@objectstack/plugin-approvals 7.3.0 → 7.4.1

package/dist/index.js

@@ -3,6 +3,9 @@ var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -17,215 +20,941 @@ var __copyProps = (to, from, except, desc) => {
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
+// src/translations/en.objects.generated.ts
+var enObjects;
+var init_en_objects_generated = __esm({
+  "src/translations/en.objects.generated.ts"() {
+    "use strict";
+    enObjects = {
+      sys_approval_request: {
+        label: "Approval Request",
+        pluralLabel: "Approval Requests",
+        description: "Live approval instance tracked per submission",
+        fields: {
+          id: {
+            label: "Request ID"
+          },
+          organization_id: {
+            label: "Organization",
+            help: "Tenant that owns this approval request (propagated from submitter context)"
+          },
+          process_name: {
+            label: "Source",
+            help: "Origin of the request \u2014 `flow:<flowName|nodeId>` for node-driven approvals"
+          },
+          object_name: {
+            label: "Object"
+          },
+          record_id: {
+            label: "Record ID"
+          },
+          submitter_id: {
+            label: "Submitter"
+          },
+          submitter_comment: {
+            label: "Submitter Comment"
+          },
+          status: {
+            label: "Status",
+            help: "Lifecycle state of the request",
+            options: {
+              pending: "pending",
+              approved: "approved",
+              rejected: "rejected",
+              recalled: "recalled"
+            }
+          },
+          current_step: {
+            label: "Current Step",
+            help: "Machine name of the step awaiting approval"
+          },
+          current_step_index: {
+            label: "Current Step Index"
+          },
+          pending_approvers: {
+            label: "Pending Approvers",
+            help: "Comma-separated user ids who can act on the current step"
+          },
+          payload_json: {
+            label: "Snapshot",
+            help: "Record snapshot at submission time"
+          },
+          flow_run_id: {
+            label: "Flow Run",
+            help: "Suspended automation run id this request gates (ADR-0019). The decision resumes it."
+          },
+          flow_node_id: {
+            label: "Flow Node",
+            help: "Approval node id within the flow that opened this request (ADR-0019)."
+          },
+          node_config_json: {
+            label: "Node Config",
+            help: "Snapshot of the Approval node config (approvers/behavior) for node-driven requests (ADR-0019)."
+          },
+          completed_at: {
+            label: "Completed At"
+          },
+          created_at: {
+            label: "Created At"
+          },
+          updated_at: {
+            label: "Updated At"
+          }
+        },
+        _views: {
+          my_pending: {
+            label: "My Pending"
+          },
+          submitted_by_me: {
+            label: "I Submitted"
+          },
+          completed: {
+            label: "Completed"
+          },
+          all_requests: {
+            label: "All"
+          }
+        }
+      },
+      sys_approval_action: {
+        label: "Approval Action",
+        pluralLabel: "Approval Actions",
+        description: "Append-only audit trail for approval actions",
+        fields: {
+          id: {
+            label: "Action ID"
+          },
+          organization_id: {
+            label: "Organization",
+            help: "Tenant that owns this action (mirrors the parent request)"
+          },
+          request_id: {
+            label: "Request"
+          },
+          step_name: {
+            label: "Step",
+            help: "Machine name of the step at the time of the action"
+          },
+          step_index: {
+            label: "Step Index"
+          },
+          action: {
+            label: "Action",
+            options: {
+              submit: "submit",
+              approve: "approve",
+              reject: "reject",
+              recall: "recall",
+              escalate: "escalate"
+            }
+          },
+          actor_id: {
+            label: "Actor"
+          },
+          comment: {
+            label: "Comment"
+          },
+          created_at: {
+            label: "Created At"
+          }
+        },
+        _views: {
+          recent: {
+            label: "Recent"
+          },
+          by_actor: {
+            label: "By Actor"
+          },
+          all_actions: {
+            label: "All"
+          }
+        }
+      }
+    };
+  }
+});
+
+// src/translations/zh-CN.objects.generated.ts
+var zhCNObjects;
+var init_zh_CN_objects_generated = __esm({
+  "src/translations/zh-CN.objects.generated.ts"() {
+    "use strict";
+    zhCNObjects = {
+      sys_approval_request: {
+        label: "\u5BA1\u6279\u8BF7\u6C42",
+        pluralLabel: "\u5BA1\u6279\u8BF7\u6C42",
+        description: "\u6309\u63D0\u4EA4\u8BB0\u5F55\u8DDF\u8E2A\u7684\u5B9E\u65F6\u5BA1\u6279\u5B9E\u4F8B",
+        fields: {
+          id: {
+            label: "\u8BF7\u6C42 ID"
+          },
+          organization_id: {
+            label: "\u7EC4\u7EC7",
+            help: "\u62E5\u6709\u8BE5\u5BA1\u6279\u8BF7\u6C42\u7684\u79DF\u6237\uFF08\u4ECE\u63D0\u4EA4\u65B9\u4E0A\u4E0B\u6587\u4F20\u64AD\uFF09"
+          },
+          process_name: {
+            label: "\u6765\u6E90",
+            help: "\u8BF7\u6C42\u6765\u6E90 \u2014\u2014 \u8282\u70B9\u9A71\u52A8\u7684\u5BA1\u6279\u4E3A `flow:<flowName|nodeId>`"
+          },
+          object_name: {
+            label: "\u5BF9\u8C61"
+          },
+          record_id: {
+            label: "\u8BB0\u5F55 ID"
+          },
+          submitter_id: {
+            label: "\u63D0\u4EA4\u4EBA"
+          },
+          submitter_comment: {
+            label: "\u63D0\u4EA4\u5907\u6CE8"
+          },
+          status: {
+            label: "\u72B6\u6001",
+            help: "\u8BF7\u6C42\u7684\u751F\u547D\u5468\u671F\u72B6\u6001",
+            options: {
+              pending: "\u5F85\u5904\u7406",
+              approved: "\u5DF2\u6279\u51C6",
+              rejected: "\u5DF2\u62D2\u7EDD",
+              recalled: "\u5DF2\u64A4\u56DE"
+            }
+          },
+          current_step: {
+            label: "\u5F53\u524D\u6B65\u9AA4",
+            help: "\u5F53\u524D\u7B49\u5F85\u5BA1\u6279\u7684\u6B65\u9AA4\u673A\u5668\u540D\u79F0"
+          },
+          current_step_index: {
+            label: "\u5F53\u524D\u6B65\u9AA4\u7D22\u5F15"
+          },
+          pending_approvers: {
+            label: "\u5F85\u5BA1\u6279\u4EBA",
+            help: "\u53EF\u5728\u5F53\u524D\u6B65\u9AA4\u6267\u884C\u64CD\u4F5C\u7684\u7528\u6237 ID\uFF0C\u9017\u53F7\u5206\u9694"
+          },
+          payload_json: {
+            label: "\u5FEB\u7167",
+            help: "\u63D0\u4EA4\u65F6\u7684\u8BB0\u5F55\u5FEB\u7167"
+          },
+          flow_run_id: {
+            label: "Flow Run",
+            help: "Suspended automation run id this request gates (ADR-0019). The decision resumes it."
+          },
+          flow_node_id: {
+            label: "Flow Node",
+            help: "Approval node id within the flow that opened this request (ADR-0019)."
+          },
+          node_config_json: {
+            label: "Node Config",
+            help: "Snapshot of the Approval node config (approvers/behavior) for node-driven requests (ADR-0019)."
+          },
+          completed_at: {
+            label: "\u5B8C\u6210\u65F6\u95F4"
+          },
+          created_at: {
+            label: "\u521B\u5EFA\u65F6\u95F4"
+          },
+          updated_at: {
+            label: "\u66F4\u65B0\u65F6\u95F4"
+          }
+        },
+        _views: {
+          my_pending: {
+            label: "\u6211\u7684\u5F85\u529E"
+          },
+          submitted_by_me: {
+            label: "\u6211\u63D0\u4EA4\u7684"
+          },
+          completed: {
+            label: "\u5DF2\u5B8C\u6210"
+          },
+          all_requests: {
+            label: "\u5168\u90E8"
+          }
+        }
+      },
+      sys_approval_action: {
+        label: "\u5BA1\u6279\u52A8\u4F5C",
+        pluralLabel: "\u5BA1\u6279\u52A8\u4F5C",
+        description: "\u8FFD\u52A0\u5199\u5165\u7684\u5BA1\u6279\u64CD\u4F5C\u5BA1\u8BA1\u8BB0\u5F55",
+        fields: {
+          id: {
+            label: "\u52A8\u4F5C ID"
+          },
+          organization_id: {
+            label: "\u7EC4\u7EC7",
+            help: "\u62E5\u6709\u8BE5\u52A8\u4F5C\u7684\u79DF\u6237\uFF08\u4E0E\u7236\u8BF7\u6C42\u4FDD\u6301\u4E00\u81F4\uFF09"
+          },
+          request_id: {
+            label: "\u8BF7\u6C42"
+          },
+          step_name: {
+            label: "\u6B65\u9AA4",
+            help: "\u6267\u884C\u8BE5\u52A8\u4F5C\u65F6\u5BF9\u5E94\u6B65\u9AA4\u7684\u673A\u5668\u540D\u79F0"
+          },
+          step_index: {
+            label: "\u6B65\u9AA4\u7D22\u5F15"
+          },
+          action: {
+            label: "\u64CD\u4F5C",
+            options: {
+              submit: "\u63D0\u4EA4",
+              approve: "\u6279\u51C6",
+              reject: "\u62D2\u7EDD",
+              recall: "\u64A4\u56DE",
+              escalate: "\u5347\u7EA7"
+            }
+          },
+          actor_id: {
+            label: "\u6267\u884C\u4EBA"
+          },
+          comment: {
+            label: "\u8BC4\u8BBA"
+          },
+          created_at: {
+            label: "\u521B\u5EFA\u65F6\u95F4"
+          }
+        },
+        _views: {
+          recent: {
+            label: "\u6700\u8FD1"
+          },
+          by_actor: {
+            label: "\u6309\u6267\u884C\u4EBA"
+          },
+          all_actions: {
+            label: "\u5168\u90E8"
+          }
+        }
+      }
+    };
+  }
+});
+
+// src/translations/ja-JP.objects.generated.ts
+var jaJPObjects;
+var init_ja_JP_objects_generated = __esm({
+  "src/translations/ja-JP.objects.generated.ts"() {
+    "use strict";
+    jaJPObjects = {
+      sys_approval_request: {
+        label: "\u627F\u8A8D\u30EA\u30AF\u30A8\u30B9\u30C8",
+        pluralLabel: "\u627F\u8A8D\u30EA\u30AF\u30A8\u30B9\u30C8",
+        description: "\u9001\u4FE1\u3054\u3068\u306B\u8FFD\u8DE1\u3055\u308C\u308B\u30E9\u30A4\u30D6\u627F\u8A8D\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9",
+        fields: {
+          id: {
+            label: "\u30EA\u30AF\u30A8\u30B9\u30C8 ID"
+          },
+          organization_id: {
+            label: "\u7D44\u7E54",
+            help: "\u3053\u306E\u627F\u8A8D\u30EA\u30AF\u30A8\u30B9\u30C8\u3092\u6240\u6709\u3059\u308B\u30C6\u30CA\u30F3\u30C8\uFF08\u9001\u4FE1\u8005\u30B3\u30F3\u30C6\u30AD\u30B9\u30C8\u304B\u3089\u4F1D\u64AD\uFF09"
+          },
+          process_name: {
+            label: "\u30BD\u30FC\u30B9",
+            help: "\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u767A\u751F\u5143 \u2014 \u30CE\u30FC\u30C9\u99C6\u52D5\u306E\u627F\u8A8D\u3067\u306F `flow:<flowName|nodeId>`"
+          },
+          object_name: {
+            label: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8"
+          },
+          record_id: {
+            label: "\u30EC\u30B3\u30FC\u30C9 ID"
+          },
+          submitter_id: {
+            label: "\u9001\u4FE1\u8005"
+          },
+          submitter_comment: {
+            label: "\u9001\u4FE1\u8005\u30B3\u30E1\u30F3\u30C8"
+          },
+          status: {
+            label: "\u30B9\u30C6\u30FC\u30BF\u30B9",
+            help: "\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u30E9\u30A4\u30D5\u30B5\u30A4\u30AF\u30EB\u72B6\u614B",
+            options: {
+              pending: "\u4FDD\u7559\u4E2D",
+              approved: "\u627F\u8A8D\u6E08\u307F",
+              rejected: "\u5374\u4E0B\u6E08\u307F",
+              recalled: "\u53D6\u308A\u6D88\u3057\u6E08\u307F"
+            }
+          },
+          current_step: {
+            label: "\u73FE\u5728\u306E\u30B9\u30C6\u30C3\u30D7",
+            help: "\u627F\u8A8D\u5F85\u3061\u306E\u30B9\u30C6\u30C3\u30D7\u306E\u6A5F\u68B0\u540D"
+          },
+          current_step_index: {
+            label: "\u73FE\u5728\u306E\u30B9\u30C6\u30C3\u30D7\u756A\u53F7"
+          },
+          pending_approvers: {
+            label: "\u627F\u8A8D\u5F85\u3061\u627F\u8A8D\u8005",
+            help: "\u73FE\u5728\u306E\u30B9\u30C6\u30C3\u30D7\u3092\u51E6\u7406\u3067\u304D\u308B\u30E6\u30FC\u30B6\u30FC ID \u306E\u30AB\u30F3\u30DE\u533A\u5207\u308A\u30EA\u30B9\u30C8"
+          },
+          payload_json: {
+            label: "\u30B9\u30CA\u30C3\u30D7\u30B7\u30E7\u30C3\u30C8",
+            help: "\u9001\u4FE1\u6642\u306E\u30EC\u30B3\u30FC\u30C9\u30B9\u30CA\u30C3\u30D7\u30B7\u30E7\u30C3\u30C8"
+          },
+          flow_run_id: {
+            label: "Flow Run",
+            help: "Suspended automation run id this request gates (ADR-0019). The decision resumes it."
+          },
+          flow_node_id: {
+            label: "Flow Node",
+            help: "Approval node id within the flow that opened this request (ADR-0019)."
+          },
+          node_config_json: {
+            label: "Node Config",
+            help: "Snapshot of the Approval node config (approvers/behavior) for node-driven requests (ADR-0019)."
+          },
+          completed_at: {
+            label: "\u5B8C\u4E86\u65E5\u6642"
+          },
+          created_at: {
+            label: "\u4F5C\u6210\u65E5\u6642"
+          },
+          updated_at: {
+            label: "\u66F4\u65B0\u65E5\u6642"
+          }
+        },
+        _views: {
+          my_pending: {
+            label: "\u81EA\u5206\u306E\u4FDD\u7559\u4E2D"
+          },
+          submitted_by_me: {
+            label: "\u81EA\u5206\u304C\u9001\u4FE1"
+          },
+          completed: {
+            label: "\u5B8C\u4E86\u6E08\u307F"
+          },
+          all_requests: {
+            label: "\u3059\u3079\u3066"
+          }
+        }
+      },
+      sys_approval_action: {
+        label: "\u627F\u8A8D\u30A2\u30AF\u30B7\u30E7\u30F3",
+        pluralLabel: "\u627F\u8A8D\u30A2\u30AF\u30B7\u30E7\u30F3",
+        description: "\u627F\u8A8D\u30A2\u30AF\u30B7\u30E7\u30F3\u306E\u8FFD\u8A18\u5C02\u7528\u76E3\u67FB\u8A3C\u8DE1",
+        fields: {
+          id: {
+            label: "\u30A2\u30AF\u30B7\u30E7\u30F3 ID"
+          },
+          organization_id: {
+            label: "\u7D44\u7E54",
+            help: "\u3053\u306E\u30A2\u30AF\u30B7\u30E7\u30F3\u3092\u6240\u6709\u3059\u308B\u30C6\u30CA\u30F3\u30C8\uFF08\u89AA\u30EA\u30AF\u30A8\u30B9\u30C8\u3068\u540C\u3058\uFF09"
+          },
+          request_id: {
+            label: "\u30EA\u30AF\u30A8\u30B9\u30C8"
+          },
+          step_name: {
+            label: "\u30B9\u30C6\u30C3\u30D7",
+            help: "\u30A2\u30AF\u30B7\u30E7\u30F3\u6642\u70B9\u306E\u30B9\u30C6\u30C3\u30D7\u306E\u6A5F\u68B0\u540D"
+          },
+          step_index: {
+            label: "\u30B9\u30C6\u30C3\u30D7\u756A\u53F7"
+          },
+          action: {
+            label: "\u30A2\u30AF\u30B7\u30E7\u30F3",
+            options: {
+              submit: "\u7533\u8ACB",
+              approve: "\u627F\u8A8D",
+              reject: "\u5374\u4E0B",
+              recall: "\u53D6\u6D88",
+              escalate: "\u30A8\u30B9\u30AB\u30EC\u30FC\u30B7\u30E7\u30F3"
+            }
+          },
+          actor_id: {
+            label: "\u64CD\u4F5C\u8005"
+          },
+          comment: {
+            label: "\u30B3\u30E1\u30F3\u30C8"
+          },
+          created_at: {
+            label: "\u4F5C\u6210\u65E5\u6642"
+          }
+        },
+        _views: {
+          recent: {
+            label: "\u6700\u8FD1"
+          },
+          by_actor: {
+            label: "\u64CD\u4F5C\u8005\u5225"
+          },
+          all_actions: {
+            label: "\u3059\u3079\u3066"
+          }
+        }
+      }
+    };
+  }
+});
+
+// src/translations/es-ES.objects.generated.ts
+var esESObjects;
+var init_es_ES_objects_generated = __esm({
+  "src/translations/es-ES.objects.generated.ts"() {
+    "use strict";
+    esESObjects = {
+      sys_approval_request: {
+        label: "Solicitud de aprobaci\xF3n",
+        pluralLabel: "Solicitudes de aprobaci\xF3n",
+        description: "Instancia activa de aprobaci\xF3n registrada por env\xEDo",
+        fields: {
+          id: {
+            label: "ID de solicitud"
+          },
+          organization_id: {
+            label: "Organizaci\xF3n",
+            help: "Tenant que posee esta solicitud de aprobaci\xF3n (propagado desde el contexto del solicitante)."
+          },
+          process_name: {
+            label: "Origen",
+            help: "Origen de la solicitud \u2014 `flow:<flowName|nodeId>` para aprobaciones por nodo"
+          },
+          object_name: {
+            label: "Objeto"
+          },
+          record_id: {
+            label: "ID de registro"
+          },
+          submitter_id: {
+            label: "Solicitante"
+          },
+          submitter_comment: {
+            label: "Comentario del solicitante"
+          },
+          status: {
+            label: "Estado",
+            help: "Estado del ciclo de vida de la solicitud.",
+            options: {
+              pending: "Pendiente",
+              approved: "Aprobada",
+              rejected: "Rechazada",
+              recalled: "Retirada"
+            }
+          },
+          current_step: {
+            label: "Paso actual",
+            help: "Nombre t\xE9cnico del paso pendiente de aprobaci\xF3n."
+          },
+          current_step_index: {
+            label: "\xCDndice del paso actual"
+          },
+          pending_approvers: {
+            label: "Aprobadores pendientes",
+            help: "ID de usuario separados por comas que pueden actuar en el paso actual."
+          },
+          payload_json: {
+            label: "Instant\xE1nea",
+            help: "Instant\xE1nea del registro en el momento del env\xEDo."
+          },
+          flow_run_id: {
+            label: "Flow Run",
+            help: "Suspended automation run id this request gates (ADR-0019). The decision resumes it."
+          },
+          flow_node_id: {
+            label: "Flow Node",
+            help: "Approval node id within the flow that opened this request (ADR-0019)."
+          },
+          node_config_json: {
+            label: "Node Config",
+            help: "Snapshot of the Approval node config (approvers/behavior) for node-driven requests (ADR-0019)."
+          },
+          completed_at: {
+            label: "Completado el"
+          },
+          created_at: {
+            label: "Creado el"
+          },
+          updated_at: {
+            label: "Actualizado el"
+          }
+        },
+        _views: {
+          my_pending: {
+            label: "Mis pendientes"
+          },
+          submitted_by_me: {
+            label: "Enviadas por m\xED"
+          },
+          completed: {
+            label: "Completadas"
+          },
+          all_requests: {
+            label: "Todas"
+          }
+        }
+      },
+      sys_approval_action: {
+        label: "Acci\xF3n de aprobaci\xF3n",
+        pluralLabel: "Acciones de aprobaci\xF3n",
+        description: "Registro de auditor\xEDa append-only para acciones de aprobaci\xF3n",
+        fields: {
+          id: {
+            label: "ID de acci\xF3n"
+          },
+          organization_id: {
+            label: "Organizaci\xF3n",
+            help: "Tenant que posee esta acci\xF3n (refleja la solicitud principal)."
+          },
+          request_id: {
+            label: "Solicitud"
+          },
+          step_name: {
+            label: "Paso",
+            help: "Nombre t\xE9cnico del paso en el momento de la acci\xF3n."
+          },
+          step_index: {
+            label: "\xCDndice del paso"
+          },
+          action: {
+            label: "Acci\xF3n",
+            options: {
+              submit: "Enviar",
+              approve: "Aprobar",
+              reject: "Rechazar",
+              recall: "Retirar",
+              escalate: "Escalar"
+            }
+          },
+          actor_id: {
+            label: "Actor"
+          },
+          comment: {
+            label: "Comentario"
+          },
+          created_at: {
+            label: "Creado el"
+          }
+        },
+        _views: {
+          recent: {
+            label: "Recientes"
+          },
+          by_actor: {
+            label: "Por actor"
+          },
+          all_actions: {
+            label: "Todas"
+          }
+        }
+      }
+    };
+  }
+});
+
+// src/translations/index.ts
+var translations_exports = {};
+__export(translations_exports, {
+  ApprovalsTranslations: () => ApprovalsTranslations
+});
+var ApprovalsTranslations;
+var init_translations = __esm({
+  "src/translations/index.ts"() {
+    "use strict";
+    init_en_objects_generated();
+    init_zh_CN_objects_generated();
+    init_ja_JP_objects_generated();
+    init_es_ES_objects_generated();
+    ApprovalsTranslations = {
+      en: { objects: enObjects },
+      "zh-CN": { objects: zhCNObjects },
+      "ja-JP": { objects: jaJPObjects },
+      "es-ES": { objects: esESObjects }
+    };
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
   ApprovalService: () => ApprovalService,
   ApprovalsServicePlugin: () => ApprovalsServicePlugin,
-  SysApprovalAction: () => import_audit2.SysApprovalAction,
-  SysApprovalProcess: () => import_audit2.SysApprovalProcess,
-  SysApprovalRequest: () => import_audit2.SysApprovalRequest
+  SysApprovalAction: () => SysApprovalAction,
+  SysApprovalRequest: () => SysApprovalRequest,
+  registerApprovalNode: () => registerApprovalNode
 });
 module.exports = __toCommonJS(index_exports);
-var import_audit2 = require("@objectstack/platform-objects/audit");
-
-// src/approval-service.ts
-var import_automation = require("@objectstack/spec/automation");
 
-// src/action-executor.ts
-var SYSTEM_CTX = { isSystem: true, roles: [], permissions: [] };
-var noopLogger = {
-  info: () => {
-  },
-  warn: () => {
+// src/sys-approval-request.object.ts
+var import_data = require("@objectstack/spec/data");
+var SysApprovalRequest = import_data.ObjectSchema.create({
+  name: "sys_approval_request",
+  label: "Approval Request",
+  pluralLabel: "Approval Requests",
+  icon: "inbox",
+  isSystem: true,
+  managedBy: "system",
+  description: "Live approval instance tracked per submission",
+  displayNameField: "id",
+  titleFormat: "{process_name} \xB7 {record_id}",
+  compactLayout: ["process_name", "object_name", "record_id", "status", "current_step", "submitter_id", "updated_at"],
+  // Curated built-in list views — render as segmented tabs in the console.
+  // Filters use {current_user_id} substitution wired by the console.
+  listViews: {
+    my_pending: {
+      type: "grid",
+      name: "my_pending",
+      label: "My Pending",
+      data: { provider: "object", object: "sys_approval_request" },
+      columns: ["process_name", "object_name", "record_id", "current_step", "submitter_id", "updated_at"],
+      filter: [
+        { field: "status", operator: "equals", value: "pending" },
+        { field: "pending_approvers", operator: "contains", value: "{current_user_id}" }
+      ],
+      sort: [{ field: "updated_at", order: "desc" }],
+      pagination: { pageSize: 25 },
+      emptyState: { title: "No pending approvals", message: "You're all caught up." }
+    },
+    submitted_by_me: {
+      type: "grid",
+      name: "submitted_by_me",
+      label: "I Submitted",
+      data: { provider: "object", object: "sys_approval_request" },
+      columns: ["process_name", "object_name", "record_id", "status", "current_step", "updated_at"],
+      filter: [{ field: "submitter_id", operator: "equals", value: "{current_user_id}" }],
+      sort: [{ field: "updated_at", order: "desc" }],
+      pagination: { pageSize: 25 }
+    },
+    completed: {
+      type: "grid",
+      name: "completed",
+      label: "Completed",
+      data: { provider: "object", object: "sys_approval_request" },
+      columns: ["process_name", "object_name", "record_id", "status", "submitter_id", "completed_at"],
+      filter: [{ field: "status", operator: "in", value: ["approved", "rejected", "recalled"] }],
+      sort: [{ field: "completed_at", order: "desc" }],
+      pagination: { pageSize: 25 }
+    },
+    all_requests: {
+      type: "grid",
+      name: "all_requests",
+      label: "All",
+      data: { provider: "object", object: "sys_approval_request" },
+      columns: ["process_name", "object_name", "record_id", "status", "current_step", "submitter_id", "updated_at"],
+      sort: [{ field: "updated_at", order: "desc" }],
+      pagination: { pageSize: 50 }
+    }
   },
-  error: () => {
+  fields: {
+    id: import_data.Field.text({ label: "Request ID", required: true, readonly: true, group: "System" }),
+    organization_id: import_data.Field.lookup("sys_organization", {
+      label: "Organization",
+      required: false,
+      group: "System",
+      description: "Tenant that owns this approval request (propagated from submitter context)"
+    }),
+    process_name: import_data.Field.text({
+      label: "Source",
+      required: true,
+      maxLength: 100,
+      description: "Origin of the request \u2014 `flow:<flowName|nodeId>` for node-driven approvals",
+      group: "Target"
+    }),
+    object_name: import_data.Field.text({
+      label: "Object",
+      required: true,
+      maxLength: 100,
+      group: "Target"
+    }),
+    record_id: import_data.Field.text({
+      label: "Record ID",
+      required: true,
+      maxLength: 100,
+      group: "Target"
+    }),
+    submitter_id: import_data.Field.lookup("sys_user", {
+      label: "Submitter",
+      required: false,
+      group: "Target"
+    }),
+    submitter_comment: import_data.Field.textarea({
+      label: "Submitter Comment",
+      required: false,
+      group: "Target"
+    }),
+    status: import_data.Field.select(
+      ["pending", "approved", "rejected", "recalled"],
+      {
+        label: "Status",
+        required: true,
+        defaultValue: "pending",
+        description: "Lifecycle state of the request",
+        group: "State"
+      }
+    ),
+    current_step: import_data.Field.text({
+      label: "Current Step",
+      required: false,
+      maxLength: 100,
+      description: "Machine name of the step awaiting approval",
+      group: "State"
+    }),
+    current_step_index: import_data.Field.number({
+      label: "Current Step Index",
+      required: false,
+      defaultValue: 0,
+      group: "State"
+    }),
+    pending_approvers: import_data.Field.textarea({
+      label: "Pending Approvers",
+      required: false,
+      description: "Comma-separated user ids who can act on the current step",
+      group: "State"
+    }),
+    payload_json: import_data.Field.textarea({
+      label: "Snapshot",
+      required: false,
+      description: "Record snapshot at submission time",
+      group: "State"
+    }),
+    // ── ADR-0019: approval-as-flow-node correlation ──────────────────
+    // When a request is opened by an Approval *node* (rather than a standalone
+    // process), these tie it back to the suspended flow run so a decision can
+    // resume it. Null for legacy process-driven requests.
+    flow_run_id: import_data.Field.text({
+      label: "Flow Run",
+      required: false,
+      maxLength: 100,
+      readonly: true,
+      description: "Suspended automation run id this request gates (ADR-0019). The decision resumes it.",
+      group: "State"
+    }),
+    flow_node_id: import_data.Field.text({
+      label: "Flow Node",
+      required: false,
+      maxLength: 100,
+      readonly: true,
+      description: "Approval node id within the flow that opened this request (ADR-0019).",
+      group: "State"
+    }),
+    node_config_json: import_data.Field.textarea({
+      label: "Node Config",
+      required: false,
+      readonly: true,
+      description: "Snapshot of the Approval node config (approvers/behavior) for node-driven requests (ADR-0019).",
+      group: "State"
+    }),
+    completed_at: import_data.Field.datetime({
+      label: "Completed At",
+      required: false,
+      group: "State"
+    }),
+    created_at: import_data.Field.datetime({
+      label: "Created At",
+      required: true,
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    }),
+    updated_at: import_data.Field.datetime({ label: "Updated At", required: false, group: "System" })
   },
-  debug: () => {
-  }
-};
-var DEFAULT_WEBHOOK_TIMEOUT_MS = 5e3;
-async function executeActions(actions, ctx, opts) {
-  if (!Array.isArray(actions) || actions.length === 0) return;
-  const log = { ...noopLogger, ...opts.logger ?? {} };
-  for (const a of actions) {
-    try {
-      await runOne(a, ctx, opts, log);
-    } catch (err) {
-      log.error?.(`[approvals] action '${a?.type ?? "<unknown>"}' failed: ${err?.message ?? err}`, {
-        action: a,
-        trigger: ctx.trigger,
-        request_id: ctx.request?.id
-      });
-    }
-  }
-}
-async function runOne(action, ctx, opts, log) {
-  if (!action || typeof action !== "object") return;
-  switch (action.type) {
-    case "field_update":
-      return runFieldUpdate(action, ctx, opts, log);
-    case "inbox_notify":
-      return runInboxNotify(action, ctx, opts, log);
-    case "webhook":
-      return runWebhook(action, ctx, opts, log);
-    case "email_alert":
-    case "script":
-    case "connector_action":
-      log.warn?.(`[approvals] action type '${action.type}' is not implemented yet \u2014 skipping`, {
-        action_name: action.name,
-        trigger: ctx.trigger
-      });
-      return;
-    default:
-      log.warn?.(`[approvals] unknown action type '${action.type}' \u2014 skipping`);
-  }
-}
-async function runFieldUpdate(action, ctx, opts, log) {
-  const cfg = action.config ?? {};
-  const field = cfg.field;
-  if (!field) {
-    log.warn?.("[approvals] field_update missing config.field");
-    return;
-  }
-  const value = resolveValueToken(cfg.value, ctx);
-  const object = ctx.process?.object_name ?? ctx.process?.object;
-  const recordId = ctx.request?.record_id;
-  if (!object || !recordId) {
-    log.warn?.("[approvals] field_update missing object/record context");
-    return;
-  }
-  await opts.engine.update(
-    object,
-    { id: recordId, [field]: value },
-    { context: SYSTEM_CTX }
-  );
-  log.debug?.(`[approvals] field_update ${object}/${recordId} set ${field}`, { value });
-}
-function resolveValueToken(raw, ctx) {
-  if (typeof raw !== "string") return raw;
-  switch (raw) {
-    case "$status":
-      return ctx.request?.status ?? null;
-    case "$now":
-      return (/* @__PURE__ */ new Date()).toISOString();
-    case "$actor":
-      return ctx.actorId ?? null;
-    case "$comment":
-      return ctx.comment ?? null;
-    case "$step":
-      return ctx.request?.current_step ?? null;
-    case "$request_id":
-      return ctx.request?.id ?? null;
-    default:
-      return raw;
-  }
-}
-function interpolate(template, ctx) {
-  if (typeof template !== "string") return template;
-  return template.replace(/\{record_id\}/g, String(ctx.request?.record_id ?? "")).replace(/\{object\}/g, String(ctx.process?.object_name ?? ctx.process?.object ?? "")).replace(/\{status\}/g, String(ctx.request?.status ?? "")).replace(/\{step\}/g, String(ctx.request?.current_step ?? "")).replace(/\{actor\}/g, String(ctx.actorId ?? "")).replace(/\{comment\}/g, String(ctx.comment ?? "")).replace(/\{process\}/g, String(ctx.process?.name ?? ""));
-}
-async function runInboxNotify(action, ctx, opts, log) {
-  const cfg = action.config ?? {};
-  const recipients = resolveRecipients(cfg.to, ctx);
-  if (recipients.length === 0) {
-    log.debug?.("[approvals] inbox_notify resolved no recipients \u2014 skipping");
-    return;
-  }
-  const title = interpolate(cfg.title ?? "Approval update", ctx);
-  const body = interpolate(cfg.body ?? "", ctx);
-  const type = String(cfg.notificationType ?? "system");
-  const rawLink = cfg.link ? interpolate(String(cfg.link), ctx) : `/console/system/approvals?requestId=${encodeURIComponent(ctx.request?.id ?? "")}`;
-  const url = /^https?:\/\//i.test(rawLink) ? rawLink : null;
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  for (const recipient of recipients) {
-    try {
-      await opts.engine.insert(
-        "sys_notification",
-        {
-          id: `notif_${cryptoRandom()}`,
-          recipient_id: String(recipient),
-          type,
-          title,
-          body,
-          url,
-          is_read: false,
-          source_object: ctx.process?.object_name ?? ctx.process?.object ?? null,
-          source_id: ctx.request?.record_id ?? null,
-          created_at: now,
-          updated_at: now
-        },
-        { context: SYSTEM_CTX }
-      );
-    } catch (err) {
-      log.warn?.(`[approvals] inbox_notify insert failed for ${recipient}: ${err?.message ?? err}`);
-    }
-  }
-}
-function resolveRecipients(to, ctx) {
-  if (Array.isArray(to)) return to.map(String).filter(Boolean);
-  if (typeof to === "string") {
-    if (to === "submitter") return ctx.request?.submitter_id ? [String(ctx.request.submitter_id)] : [];
-    if (to === "pending_approvers") {
-      const list = ctx.request?.pending_approvers ?? [];
-      if (Array.isArray(list)) return list.map(String).filter(Boolean);
-      if (typeof list === "string") return list.split(",").map((s) => s.trim()).filter(Boolean);
-      return [];
-    }
-    return [to];
-  }
-  return [];
-}
-function cryptoRandom() {
-  const g = globalThis;
-  if (g.crypto?.randomUUID) return g.crypto.randomUUID();
-  return `${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 12)}`;
-}
-async function runWebhook(action, ctx, opts, log) {
-  const cfg = action.config ?? {};
-  const url = cfg.url;
-  if (!url) {
-    log.warn?.("[approvals] webhook missing config.url");
-    return;
-  }
-  const fetchImpl = opts.fetch ?? globalThis.fetch;
-  if (!fetchImpl) {
-    log.warn?.("[approvals] webhook skipped \u2014 no fetch implementation available");
-    return;
-  }
-  const timeoutMs = opts.webhookTimeoutMs ?? DEFAULT_WEBHOOK_TIMEOUT_MS;
-  const headers = { "Content-Type": "application/json", ...cfg.headers ?? {} };
-  const payload = {
-    trigger: ctx.trigger,
-    request: ctx.request,
-    step: ctx.step ? { name: ctx.step.name, index: ctx.request?.current_step_index } : null,
-    actor_id: ctx.actorId ?? null,
-    comment: ctx.comment ?? null,
-    process_name: ctx.process?.name,
-    object: ctx.process?.object_name ?? ctx.process?.object,
-    ...cfg.body && typeof cfg.body === "object" ? cfg.body : {}
-  };
-  const controller = globalThis.AbortController ? new globalThis.AbortController() : null;
-  const timer = setTimeout(() => controller?.abort(), timeoutMs);
-  try {
-    const res = await fetchImpl(url, {
-      method: cfg.method ?? "POST",
-      headers,
-      body: JSON.stringify(payload),
-      signal: controller?.signal
-    });
-    if (!res.ok) {
-      log.warn?.(`[approvals] webhook ${url} \u2192 ${res.status} ${res.statusText}`);
+  indexes: [
+    // Look up "is there a pending request for this record?" — common
+    // guard on submit and on edit-while-locked checks.
+    { fields: ["object_name", "record_id"] },
+    { fields: ["status", "object_name"] },
+    // "My approvals" inbox — pending_approvers is a CSV string so this
+    // index only helps with status pre-filtering; the engine does a
+    // post-filter substring match per row.
+    { fields: ["status", "updated_at"] },
+    { fields: ["submitter_id", "status"] }
+  ]
+});
+
+// src/sys-approval-action.object.ts
+var import_data2 = require("@objectstack/spec/data");
+var SysApprovalAction = import_data2.ObjectSchema.create({
+  name: "sys_approval_action",
+  label: "Approval Action",
+  pluralLabel: "Approval Actions",
+  icon: "check-circle",
+  isSystem: true,
+  managedBy: "append-only",
+  description: "Append-only audit trail for approval actions",
+  displayNameField: "id",
+  titleFormat: "{action} \xB7 {step_name}",
+  compactLayout: ["request_id", "step_name", "action", "actor_id", "created_at"],
+  listViews: {
+    recent: {
+      type: "grid",
+      name: "recent",
+      label: "Recent",
+      data: { provider: "object", object: "sys_approval_action" },
+      columns: ["created_at", "request_id", "step_name", "action", "actor_id", "comment"],
+      sort: [{ field: "created_at", order: "desc" }],
+      pagination: { pageSize: 50 },
+      emptyState: { title: "No approval actions yet", message: "Actions are logged automatically when approvals progress." }
+    },
+    by_actor: {
+      type: "grid",
+      name: "by_actor",
+      label: "By Actor",
+      data: { provider: "object", object: "sys_approval_action" },
+      columns: ["actor_id", "created_at", "request_id", "step_name", "action"],
+      sort: [{ field: "actor_id", order: "asc" }, { field: "created_at", order: "desc" }],
+      grouping: { fields: [{ field: "actor_id", order: "asc", collapsed: false }] },
+      pagination: { pageSize: 100 }
+    },
+    all_actions: {
+      type: "grid",
+      name: "all_actions",
+      label: "All",
+      data: { provider: "object", object: "sys_approval_action" },
+      columns: ["created_at", "request_id", "step_name", "action", "actor_id", "comment"],
+      sort: [{ field: "created_at", order: "desc" }],
+      pagination: { pageSize: 100 }
     }
-  } catch (err) {
-    log.warn?.(`[approvals] webhook ${url} failed: ${err?.message ?? err}`);
-  } finally {
-    clearTimeout(timer);
-  }
-}
+  },
+  fields: {
+    id: import_data2.Field.text({ label: "Action ID", required: true, readonly: true, group: "System" }),
+    organization_id: import_data2.Field.lookup("sys_organization", {
+      label: "Organization",
+      required: false,
+      group: "System",
+      description: "Tenant that owns this action (mirrors the parent request)"
+    }),
+    request_id: import_data2.Field.lookup("sys_approval_request", {
+      label: "Request",
+      required: true,
+      group: "Target"
+    }),
+    step_name: import_data2.Field.text({
+      label: "Step",
+      required: false,
+      maxLength: 100,
+      description: "Machine name of the step at the time of the action",
+      group: "Target"
+    }),
+    step_index: import_data2.Field.number({
+      label: "Step Index",
+      required: false,
+      group: "Target"
+    }),
+    action: import_data2.Field.select(
+      ["submit", "approve", "reject", "recall", "escalate"],
+      {
+        label: "Action",
+        required: true,
+        group: "Action"
+      }
+    ),
+    actor_id: import_data2.Field.lookup("sys_user", {
+      label: "Actor",
+      required: false,
+      group: "Action"
+    }),
+    comment: import_data2.Field.textarea({ label: "Comment", required: false, group: "Action" }),
+    created_at: import_data2.Field.datetime({
+      label: "Created At",
+      required: true,
+      defaultValue: "NOW()",
+      readonly: true,
+      group: "System"
+    })
+  },
+  indexes: [
+    { fields: ["request_id", "created_at"] },
+    { fields: ["request_id", "step_index", "action"] }
+  ]
+});
 
 // src/approval-service.ts
-var SYSTEM_CTX2 = { isSystem: true, roles: [], permissions: [] };
+var import_automation = require("@objectstack/spec/automation");
+var SYSTEM_CTX = { isSystem: true, roles: [], permissions: [] };
 function uid(prefix) {
   const g = globalThis;
   if (g.crypto?.randomUUID) return `${prefix}_${g.crypto.randomUUID()}`;
@@ -247,25 +976,11 @@ function csvSplit(raw) {
   if (Array.isArray(raw)) return raw.map(String).filter(Boolean);
   return String(raw).split(",").map((s) => s.trim()).filter(Boolean);
 }
-function rowFromProcess(row) {
-  return {
-    id: String(row.id),
-    name: String(row.name ?? ""),
-    label: String(row.label ?? ""),
-    object_name: String(row.object_name ?? ""),
-    description: row.description ?? void 0,
-    active: row.active !== false,
-    definition: parseJson(row.definition_json, {}),
-    created_at: row.created_at ?? void 0,
-    updated_at: row.updated_at ?? void 0
-  };
-}
 function rowFromRequest(row) {
   return {
     id: String(row.id),
     organization_id: row.organization_id ?? void 0,
     process_name: String(row.process_name ?? ""),
-    process_hash: row.process_hash ?? void 0,
     object_name: String(row.object_name ?? ""),
     record_id: String(row.record_id ?? ""),
     submitter_id: row.submitter_id ?? void 0,
@@ -275,6 +990,8 @@ function rowFromRequest(row) {
     current_step_index: row.current_step_index ?? void 0,
     pending_approvers: csvSplit(row.pending_approvers),
     payload: parseJson(row.payload_json, void 0),
+    flow_run_id: row.flow_run_id ?? void 0,
+    flow_node_id: row.flow_node_id ?? void 0,
     completed_at: row.completed_at ?? void 0,
     created_at: row.created_at ?? void 0,
     updated_at: row.updated_at ?? void 0
@@ -297,23 +1014,20 @@ var ApprovalService = class {
     this.engine = opts.engine;
     this.clock = opts.clock ?? { now: () => /* @__PURE__ */ new Date() };
     this.logger = opts.logger;
-    this.fetchImpl = opts.fetch;
-    this.webhookTimeoutMs = opts.webhookTimeoutMs;
-    this.onRegistryChange = opts.onRegistryChange;
-    this.metadataRepo = opts.metadataRepo;
+    this.automation = opts.automation;
   }
-  /** Allow the plugin to attach a hook re-binding callback after construction. */
-  setRegistryChangeHandler(handler) {
-    this.onRegistryChange = handler;
+  /** Attach (or replace) the automation surface used to resume flow runs. */
+  attachAutomation(automation) {
+    this.automation = automation;
   }
   /**
-   * Expand the approvers on a step into user IDs by querying the graph
-   * tables for `team:` / `department:` / `role:` / `manager:` approver
-   * types. Falls back to a prefixed literal (`type:value`) when graph
-   * lookups produce nothing — so existing test fixtures and approver
-   * flows that rely on substring matching keep working.
+   * Expand the approvers on an Approval node into user IDs by querying the
+   * graph tables for `team:` / `department:` / `role:` / `manager:` approver
+   * types. Falls back to a prefixed literal (`type:value`) when graph lookups
+   * produce nothing — so existing fixtures and flows that rely on substring
+   * matching keep working.
    *
-   * **Graph semantics (M10.17.1):**
+   * **Graph semantics:**
    *   - `team`       → flat members of `sys_team` (better-auth; no BFS)
    *   - `department` → recursive BFS of `sys_department.parent_department_id`
    *                    → members of every descendant via `sys_department_member`
@@ -379,7 +1093,7 @@ var ApprovalService = class {
         filter: { team_id: teamId },
         fields: ["user_id"],
         limit: 1e4,
-        context: SYSTEM_CTX2
+        context: SYSTEM_CTX
       });
     } catch {
       rows = [];
@@ -394,7 +1108,7 @@ var ApprovalService = class {
         filter: organizationId ? { id: departmentId, organization_id: organizationId } : { id: departmentId },
         fields: ["id", "active"],
         limit: 1,
-        context: SYSTEM_CTX2
+        context: SYSTEM_CTX
       });
       const seedRow = Array.isArray(seed) ? seed[0] : null;
       if (!seedRow || seedRow.active === false) return [];
@@ -409,7 +1123,7 @@ var ApprovalService = class {
       try {
         const filter = { parent_department_id: parent, active: { $ne: false } };
         if (organizationId) filter.organization_id = organizationId;
-        kids = await this.engine.find("sys_department", { filter, fields: ["id"], limit: 1e3, context: SYSTEM_CTX2 });
+        kids = await this.engine.find("sys_department", { filter, fields: ["id"], limit: 1e3, context: SYSTEM_CTX });
       } catch {
         kids = [];
       }
@@ -427,7 +1141,7 @@ var ApprovalService = class {
         filter: { department_id: { $in: Array.from(seen) } },
         fields: ["user_id"],
         limit: 1e4,
-        context: SYSTEM_CTX2
+        context: SYSTEM_CTX
       });
     } catch {
       rows = [];
@@ -440,7 +1154,7 @@ var ApprovalService = class {
     if (organizationId) filter.organization_id = organizationId;
     let rows = [];
     try {
-      rows = await this.engine.find("sys_member", { filter, fields: ["user_id"], limit: 1e4, context: SYSTEM_CTX2 });
+      rows = await this.engine.find("sys_member", { filter, fields: ["user_id"], limit: 1e4, context: SYSTEM_CTX });
     } catch {
       rows = [];
     }
@@ -452,7 +1166,7 @@ var ApprovalService = class {
         filter: { id: userId },
         fields: ["id", "manager_id"],
         limit: 1,
-        context: SYSTEM_CTX2
+        context: SYSTEM_CTX
       });
       const row = Array.isArray(rows) ? rows[0] : null;
       return row?.manager_id ? String(row.manager_id) : null;
@@ -460,263 +1174,189 @@ var ApprovalService = class {
       return null;
     }
   }
-  async notifyRegistryChanged() {
-    const cb = this.onRegistryChange ?? this.onRegistryChange;
-    if (!cb) return;
+  /** Mirror a request status onto a business-object field, if configured. */
+  async mirrorStatusField(object, recordId, field, status) {
     try {
-      await cb();
+      await this.engine.update(object, { id: recordId, [field]: status }, { context: SYSTEM_CTX });
     } catch (err) {
-      this.logger?.warn?.("[approvals] onRegistryChange handler failed", { error: err?.message });
+      this.logger?.warn?.(`[approvals] mirrorStatusField failed: ${err?.message ?? err}`);
     }
   }
+  // ── ADR-0019: Approval-as-flow-node ──────────────────────────
+  //
+  // A flow's Approval node opens a request via `openNodeRequest` (carrying its
+  // own approvers/behavior config and the suspended run id), then suspends. A
+  // later `decide` finalizes it and resumes the flow run down the matching
+  // `approve`/`reject` edge. The record lock is enforced by a beforeUpdate hook
+  // keyed on a *pending* request, so finalizing auto-releases it.
   /**
-   * Look up the HEAD checksum of an approval process from the metadata repo
-   * (ADR-0009). Returns null when no repo is wired, no metadata exists for
-   * the name, or the lookup fails — callers MUST treat null as "do not pin"
-   * and fall back to the projection table.
+   * Open a pending approval request on behalf of a flow's Approval node. The
+   * node config (approvers / behavior / status field) is snapshotted on the row
+   * so a decision can be made without any process to resolve against.
    */
-  async resolveProcessHash(processName, organizationId) {
-    if (!this.metadataRepo) return null;
-    if (!processName) return null;
-    const orgRef = { org: organizationId || "system", type: "approval", name: processName };
-    try {
-      const head = await this.metadataRepo.get(orgRef);
-      return head?.hash ?? null;
-    } catch (err) {
-      this.logger?.debug?.("[approvals] metadataRepo.get failed", { name: processName, error: err?.message });
-      return null;
-    }
-  }
-  /**
-   * Resolve the approval process for an in-flight request, honouring
-   * ADR-0009 execution pinning when a `process_hash` is recorded.
-   *
-   * Resolution order:
-   *   1. If `req.process_hash` AND `metadataRepo` are set, try
-   *      `getByHash` — return a row whose `definition` is the pinned body.
-   *   2. Otherwise (or on lookup failure) fall back to the current
-   *      projection via `getProcess(req.process_name)`.
-   */
-  async loadProcessForRequest(req, context) {
-    const hash = req.process_hash;
-    if (hash && this.metadataRepo) {
-      const orgId = req.organization_id ?? null;
-      const orgRef = { org: orgId || "system", type: "approval", name: req.process_name };
-      try {
-        const pinned = await this.metadataRepo.getByHash(orgRef, hash);
-        if (pinned?.body) {
-          const current = await this.getProcess(req.process_name, context);
-          const body = pinned.body;
-          return {
-            id: current?.id ?? `pinned_${hash.slice(7, 19)}`,
-            name: req.process_name,
-            label: body.label ?? current?.label ?? req.process_name,
-            object_name: req.object_name,
-            description: body.description ?? current?.description,
-            active: current?.active ?? true,
-            definition: body,
-            created_at: current?.created_at,
-            updated_at: current?.updated_at
-          };
-        }
-        this.logger?.warn?.("[approvals] pinned process body not found; falling back to current", {
-          request: req.id,
-          process: req.process_name,
-          hash
-        });
-      } catch (err) {
-        this.logger?.warn?.("[approvals] getByHash failed; falling back to current", {
-          request: req.id,
-          error: err?.message
-        });
-      }
-    }
-    return this.getProcess(req.process_name, context);
-  }
-  /** Mirror request status onto `process.approvalStatusField` if configured. */
-  async syncStatusField(process, request) {
-    const field = process.definition?.approvalStatusField;
-    if (!field) return;
-    try {
-      await this.engine.update(
-        process.object_name,
-        { id: request.record_id, [field]: request.status },
-        { context: SYSTEM_CTX2 }
-      );
-    } catch (err) {
-      this.logger?.warn?.(`[approvals] syncStatusField failed: ${err?.message ?? err}`);
-    }
-  }
-  /** Convenience wrapper that funnels every action invocation through the executor. */
-  async runActions(actions, trigger, process, request, step, actorId, comment) {
-    if (!actions || actions.length === 0) return;
-    await executeActions(actions, {
-      trigger,
-      process: { ...process, object: process.object_name },
-      request,
-      step,
-      actorId: actorId ?? null,
-      comment: comment ?? null
-    }, {
-      engine: this.engine,
-      logger: this.logger,
-      fetch: this.fetchImpl,
-      webhookTimeoutMs: this.webhookTimeoutMs
-    });
-  }
-  // ── Process definitions ──────────────────────────────────────
-  async defineProcess(input, _context) {
-    if (!input.name) throw new Error("VALIDATION_FAILED: name is required");
-    if (!input.label) throw new Error("VALIDATION_FAILED: label is required");
-    if (!input.object) throw new Error("VALIDATION_FAILED: object is required");
-    if (!input.definition) throw new Error("VALIDATION_FAILED: definition is required");
-    const parsed = import_automation.ApprovalProcessSchema.safeParse(input.definition);
-    if (!parsed.success) {
-      const msg = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
-      throw new Error(`VALIDATION_FAILED: ${msg}`);
-    }
-    const now = this.clock.now().toISOString();
-    const payload = {
-      name: input.name,
-      label: input.label,
-      object_name: input.object,
-      description: input.description ?? null,
-      active: input.active !== false,
-      definition_json: JSON.stringify(parsed.data),
-      updated_at: now
-    };
-    const existing = await this.engine.find("sys_approval_process", {
-      where: { name: input.name },
-      limit: 1,
-      context: SYSTEM_CTX2
-    });
-    if (Array.isArray(existing) && existing[0]) {
-      const id2 = existing[0].id;
-      await this.engine.update("sys_approval_process", { id: id2, ...payload }, { context: SYSTEM_CTX2 });
-      const row2 = rowFromProcess({ ...existing[0], ...payload, id: id2 });
-      await this.notifyRegistryChanged();
-      return row2;
-    }
-    const id = input.id ?? uid("apv");
-    const row = { id, ...payload, created_at: now };
-    await this.engine.insert("sys_approval_process", row, { context: SYSTEM_CTX2 });
-    const out = rowFromProcess(row);
-    await this.notifyRegistryChanged();
-    return out;
-  }
-  async listProcesses(filter, _context) {
-    const f = {};
-    if (filter?.object) f.object_name = filter.object;
-    if (filter?.activeOnly) f.active = true;
-    const rows = await this.engine.find("sys_approval_process", {
-      where: f,
-      limit: 500,
-      orderBy: [{ field: "updated_at", direction: "desc" }],
-      context: SYSTEM_CTX2
-    });
-    return Array.isArray(rows) ? rows.map(rowFromProcess) : [];
-  }
-  async getProcess(idOrName, _context) {
-    if (!idOrName) return null;
-    let rows = await this.engine.find("sys_approval_process", {
-      where: { id: idOrName },
-      limit: 1,
-      context: SYSTEM_CTX2
-    });
-    if (!Array.isArray(rows) || !rows[0]) {
-      rows = await this.engine.find("sys_approval_process", {
-        where: { name: idOrName },
-        limit: 1,
-        context: SYSTEM_CTX2
-      });
-    }
-    return Array.isArray(rows) && rows[0] ? rowFromProcess(rows[0]) : null;
-  }
-  async deleteProcess(idOrName, context) {
-    if (!idOrName) throw new Error("VALIDATION_FAILED: idOrName is required");
-    const proc = await this.getProcess(idOrName, context);
-    if (!proc) return;
-    await this.engine.delete("sys_approval_process", { where: { id: proc.id }, context: SYSTEM_CTX2 });
-    await this.notifyRegistryChanged();
-  }
-  // ── Requests ─────────────────────────────────────────────────
-  async submit(input, context) {
+  async openNodeRequest(input, context) {
     if (!input.object) throw new Error("VALIDATION_FAILED: object is required");
     if (!input.recordId) throw new Error("VALIDATION_FAILED: recordId is required");
-    let process = null;
-    if (input.processName) {
-      process = await this.getProcess(input.processName, context);
-      if (process && !process.active) {
-        throw new Error(`NO_ACTIVE_PROCESS: process '${input.processName}' is not active`);
-      }
-    } else {
-      const list = await this.listProcesses({ object: input.object, activeOnly: true }, context);
-      process = list[0] ?? null;
-    }
-    if (!process) {
-      throw new Error(`NO_ACTIVE_PROCESS: no active approval process for object '${input.object}'`);
-    }
+    if (!input.runId) throw new Error("VALIDATION_FAILED: runId is required");
     const existing = await this.engine.find("sys_approval_request", {
       where: { object_name: input.object, record_id: input.recordId, status: "pending" },
       limit: 1,
-      context: SYSTEM_CTX2
+      context: SYSTEM_CTX
     });
     if (Array.isArray(existing) && existing[0]) {
       throw new Error(`DUPLICATE_REQUEST: a pending approval already exists for ${input.object}/${input.recordId}`);
     }
-    const steps = process.definition?.steps ?? [];
-    if (steps.length === 0) {
-      throw new Error("VALIDATION_FAILED: process definition has no steps");
-    }
-    const step0 = steps[0];
-    const ctxOrg = context?.organizationId ?? context?.tenantId ?? null;
-    const approvers = await this.expandApprovers(step0, input.payload, ctxOrg);
+    const ctxOrg = context?.organizationId ?? context?.tenantId ?? input.organizationId ?? null;
+    const approvers = await this.expandApprovers({ approvers: input.config.approvers }, input.record, ctxOrg);
     const now = this.clock.now().toISOString();
     const id = uid("areq");
-    const processHash = await this.resolveProcessHash(process.name, ctxOrg);
+    const processName = `flow:${input.flowName ?? input.nodeId}`;
     const row = {
       id,
-      process_name: process.name,
-      process_hash: processHash,
+      process_name: processName,
       object_name: input.object,
       record_id: input.recordId,
       submitter_id: input.submitterId ?? context.userId ?? null,
-      submitter_comment: input.comment ?? null,
       status: "pending",
-      current_step: step0.name,
+      current_step: input.nodeId,
       current_step_index: 0,
       pending_approvers: approvers.join(","),
-      payload_json: input.payload != null ? JSON.stringify(input.payload) : null,
+      payload_json: input.record != null ? JSON.stringify(input.record) : null,
+      flow_run_id: input.runId,
+      flow_node_id: input.nodeId,
+      node_config_json: JSON.stringify(input.config),
       organization_id: ctxOrg,
       created_at: now,
       updated_at: now
     };
-    await this.engine.insert("sys_approval_request", row, { context: SYSTEM_CTX2 });
+    await this.engine.insert("sys_approval_request", row, { context: SYSTEM_CTX });
     await this.engine.insert("sys_approval_action", {
       id: uid("aact"),
       request_id: id,
       organization_id: ctxOrg,
-      step_name: step0.name,
+      step_name: input.nodeId,
       step_index: 0,
       action: "submit",
       actor_id: input.submitterId ?? context.userId ?? null,
+      comment: null,
+      created_at: now
+    }, { context: SYSTEM_CTX });
+    if (input.config.approvalStatusField) {
+      await this.mirrorStatusField(input.object, input.recordId, input.config.approvalStatusField, "pending");
+    }
+    return rowFromRequest(row);
+  }
+  /**
+   * Record a decision on a node-driven request. Honours the node's `unanimous`
+   * behavior (holds until every approver has approved). When the request
+   * finalizes, returns the suspended run id + node id so the caller (or
+   * {@link ApprovalService.decide}) can resume the flow down the matching
+   * branch.
+   */
+  async decideNode(requestId, input, context) {
+    if (!requestId) throw new Error("VALIDATION_FAILED: requestId is required");
+    if (!input?.actorId) throw new Error("VALIDATION_FAILED: actorId is required");
+    if (input.decision !== "approve" && input.decision !== "reject") {
+      throw new Error("VALIDATION_FAILED: decision must be approve|reject");
+    }
+    const rawRows = await this.engine.find("sys_approval_request", {
+      where: { id: requestId },
+      limit: 1,
+      context: SYSTEM_CTX
+    });
+    const raw = Array.isArray(rawRows) ? rawRows[0] : null;
+    if (!raw) throw new Error(`REQUEST_NOT_FOUND: ${requestId}`);
+    if (raw.status !== "pending") throw new Error(`INVALID_STATE: request is ${raw.status}`);
+    const pendingApprovers = csvSplit(raw.pending_approvers);
+    if (!context.isSystem && !pendingApprovers.includes(input.actorId)) {
+      throw new Error(`FORBIDDEN: actor '${input.actorId}' is not a pending approver`);
+    }
+    const config = parseJson(raw.node_config_json, { approvers: [], behavior: "first_response" });
+    const org = raw.organization_id ?? null;
+    const nodeId = raw.flow_node_id ?? raw.current_step ?? null;
+    const runId = raw.flow_run_id ?? null;
+    const now = this.clock.now().toISOString();
+    await this.engine.insert("sys_approval_action", {
+      id: uid("aact"),
+      request_id: requestId,
+      organization_id: org,
+      step_name: nodeId,
+      step_index: 0,
+      action: input.decision,
+      actor_id: input.actorId,
       comment: input.comment ?? null,
       created_at: now
-    }, { context: SYSTEM_CTX2 });
-    const requestRow = rowFromRequest(row);
-    await this.syncStatusField(process, requestRow);
-    const definition = process.definition ?? {};
-    await this.runActions(
-      definition.onSubmit,
-      "submit",
-      process,
-      requestRow,
-      step0,
-      input.submitterId ?? context.userId ?? null,
-      input.comment ?? null
-    );
-    return requestRow;
+    }, { context: SYSTEM_CTX });
+    if (input.decision === "approve" && config.behavior === "unanimous") {
+      const original = await this.expandApprovers(
+        { approvers: config.approvers },
+        parseJson(raw.payload_json, void 0),
+        org
+      );
+      const acts = await this.engine.find("sys_approval_action", {
+        where: { request_id: requestId, step_index: 0, action: "approve" },
+        limit: 500,
+        context: SYSTEM_CTX
+      });
+      const approved = new Set((acts ?? []).map((a) => String(a.actor_id ?? "")).filter(Boolean));
+      const stillPending = original.filter((a) => !approved.has(a));
+      if (stillPending.length > 0) {
+        await this.engine.update("sys_approval_request", {
+          id: requestId,
+          pending_approvers: stillPending.join(","),
+          updated_at: now
+        }, { context: SYSTEM_CTX });
+        const fresh2 = await this.getRequest(requestId, context);
+        return { request: fresh2, runId, nodeId, finalized: false, decision: input.decision };
+      }
+    }
+    const finalStatus = input.decision === "approve" ? "approved" : "rejected";
+    await this.engine.update("sys_approval_request", {
+      id: requestId,
+      status: finalStatus,
+      pending_approvers: null,
+      completed_at: now,
+      updated_at: now
+    }, { context: SYSTEM_CTX });
+    if (config.approvalStatusField) {
+      await this.mirrorStatusField(raw.object_name, raw.record_id, config.approvalStatusField, finalStatus);
+    }
+    const fresh = await this.getRequest(requestId, context);
+    return { request: fresh, runId, nodeId, finalized: true, decision: input.decision };
+  }
+  /**
+   * Public contract entrypoint (ADR-0019). Records a decision on a node-driven
+   * request via {@link ApprovalService.decideNode} and, when it finalizes,
+   * resumes the owning flow run down the matching `approve` / `reject` edge.
+   */
+  async decide(requestId, input, context) {
+    const result = await this.decideNode(requestId, input, context);
+    let resumed = false;
+    if (result.finalized && result.runId && typeof this.automation?.resume === "function") {
+      const branchLabel = result.decision === "approve" ? import_automation.APPROVAL_BRANCH_LABELS.approve : import_automation.APPROVAL_BRANCH_LABELS.reject;
+      try {
+        await this.automation.resume(result.runId, {
+          branchLabel,
+          output: { decision: result.decision, requestId }
+        });
+        resumed = true;
+      } catch (err) {
+        this.logger?.warn?.("[approvals] resume after decision failed", {
+          request: requestId,
+          run: result.runId,
+          error: err?.message ?? String(err)
+        });
+      }
+    }
+    return {
+      request: result.request,
+      finalized: result.finalized,
+      decision: result.decision,
+      runId: result.runId,
+      resumed
+    };
   }
+  // ── Read API ─────────────────────────────────────────────────
   async listRequests(filter, context) {
     const f = {};
     if (filter?.object) f.object_name = filter.object;
@@ -731,7 +1371,7 @@ var ApprovalService = class {
       where: f,
       limit: 500,
       orderBy: [{ field: "updated_at", direction: "desc" }],
-      context: SYSTEM_CTX2
+      context: SYSTEM_CTX
     });
     let list = Array.isArray(rows) ? rows.map(rowFromRequest) : [];
     if (statusFilter) list = list.filter((r) => statusFilter.includes(r.status));
@@ -749,169 +1389,10 @@ var ApprovalService = class {
     const rows = await this.engine.find("sys_approval_request", {
       where,
       limit: 1,
-      context: SYSTEM_CTX2
+      context: SYSTEM_CTX
     });
     return Array.isArray(rows) && rows[0] ? rowFromRequest(rows[0]) : null;
   }
-  async approve(requestId, input, context) {
-    const req = await this.getRequest(requestId, context);
-    if (!req) throw new Error(`REQUEST_NOT_FOUND: ${requestId}`);
-    if (req.status !== "pending") throw new Error(`INVALID_STATE: request is ${req.status}`);
-    if (!input?.actorId) throw new Error("VALIDATION_FAILED: actorId is required");
-    if (!context.isSystem && !(req.pending_approvers ?? []).includes(input.actorId)) {
-      throw new Error(`FORBIDDEN: actor '${input.actorId}' is not a pending approver`);
-    }
-    const process = await this.loadProcessForRequest(req, context);
-    if (!process) throw new Error(`PROCESS_NOT_FOUND: ${req.process_name}`);
-    const steps = process.definition?.steps ?? [];
-    const stepIndex = req.current_step_index ?? 0;
-    const step = steps[stepIndex];
-    if (!step) throw new Error(`INVALID_STATE: step index ${stepIndex} out of range`);
-    const now = this.clock.now().toISOString();
-    await this.engine.insert("sys_approval_action", {
-      id: uid("aact"),
-      request_id: req.id,
-      organization_id: req.organization_id ?? null,
-      step_name: step.name,
-      step_index: stepIndex,
-      action: "approve",
-      actor_id: input.actorId,
-      comment: input.comment ?? null,
-      created_at: now
-    }, { context: SYSTEM_CTX2 });
-    if (step.behavior === "unanimous") {
-      const original = await this.expandApprovers(step, req.payload, req.organization_id ?? null);
-      const acts = await this.engine.find("sys_approval_action", {
-        where: { request_id: req.id, step_index: stepIndex, action: "approve" },
-        limit: 500,
-        context: SYSTEM_CTX2
-      });
-      const approved = new Set((acts ?? []).map((a) => String(a.actor_id ?? "")).filter(Boolean));
-      const stillPending = original.filter((a) => !approved.has(a));
-      if (stillPending.length > 0) {
-        await this.engine.update("sys_approval_request", {
-          id: req.id,
-          pending_approvers: stillPending.join(","),
-          updated_at: now
-        }, { context: SYSTEM_CTX2 });
-        const fresh2 = await this.getRequest(req.id, context);
-        return { request: fresh2, finalized: false };
-      }
-    }
-    if (stepIndex + 1 >= steps.length) {
-      await this.engine.update("sys_approval_request", {
-        id: req.id,
-        status: "approved",
-        pending_approvers: null,
-        completed_at: now,
-        updated_at: now
-      }, { context: SYSTEM_CTX2 });
-      const fresh2 = await this.getRequest(req.id, context);
-      await this.runActions(step?.onApprove, "step_approve", process, fresh2, step, input.actorId, input.comment);
-      await this.syncStatusField(process, fresh2);
-      await this.runActions(process.definition?.onFinalApprove, "final_approve", process, fresh2, step, input.actorId, input.comment);
-      return { request: fresh2, finalized: true };
-    }
-    const nextStep = steps[stepIndex + 1];
-    const nextApprovers = await this.expandApprovers(nextStep, req.payload, req.organization_id ?? null);
-    await this.engine.update("sys_approval_request", {
-      id: req.id,
-      current_step: nextStep.name,
-      current_step_index: stepIndex + 1,
-      pending_approvers: nextApprovers.join(","),
-      updated_at: now
-    }, { context: SYSTEM_CTX2 });
-    const fresh = await this.getRequest(req.id, context);
-    await this.runActions(step?.onApprove, "step_approve", process, fresh, step, input.actorId, input.comment);
-    return { request: fresh, finalized: false };
-  }
-  async reject(requestId, input, context) {
-    const req = await this.getRequest(requestId, context);
-    if (!req) throw new Error(`REQUEST_NOT_FOUND: ${requestId}`);
-    if (req.status !== "pending") throw new Error(`INVALID_STATE: request is ${req.status}`);
-    if (!input?.actorId) throw new Error("VALIDATION_FAILED: actorId is required");
-    if (!context.isSystem && !(req.pending_approvers ?? []).includes(input.actorId)) {
-      throw new Error(`FORBIDDEN: actor '${input.actorId}' is not a pending approver`);
-    }
-    const process = await this.loadProcessForRequest(req, context);
-    if (!process) throw new Error(`PROCESS_NOT_FOUND: ${req.process_name}`);
-    const steps = process.definition?.steps ?? [];
-    const stepIndex = req.current_step_index ?? 0;
-    const step = steps[stepIndex];
-    const now = this.clock.now().toISOString();
-    await this.engine.insert("sys_approval_action", {
-      id: uid("aact"),
-      request_id: req.id,
-      organization_id: req.organization_id ?? null,
-      step_name: step?.name,
-      step_index: stepIndex,
-      action: "reject",
-      actor_id: input.actorId,
-      comment: input.comment ?? null,
-      created_at: now
-    }, { context: SYSTEM_CTX2 });
-    if (step?.rejectionBehavior === "back_to_previous" && stepIndex > 0) {
-      const prev = steps[stepIndex - 1];
-      const prevApprovers = await this.expandApprovers(prev, req.payload, req.organization_id ?? null);
-      await this.engine.update("sys_approval_request", {
-        id: req.id,
-        current_step: prev.name,
-        current_step_index: stepIndex - 1,
-        pending_approvers: prevApprovers.join(","),
-        updated_at: now
-      }, { context: SYSTEM_CTX2 });
-      const fresh2 = await this.getRequest(req.id, context);
-      await this.runActions(step?.onReject, "step_reject", process, fresh2, step, input.actorId, input.comment);
-      return { request: fresh2, finalized: false };
-    }
-    await this.engine.update("sys_approval_request", {
-      id: req.id,
-      status: "rejected",
-      pending_approvers: null,
-      completed_at: now,
-      updated_at: now
-    }, { context: SYSTEM_CTX2 });
-    const fresh = await this.getRequest(req.id, context);
-    await this.runActions(step?.onReject, "step_reject", process, fresh, step, input.actorId, input.comment);
-    await this.syncStatusField(process, fresh);
-    await this.runActions(process.definition?.onFinalReject, "final_reject", process, fresh, step, input.actorId, input.comment);
-    return { request: fresh, finalized: true };
-  }
-  async recall(requestId, input, context) {
-    const req = await this.getRequest(requestId, context);
-    if (!req) throw new Error(`REQUEST_NOT_FOUND: ${requestId}`);
-    if (req.status !== "pending") throw new Error(`INVALID_STATE: request is ${req.status}`);
-    if (!input?.actorId) throw new Error("VALIDATION_FAILED: actorId is required");
-    if (!context.isSystem && req.submitter_id && req.submitter_id !== input.actorId) {
-      throw new Error(`FORBIDDEN: only the submitter can recall this request`);
-    }
-    const now = this.clock.now().toISOString();
-    await this.engine.insert("sys_approval_action", {
-      id: uid("aact"),
-      request_id: req.id,
-      organization_id: req.organization_id ?? null,
-      step_name: req.current_step,
-      step_index: req.current_step_index,
-      action: "recall",
-      actor_id: input.actorId,
-      comment: input.comment ?? null,
-      created_at: now
-    }, { context: SYSTEM_CTX2 });
-    await this.engine.update("sys_approval_request", {
-      id: req.id,
-      status: "recalled",
-      pending_approvers: null,
-      completed_at: now,
-      updated_at: now
-    }, { context: SYSTEM_CTX2 });
-    const fresh = await this.getRequest(req.id, context);
-    const process = await this.loadProcessForRequest(req, context);
-    if (process) {
-      await this.syncStatusField(process, fresh);
-      await this.runActions(process.definition?.onRecall, "recall", process, fresh, void 0, input.actorId, input.comment);
-    }
-    return { request: fresh, finalized: true };
-  }
   async listActions(requestId, context) {
     if (!requestId) return [];
     const req = await this.getRequest(requestId, context);
@@ -920,160 +1401,131 @@ var ApprovalService = class {
       where: { request_id: requestId },
       limit: 500,
       orderBy: [{ field: "created_at", direction: "asc" }],
-      context: SYSTEM_CTX2
+      context: SYSTEM_CTX
     });
     return Array.isArray(rows) ? rows.map(rowFromAction) : [];
   }
 };
 
-// src/approvals-plugin.ts
-var import_audit = require("@objectstack/platform-objects/audit");
-
 // src/lifecycle-hooks.ts
-var import_formula = require("@objectstack/formula");
-var APPROVALS_HOOK_PACKAGE = "plugin-approvals:auto";
-var SYSTEM_CTX3 = { isSystem: true, roles: [], permissions: [] };
-function evaluateCriteria(criteria, record, logger) {
-  if (criteria == null || criteria === "") return true;
-  let expr;
-  if (typeof criteria === "string") {
-    expr = { dialect: "cel", source: criteria };
-  } else if (typeof criteria === "object" && criteria.dialect) {
-    expr = criteria;
-  } else {
-    return true;
-  }
-  if (!expr.source || !expr.source.trim()) return true;
-  const r = import_formula.ExpressionEngine.evaluate(expr, { record });
-  if (!r.ok) {
-    logger?.warn?.("[approvals] entryCriteria evaluation failed; skipping auto-submit", {
-      source: expr.source,
-      error: r.error.message
-    });
-    return false;
+var APPROVALS_HOOK_PACKAGE = "plugin-approvals:lock";
+function parseJson2(raw, fallback) {
+  if (raw == null || raw === "") return fallback;
+  if (typeof raw === "string") {
+    try {
+      return JSON.parse(raw);
+    } catch {
+      return fallback;
+    }
   }
-  return Boolean(r.value);
+  return raw;
 }
-async function hasPendingRequest(engine, objectName, recordId) {
+async function pendingRequestFor(engine, objectName, recordId) {
   try {
     const rows = await engine.find("sys_approval_request", {
       where: { object_name: objectName, record_id: String(recordId), status: "pending" },
       limit: 1
     });
-    return Array.isArray(rows) && rows.length > 0;
+    return Array.isArray(rows) && rows[0] ? rows[0] : null;
   } catch {
-    return false;
+    return null;
   }
 }
-function bindProcessHooks(engine, service, processes, logger) {
-  const byObject = /* @__PURE__ */ new Map();
-  for (const p of processes) {
-    if (!p.active && !p.is_active) continue;
-    if (!p.object_name) continue;
-    const list = byObject.get(p.object_name) ?? [];
-    list.push(p);
-    byObject.set(p.object_name, list);
-  }
-  for (const [objectName, procs] of byObject.entries()) {
-    engine.registerHook("afterInsert", async (ctx) => {
-      try {
-        const record = ctx?.result ?? ctx?.input?.data ?? {};
-        const id = String(record?.id ?? "");
-        if (!id) return;
-        for (const proc of procs) {
-          await tryAutoSubmit(engine, service, proc, objectName, id, record, ctx, logger);
-        }
-      } catch (err) {
-        logger?.warn?.("[approvals] afterInsert auto-trigger failed", { error: err?.message });
-      }
-    }, { object: objectName, packageId: APPROVALS_HOOK_PACKAGE, priority: 200 });
-    engine.registerHook("afterUpdate", async (ctx) => {
-      if (ctx?.session?.isSystem) return;
-      try {
-        const result = ctx?.result ?? {};
-        const id = String(ctx?.input?.id ?? result?.id ?? "");
-        if (!id) return;
-        const record = {
-          ...ctx?.previous ?? {},
-          ...result?.id ? result : {},
-          ...ctx?.input?.data ?? {},
-          id
-        };
-        for (const proc of procs) {
-          await tryAutoSubmit(engine, service, proc, objectName, id, record, ctx, logger);
-        }
-      } catch (err) {
-        logger?.warn?.("[approvals] afterUpdate auto-trigger failed", { error: err?.message });
-      }
-    }, { object: objectName, packageId: APPROVALS_HOOK_PACKAGE, priority: 200 });
-    const lockProcs = procs.filter((p) => p.definition?.lockRecord !== false);
-    if (lockProcs.length === 0) continue;
-    engine.registerHook("beforeUpdate", async (ctx) => {
-      const id = String(ctx?.input?.id ?? "");
-      if (!id) return;
-      const data = ctx?.input?.data ?? {};
-      const changedFields = Object.keys(data).filter((k) => k !== "id" && k !== "updated_at");
-      if (changedFields.length === 0) return;
-      if (ctx?.session?.isSystem) return;
-      const mirrorFields = /* @__PURE__ */ new Set();
-      for (const p of lockProcs) {
-        const f = p.definition?.approvalStatusField;
-        if (typeof f === "string" && f) mirrorFields.add(f);
-      }
-      const onlyMirror = changedFields.every((f) => mirrorFields.has(f));
-      if (onlyMirror) return;
-      const roles = ctx?.session?.roles ?? [];
-      if (Array.isArray(roles) && roles.includes("admin")) return;
-      const pending = await hasPendingRequest(engine, objectName, id);
-      if (!pending) return;
-      const err = new Error("RECORD_LOCKED: record is locked while an approval is in progress");
-      err.code = "RECORD_LOCKED";
-      err.statusCode = 409;
-      throw err;
-    }, { object: objectName, packageId: APPROVALS_HOOK_PACKAGE, priority: 50 });
-  }
-  logger?.info?.("[approvals] lifecycle hooks bound", {
-    objects: Array.from(byObject.keys()),
-    processCount: processes.length
-  });
+function bindApprovalLockHook(engine, logger) {
+  engine.registerHook("beforeUpdate", async (ctx) => {
+    const id = String(ctx?.input?.id ?? "");
+    if (!id) return;
+    const object = ctx?.object ?? ctx?.objectName;
+    if (!object || String(object).startsWith("sys_approval")) return;
+    const data = ctx?.input?.data ?? {};
+    const changedFields = Object.keys(data).filter((k) => k !== "id" && k !== "updated_at");
+    if (changedFields.length === 0) return;
+    if (ctx?.session?.isSystem) return;
+    const roles = ctx?.session?.roles ?? [];
+    if (Array.isArray(roles) && roles.includes("admin")) return;
+    const pending = await pendingRequestFor(engine, object, id);
+    if (!pending) return;
+    const config = parseJson2(pending.node_config_json, {});
+    if (config?.lockRecord === false) return;
+    const mirror = config?.approvalStatusField;
+    if (typeof mirror === "string" && mirror && changedFields.every((f) => f === mirror)) return;
+    const err = new Error("RECORD_LOCKED: record is locked while an approval is in progress");
+    err.code = "RECORD_LOCKED";
+    err.statusCode = 409;
+    throw err;
+  }, { packageId: APPROVALS_HOOK_PACKAGE, priority: 50 });
+  logger?.info?.("[approvals] record-lock hook bound");
 }
 function unbindAllHooks(engine) {
   return engine.unregisterHooksByPackage(APPROVALS_HOOK_PACKAGE);
 }
-async function tryAutoSubmit(engine, service, process, objectName, recordId, record, ctx, logger) {
-  try {
-    const criteria = process.definition?.entryCriteria;
-    const passes = evaluateCriteria(criteria, record, logger);
-    if (!passes) return;
-    if (await hasPendingRequest(engine, objectName, recordId)) return;
-    const statusField = process.definition?.approvalStatusField;
-    if (statusField) {
-      const current = record?.[statusField];
-      if (current === "approved" || current === "rejected" || current === "recalled") return;
+
+// src/approval-node.ts
+var import_automation2 = require("@objectstack/spec/automation");
+var SYSTEM_CTX2 = { isSystem: true, roles: [], permissions: [] };
+function registerApprovalNode(automation, service, logger) {
+  automation.registerNodeExecutor({
+    type: import_automation2.APPROVAL_NODE_TYPE,
+    descriptor: (0, import_automation2.defineActionDescriptor)({
+      type: import_automation2.APPROVAL_NODE_TYPE,
+      version: "1.0.0",
+      name: "Approval",
+      description: "Route a record for human approval; suspends the flow until a decision, then continues down the approve / reject branch.",
+      icon: "check-circle",
+      category: "human",
+      paradigms: ["flow"],
+      source: "plugin",
+      // Human decision: the run suspends here awaiting an external reply.
+      supportsPause: true,
+      isAsync: true,
+      // Publish the node's config contract (ADR-0018 §configSchema) so the
+      // Studio flow designer renders the Approval property form from the engine
+      // rather than a hardcoded client form — the engine owns the shape.
+      configSchema: (0, import_automation2.getApprovalNodeConfigJsonSchema)()
+    }),
+    async execute(node, variables, context) {
+      const parsed = import_automation2.ApprovalNodeConfigSchema.safeParse(node.config ?? {});
+      if (!parsed.success) {
+        const msg = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+        return { success: false, error: `Approval node '${node.id}' has invalid config: ${msg}` };
+      }
+      const config = parsed.data;
+      const runId = variables.get("$runId");
+      const record = variables.get("$record") ?? context?.record ?? {};
+      const object = context?.object ?? record?.object_name;
+      const recordId = record?.id;
+      if (!runId) return { success: false, error: `Approval node '${node.id}': missing $runId` };
+      if (!object) return { success: false, error: `Approval node '${node.id}': no target object in context` };
+      if (!recordId) return { success: false, error: `Approval node '${node.id}': no record id in $record` };
+      try {
+        const request = await service.openNodeRequest({
+          object,
+          recordId: String(recordId),
+          runId: String(runId),
+          nodeId: node.id,
+          config,
+          flowName: context?.flowName,
+          submitterId: context?.userId ?? null,
+          record,
+          organizationId: context?.organizationId ?? context?.tenantId ?? null
+        }, {
+          ...SYSTEM_CTX2,
+          userId: context?.userId,
+          organizationId: context?.organizationId,
+          tenantId: context?.tenantId
+        });
+        logger?.info?.("[approvals] approval node suspended run", {
+          node: node.id,
+          request: request.id,
+          run: String(runId)
+        });
+        return { success: true, suspend: true, correlation: request.id };
+      } catch (err) {
+        return { success: false, error: `Approval node '${node.id}': ${err?.message ?? String(err)}` };
+      }
     }
-    const submitterId = ctx?.session?.userId ?? null;
-    const submitterOrg = ctx?.session?.tenantId ?? ctx?.session?.organizationId ?? null;
-    await service.submit({
-      object: objectName,
-      recordId,
-      processName: process.name,
-      payload: record,
-      submitterId
-    }, { ...SYSTEM_CTX3, userId: submitterId ?? void 0, organizationId: submitterOrg ?? void 0, tenantId: submitterOrg ?? void 0 });
-    logger?.info?.("[approvals] auto-submitted approval", {
-      process: process.name,
-      object: objectName,
-      record: recordId
-    });
-  } catch (err) {
-    if (err?.code === "DUPLICATE_REQUEST") return;
-    logger?.warn?.("[approvals] auto-submit failed", {
-      process: process.name,
-      object: objectName,
-      record: recordId,
-      error: err?.message ?? String(err)
-    });
-  }
+  });
+  logger?.info?.("[approvals] approval node executor registered");
 }
 
 // src/approvals-plugin.ts
@@ -1094,8 +1546,36 @@ var ApprovalsServicePlugin = class {
       scope: "system",
       defaultDatasource: "cloud",
       namespace: "sys",
-      objects: [import_audit.SysApprovalProcess, import_audit.SysApprovalRequest, import_audit.SysApprovalAction]
+      objects: [SysApprovalRequest, SysApprovalAction],
+      // ADR-0029 D7 — contribute the Approvals entries into the Setup app's
+      // `group_approvals` slot. This plugin owns these objects (K2.b), so it
+      // ships their menu too; when the plugin isn't installed the slot is empty.
+      navigationContributions: [
+        {
+          app: "setup",
+          group: "group_approvals",
+          priority: 100,
+          items: [
+            { id: "nav_approval_requests", type: "object", label: "Requests", objectName: "sys_approval_request", icon: "inbox", requiresObject: "sys_approval_request" },
+            { id: "nav_approval_actions", type: "object", label: "Action History", objectName: "sys_approval_action", icon: "history", requiresObject: "sys_approval_action" }
+          ]
+        }
+      ]
     });
+    if (typeof ctx.hook === "function") {
+      ctx.hook("kernel:ready", async () => {
+        try {
+          const i18n = ctx.getService("i18n");
+          if (i18n && typeof i18n.loadTranslations === "function") {
+            const { ApprovalsTranslations: ApprovalsTranslations2 } = await Promise.resolve().then(() => (init_translations(), translations_exports));
+            for (const [locale, data] of Object.entries(ApprovalsTranslations2)) {
+              i18n.loadTranslations(locale, data);
+            }
+          }
+        } catch {
+        }
+      });
+    }
     ctx.logger.info("ApprovalsServicePlugin: schemas registered");
   }
   async start(ctx) {
@@ -1114,47 +1594,28 @@ var ApprovalsServicePlugin = class {
       return;
     }
     this.engine = engine;
-    this.logger = ctx.logger;
-    let metadataRepo;
-    try {
-      const meta = ctx.getService("metadata");
-      metadataRepo = meta?.getRepository?.();
-    } catch {
-    }
     this.service = new ApprovalService({
       engine,
-      logger: ctx.logger,
-      metadataRepo
+      logger: ctx.logger
     });
-    if (metadataRepo) {
-      ctx.logger.info("ApprovalsServicePlugin: execution pinning enabled (ADR-0009)");
-    }
     if (!this.options.disableAutoHooks) {
-      this.service.setRegistryChangeHandler(() => this.rebindHooks());
-      const hookOn = ctx.hook ?? ctx.on;
-      if (typeof hookOn === "function") {
-        try {
-          hookOn.call(ctx, "kernel:ready", async () => {
-            await this.rebindHooks();
-          });
-        } catch {
-          await this.rebindHooks();
-        }
-      } else {
-        await this.rebindHooks();
+      try {
+        unbindAllHooks(engine);
+        bindApprovalLockHook(engine, ctx.logger);
+      } catch (err) {
+        ctx.logger.warn?.("[approvals] failed to bind record-lock hook", { error: err?.message });
       }
     }
     ctx.registerService("approvals", this.service);
     ctx.logger.info("ApprovalsServicePlugin: service registered");
-  }
-  async rebindHooks() {
-    if (!this.engine || !this.service) return;
     try {
-      unbindAllHooks(this.engine);
-      const processes = await this.service.listProcesses({ activeOnly: true }, { isSystem: true, roles: [], permissions: [] });
-      bindProcessHooks(this.engine, this.service, processes, this.logger);
-    } catch (err) {
-      this.logger?.warn?.("[approvals] rebindHooks failed", { error: err?.message });
+      const automation = ctx.getService("automation");
+      if (automation && typeof automation.registerNodeExecutor === "function") {
+        this.service.attachAutomation(automation);
+        registerApprovalNode(automation, this.service, ctx.logger);
+      }
+    } catch {
+      ctx.logger.info("ApprovalsServicePlugin: no automation engine \u2014 approval node not registered");
     }
   }
   async stop(_ctx) {
@@ -1171,7 +1632,7 @@ var ApprovalsServicePlugin = class {
   ApprovalService,
   ApprovalsServicePlugin,
   SysApprovalAction,
-  SysApprovalProcess,
-  SysApprovalRequest
+  SysApprovalRequest,
+  registerApprovalNode
 });
 //# sourceMappingURL=index.js.map