB,KAAA,EAAO,QAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,eAAA,EAAiBA,KAAAA,CAAM,MAAA,CAAO,kBAAA,EAAoB;AAAA,MAChD,KAAA,EAAO,cAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,OAAOA,KAAAA,CAAM,MAAA,CAAO,CAAC,OAAA,EAAS,QAAA,EAAU,UAAU,CAAA,EAAG;AAAA,MACnD,KAAA,EAAO,OAAA;AAAA,MACP,QAAA,EAAU,KAAA;AAAA,MACV,YAAA,EAAc;AAAA,KACf,CAAA;AAAA;AAAA,IAGD,UAAA,EAAYA,KAAAA,CAAM,MAAA,CAAO,UAAA,EAAY,EAAE,KAAA,EAAO,YAAA,EAAc,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA,IAC7F,UAAA,EAAYA,KAAAA,CAAM,QAAA,CAAS,EAAE,KAAA,EAAO,cAAc,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,IAAA,EAAM,CAAA;AAAA,IACnF,UAAA,EAAYA,MAAM,MAAA,CAAO,UAAA,EAAY,EAAE,KAAA,EAAO,YAAA,EAAc,QAAA,EAAU,KAAA,EAAO,CAAA;AAAA,IAC7E,UAAA,EAAYA,MAAM,QAAA,CAAS,EAAE,OAAO,YAAA,EAAc,QAAA,EAAU,OAAO;AAAA,GACrE;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA;AAAA,IAGP;AAAA,MACE,IAAA,EAAM,yBAAA;AAAA,MACN,MAAA,EAAQ,CAAC,MAAA,EAAQ,iBAAA,EAAmB,OAAO,CAAA;AAAA,MAC3C,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS;AAAA,KACX;AAAA;AAAA,IAEA,EAAE,IAAA,EAAM,yBAAA,EAA2B,QAAQ,CAAC,iBAAA,EAAmB,QAAQ,CAAA,EAAE;AAAA,IACzE,EAAE,MAAA,EAAQ,CAAC,OAAO,CAAA,EAAE;AAAA,IACpB,EAAE,MAAA,EAAQ,CAAC,OAAO,CAAA,EAAE;AAAA,IACpB,EAAE,MAAA,EAAQ,CAAC,OAAO,CAAA;AAAE,GACtB;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA,IACZ,YAAY,CAAC,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAU,UAAU,QAAQ,CAAA;AAAA,IACxD,KAAA,EAAO;AAAA;AAEX,CAAC","file":"index.mjs","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_metadata — System Metadata Object\n *\n * Canonical ObjectStack object definition for the metadata persistence table.\n * Stores all platform-scope and user-scope metadata records (Objects, Views,\n * Flows, etc.) using the MetadataRecordSchema envelope.\n *\n * This is a system object (isSystem: true) — protected from deletion and\n * automatically provisioned by the DatabaseLoader on first use.\n *\n * @see MetadataRecordSchema in metadata-persistence.zod.ts\n */\nexport const SysMetadataObject = ObjectSchema.create({\n name: 'sys_metadata',\n label: 'System Metadata',\n pluralLabel: 'System Metadata',\n icon: 'settings',\n isSystem: true,\n // managedBy: 'system' — the metadata table backs every other config\n // object. Writing rows directly here bypasses the typed Zod APIs and\n // would let an admin inject malformed payloads. The \"All Metadata\"\n // menu is therefore a read-only debug surface (Export only); typed\n // edits flow through the dedicated per-type pages (Approval Process,\n // Sharing Rule, etc.).\n managedBy: 'system',\n description: 'Stores platform and user-scope metadata records (objects, views, flows, etc.)',\n\n fields: {\n /** Primary Key (UUID) */\n id: Field.text({\n label: 'ID',\n required: true,\n readonly: true,\n }),\n\n /** Machine name — unique identifier used in code references */\n name: Field.text({\n label: 'Name',\n required: true,\n searchable: true,\n maxLength: 255,\n }),\n\n /** Metadata type (e.g. \"object\", \"view\", \"flow\") */\n type: Field.text({\n label: 'Metadata Type',\n required: true,\n searchable: true,\n maxLength: 100,\n }),\n\n /** Namespace / module grouping (e.g. \"crm\", \"core\") */\n namespace: Field.text({\n label: 'Namespace',\n required: false,\n defaultValue: 'default',\n maxLength: 100,\n }),\n\n /** Package that owns/delivered this metadata (legacy string identifier, kept for compat) */\n package_id: Field.text({\n label: 'Package ID',\n required: false,\n maxLength: 255,\n description: 'Legacy package manifest ID string. Use package_version_id for new records.',\n }),\n\n /**\n * FK → sys_package_version (UUID). Set for metadata that belongs to a specific\n * package release snapshot. NULL = platform-built-in or environment override.\n */\n package_version_id: Field.lookup('sys_package_version', {\n label: 'Package Version',\n required: false,\n description:\n 'Foreign key to sys_package_version (UUID). Null = platform-built-in or env-level override.',\n }),\n\n /** Who manages this record: package, platform, or user */\n managed_by: Field.select(['package', 'platform', 'user'], {\n label: 'Managed By',\n required: false,\n }),\n\n /** Scope: system (code), platform (admin DB), user (personal DB) */\n scope: Field.select(['system', 'platform', 'user'], {\n label: 'Scope',\n required: true,\n defaultValue: 'platform',\n }),\n\n /** JSON payload — the actual metadata configuration */\n metadata: Field.textarea({\n label: 'Metadata',\n required: true,\n description: 'JSON-serialized metadata payload',\n }),\n\n /** Parent metadata name for extension/override */\n extends: Field.text({\n label: 'Extends',\n required: false,\n maxLength: 255,\n }),\n\n /** Merge strategy when extending parent metadata */\n strategy: Field.select(['merge', 'replace'], {\n label: 'Strategy',\n required: false,\n defaultValue: 'merge',\n }),\n\n /** Owner user ID (for user-scope items) */\n owner: Field.text({\n label: 'Owner',\n required: false,\n maxLength: 255,\n }),\n\n /** Lifecycle state */\n state: Field.select(['draft', 'active', 'archived', 'deprecated'], {\n label: 'State',\n required: false,\n defaultValue: 'active',\n }),\n\n /** Organization ID for multi-tenant isolation */\n organization_id: Field.lookup('sys_organization', {\n label: 'Organization',\n required: false,\n description: 'Organization for multi-tenant isolation.',\n }),\n\n /**\n * @deprecated ADR-0005 (revised 2026-05): per-env DBs replace per-project\n * isolation. `environment_id` is no longer written by saveMetaItem and not\n * consulted by overlay reads. Kept for legacy rows; new writes leave it\n * NULL. Will be dropped in a future schema migration.\n */\n environment_id: Field.lookup('sys_environment', {\n label: 'Environment (deprecated)',\n required: false,\n description: 'DEPRECATED. Use organization_id for tenant isolation.',\n }),\n\n /** Version number for optimistic concurrency */\n version: Field.number({\n label: 'Version',\n required: false,\n defaultValue: 1,\n }),\n\n /** Content checksum for change detection (e.g. `sha256:<64 hex>` = 71 chars) */\n checksum: Field.text({\n label: 'Checksum',\n required: false,\n maxLength: 71,\n }),\n\n /** Origin of this metadata record */\n source: Field.select(['filesystem', 'database', 'api', 'migration'], {\n label: 'Source',\n required: false,\n }),\n\n /** Classification tags (JSON array) */\n tags: Field.textarea({\n label: 'Tags',\n required: false,\n description: 'JSON-serialized array of classification tags',\n }),\n\n /** Audit fields */\n created_by: Field.lookup('sys_user', {\n label: 'Created By',\n required: false,\n readonly: true,\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n required: false,\n readonly: true,\n }),\n\n updated_by: Field.lookup('sys_user', {\n label: 'Updated By',\n required: false,\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n required: false,\n }),\n },\n\n indexes: [\n // ADR-0005 (revised 2026-05): overlay uniqueness is scoped by\n // (type, name, organization_id), restricted to active rows so resets\n // / archived versions don't collide. environment_id is deprecated and\n // not part of the discriminator. The runtime layer (protocol.ts\n // ensureOverlayIndex) issues a DROP-then-CREATE migration to\n // replace any pre-existing legacy composite index in-place.\n {\n name: 'idx_sys_metadata_overlay_active',\n fields: ['type', 'name', 'organization_id'],\n unique: true,\n partial: \"state = 'active'\",\n },\n { name: 'idx_sys_metadata_org_type', fields: ['organization_id', 'type'] },\n { fields: ['type', 'scope'] },\n { fields: ['package_version_id'] },\n { fields: ['state'] },\n { fields: ['namespace'] },\n ],\n\n enable: {\n trackHistory: true,\n searchable: false,\n apiEnabled: true,\n apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n trash: false,\n },\n\n // Named list views — power the Setup App \"Data Model\" group so admins\n // can browse object/field metadata in a typed grid instead of the raw\n // `All Metadata` debug surface. Each entry pre-filters by `type` and\n // shows the columns that matter for that type. The dedicated visual\n // designer (objectui's <ObjectManager> / <FieldDesigner>) deep-links\n // from the row's `Edit in Designer` action; the grid stays useful for\n // search, audit (state / updated_at) and triage.\n listViews: {\n only_objects: {\n type: 'grid',\n name: 'only_objects',\n label: 'Objects',\n data: { provider: 'object', object: 'sys_metadata' },\n columns: ['name', 'namespace', 'scope', 'managed_by', 'state', 'updated_at'],\n filter: [{ field: 'type', operator: 'equals', value: 'object' }],\n sort: [{ field: 'name', order: 'asc' }],\n pagination: { pageSize: 50 },\n },\n only_fields: {\n type: 'grid',\n name: 'only_fields',\n label: 'Fields',\n data: { provider: 'object', object: 'sys_metadata' },\n columns: ['name', 'namespace', 'scope', 'managed_by', 'state', 'updated_at'],\n filter: [{ field: 'type', operator: 'equals', value: 'field' }],\n sort: [{ field: 'name', order: 'asc' }],\n pagination: { pageSize: 50 },\n },\n all_metadata: {\n type: 'grid',\n name: 'all_metadata',\n label: 'All',\n data: { provider: 'object', object: 'sys_metadata' },\n columns: ['name', 'type', 'namespace', 'scope', 'state', 'updated_at'],\n sort: [{ field: 'updated_at', order: 'desc' }],\n pagination: { pageSize: 50 },\n },\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_metadata_history — Metadata Version History / Event Log\n *\n * Append-only durable log of every overlay change made through\n * `SysMetadataRepository.put` / `delete` (ADR-0008 §10 M1). Each row is a\n * single event in the per-organisation event log; rows are NEVER\n * mutated after insertion. The legacy `DatabaseLoader` writes the same\n * shape from its own put/restore code paths.\n *\n * ─────────────────────────────────────────────────────────────────────\n * Key design points (ADR-0008 §0 amendment + M1):\n *\n * • Keyed by `(organization_id, type, name)` only — `environment_id` was\n * removed in the branch/project-removal amendment. The original\n * `metadata_id` column (a downgraded plain-text version of the old\n * `sys_metadata.id` FK) was removed in the M1 follow-up — joins go\n * through `(organization_id, type, name, version)` exclusively.\n *\n * • `event_seq` is the per-org monotonic event-log cursor. Producers\n * compute `MAX(event_seq) + 1 WHERE organization_id = X` inside the\n * same transaction as the parent `sys_metadata` write.\n *\n * • `version` is the per-(org,type,name) lineage counter. Producers\n * compute `MAX(version) + 1 WHERE organization_id = X AND type = T\n * AND name = N` so delete + recreate continues incrementing instead\n * of restarting at 1.\n *\n * • `metadata` / `checksum` are nullable — DELETE rows have no body or\n * hash. Readers must tolerate null on both columns.\n *\n * • `source` records the producer ('sys-metadata-repo', 'fs',\n * 'studio', …) and feeds MetadataEvent.source on history() reads.\n *\n * Indexes are purpose-built for the two dominant read patterns:\n * 1. per-item history view → `(organization_id, type, name, version)`\n * 2. org-wide event replay → `(organization_id, event_seq)`\n * ─────────────────────────────────────────────────────────────────────\n */\nexport const SysMetadataHistoryObject = ObjectSchema.create({\n name: 'sys_metadata_history',\n label: 'Metadata History',\n pluralLabel: 'Metadata History',\n icon: 'history',\n isSystem: true,\n managedBy: 'system',\n description: 'Durable event log of metadata overlay changes (per-org, append-only)',\n\n fields: {\n /** Primary Key (UUID) */\n id: Field.text({\n label: 'ID',\n required: true,\n readonly: true,\n }),\n\n /** Per-org monotonic event sequence (durable cursor for replay). */\n event_seq: Field.number({\n label: 'Event Seq',\n required: true,\n readonly: true,\n description: 'Per-organization monotonic event log cursor.',\n }),\n\n /** Machine name (denormalized for easier querying) */\n name: Field.text({\n label: 'Name',\n required: true,\n searchable: true,\n readonly: true,\n maxLength: 255,\n }),\n\n /** Metadata type (denormalized for easier querying) */\n type: Field.text({\n label: 'Metadata Type',\n required: true,\n searchable: true,\n readonly: true,\n maxLength: 100,\n }),\n\n /** Per-(org,type,name) lineage counter at this snapshot. */\n version: Field.number({\n label: 'Version',\n required: true,\n readonly: true,\n }),\n\n /** Type of operation that created this history entry */\n operation_type: Field.select(['create', 'update', 'publish', 'revert', 'delete'], {\n label: 'Operation Type',\n required: true,\n readonly: true,\n }),\n\n /**\n * Historical metadata snapshot (JSON payload).\n * Null for `operation_type = 'delete'` — the row carries no body.\n */\n metadata: Field.textarea({\n label: 'Metadata',\n required: false,\n readonly: true,\n description: 'JSON-serialized metadata snapshot at this version (null for deletes).',\n }),\n\n /** SHA-256 checksum of metadata content (null for deletes). */\n checksum: Field.text({\n label: 'Checksum',\n required: false,\n readonly: true,\n maxLength: 80,\n }),\n\n /** Checksum of the previous version (null for the first event). */\n previous_checksum: Field.text({\n label: 'Previous Checksum',\n required: false,\n readonly: true,\n maxLength: 80,\n }),\n\n /** Human-readable description of changes (= MetadataEvent.message). */\n change_note: Field.textarea({\n label: 'Change Note',\n required: false,\n readonly: true,\n description: 'Description of what changed in this version.',\n }),\n\n /**\n * Producer of the event ('sys-metadata-repo', 'fs', 'studio',\n * 'api', …). Defaults to 'sys-metadata-repo' on the canonical\n * write path; preserved on history() reads as MetadataEvent.source.\n */\n source: Field.text({\n label: 'Source',\n required: false,\n readonly: true,\n maxLength: 64,\n }),\n\n /** Organization ID for multi-tenant isolation */\n organization_id: Field.lookup('sys_organization', {\n label: 'Organization',\n required: false,\n readonly: true,\n description: 'Organization for multi-tenant isolation.',\n }),\n\n /** User who made this change (= MetadataEvent.actor). */\n recorded_by: Field.lookup('sys_user', {\n label: 'Recorded By',\n required: false,\n readonly: true,\n }),\n\n /** When was this version recorded */\n recorded_at: Field.datetime({\n label: 'Recorded At',\n required: true,\n readonly: true,\n }),\n },\n\n indexes: [\n { fields: ['organization_id', 'event_seq'], unique: true },\n { fields: ['organization_id', 'type', 'name', 'version'], unique: true },\n { fields: ['organization_id', 'type', 'name', 'recorded_at'] },\n // ADR-0009: getByHash() lookup — execution-pinned types resolve a\n // historical body by content hash via this index.\n { fields: ['organization_id', 'type', 'name', 'checksum'] },\n { fields: ['type', 'name'] },\n { fields: ['recorded_at'] },\n { fields: ['operation_type'] },\n ],\n\n enable: {\n trackHistory: false,\n searchable: false,\n apiEnabled: true,\n apiMethods: ['get', 'list'],\n trash: false,\n },\n});\n","// Copyright (c) 2026 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_metadata_audit — Metadata Protection Audit Log\n *\n * Append-only audit trail for every metadata write **decision** — both\n * allowed writes and refused ones. Introduced in ADR-0010 Phase 1 as\n * the compliance surface for the new `_lock` enforcement: every PUT /\n * publish / rollback / delete that targets `sys_metadata` writes one\n * row here describing the outcome and the lock state that produced it.\n *\n * Distinct from `sys_metadata_history`:\n * - `sys_metadata_history` records the **body** of every successful\n * write (full JSON snapshot + checksum). Used for rollback,\n * diff, and history() reads.\n * - `sys_metadata_audit` records the **decision** (who tried what,\n * what code was emitted, was a lock involved). Refused writes\n * never reach history; they DO reach audit.\n *\n * Designed as the smallest possible row that satisfies the four\n * compliance questions of metadata governance:\n * 1. Who tried to change what? → actor + type + name\n * 2. When? → occurred_at\n * 3. What outcome? → outcome + code\n * 4. Was an override involved? → lock_overridden + lock_state\n *\n * Indexed on `(organization_id, occurred_at)` for the per-org timeline\n * query and `(type, name, occurred_at)` for the per-item history tab\n * Studio surfaces on the editor page.\n */\nexport const SysMetadataAuditObject = ObjectSchema.create({\n name: 'sys_metadata_audit',\n label: 'Metadata Audit',\n pluralLabel: 'Metadata Audit',\n icon: 'shield-check',\n isSystem: true,\n managedBy: 'append-only',\n description: 'Append-only audit trail of metadata write decisions (ADR-0010).',\n\n fields: {\n /** Primary Key (UUID) */\n id: Field.text({\n label: 'ID',\n required: true,\n readonly: true,\n }),\n\n /** When the decision was made (ISO-8601 UTC). */\n occurred_at: Field.datetime({\n label: 'Occurred At',\n required: true,\n readonly: true,\n }),\n\n /** Acting principal (user id, system id, or 'system'). */\n actor: Field.text({\n label: 'Actor',\n required: true,\n readonly: true,\n maxLength: 255,\n description: 'Acting principal — user id, system id, or \"system\".',\n }),\n\n /** Code path that produced the decision (e.g. `protocol.saveMetaItem`). */\n source: Field.text({\n label: 'Source',\n required: false,\n readonly: true,\n maxLength: 128,\n }),\n\n /** Metadata type (singular, e.g. `app`, `object`, `view`). */\n type: Field.text({\n label: 'Metadata Type',\n required: true,\n readonly: true,\n searchable: true,\n maxLength: 100,\n }),\n\n /** Item machine name. */\n name: Field.text({\n label: 'Name',\n required: true,\n readonly: true,\n searchable: true,\n maxLength: 255,\n }),\n\n /** Organization for multi-tenant filtering. NULL for env-wide writes. */\n organization_id: Field.lookup('sys_organization', {\n label: 'Organization',\n required: false,\n readonly: true,\n }),\n\n /** Operation kind. */\n operation: Field.select(['save', 'publish', 'rollback', 'delete', 'reset'], {\n label: 'Operation',\n required: true,\n readonly: true,\n }),\n\n /** Decision outcome — allowed, denied (refused), or forced (bypassed via override). */\n outcome: Field.select(['allowed', 'denied', 'forced'], {\n label: 'Outcome',\n required: true,\n readonly: true,\n }),\n\n /**\n * Machine-readable code for the decision:\n * - on `allowed`: `'ok'`\n * - on `denied`: `'not_overridable'` | `'not_creatable'` |\n * `'item_locked'` | `'invalid_metadata'` | `'destructive_change'` |\n * `'metadata_conflict'`\n * - on `forced`: `'lock_override'` (Phase 3)\n */\n code: Field.text({\n label: 'Code',\n required: true,\n readonly: true,\n maxLength: 64,\n }),\n\n /**\n * Lock state observed at the time of the decision (`none` if the\n * item carried no `_lock`). Captured even on `allowed` rows so\n * later compliance queries can see \"what was the lock state when\n * this write succeeded\".\n */\n lock_state: Field.select(['none', 'no-overlay', 'no-delete', 'full'], {\n label: 'Lock State',\n required: false,\n readonly: true,\n }),\n\n /** True when the write succeeded by bypassing a lock (Phase 3). */\n lock_overridden: Field.boolean({\n label: 'Lock Overridden',\n required: false,\n readonly: true,\n }),\n\n /** Optional request correlation id for tracing. */\n request_id: Field.text({\n label: 'Request ID',\n required: false,\n readonly: true,\n maxLength: 128,\n }),\n\n /** Optional free-form context (e.g. brief diff summary). */\n note: Field.textarea({\n label: 'Note',\n required: false,\n readonly: true,\n }),\n },\n\n indexes: [\n { fields: ['organization_id', 'occurred_at'] },\n { fields: ['type', 'name', 'occurred_at'] },\n { fields: ['actor', 'occurred_at'] },\n { fields: ['outcome'] },\n ],\n\n enable: {\n trackHistory: false,\n searchable: false,\n apiEnabled: true,\n apiMethods: ['get', 'list'],\n trash: false,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_view_definition — Runtime View Storage (\"Object has-many View\")\n *\n * Persists view definitions authored at RUNTIME by end users — the `shared`\n * and `personal` layers of the view model (see spec `ViewItemSchema`). The\n * `package` layer ships from `*.view.ts` source and lives in the metadata\n * registry; it is NOT stored here.\n *\n * Why a dedicated object (not the `sys_metadata` overlay): runtime views are\n * data, not admin metadata customisation. They carry an `owner`, a visibility\n * `scope`, and are queried per-user — so they belong in a typed, permissioned\n * ObjectQL object rather than the global metadata registry (which a personal\n * \"My hot leads\" view should never pollute).\n *\n * CRUD flows through ObjectQL's generic data API (`/api/v1/data/\n * sys_view_definition`) — no bespoke per-view REST endpoints. The runtime\n * switcher reads the `package` layer via `GET /meta/view?object=<object>` and\n * merges these rows client-side, filtered to `scope='shared'` OR\n * `owner=<current user>`.\n *\n * This is a system object (isSystem: true) — protected from deletion and\n * auto-provisioned on first use.\n */\nexport const SysViewDefinitionObject = ObjectSchema.create({\n name: 'sys_view_definition',\n label: 'View Definition',\n pluralLabel: 'View Definitions',\n icon: 'layout-grid',\n isSystem: true,\n description:\n 'Runtime-authored view definitions (shared / personal layers). The package layer ships from source.',\n\n fields: {\n /** Primary Key (UUID) */\n id: Field.text({ label: 'ID', required: true, readonly: true }),\n\n /**\n * Globally-unique qualified view id, `<object>.<viewKey>`, matching the\n * spec `ViewItemSchema.name`. For personal views the runtime may suffix\n * to keep it unique per owner.\n */\n name: Field.text({\n label: 'Name',\n required: true,\n searchable: true,\n maxLength: 255,\n }),\n\n /** Bound object — the foreign key used to aggregate views for the switcher. */\n object: Field.text({\n label: 'Object',\n required: true,\n searchable: true,\n maxLength: 255,\n }),\n\n /** Whether `config` is a ListView (list family) or a FormView. */\n view_kind: Field.select(['list', 'form'], {\n label: 'View Kind',\n required: true,\n defaultValue: 'list',\n }),\n\n /** Display label (plain string; i18n keys also accepted). */\n label: Field.text({ label: 'Label', required: false, maxLength: 255 }),\n\n /** Whether this is the object's default view in the switcher. */\n is_default: Field.boolean({ label: 'Is Default', required: false, defaultValue: false }),\n\n /** Sort order within the object's switcher / left rail. */\n view_order: Field.number({ label: 'Order', required: false, defaultValue: 0 }),\n\n /**\n * Identity layer. Only `shared` and `personal` are stored at runtime;\n * `package` views come from source.\n */\n scope: Field.select(['shared', 'personal'], {\n label: 'Scope',\n required: true,\n defaultValue: 'personal',\n }),\n\n /** Owner user id — set when scope = personal; null for shared. */\n owner: Field.text({ label: 'Owner', required: false, maxLength: 255 }),\n\n /** Hidden from the switcher (per-user / per-org declutter). */\n hidden: Field.boolean({ label: 'Hidden', required: false, defaultValue: false }),\n\n /** The ListView / FormView configuration payload. */\n config: Field.json({\n label: 'Config',\n required: true,\n description: 'ListView or FormView configuration (matches spec ViewItem.config).',\n }),\n\n /** Organization for multi-tenant isolation. */\n organization_id: Field.lookup('sys_organization', {\n label: 'Organization',\n required: false,\n description: 'Organization for multi-tenant isolation.',\n }),\n\n /** Lifecycle state. */\n state: Field.select(['draft', 'active', 'archived'], {\n label: 'State',\n required: false,\n defaultValue: 'active',\n }),\n\n /** Audit fields. */\n created_by: Field.lookup('sys_user', { label: 'Created By', required: false, readonly: true }),\n created_at: Field.datetime({ label: 'Created At', required: false, readonly: true }),\n updated_by: Field.lookup('sys_user', { label: 'Updated By', required: false }),\n updated_at: Field.datetime({ label: 'Updated At', required: false }),\n },\n\n indexes: [\n // A given view name is unique per (organization, owner) among active rows —\n // a shared view (owner NULL) and each user's personal views don't collide.\n {\n name: 'idx_sys_view_def_active',\n fields: ['name', 'organization_id', 'owner'],\n unique: true,\n partial: \"state = 'active'\",\n },\n // The switcher query: views for one object within a tenant.\n { name: 'idx_sys_view_def_object', fields: ['organization_id', 'object'] },\n { fields: ['scope'] },\n { fields: ['owner'] },\n { fields: ['state'] },\n ],\n\n enable: {\n trackHistory: true,\n searchable: false,\n apiEnabled: true,\n apiMethods: ['get', 'list', 'create', 'update', 'delete'],\n trash: false,\n },\n});\n"]}
|
|
1
|
+
{"version":3,"sources":[],"names":[],"mappings":"","file":"index.mjs","sourcesContent":[]}
|
|
@@ -1,2 +1 @@
|
|
|
1
|
-
|
|
2
|
-
export { }
|
|
1
|
+
import '@objectstack/metadata-core';
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1,2 +1 @@
|
|
|
1
|
-
|
|
2
|
-
export { }
|
|
1
|
+
import '@objectstack/metadata-core';
|
package/dist/system/index.d.mts
CHANGED
|
@@ -36,7 +36,7 @@ declare const SysSetting: Omit<{
|
|
|
36
36
|
abstract: boolean;
|
|
37
37
|
datasource: string;
|
|
38
38
|
fields: Record<string, {
|
|
39
|
-
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
39
|
+
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "vector";
|
|
40
40
|
required: boolean;
|
|
41
41
|
searchable: boolean;
|
|
42
42
|
multiple: boolean;
|
|
@@ -643,7 +643,7 @@ declare const SysSetting: Omit<{
|
|
|
643
643
|
field?: string | undefined;
|
|
644
644
|
objectOverride?: string | undefined;
|
|
645
645
|
label?: string | undefined;
|
|
646
|
-
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
646
|
+
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "tags" | "vector" | undefined;
|
|
647
647
|
options?: {
|
|
648
648
|
label: string;
|
|
649
649
|
value: string;
|
|
@@ -3146,7 +3146,7 @@ declare const SysSecret: Omit<{
|
|
|
3146
3146
|
abstract: boolean;
|
|
3147
3147
|
datasource: string;
|
|
3148
3148
|
fields: Record<string, {
|
|
3149
|
-
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
3149
|
+
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "vector";
|
|
3150
3150
|
required: boolean;
|
|
3151
3151
|
searchable: boolean;
|
|
3152
3152
|
multiple: boolean;
|
|
@@ -3753,7 +3753,7 @@ declare const SysSecret: Omit<{
|
|
|
3753
3753
|
field?: string | undefined;
|
|
3754
3754
|
objectOverride?: string | undefined;
|
|
3755
3755
|
label?: string | undefined;
|
|
3756
|
-
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
3756
|
+
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "tags" | "vector" | undefined;
|
|
3757
3757
|
options?: {
|
|
3758
3758
|
label: string;
|
|
3759
3759
|
value: string;
|
|
@@ -3826,15 +3826,13 @@ declare const SysSecret: Omit<{
|
|
|
3826
3826
|
readonly isSystem: true;
|
|
3827
3827
|
readonly managedBy: "system";
|
|
3828
3828
|
readonly description: "Cipher store referenced by sys_setting handles. Never holds plaintext.";
|
|
3829
|
-
readonly scope: "tenant";
|
|
3830
3829
|
readonly compactLayout: ["namespace", "key", "kms_key_id", "version", "rotated_at"];
|
|
3831
|
-
readonly
|
|
3832
|
-
readonly views: {
|
|
3830
|
+
readonly listViews: {
|
|
3833
3831
|
readonly all: {
|
|
3834
|
-
readonly type: "
|
|
3832
|
+
readonly type: "grid";
|
|
3835
3833
|
readonly name: "all";
|
|
3836
3834
|
readonly label: "All Secrets";
|
|
3837
|
-
readonly columns:
|
|
3835
|
+
readonly columns: ["namespace", "key", "kms_key_id", "version", "rotated_at", "created_at"];
|
|
3838
3836
|
};
|
|
3839
3837
|
};
|
|
3840
3838
|
readonly fields: {
|
|
@@ -5467,7 +5465,7 @@ declare const SysSettingAudit: Omit<{
|
|
|
5467
5465
|
abstract: boolean;
|
|
5468
5466
|
datasource: string;
|
|
5469
5467
|
fields: Record<string, {
|
|
5470
|
-
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
5468
|
+
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "vector";
|
|
5471
5469
|
required: boolean;
|
|
5472
5470
|
searchable: boolean;
|
|
5473
5471
|
multiple: boolean;
|
|
@@ -6074,7 +6072,7 @@ declare const SysSettingAudit: Omit<{
|
|
|
6074
6072
|
field?: string | undefined;
|
|
6075
6073
|
objectOverride?: string | undefined;
|
|
6076
6074
|
label?: string | undefined;
|
|
6077
|
-
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
6075
|
+
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "tags" | "vector" | undefined;
|
|
6078
6076
|
options?: {
|
|
6079
6077
|
label: string;
|
|
6080
6078
|
value: string;
|
|
@@ -6147,16 +6145,14 @@ declare const SysSettingAudit: Omit<{
|
|
|
6147
6145
|
readonly isSystem: true;
|
|
6148
6146
|
readonly managedBy: "system";
|
|
6149
6147
|
readonly description: "Append-only audit trail for SettingsService mutations.";
|
|
6150
|
-
readonly scope: "tenant";
|
|
6151
6148
|
readonly compactLayout: ["namespace", "key", "scope", "action", "actor_id", "created_at"];
|
|
6152
|
-
readonly
|
|
6153
|
-
readonly views: {
|
|
6149
|
+
readonly listViews: {
|
|
6154
6150
|
readonly recent: {
|
|
6155
|
-
readonly type: "
|
|
6151
|
+
readonly type: "grid";
|
|
6156
6152
|
readonly name: "recent";
|
|
6157
6153
|
readonly label: "Recent";
|
|
6158
|
-
readonly columns:
|
|
6159
|
-
readonly sort:
|
|
6154
|
+
readonly columns: ["created_at", "namespace", "key", "scope", "action", "actor_id", "source"];
|
|
6155
|
+
readonly sort: [{
|
|
6160
6156
|
readonly field: "created_at";
|
|
6161
6157
|
readonly order: "desc";
|
|
6162
6158
|
}];
|
package/dist/system/index.d.ts
CHANGED
|
@@ -36,7 +36,7 @@ declare const SysSetting: Omit<{
|
|
|
36
36
|
abstract: boolean;
|
|
37
37
|
datasource: string;
|
|
38
38
|
fields: Record<string, {
|
|
39
|
-
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
39
|
+
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "vector";
|
|
40
40
|
required: boolean;
|
|
41
41
|
searchable: boolean;
|
|
42
42
|
multiple: boolean;
|
|
@@ -643,7 +643,7 @@ declare const SysSetting: Omit<{
|
|
|
643
643
|
field?: string | undefined;
|
|
644
644
|
objectOverride?: string | undefined;
|
|
645
645
|
label?: string | undefined;
|
|
646
|
-
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
646
|
+
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "tags" | "vector" | undefined;
|
|
647
647
|
options?: {
|
|
648
648
|
label: string;
|
|
649
649
|
value: string;
|
|
@@ -3146,7 +3146,7 @@ declare const SysSecret: Omit<{
|
|
|
3146
3146
|
abstract: boolean;
|
|
3147
3147
|
datasource: string;
|
|
3148
3148
|
fields: Record<string, {
|
|
3149
|
-
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
3149
|
+
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "vector";
|
|
3150
3150
|
required: boolean;
|
|
3151
3151
|
searchable: boolean;
|
|
3152
3152
|
multiple: boolean;
|
|
@@ -3753,7 +3753,7 @@ declare const SysSecret: Omit<{
|
|
|
3753
3753
|
field?: string | undefined;
|
|
3754
3754
|
objectOverride?: string | undefined;
|
|
3755
3755
|
label?: string | undefined;
|
|
3756
|
-
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
3756
|
+
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "tags" | "vector" | undefined;
|
|
3757
3757
|
options?: {
|
|
3758
3758
|
label: string;
|
|
3759
3759
|
value: string;
|
|
@@ -3826,15 +3826,13 @@ declare const SysSecret: Omit<{
|
|
|
3826
3826
|
readonly isSystem: true;
|
|
3827
3827
|
readonly managedBy: "system";
|
|
3828
3828
|
readonly description: "Cipher store referenced by sys_setting handles. Never holds plaintext.";
|
|
3829
|
-
readonly scope: "tenant";
|
|
3830
3829
|
readonly compactLayout: ["namespace", "key", "kms_key_id", "version", "rotated_at"];
|
|
3831
|
-
readonly
|
|
3832
|
-
readonly views: {
|
|
3830
|
+
readonly listViews: {
|
|
3833
3831
|
readonly all: {
|
|
3834
|
-
readonly type: "
|
|
3832
|
+
readonly type: "grid";
|
|
3835
3833
|
readonly name: "all";
|
|
3836
3834
|
readonly label: "All Secrets";
|
|
3837
|
-
readonly columns:
|
|
3835
|
+
readonly columns: ["namespace", "key", "kms_key_id", "version", "rotated_at", "created_at"];
|
|
3838
3836
|
};
|
|
3839
3837
|
};
|
|
3840
3838
|
readonly fields: {
|
|
@@ -5467,7 +5465,7 @@ declare const SysSettingAudit: Omit<{
|
|
|
5467
5465
|
abstract: boolean;
|
|
5468
5466
|
datasource: string;
|
|
5469
5467
|
fields: Record<string, {
|
|
5470
|
-
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
5468
|
+
type: "number" | "boolean" | "tags" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "vector";
|
|
5471
5469
|
required: boolean;
|
|
5472
5470
|
searchable: boolean;
|
|
5473
5471
|
multiple: boolean;
|
|
@@ -6074,7 +6072,7 @@ declare const SysSettingAudit: Omit<{
|
|
|
6074
6072
|
field?: string | undefined;
|
|
6075
6073
|
objectOverride?: string | undefined;
|
|
6076
6074
|
label?: string | undefined;
|
|
6077
|
-
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "
|
|
6075
|
+
type?: "number" | "boolean" | "date" | "record" | "file" | "code" | "datetime" | "signature" | "progress" | "url" | "lookup" | "master_detail" | "currency" | "percent" | "password" | "secret" | "email" | "time" | "text" | "textarea" | "phone" | "markdown" | "html" | "richtext" | "toggle" | "select" | "multiselect" | "radio" | "checkboxes" | "tree" | "image" | "avatar" | "video" | "audio" | "formula" | "summary" | "autonumber" | "composite" | "repeater" | "location" | "address" | "json" | "color" | "rating" | "slider" | "qrcode" | "tags" | "vector" | undefined;
|
|
6078
6076
|
options?: {
|
|
6079
6077
|
label: string;
|
|
6080
6078
|
value: string;
|
|
@@ -6147,16 +6145,14 @@ declare const SysSettingAudit: Omit<{
|
|
|
6147
6145
|
readonly isSystem: true;
|
|
6148
6146
|
readonly managedBy: "system";
|
|
6149
6147
|
readonly description: "Append-only audit trail for SettingsService mutations.";
|
|
6150
|
-
readonly scope: "tenant";
|
|
6151
6148
|
readonly compactLayout: ["namespace", "key", "scope", "action", "actor_id", "created_at"];
|
|
6152
|
-
readonly
|
|
6153
|
-
readonly views: {
|
|
6149
|
+
readonly listViews: {
|
|
6154
6150
|
readonly recent: {
|
|
6155
|
-
readonly type: "
|
|
6151
|
+
readonly type: "grid";
|
|
6156
6152
|
readonly name: "recent";
|
|
6157
6153
|
readonly label: "Recent";
|
|
6158
|
-
readonly columns:
|
|
6159
|
-
readonly sort:
|
|
6154
|
+
readonly columns: ["created_at", "namespace", "key", "scope", "action", "actor_id", "source"];
|
|
6155
|
+
readonly sort: [{
|
|
6160
6156
|
readonly field: "created_at";
|
|
6161
6157
|
readonly order: "desc";
|
|
6162
6158
|
}];
|
package/dist/system/index.js
CHANGED
|
@@ -163,12 +163,10 @@ var SysSecret = data.ObjectSchema.create({
|
|
|
163
163
|
isSystem: true,
|
|
164
164
|
managedBy: "system",
|
|
165
165
|
description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
|
|
166
|
-
scope: "tenant",
|
|
167
166
|
compactLayout: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
|
|
168
|
-
|
|
169
|
-
views: {
|
|
167
|
+
listViews: {
|
|
170
168
|
all: {
|
|
171
|
-
type: "
|
|
169
|
+
type: "grid",
|
|
172
170
|
name: "all",
|
|
173
171
|
label: "All Secrets",
|
|
174
172
|
columns: ["namespace", "key", "kms_key_id", "version", "rotated_at", "created_at"]
|
|
@@ -256,12 +254,10 @@ var SysSettingAudit = data.ObjectSchema.create({
|
|
|
256
254
|
isSystem: true,
|
|
257
255
|
managedBy: "system",
|
|
258
256
|
description: "Append-only audit trail for SettingsService mutations.",
|
|
259
|
-
scope: "tenant",
|
|
260
257
|
compactLayout: ["namespace", "key", "scope", "action", "actor_id", "created_at"],
|
|
261
|
-
|
|
262
|
-
views: {
|
|
258
|
+
listViews: {
|
|
263
259
|
recent: {
|
|
264
|
-
type: "
|
|
260
|
+
type: "grid",
|
|
265
261
|
name: "recent",
|
|
266
262
|
label: "Recent",
|
|
267
263
|
columns: ["created_at", "namespace", "key", "scope", "action", "actor_id", "source"],
|
package/dist/system/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/system/sys-setting.object.ts","../../src/system/sys-secret.object.ts","../../src/system/sys-setting-audit.object.ts"],"names":["ObjectSchema","Field"],"mappings":";;;;;AAiCO,IAAM,UAAA,GAAaA,kBAAa,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAM,aAAA;AAAA,EACN,KAAA,EAAO,SAAA;AAAA,EACP,WAAA,EAAa,UAAA;AAAA,EACb,IAAA,EAAM,SAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,0DAAA;AAAA,EACb,gBAAA,EAAkB,KAAA;AAAA,EAClB,WAAA,EAAa,mBAAA;AAAA,EACb,aAAA,EAAe,CAAC,WAAA,EAAa,KAAA,EAAO,SAAS,YAAY,CAAA;AAAA,EAEzD,SAAA,EAAW;AAAA,IACT,YAAA,EAAc;AAAA,MACZ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,cAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,SAAS,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,WAAA,EAAa,cAAc,YAAY,CAAA;AAAA,MAC9E,IAAA,EAAM,CAAC,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,CAAA;AAAA,MAC3E,QAAA,EAAU,EAAE,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,CAAA,EAAE;AAAA,MAC7E,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI,KAC9B;AAAA,IACA,WAAA,EAAa;AAAA,MACX,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,aAAA;AAAA,MACN,KAAA,EAAO,QAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,SAAS,CAAC,WAAA,EAAa,KAAA,EAAO,WAAA,EAAa,cAAc,YAAY,CAAA;AAAA,MACrE,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,CAAA;AAAA,MAChE,IAAA,EAAM,CAAC,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,CAAA;AAAA,MAC3E,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI,KAC9B;AAAA,IACA,SAAA,EAAW;AAAA,MACT,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,WAAA;AAAA,MACN,KAAA,EAAO,MAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,OAAA,EAAS,CAAC,SAAA,EAAW,WAAA,EAAa,OAAO,YAAY,CAAA;AAAA,MACrD,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,QAAA,EAAU,KAAA,EAAO,MAAA,EAAQ,CAAA;AAAA,MAC9D,IAAA,EAAM,CAAC,EAAE,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,OAAO,CAAA;AAAA,MAC/E,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI,KAC9B;AAAA,IACA,YAAA,EAAc;AAAA,MACZ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,KAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,SAAS,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,SAAA,EAAW,aAAa,YAAY,CAAA;AAAA,MAC3E,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,MAC7C,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI;AAC9B,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAIC,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,EAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,KAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,OAAOA,UAAA,CAAM,MAAA;AAAA,MACX;AAAA,QACE,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,MAAA,EAAU,KAAA,EAAO,MAAA,EAAO;AAAA,QACjC,EAAE,KAAA,EAAO,SAAA,EAAU,KAAA,EAAO,SAAA;AAAU,OACtC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,OAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,YAAA,EAAc,QAAA;AAAA,QACd,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IAEA,OAAA,EAASA,UAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MAChC,KAAA,EAAO,MAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,KAAA,EAAOA,WAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,OAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,OAAA,CAAQ;AAAA,MACvB,KAAA,EAAO,WAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,MAAA,EAAQA,WAAM,OAAA,CAAQ;AAAA,MACpB,KAAA,EAAO,QAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EACE;AAAA,KAEH,CAAA;AAAA,IAED,aAAA,EAAeA,WAAM,IAAA,CAAK;AAAA,MACxB,KAAA,EAAO,aAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,iBAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,UAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACnC,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA;AAAA;AAAA,IAIP,EAAE,QAAQ,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,SAAS,CAAA,EAAG,MAAA,EAAQ,IAAA,EAAK;AAAA;AAAA,IAEjE,EAAE,MAAA,EAAQ,CAAC,aAAa,OAAO,CAAA,EAAG,QAAQ,KAAA,EAAM;AAAA;AAAA,IAEhD,EAAE,MAAA,EAAQ,CAAC,WAAW,WAAW,CAAA,EAAG,QAAQ,KAAA;AAAM,GACpD;AAAA,EAEA,MAAA,EAAQ;AAAA;AAAA;AAAA;AAAA,IAIN,YAAA,EAAc,KAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA;AAAA;AAAA;AAAA,IAIZ,UAAA,EAAY,CAAC,KAAA,EAAO,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,KAAA;AAAA,IACP,GAAA,EAAK;AAAA;AAET,CAAC;AC3KM,IAAM,SAAA,GAAYD,kBAAa,MAAA,CAAO;AAAA,EAC3C,IAAA,EAAM,YAAA;AAAA,EACN,KAAA,EAAO,QAAA;AAAA,EACP,WAAA,EAAa,SAAA;AAAA,EACb,IAAA,EAAM,KAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,wEAAA;AAAA,EACb,KAAA,EAAO,QAAA;AAAA,EACP,eAAe,CAAC,WAAA,EAAa,KAAA,EAAO,YAAA,EAAc,WAAW,YAAY,CAAA;AAAA,EACzE,eAAA,EAAiB,KAAA;AAAA,EACjB,KAAA,EAAO;AAAA,IACL,GAAA,EAAK;AAAA,MACH,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,KAAA;AAAA,MACN,KAAA,EAAO,aAAA;AAAA,MACP,SAAS,CAAC,WAAA,EAAa,OAAO,YAAA,EAAc,SAAA,EAAW,cAAc,YAAY;AAAA;AACnF,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAIC,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQD,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,KAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,UAAA,EAAYA,WAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc,aAAA;AAAA,MACd,SAAA,EAAW,EAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,OAAA,EAASA,WAAM,MAAA,CAAO;AAAA,MACpB,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc,CAAA;AAAA,MACd,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EACE;AAAA,KACH;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA,IAEP,EAAE,MAAA,EAAQ,CAAC,aAAa,KAAK,CAAA,EAAG,QAAQ,KAAA,EAAM;AAAA,IAC9C,EAAE,MAAA,EAAQ,CAAC,YAAY,CAAA,EAAG,QAAQ,KAAA;AAAM,GAC1C;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,KAAA;AAAA;AAAA,IACd,KAAA,EAAO;AAAA;AAEX,CAAC;AC1GM,IAAM,eAAA,GAAkBD,kBAAa,MAAA,CAAO;AAAA,EACjD,IAAA,EAAM,mBAAA;AAAA,EACN,KAAA,EAAO,qBAAA;AAAA,EACP,WAAA,EAAa,eAAA;AAAA,EACb,IAAA,EAAM,SAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,wDAAA;AAAA,EACb,KAAA,EAAO,QAAA;AAAA,EACP,eAAe,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,QAAA,EAAU,YAAY,YAAY,CAAA;AAAA,EAC/E,eAAA,EAAiB,QAAA;AAAA,EACjB,KAAA,EAAO;AAAA,IACL,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,QAAA;AAAA,MACP,OAAA,EAAS,CAAC,YAAA,EAAc,WAAA,EAAa,OAAO,OAAA,EAAS,QAAA,EAAU,YAAY,QAAQ,CAAA;AAAA,MACnF,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ;AAAA;AAC/C,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAIC,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,IAED,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,KAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,IAED,OAAOA,UAAAA,CAAM,MAAA;AAAA,MACX;AAAA,QACE,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,MAAA,EAAU,KAAA,EAAO,MAAA;AAAO,OACnC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,OAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IAEA,QAAQA,UAAAA,CAAM,MAAA;AAAA,MACZ;AAAA,QACE,EAAE,KAAA,EAAO,KAAA,EAAW,KAAA,EAAO,KAAA,EAAM;AAAA,QACjC,EAAE,KAAA,EAAO,OAAA,EAAW,KAAA,EAAO,OAAA,EAAQ;AAAA,QACnC,EAAE,KAAA,EAAO,MAAA,EAAW,KAAA,EAAO,MAAA,EAAO;AAAA,QAClC,EAAE,KAAA,EAAO,QAAA,EAAW,KAAA,EAAO,QAAA,EAAS;AAAA,QACpC,EAAE,KAAA,EAAO,QAAA,EAAW,KAAA,EAAO,QAAA;AAAS,OACtC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,QAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IAEA,QAAA,EAAUA,UAAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACjC,KAAA,EAAO,OAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOD,QAAQA,UAAAA,CAAM,MAAA;AAAA,MACZ;AAAA,QACE,EAAE,KAAA,EAAO,IAAA,EAAc,KAAA,EAAO,IAAA,EAAK;AAAA,QACnC,EAAE,KAAA,EAAO,KAAA,EAAc,KAAA,EAAO,KAAA,EAAM;AAAA,QACpC,EAAE,KAAA,EAAO,WAAA,EAAc,KAAA,EAAO,WAAA,EAAY;AAAA,QAC1C,EAAE,KAAA,EAAO,QAAA,EAAc,KAAA,EAAO,QAAA,EAAS;AAAA,QACvC,EAAE,KAAA,EAAO,QAAA,EAAc,KAAA,EAAO,QAAA;AAAS,OACzC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,QAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,YAAA,EAAc,KAAA;AAAA,QACd,WAAA,EAAa;AAAA;AACf,KACF;AAAA;AAAA,IAGA,MAAA,EAAQA,WAAM,IAAA,CAAK;AAAA,MACjB,KAAA,EAAO,QAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQD,QAAA,EAAUA,WAAM,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,QAAA,EAAUA,WAAM,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,SAAA,EAAWA,WAAM,OAAA,CAAQ;AAAA,MACvB,KAAA,EAAO,WAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,UAAA,EAAYA,WAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA,IAEP,EAAE,MAAA,EAAQ,CAAC,aAAa,YAAY,CAAA,EAAG,QAAQ,KAAA,EAAM;AAAA;AAAA,IAErD,EAAE,MAAA,EAAQ,CAAC,YAAY,YAAY,CAAA,EAAG,QAAQ,KAAA;AAAM,GACtD;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,KAAA;AAAA,IACd,KAAA,EAAO;AAAA;AAAA;AAEX,CAAC","file":"index.js","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_setting — Generic K/V store backing the SettingsManifest contract\n *\n * Single physical table that holds *every* value for *every* settings\n * namespace declared by a `SettingsManifest`. Plugins MUST NOT define\n * per-namespace tables (e.g. `sys_mail_config`); they declare a manifest\n * and the value persists here.\n *\n * Row identity: (namespace, key, scope, user_id?).\n *\n * Resolution order (handled by `SettingsService.get`):\n * 1. process.env override (source='env', locked=true)\n * 2. sys_setting WHERE scope='global' (source='global')\n * 3. sys_setting WHERE scope='tenant' (source='tenant')\n * 4. sys_setting WHERE scope='user' (source='user')\n * 5. manifest specifier.default (source='default')\n *\n * Encryption: rows with `encrypted=true` store ciphertext in `value_enc`\n * and leave `value` null. The plain value is never written to audit log\n * or history snapshots — only an `'<encrypted>'` placeholder + a digest.\n *\n * managedBy: 'system' — the admin grid in Setup is a diagnostic surface\n * only; all writes flow through `SettingsService.set()` so the resolver\n * stays the single source of truth.\n *\n * See ADR-0007 (Settings Manifest + K/V Store + Resolver).\n *\n * @namespace sys\n */\nexport const SysSetting = ObjectSchema.create({\n name: 'sys_setting',\n label: 'Setting',\n pluralLabel: 'Settings',\n icon: 'sliders',\n isSystem: true,\n managedBy: 'system',\n description: 'Generic K/V store backing the SettingsManifest contract.',\n displayNameField: 'key',\n titleFormat: '{namespace}.{key}',\n compactLayout: ['namespace', 'key', 'scope', 'updated_at'],\n\n listViews: {\n by_namespace: {\n type: 'grid',\n name: 'by_namespace',\n label: 'By Namespace',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['namespace', 'key', 'scope', 'encrypted', 'updated_by', 'updated_at'],\n sort: [{ field: 'namespace', order: 'asc' }, { field: 'key', order: 'asc' }],\n grouping: { fields: [{ field: 'namespace', order: 'asc', collapsed: false }] },\n pagination: { pageSize: 200 },\n },\n tenant_only: {\n type: 'grid',\n name: 'tenant_only',\n label: 'Tenant',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['namespace', 'key', 'encrypted', 'updated_by', 'updated_at'],\n filter: [{ field: 'scope', operator: 'equals', value: 'tenant' }],\n sort: [{ field: 'namespace', order: 'asc' }, { field: 'key', order: 'asc' }],\n pagination: { pageSize: 200 },\n },\n user_only: {\n type: 'grid',\n name: 'user_only',\n label: 'User',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['user_id', 'namespace', 'key', 'updated_at'],\n filter: [{ field: 'scope', operator: 'equals', value: 'user' }],\n sort: [{ field: 'user_id', order: 'asc' }, { field: 'namespace', order: 'asc' }],\n pagination: { pageSize: 200 },\n },\n all_settings: {\n type: 'grid',\n name: 'all_settings',\n label: 'All',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['namespace', 'key', 'scope', 'user_id', 'encrypted', 'updated_at'],\n sort: [{ field: 'updated_at', order: 'desc' }],\n pagination: { pageSize: 100 },\n },\n },\n\n fields: {\n id: Field.text({\n label: 'Setting ID',\n required: true,\n readonly: true,\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n defaultValue: 'NOW()',\n readonly: true,\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n defaultValue: 'NOW()',\n readonly: true,\n }),\n\n namespace: Field.text({\n label: 'Namespace',\n required: true,\n maxLength: 64,\n description: 'Manifest namespace (e.g. mail, branding, feature_flags).',\n }),\n\n key: Field.text({\n label: 'Key',\n required: true,\n maxLength: 128,\n description: 'Specifier key inside the namespace (snake_case).',\n }),\n\n scope: Field.select(\n [\n { label: 'Global', value: 'global' },\n { label: 'Tenant', value: 'tenant' },\n { label: 'User', value: 'user' },\n { label: 'Runtime',value: 'runtime' },\n ],\n {\n label: 'Scope',\n required: true,\n defaultValue: 'tenant',\n description: 'Which layer of the config-resolution hierarchy this row belongs to.',\n },\n ),\n\n user_id: Field.lookup('sys_user', {\n label: 'User',\n description: 'Owning user when scope=user; null otherwise.',\n }),\n\n value: Field.json({\n label: 'Value',\n description: 'JSON-encoded value. Null when encrypted=true (see value_enc).',\n }),\n\n encrypted: Field.boolean({\n label: 'Encrypted',\n defaultValue: false,\n description: 'When true, the value is stored encrypted-at-rest in value_enc; value column is null.',\n }),\n\n locked: Field.boolean({\n label: 'Locked',\n defaultValue: false,\n description:\n 'When true, lower-scope rows cannot override this value; writes against lower scopes return 409. ' +\n 'Used by platform administrators to pin a global value for all tenants (Phase 2 cascade).',\n }),\n\n locked_reason: Field.text({\n label: 'Lock Reason',\n description: 'Human-readable explanation surfaced in the UI tooltip when locked=true.',\n }),\n\n value_enc: Field.text({\n label: 'Encrypted Value',\n readonly: true,\n description: 'Ciphertext payload (KMS-wrapped). Set only when encrypted=true.',\n }),\n\n updated_by: Field.lookup('sys_user', {\n label: 'Updated By',\n readonly: true,\n description: 'Last actor who wrote this row via SettingsService.set().',\n }),\n },\n\n indexes: [\n // Primary lookup path: (namespace, key, scope, user_id?) is what\n // SettingsService.get hits on every resolve. The composite UNIQUE\n // covers both the row-identity constraint and the read path.\n { fields: ['namespace', 'key', 'scope', 'user_id'], unique: true },\n // Common range read: full namespace dump for SettingsService.getNamespace.\n { fields: ['namespace', 'scope'], unique: false },\n // Per-user listing on the user-prefs scope.\n { fields: ['user_id', 'namespace'], unique: false },\n ],\n\n enable: {\n // History on settings is opt-in per namespace (handled at service\n // layer when needed) to avoid bloating sys_history with churn from\n // feature flags and similar high-frequency toggles.\n trackHistory: false,\n searchable: false,\n apiEnabled: true,\n // Direct data API exposed for the admin grid view, but writes from\n // the UI MUST go through /api/settings/:namespace so the resolver\n // and audit hooks fire. The grid is diagnostic-only.\n apiMethods: ['get', 'list'],\n trash: false,\n mru: false,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_secret — Separated cipher store for sensitive settings values.\n *\n * Phase 3 of the settings roadmap splits secret material out of\n * `sys_setting` so they can carry their own retention/rotation/KMS\n * policies without bloating the regular settings audit trail. The\n * value column in `sys_setting` for an encrypted specifier holds a\n * *handle* (the `id` of a row here), never the ciphertext itself —\n * the resolver dereferences on read.\n *\n * Why split:\n * 1. **Key rotation.** KMS adapters (AWS/GCP) rotate keys on a\n * different cadence than user-visible settings; tracking\n * `kms_key_id` + `version` per cipher lets us re-wrap without\n * touching the value lifecycle.\n * 2. **Backup hygiene.** Operators can replicate `sys_setting` to\n * analytics/lower environments while keeping `sys_secret` pinned\n * to the primary KMS region.\n * 3. **Audit symmetry.** Every secret read can record an access row\n * (Phase 4) without polluting `sys_setting_audit` with plaintext\n * reads of e.g. feature flags.\n *\n * managedBy: 'system' — never edited from a generic Object grid. All\n * writes flow through `SettingsService` and an `ICryptoProvider`.\n *\n * @namespace sys\n */\nexport const SysSecret = ObjectSchema.create({\n name: 'sys_secret',\n label: 'Secret',\n pluralLabel: 'Secrets',\n icon: 'key',\n isSystem: true,\n managedBy: 'system',\n description: 'Cipher store referenced by sys_setting handles. Never holds plaintext.',\n scope: 'tenant',\n compactLayout: ['namespace', 'key', 'kms_key_id', 'version', 'rotated_at'],\n defaultViewName: 'all',\n views: {\n all: {\n type: 'list',\n name: 'all',\n label: 'All Secrets',\n columns: ['namespace', 'key', 'kms_key_id', 'version', 'rotated_at', 'created_at'],\n },\n },\n\n fields: {\n id: Field.text({\n label: 'ID',\n readonly: true,\n description: 'Opaque handle referenced by `sys_setting.value_enc`.',\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n readonly: true,\n description: 'When the cipher was first written.',\n }),\n\n rotated_at: Field.datetime({\n label: 'Rotated At',\n readonly: true,\n description: 'When the cipher was last re-wrapped under a new KMS key.',\n }),\n\n /**\n * Namespace/key duplicated from `sys_setting` for forensic\n * convenience — lets operators answer \"which secret backs\n * mail.api_key right now?\" without joining the K/V table.\n * The authoritative link is `sys_setting.value_enc → sys_secret.id`.\n */\n namespace: Field.text({\n label: 'Namespace',\n required: true,\n maxLength: 128,\n description: 'Settings namespace this secret belongs to.',\n }),\n\n key: Field.text({\n label: 'Key',\n required: true,\n maxLength: 128,\n description: 'Specifier key within the namespace.',\n }),\n\n /** Identifier of the KMS key used to wrap `ciphertext`. */\n kms_key_id: Field.text({\n label: 'KMS Key ID',\n required: true,\n maxLength: 256,\n description: 'External KMS handle (ARN, GCP resource id, or `local`).',\n }),\n\n /** Algorithm tag (e.g. `aes-256-gcm`). Used by the provider on decrypt. */\n alg: Field.text({\n label: 'Algorithm',\n required: true,\n defaultValue: 'aes-256-gcm',\n maxLength: 64,\n description: 'Cipher/AEAD algorithm tag.',\n }),\n\n /** Wrapping version — bumps on every rotate(). */\n version: Field.number({\n label: 'Version',\n required: true,\n defaultValue: 1,\n description: 'Bumps each time rotateKey() re-wraps this row.',\n }),\n\n ciphertext: Field.text({\n label: 'Ciphertext',\n required: true,\n readonly: true,\n description:\n 'Provider-encoded ciphertext blob (base64 / JSON). Implementation-defined; only the matching ICryptoProvider can read it.',\n }),\n },\n\n indexes: [\n // Operators frequently look up by (namespace, key) to inspect or rotate.\n { fields: ['namespace', 'key'], unique: false },\n { fields: ['kms_key_id'], unique: false },\n ],\n\n enable: {\n trackHistory: false, // rotation events are recorded by sys_setting_audit\n audit: true,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_setting_audit — Append-only audit trail for every settings mutation.\n *\n * Phase 3 of the settings roadmap. Each call to `SettingsService.set()`\n * (and any other mutation hook) writes a row here BEFORE returning to\n * the caller. The row records who, when, where (scope), and what\n * changed — but never the plaintext value of an encrypted field; only\n * a content digest is stored so an operator can verify \"this is the\n * same value as last week\" without exposing the secret.\n *\n * Why separate from `sys_audit_log`:\n * - The generic audit log is a high-traffic firehose (every CRUD\n * on every business object). Settings rows are low-traffic and\n * operationally critical, so they deserve dedicated retention and\n * indexing.\n * - The schema here carries settings-specific fields (`scope`,\n * `cascade_source`) that don't make sense on a generic row.\n *\n * Append-only contract: enforced at the application layer (the only\n * writer is SettingsService). Operators MUST NOT delete rows; instead\n * use lifecycle policies to archive cold rows to a separate bucket.\n *\n * @namespace sys\n */\nexport const SysSettingAudit = ObjectSchema.create({\n name: 'sys_setting_audit',\n label: 'Setting Audit Entry',\n pluralLabel: 'Setting Audit',\n icon: 'history',\n isSystem: true,\n managedBy: 'system',\n description: 'Append-only audit trail for SettingsService mutations.',\n scope: 'tenant',\n compactLayout: ['namespace', 'key', 'scope', 'action', 'actor_id', 'created_at'],\n defaultViewName: 'recent',\n views: {\n recent: {\n type: 'list',\n name: 'recent',\n label: 'Recent',\n columns: ['created_at', 'namespace', 'key', 'scope', 'action', 'actor_id', 'source'],\n sort: [{ field: 'created_at', order: 'desc' }],\n },\n },\n\n fields: {\n id: Field.text({\n label: 'ID',\n readonly: true,\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n readonly: true,\n description: 'When the mutation was recorded.',\n }),\n\n namespace: Field.text({\n label: 'Namespace',\n required: true,\n maxLength: 128,\n }),\n\n key: Field.text({\n label: 'Key',\n required: true,\n maxLength: 128,\n }),\n\n scope: Field.select(\n [\n { label: 'Global', value: 'global' },\n { label: 'Tenant', value: 'tenant' },\n { label: 'User', value: 'user' },\n ],\n {\n label: 'Scope',\n required: true,\n description: 'Cascade layer the row was written to.',\n },\n ),\n\n action: Field.select(\n [\n { label: 'Set', value: 'set' },\n { label: 'Reset', value: 'reset' },\n { label: 'Lock', value: 'lock' },\n { label: 'Unlock', value: 'unlock' },\n { label: 'Rotate', value: 'rotate' },\n ],\n {\n label: 'Action',\n required: true,\n description: 'Mutation kind.',\n },\n ),\n\n actor_id: Field.lookup('sys_user', {\n label: 'Actor',\n description: 'User who performed the mutation; null for system jobs.',\n }),\n\n /**\n * Where the write originated. Lets operators distinguish admin UI\n * activity from migration jobs and bulk imports during incident\n * analysis.\n */\n source: Field.select(\n [\n { label: 'UI', value: 'ui' },\n { label: 'API', value: 'api' },\n { label: 'Migration', value: 'migration' },\n { label: 'Import', value: 'import' },\n { label: 'System', value: 'system' },\n ],\n {\n label: 'Source',\n required: true,\n defaultValue: 'api',\n description: 'Mutation entry-point.',\n },\n ),\n\n /** Optional free-text reason (Phase 3+ change-management hook). */\n reason: Field.text({\n label: 'Reason',\n description: 'Free-text justification provided by the actor (optional).',\n }),\n\n /**\n * Content digest of the previous value. Never the plaintext —\n * lets operators detect duplicate writes without leaking secrets.\n * Format: hex SHA-256 of the canonicalised JSON, or null when\n * the previous value was unset.\n */\n old_hash: Field.text({\n label: 'Old Hash',\n readonly: true,\n maxLength: 128,\n description: 'SHA-256 of the previous value (canonicalised). Null when previously unset.',\n }),\n\n /** Content digest of the new value. Null on `reset`. */\n new_hash: Field.text({\n label: 'New Hash',\n readonly: true,\n maxLength: 128,\n description: 'SHA-256 of the new value (canonicalised). Null on reset.',\n }),\n\n /** True when the field is encrypted — flags secret rotation events. */\n encrypted: Field.boolean({\n label: 'Encrypted',\n defaultValue: false,\n description: 'True when the field carries secret material (rotation is interesting).',\n }),\n\n /** Request id from the originating HTTP/CLI invocation. */\n request_id: Field.text({\n label: 'Request ID',\n maxLength: 128,\n description: 'Correlates with sys_audit_log / tracing.',\n }),\n },\n\n indexes: [\n // Most common query: \"what changed for namespace X in the last 7 days?\"\n { fields: ['namespace', 'created_at'], unique: false },\n // Per-actor lookup for compliance reviews.\n { fields: ['actor_id', 'created_at'], unique: false },\n ],\n\n enable: {\n trackHistory: false,\n audit: false, // this IS the audit; no recursion\n },\n});\n"]}
|
|
1
|
+
{"version":3,"sources":["../../src/system/sys-setting.object.ts","../../src/system/sys-secret.object.ts","../../src/system/sys-setting-audit.object.ts"],"names":["ObjectSchema","Field"],"mappings":";;;;;AAiCO,IAAM,UAAA,GAAaA,kBAAa,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAM,aAAA;AAAA,EACN,KAAA,EAAO,SAAA;AAAA,EACP,WAAA,EAAa,UAAA;AAAA,EACb,IAAA,EAAM,SAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,0DAAA;AAAA,EACb,gBAAA,EAAkB,KAAA;AAAA,EAClB,WAAA,EAAa,mBAAA;AAAA,EACb,aAAA,EAAe,CAAC,WAAA,EAAa,KAAA,EAAO,SAAS,YAAY,CAAA;AAAA,EAEzD,SAAA,EAAW;AAAA,IACT,YAAA,EAAc;AAAA,MACZ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,cAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,SAAS,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,WAAA,EAAa,cAAc,YAAY,CAAA;AAAA,MAC9E,IAAA,EAAM,CAAC,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,CAAA;AAAA,MAC3E,QAAA,EAAU,EAAE,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,CAAA,EAAE;AAAA,MAC7E,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI,KAC9B;AAAA,IACA,WAAA,EAAa;AAAA,MACX,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,aAAA;AAAA,MACN,KAAA,EAAO,QAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,SAAS,CAAC,WAAA,EAAa,KAAA,EAAO,WAAA,EAAa,cAAc,YAAY,CAAA;AAAA,MACrE,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,QAAA,EAAU,KAAA,EAAO,QAAA,EAAU,CAAA;AAAA,MAChE,IAAA,EAAM,CAAC,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,OAAO,CAAA;AAAA,MAC3E,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI,KAC9B;AAAA,IACA,SAAA,EAAW;AAAA,MACT,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,WAAA;AAAA,MACN,KAAA,EAAO,MAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,OAAA,EAAS,CAAC,SAAA,EAAW,WAAA,EAAa,OAAO,YAAY,CAAA;AAAA,MACrD,MAAA,EAAQ,CAAC,EAAE,KAAA,EAAO,SAAS,QAAA,EAAU,QAAA,EAAU,KAAA,EAAO,MAAA,EAAQ,CAAA;AAAA,MAC9D,IAAA,EAAM,CAAC,EAAE,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,OAAO,CAAA;AAAA,MAC/E,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI,KAC9B;AAAA,IACA,YAAA,EAAc;AAAA,MACZ,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,cAAA;AAAA,MACN,KAAA,EAAO,KAAA;AAAA,MACP,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,aAAA,EAAc;AAAA,MAClD,SAAS,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,SAAA,EAAW,aAAa,YAAY,CAAA;AAAA,MAC3E,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ,CAAA;AAAA,MAC7C,UAAA,EAAY,EAAE,QAAA,EAAU,GAAA;AAAI;AAC9B,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAIC,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,YAAA,EAAc,OAAA;AAAA,MACd,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,EAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,KAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,OAAOA,UAAA,CAAM,MAAA;AAAA,MACX;AAAA,QACE,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,MAAA,EAAU,KAAA,EAAO,MAAA,EAAO;AAAA,QACjC,EAAE,KAAA,EAAO,SAAA,EAAU,KAAA,EAAO,SAAA;AAAU,OACtC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,OAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,YAAA,EAAc,QAAA;AAAA,QACd,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IAEA,OAAA,EAASA,UAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MAChC,KAAA,EAAO,MAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,KAAA,EAAOA,WAAM,IAAA,CAAK;AAAA,MAChB,KAAA,EAAO,OAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,OAAA,CAAQ;AAAA,MACvB,KAAA,EAAO,WAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,MAAA,EAAQA,WAAM,OAAA,CAAQ;AAAA,MACpB,KAAA,EAAO,QAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EACE;AAAA,KAEH,CAAA;AAAA,IAED,aAAA,EAAeA,WAAM,IAAA,CAAK;AAAA,MACxB,KAAA,EAAO,aAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,iBAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,UAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACnC,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA;AAAA;AAAA,IAIP,EAAE,QAAQ,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,SAAS,CAAA,EAAG,MAAA,EAAQ,IAAA,EAAK;AAAA;AAAA,IAEjE,EAAE,MAAA,EAAQ,CAAC,aAAa,OAAO,CAAA,EAAG,QAAQ,KAAA,EAAM;AAAA;AAAA,IAEhD,EAAE,MAAA,EAAQ,CAAC,WAAW,WAAW,CAAA,EAAG,QAAQ,KAAA;AAAM,GACpD;AAAA,EAEA,MAAA,EAAQ;AAAA;AAAA;AAAA;AAAA,IAIN,YAAA,EAAc,KAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,UAAA,EAAY,IAAA;AAAA;AAAA;AAAA;AAAA,IAIZ,UAAA,EAAY,CAAC,KAAA,EAAO,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,KAAA;AAAA,IACP,GAAA,EAAK;AAAA;AAET,CAAC;AC3KM,IAAM,SAAA,GAAYD,kBAAa,MAAA,CAAO;AAAA,EAC3C,IAAA,EAAM,YAAA;AAAA,EACN,KAAA,EAAO,QAAA;AAAA,EACP,WAAA,EAAa,SAAA;AAAA,EACb,IAAA,EAAM,KAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,wEAAA;AAAA,EACb,eAAe,CAAC,WAAA,EAAa,KAAA,EAAO,YAAA,EAAc,WAAW,YAAY,CAAA;AAAA,EACzE,SAAA,EAAW;AAAA,IACT,GAAA,EAAK;AAAA,MACH,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,KAAA;AAAA,MACN,KAAA,EAAO,aAAA;AAAA,MACP,SAAS,CAAC,WAAA,EAAa,OAAO,YAAA,EAAc,SAAA,EAAW,cAAc,YAAY;AAAA;AACnF,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAIC,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQD,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,KAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,UAAA,EAAYA,WAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc,aAAA;AAAA,MACd,SAAA,EAAW,EAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,OAAA,EAASA,WAAM,MAAA,CAAO;AAAA,MACpB,KAAA,EAAO,SAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,YAAA,EAAc,CAAA;AAAA,MACd,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EACE;AAAA,KACH;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA,IAEP,EAAE,MAAA,EAAQ,CAAC,aAAa,KAAK,CAAA,EAAG,QAAQ,KAAA,EAAM;AAAA,IAC9C,EAAE,MAAA,EAAQ,CAAC,YAAY,CAAA,EAAG,QAAQ,KAAA;AAAM,GAC1C;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,KAAA;AAAA;AAAA,IACd,KAAA,EAAO;AAAA;AAEX,CAAC;ACxGM,IAAM,eAAA,GAAkBD,kBAAa,MAAA,CAAO;AAAA,EACjD,IAAA,EAAM,mBAAA;AAAA,EACN,KAAA,EAAO,qBAAA;AAAA,EACP,WAAA,EAAa,eAAA;AAAA,EACb,IAAA,EAAM,SAAA;AAAA,EACN,QAAA,EAAU,IAAA;AAAA,EACV,SAAA,EAAW,QAAA;AAAA,EACX,WAAA,EAAa,wDAAA;AAAA,EACb,eAAe,CAAC,WAAA,EAAa,OAAO,OAAA,EAAS,QAAA,EAAU,YAAY,YAAY,CAAA;AAAA,EAC/E,SAAA,EAAW;AAAA,IACT,MAAA,EAAQ;AAAA,MACN,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,QAAA;AAAA,MACP,OAAA,EAAS,CAAC,YAAA,EAAc,WAAA,EAAa,OAAO,OAAA,EAAS,QAAA,EAAU,YAAY,QAAQ,CAAA;AAAA,MACnF,MAAM,CAAC,EAAE,OAAO,YAAA,EAAc,KAAA,EAAO,QAAQ;AAAA;AAC/C,GACF;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAIC,WAAM,IAAA,CAAK;AAAA,MACb,KAAA,EAAO,IAAA;AAAA,MACP,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IAED,UAAA,EAAYA,WAAM,QAAA,CAAS;AAAA,MACzB,KAAA,EAAO,YAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,IAED,SAAA,EAAWA,WAAM,IAAA,CAAK;AAAA,MACpB,KAAA,EAAO,WAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,IAED,GAAA,EAAKA,WAAM,IAAA,CAAK;AAAA,MACd,KAAA,EAAO,KAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW;AAAA,KACZ,CAAA;AAAA,IAED,OAAOA,UAAAA,CAAM,MAAA;AAAA,MACX;AAAA,QACE,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAO,QAAA,EAAS;AAAA,QACnC,EAAE,KAAA,EAAO,MAAA,EAAU,KAAA,EAAO,MAAA;AAAO,OACnC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,OAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IAEA,QAAQA,UAAAA,CAAM,MAAA;AAAA,MACZ;AAAA,QACE,EAAE,KAAA,EAAO,KAAA,EAAW,KAAA,EAAO,KAAA,EAAM;AAAA,QACjC,EAAE,KAAA,EAAO,OAAA,EAAW,KAAA,EAAO,OAAA,EAAQ;AAAA,QACnC,EAAE,KAAA,EAAO,MAAA,EAAW,KAAA,EAAO,MAAA,EAAO;AAAA,QAClC,EAAE,KAAA,EAAO,QAAA,EAAW,KAAA,EAAO,QAAA,EAAS;AAAA,QACpC,EAAE,KAAA,EAAO,QAAA,EAAW,KAAA,EAAO,QAAA;AAAS,OACtC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,QAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,WAAA,EAAa;AAAA;AACf,KACF;AAAA,IAEA,QAAA,EAAUA,UAAAA,CAAM,MAAA,CAAO,UAAA,EAAY;AAAA,MACjC,KAAA,EAAO,OAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOD,QAAQA,UAAAA,CAAM,MAAA;AAAA,MACZ;AAAA,QACE,EAAE,KAAA,EAAO,IAAA,EAAc,KAAA,EAAO,IAAA,EAAK;AAAA,QACnC,EAAE,KAAA,EAAO,KAAA,EAAc,KAAA,EAAO,KAAA,EAAM;AAAA,QACpC,EAAE,KAAA,EAAO,WAAA,EAAc,KAAA,EAAO,WAAA,EAAY;AAAA,QAC1C,EAAE,KAAA,EAAO,QAAA,EAAc,KAAA,EAAO,QAAA,EAAS;AAAA,QACvC,EAAE,KAAA,EAAO,QAAA,EAAc,KAAA,EAAO,QAAA;AAAS,OACzC;AAAA,MACA;AAAA,QACE,KAAA,EAAO,QAAA;AAAA,QACP,QAAA,EAAU,IAAA;AAAA,QACV,YAAA,EAAc,KAAA;AAAA,QACd,WAAA,EAAa;AAAA;AACf,KACF;AAAA;AAAA,IAGA,MAAA,EAAQA,WAAM,IAAA,CAAK;AAAA,MACjB,KAAA,EAAO,QAAA;AAAA,MACP,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQD,QAAA,EAAUA,WAAM,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,QAAA,EAAUA,WAAM,IAAA,CAAK;AAAA,MACnB,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,IAAA;AAAA,MACV,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,SAAA,EAAWA,WAAM,OAAA,CAAQ;AAAA,MACvB,KAAA,EAAO,WAAA;AAAA,MACP,YAAA,EAAc,KAAA;AAAA,MACd,WAAA,EAAa;AAAA,KACd,CAAA;AAAA;AAAA,IAGD,UAAA,EAAYA,WAAM,IAAA,CAAK;AAAA,MACrB,KAAA,EAAO,YAAA;AAAA,MACP,SAAA,EAAW,GAAA;AAAA,MACX,WAAA,EAAa;AAAA,KACd;AAAA,GACH;AAAA,EAEA,OAAA,EAAS;AAAA;AAAA,IAEP,EAAE,MAAA,EAAQ,CAAC,aAAa,YAAY,CAAA,EAAG,QAAQ,KAAA,EAAM;AAAA;AAAA,IAErD,EAAE,MAAA,EAAQ,CAAC,YAAY,YAAY,CAAA,EAAG,QAAQ,KAAA;AAAM,GACtD;AAAA,EAEA,MAAA,EAAQ;AAAA,IACN,YAAA,EAAc,KAAA;AAAA,IACd,KAAA,EAAO;AAAA;AAAA;AAEX,CAAC","file":"index.js","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_setting — Generic K/V store backing the SettingsManifest contract\n *\n * Single physical table that holds *every* value for *every* settings\n * namespace declared by a `SettingsManifest`. Plugins MUST NOT define\n * per-namespace tables (e.g. `sys_mail_config`); they declare a manifest\n * and the value persists here.\n *\n * Row identity: (namespace, key, scope, user_id?).\n *\n * Resolution order (handled by `SettingsService.get`):\n * 1. process.env override (source='env', locked=true)\n * 2. sys_setting WHERE scope='global' (source='global')\n * 3. sys_setting WHERE scope='tenant' (source='tenant')\n * 4. sys_setting WHERE scope='user' (source='user')\n * 5. manifest specifier.default (source='default')\n *\n * Encryption: rows with `encrypted=true` store ciphertext in `value_enc`\n * and leave `value` null. The plain value is never written to audit log\n * or history snapshots — only an `'<encrypted>'` placeholder + a digest.\n *\n * managedBy: 'system' — the admin grid in Setup is a diagnostic surface\n * only; all writes flow through `SettingsService.set()` so the resolver\n * stays the single source of truth.\n *\n * See ADR-0007 (Settings Manifest + K/V Store + Resolver).\n *\n * @namespace sys\n */\nexport const SysSetting = ObjectSchema.create({\n name: 'sys_setting',\n label: 'Setting',\n pluralLabel: 'Settings',\n icon: 'sliders',\n isSystem: true,\n managedBy: 'system',\n description: 'Generic K/V store backing the SettingsManifest contract.',\n displayNameField: 'key',\n titleFormat: '{namespace}.{key}',\n compactLayout: ['namespace', 'key', 'scope', 'updated_at'],\n\n listViews: {\n by_namespace: {\n type: 'grid',\n name: 'by_namespace',\n label: 'By Namespace',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['namespace', 'key', 'scope', 'encrypted', 'updated_by', 'updated_at'],\n sort: [{ field: 'namespace', order: 'asc' }, { field: 'key', order: 'asc' }],\n grouping: { fields: [{ field: 'namespace', order: 'asc', collapsed: false }] },\n pagination: { pageSize: 200 },\n },\n tenant_only: {\n type: 'grid',\n name: 'tenant_only',\n label: 'Tenant',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['namespace', 'key', 'encrypted', 'updated_by', 'updated_at'],\n filter: [{ field: 'scope', operator: 'equals', value: 'tenant' }],\n sort: [{ field: 'namespace', order: 'asc' }, { field: 'key', order: 'asc' }],\n pagination: { pageSize: 200 },\n },\n user_only: {\n type: 'grid',\n name: 'user_only',\n label: 'User',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['user_id', 'namespace', 'key', 'updated_at'],\n filter: [{ field: 'scope', operator: 'equals', value: 'user' }],\n sort: [{ field: 'user_id', order: 'asc' }, { field: 'namespace', order: 'asc' }],\n pagination: { pageSize: 200 },\n },\n all_settings: {\n type: 'grid',\n name: 'all_settings',\n label: 'All',\n data: { provider: 'object', object: 'sys_setting' },\n columns: ['namespace', 'key', 'scope', 'user_id', 'encrypted', 'updated_at'],\n sort: [{ field: 'updated_at', order: 'desc' }],\n pagination: { pageSize: 100 },\n },\n },\n\n fields: {\n id: Field.text({\n label: 'Setting ID',\n required: true,\n readonly: true,\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n defaultValue: 'NOW()',\n readonly: true,\n }),\n\n updated_at: Field.datetime({\n label: 'Updated At',\n defaultValue: 'NOW()',\n readonly: true,\n }),\n\n namespace: Field.text({\n label: 'Namespace',\n required: true,\n maxLength: 64,\n description: 'Manifest namespace (e.g. mail, branding, feature_flags).',\n }),\n\n key: Field.text({\n label: 'Key',\n required: true,\n maxLength: 128,\n description: 'Specifier key inside the namespace (snake_case).',\n }),\n\n scope: Field.select(\n [\n { label: 'Global', value: 'global' },\n { label: 'Tenant', value: 'tenant' },\n { label: 'User', value: 'user' },\n { label: 'Runtime',value: 'runtime' },\n ],\n {\n label: 'Scope',\n required: true,\n defaultValue: 'tenant',\n description: 'Which layer of the config-resolution hierarchy this row belongs to.',\n },\n ),\n\n user_id: Field.lookup('sys_user', {\n label: 'User',\n description: 'Owning user when scope=user; null otherwise.',\n }),\n\n value: Field.json({\n label: 'Value',\n description: 'JSON-encoded value. Null when encrypted=true (see value_enc).',\n }),\n\n encrypted: Field.boolean({\n label: 'Encrypted',\n defaultValue: false,\n description: 'When true, the value is stored encrypted-at-rest in value_enc; value column is null.',\n }),\n\n locked: Field.boolean({\n label: 'Locked',\n defaultValue: false,\n description:\n 'When true, lower-scope rows cannot override this value; writes against lower scopes return 409. ' +\n 'Used by platform administrators to pin a global value for all tenants (Phase 2 cascade).',\n }),\n\n locked_reason: Field.text({\n label: 'Lock Reason',\n description: 'Human-readable explanation surfaced in the UI tooltip when locked=true.',\n }),\n\n value_enc: Field.text({\n label: 'Encrypted Value',\n readonly: true,\n description: 'Ciphertext payload (KMS-wrapped). Set only when encrypted=true.',\n }),\n\n updated_by: Field.lookup('sys_user', {\n label: 'Updated By',\n readonly: true,\n description: 'Last actor who wrote this row via SettingsService.set().',\n }),\n },\n\n indexes: [\n // Primary lookup path: (namespace, key, scope, user_id?) is what\n // SettingsService.get hits on every resolve. The composite UNIQUE\n // covers both the row-identity constraint and the read path.\n { fields: ['namespace', 'key', 'scope', 'user_id'], unique: true },\n // Common range read: full namespace dump for SettingsService.getNamespace.\n { fields: ['namespace', 'scope'], unique: false },\n // Per-user listing on the user-prefs scope.\n { fields: ['user_id', 'namespace'], unique: false },\n ],\n\n enable: {\n // History on settings is opt-in per namespace (handled at service\n // layer when needed) to avoid bloating sys_history with churn from\n // feature flags and similar high-frequency toggles.\n trackHistory: false,\n searchable: false,\n apiEnabled: true,\n // Direct data API exposed for the admin grid view, but writes from\n // the UI MUST go through /api/settings/:namespace so the resolver\n // and audit hooks fire. The grid is diagnostic-only.\n apiMethods: ['get', 'list'],\n trash: false,\n mru: false,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_secret — Separated cipher store for sensitive settings values.\n *\n * Phase 3 of the settings roadmap splits secret material out of\n * `sys_setting` so they can carry their own retention/rotation/KMS\n * policies without bloating the regular settings audit trail. The\n * value column in `sys_setting` for an encrypted specifier holds a\n * *handle* (the `id` of a row here), never the ciphertext itself —\n * the resolver dereferences on read.\n *\n * Why split:\n * 1. **Key rotation.** KMS adapters (AWS/GCP) rotate keys on a\n * different cadence than user-visible settings; tracking\n * `kms_key_id` + `version` per cipher lets us re-wrap without\n * touching the value lifecycle.\n * 2. **Backup hygiene.** Operators can replicate `sys_setting` to\n * analytics/lower environments while keeping `sys_secret` pinned\n * to the primary KMS region.\n * 3. **Audit symmetry.** Every secret read can record an access row\n * (Phase 4) without polluting `sys_setting_audit` with plaintext\n * reads of e.g. feature flags.\n *\n * managedBy: 'system' — never edited from a generic Object grid. All\n * writes flow through `SettingsService` and an `ICryptoProvider`.\n *\n * @namespace sys\n */\nexport const SysSecret = ObjectSchema.create({\n name: 'sys_secret',\n label: 'Secret',\n pluralLabel: 'Secrets',\n icon: 'key',\n isSystem: true,\n managedBy: 'system',\n description: 'Cipher store referenced by sys_setting handles. Never holds plaintext.',\n compactLayout: ['namespace', 'key', 'kms_key_id', 'version', 'rotated_at'],\n listViews: {\n all: {\n type: 'grid',\n name: 'all',\n label: 'All Secrets',\n columns: ['namespace', 'key', 'kms_key_id', 'version', 'rotated_at', 'created_at'],\n },\n },\n\n fields: {\n id: Field.text({\n label: 'ID',\n readonly: true,\n description: 'Opaque handle referenced by `sys_setting.value_enc`.',\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n readonly: true,\n description: 'When the cipher was first written.',\n }),\n\n rotated_at: Field.datetime({\n label: 'Rotated At',\n readonly: true,\n description: 'When the cipher was last re-wrapped under a new KMS key.',\n }),\n\n /**\n * Namespace/key duplicated from `sys_setting` for forensic\n * convenience — lets operators answer \"which secret backs\n * mail.api_key right now?\" without joining the K/V table.\n * The authoritative link is `sys_setting.value_enc → sys_secret.id`.\n */\n namespace: Field.text({\n label: 'Namespace',\n required: true,\n maxLength: 128,\n description: 'Settings namespace this secret belongs to.',\n }),\n\n key: Field.text({\n label: 'Key',\n required: true,\n maxLength: 128,\n description: 'Specifier key within the namespace.',\n }),\n\n /** Identifier of the KMS key used to wrap `ciphertext`. */\n kms_key_id: Field.text({\n label: 'KMS Key ID',\n required: true,\n maxLength: 256,\n description: 'External KMS handle (ARN, GCP resource id, or `local`).',\n }),\n\n /** Algorithm tag (e.g. `aes-256-gcm`). Used by the provider on decrypt. */\n alg: Field.text({\n label: 'Algorithm',\n required: true,\n defaultValue: 'aes-256-gcm',\n maxLength: 64,\n description: 'Cipher/AEAD algorithm tag.',\n }),\n\n /** Wrapping version — bumps on every rotate(). */\n version: Field.number({\n label: 'Version',\n required: true,\n defaultValue: 1,\n description: 'Bumps each time rotateKey() re-wraps this row.',\n }),\n\n ciphertext: Field.text({\n label: 'Ciphertext',\n required: true,\n readonly: true,\n description:\n 'Provider-encoded ciphertext blob (base64 / JSON). Implementation-defined; only the matching ICryptoProvider can read it.',\n }),\n },\n\n indexes: [\n // Operators frequently look up by (namespace, key) to inspect or rotate.\n { fields: ['namespace', 'key'], unique: false },\n { fields: ['kms_key_id'], unique: false },\n ],\n\n enable: {\n trackHistory: false, // rotation events are recorded by sys_setting_audit\n audit: true,\n },\n});\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport { ObjectSchema, Field } from '@objectstack/spec/data';\n\n/**\n * sys_setting_audit — Append-only audit trail for every settings mutation.\n *\n * Phase 3 of the settings roadmap. Each call to `SettingsService.set()`\n * (and any other mutation hook) writes a row here BEFORE returning to\n * the caller. The row records who, when, where (scope), and what\n * changed — but never the plaintext value of an encrypted field; only\n * a content digest is stored so an operator can verify \"this is the\n * same value as last week\" without exposing the secret.\n *\n * Why separate from `sys_audit_log`:\n * - The generic audit log is a high-traffic firehose (every CRUD\n * on every business object). Settings rows are low-traffic and\n * operationally critical, so they deserve dedicated retention and\n * indexing.\n * - The schema here carries settings-specific fields (`scope`,\n * `cascade_source`) that don't make sense on a generic row.\n *\n * Append-only contract: enforced at the application layer (the only\n * writer is SettingsService). Operators MUST NOT delete rows; instead\n * use lifecycle policies to archive cold rows to a separate bucket.\n *\n * @namespace sys\n */\nexport const SysSettingAudit = ObjectSchema.create({\n name: 'sys_setting_audit',\n label: 'Setting Audit Entry',\n pluralLabel: 'Setting Audit',\n icon: 'history',\n isSystem: true,\n managedBy: 'system',\n description: 'Append-only audit trail for SettingsService mutations.',\n compactLayout: ['namespace', 'key', 'scope', 'action', 'actor_id', 'created_at'],\n listViews: {\n recent: {\n type: 'grid',\n name: 'recent',\n label: 'Recent',\n columns: ['created_at', 'namespace', 'key', 'scope', 'action', 'actor_id', 'source'],\n sort: [{ field: 'created_at', order: 'desc' }],\n },\n },\n\n fields: {\n id: Field.text({\n label: 'ID',\n readonly: true,\n }),\n\n created_at: Field.datetime({\n label: 'Created At',\n readonly: true,\n description: 'When the mutation was recorded.',\n }),\n\n namespace: Field.text({\n label: 'Namespace',\n required: true,\n maxLength: 128,\n }),\n\n key: Field.text({\n label: 'Key',\n required: true,\n maxLength: 128,\n }),\n\n scope: Field.select(\n [\n { label: 'Global', value: 'global' },\n { label: 'Tenant', value: 'tenant' },\n { label: 'User', value: 'user' },\n ],\n {\n label: 'Scope',\n required: true,\n description: 'Cascade layer the row was written to.',\n },\n ),\n\n action: Field.select(\n [\n { label: 'Set', value: 'set' },\n { label: 'Reset', value: 'reset' },\n { label: 'Lock', value: 'lock' },\n { label: 'Unlock', value: 'unlock' },\n { label: 'Rotate', value: 'rotate' },\n ],\n {\n label: 'Action',\n required: true,\n description: 'Mutation kind.',\n },\n ),\n\n actor_id: Field.lookup('sys_user', {\n label: 'Actor',\n description: 'User who performed the mutation; null for system jobs.',\n }),\n\n /**\n * Where the write originated. Lets operators distinguish admin UI\n * activity from migration jobs and bulk imports during incident\n * analysis.\n */\n source: Field.select(\n [\n { label: 'UI', value: 'ui' },\n { label: 'API', value: 'api' },\n { label: 'Migration', value: 'migration' },\n { label: 'Import', value: 'import' },\n { label: 'System', value: 'system' },\n ],\n {\n label: 'Source',\n required: true,\n defaultValue: 'api',\n description: 'Mutation entry-point.',\n },\n ),\n\n /** Optional free-text reason (Phase 3+ change-management hook). */\n reason: Field.text({\n label: 'Reason',\n description: 'Free-text justification provided by the actor (optional).',\n }),\n\n /**\n * Content digest of the previous value. Never the plaintext —\n * lets operators detect duplicate writes without leaking secrets.\n * Format: hex SHA-256 of the canonicalised JSON, or null when\n * the previous value was unset.\n */\n old_hash: Field.text({\n label: 'Old Hash',\n readonly: true,\n maxLength: 128,\n description: 'SHA-256 of the previous value (canonicalised). Null when previously unset.',\n }),\n\n /** Content digest of the new value. Null on `reset`. */\n new_hash: Field.text({\n label: 'New Hash',\n readonly: true,\n maxLength: 128,\n description: 'SHA-256 of the new value (canonicalised). Null on reset.',\n }),\n\n /** True when the field is encrypted — flags secret rotation events. */\n encrypted: Field.boolean({\n label: 'Encrypted',\n defaultValue: false,\n description: 'True when the field carries secret material (rotation is interesting).',\n }),\n\n /** Request id from the originating HTTP/CLI invocation. */\n request_id: Field.text({\n label: 'Request ID',\n maxLength: 128,\n description: 'Correlates with sys_audit_log / tracing.',\n }),\n },\n\n indexes: [\n // Most common query: \"what changed for namespace X in the last 7 days?\"\n { fields: ['namespace', 'created_at'], unique: false },\n // Per-actor lookup for compliance reviews.\n { fields: ['actor_id', 'created_at'], unique: false },\n ],\n\n enable: {\n trackHistory: false,\n audit: false, // this IS the audit; no recursion\n },\n});\n"]}
|
package/dist/system/index.mjs
CHANGED
|
@@ -161,12 +161,10 @@ var SysSecret = ObjectSchema.create({
|
|
|
161
161
|
isSystem: true,
|
|
162
162
|
managedBy: "system",
|
|
163
163
|
description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
|
|
164
|
-
scope: "tenant",
|
|
165
164
|
compactLayout: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
|
|
166
|
-
|
|
167
|
-
views: {
|
|
165
|
+
listViews: {
|
|
168
166
|
all: {
|
|
169
|
-
type: "
|
|
167
|
+
type: "grid",
|
|
170
168
|
name: "all",
|
|
171
169
|
label: "All Secrets",
|
|
172
170
|
columns: ["namespace", "key", "kms_key_id", "version", "rotated_at", "created_at"]
|
|
@@ -254,12 +252,10 @@ var SysSettingAudit = ObjectSchema.create({
|
|
|
254
252
|
isSystem: true,
|
|
255
253
|
managedBy: "system",
|
|
256
254
|
description: "Append-only audit trail for SettingsService mutations.",
|
|
257
|
-
scope: "tenant",
|
|
258
255
|
compactLayout: ["namespace", "key", "scope", "action", "actor_id", "created_at"],
|
|
259
|
-
|
|
260
|
-
views: {
|
|
256
|
+
listViews: {
|
|
261
257
|
recent: {
|
|
262
|
-
type: "
|
|
258
|
+
type: "grid",
|
|
263
259
|
name: "recent",
|
|
264
260
|
label: "Recent",
|
|
265
261
|
columns: ["created_at", "namespace", "key", "scope", "action", "actor_id", "source"],
|