@objectstack/plugin-auth 3.2.5 → 3.2.7

package/dist/index.mjs

@@ -216,14 +216,16 @@ var AUTH_VERIFICATION_CONFIG = {
   }
 };
 var AUTH_ORGANIZATION_SCHEMA = {
-  modelName: "sys_organization",
+  modelName: SystemObjectName2.ORGANIZATION,
+  // 'sys_organization'
   fields: {
     createdAt: "created_at",
     updatedAt: "updated_at"
   }
 };
 var AUTH_MEMBER_SCHEMA = {
-  modelName: "sys_member",
+  modelName: SystemObjectName2.MEMBER,
+  // 'sys_member'
   fields: {
     organizationId: "organization_id",
     userId: "user_id",
@@ -231,7 +233,8 @@ var AUTH_MEMBER_SCHEMA = {
   }
 };
 var AUTH_INVITATION_SCHEMA = {
-  modelName: "sys_invitation",
+  modelName: SystemObjectName2.INVITATION,
+  // 'sys_invitation'
   fields: {
     organizationId: "organization_id",
     inviterId: "inviter_id",
@@ -245,7 +248,8 @@ var AUTH_ORG_SESSION_FIELDS = {
   activeTeamId: "active_team_id"
 };
 var AUTH_TEAM_SCHEMA = {
-  modelName: "sys_team",
+  modelName: SystemObjectName2.TEAM,
+  // 'sys_team'
   fields: {
     organizationId: "organization_id",
     createdAt: "created_at",
@@ -253,7 +257,8 @@ var AUTH_TEAM_SCHEMA = {
   }
 };
 var AUTH_TEAM_MEMBER_SCHEMA = {
-  modelName: "sys_team_member",
+  modelName: SystemObjectName2.TEAM_MEMBER,
+  // 'sys_team_member'
   fields: {
     teamId: "team_id",
     userId: "user_id",
@@ -261,7 +266,8 @@ var AUTH_TEAM_MEMBER_SCHEMA = {
   }
 };
 var AUTH_TWO_FACTOR_SCHEMA = {
-  modelName: "sys_two_factor",
+  modelName: SystemObjectName2.TWO_FACTOR,
+  // 'sys_two_factor'
   fields: {
     backupCodes: "backup_codes",
     userId: "user_id"
@@ -333,10 +339,28 @@ var AuthManager = class {
       verification: {
         ...AUTH_VERIFICATION_CONFIG
       },
-      // Email configuration
+      // Social / OAuth providers
+      ...this.config.socialProviders ? { socialProviders: this.config.socialProviders } : {},
+      // Email and password configuration
       emailAndPassword: {
-        enabled: true
+        enabled: this.config.emailAndPassword?.enabled ?? true,
+        ...this.config.emailAndPassword?.disableSignUp != null ? { disableSignUp: this.config.emailAndPassword.disableSignUp } : {},
+        ...this.config.emailAndPassword?.requireEmailVerification != null ? { requireEmailVerification: this.config.emailAndPassword.requireEmailVerification } : {},
+        ...this.config.emailAndPassword?.minPasswordLength != null ? { minPasswordLength: this.config.emailAndPassword.minPasswordLength } : {},
+        ...this.config.emailAndPassword?.maxPasswordLength != null ? { maxPasswordLength: this.config.emailAndPassword.maxPasswordLength } : {},
+        ...this.config.emailAndPassword?.resetPasswordTokenExpiresIn != null ? { resetPasswordTokenExpiresIn: this.config.emailAndPassword.resetPasswordTokenExpiresIn } : {},
+        ...this.config.emailAndPassword?.autoSignIn != null ? { autoSignIn: this.config.emailAndPassword.autoSignIn } : {},
+        ...this.config.emailAndPassword?.revokeSessionsOnPasswordReset != null ? { revokeSessionsOnPasswordReset: this.config.emailAndPassword.revokeSessionsOnPasswordReset } : {}
       },
+      // Email verification
+      ...this.config.emailVerification ? {
+        emailVerification: {
+          ...this.config.emailVerification.sendOnSignUp != null ? { sendOnSignUp: this.config.emailVerification.sendOnSignUp } : {},
+          ...this.config.emailVerification.sendOnSignIn != null ? { sendOnSignIn: this.config.emailVerification.sendOnSignIn } : {},
+          ...this.config.emailVerification.autoSignInAfterVerification != null ? { autoSignInAfterVerification: this.config.emailVerification.autoSignInAfterVerification } : {},
+          ...this.config.emailVerification.expiresIn != null ? { expiresIn: this.config.emailVerification.expiresIn } : {}
+        }
+      } : {},
       // Session configuration
       session: {
         ...AUTH_SESSION_CONFIG,
@@ -346,7 +370,18 @@ var AuthManager = class {
         // 1 day default
       },
       // better-auth plugins — registered based on AuthPluginConfig flags
-      plugins: this.buildPluginList()
+      plugins: this.buildPluginList(),
+      // Trusted origins for CSRF protection (supports wildcards like "https://*.example.com")
+      ...this.config.trustedOrigins?.length ? { trustedOrigins: this.config.trustedOrigins } : {},
+      // Advanced options (cross-subdomain cookies, secure cookies, CSRF, etc.)
+      ...this.config.advanced ? {
+        advanced: {
+          ...this.config.advanced.crossSubDomainCookies ? { crossSubDomainCookies: this.config.advanced.crossSubDomainCookies } : {},
+          ...this.config.advanced.useSecureCookies != null ? { useSecureCookies: this.config.advanced.useSecureCookies } : {},
+          ...this.config.advanced.disableCSRFCheck != null ? { disableCSRFCheck: this.config.advanced.disableCSRFCheck } : {},
+          ...this.config.advanced.cookiePrefix != null ? { cookiePrefix: this.config.advanced.cookiePrefix } : {}
+        }
+      } : {}
     };
     return betterAuth(betterAuthConfig);
   }
@@ -416,6 +451,25 @@ var AuthManager = class {
     }
     return envSecret;
   }
+  /**
+   * Update the base URL at runtime.
+   *
+   * This **must** be called before the first request triggers lazy
+   * initialisation of the better-auth instance — typically from a
+   * `kernel:ready` hook where the actual server port is known.
+   *
+   * If the auth instance has already been created this is a no-op and
+   * a warning is emitted.
+   */
+  setRuntimeBaseUrl(url) {
+    if (this.auth) {
+      console.warn(
+        "[AuthManager] setRuntimeBaseUrl() called after the auth instance was already created \u2014 ignoring. Ensure this method is called before the first request."
+      );
+      return;
+    }
+    this.config = { ...this.config, baseUrl: url };
+  }
   /**
    * Get the underlying better-auth instance
    * Useful for advanced use cases
@@ -499,6 +553,21 @@ var AuthPlugin = class {
         } catch {
         }
         if (httpServer) {
+          const serverWithPort = httpServer;
+          if (this.authManager && typeof serverWithPort.getPort === "function") {
+            const actualPort = serverWithPort.getPort();
+            if (actualPort) {
+              const configuredUrl = this.options.baseUrl || "http://localhost:3000";
+              const configuredOrigin = new URL(configuredUrl).origin;
+              const actualUrl = `http://localhost:${actualPort}`;
+              if (configuredOrigin !== actualUrl) {
+                this.authManager.setRuntimeBaseUrl(actualUrl);
+                ctx.logger.info(
+                  `Auth baseUrl auto-updated to ${actualUrl} (configured: ${configuredUrl})`
+                );
+              }
+            }
+          }
           this.registerAuthRoutes(httpServer, ctx);
           ctx.logger.info(`Auth routes registered at ${this.options.basePath}`);
         } else {
@@ -580,18 +649,19 @@ var AuthPlugin = class {
   }
 };
 
-// src/objects/auth-user.object.ts
+// src/objects/sys-user.object.ts
 import { ObjectSchema, Field } from "@objectstack/spec/data";
-var AuthUser = ObjectSchema.create({
-  name: "sys_user",
+var SysUser = ObjectSchema.create({
+  namespace: "sys",
+  name: "user",
   label: "User",
   pluralLabel: "Users",
   icon: "user",
+  isSystem: true,
   description: "User accounts for authentication",
   titleFormat: "{name} ({email})",
   compactLayout: ["name", "email", "email_verified"],
   fields: {
-    // ID is auto-generated by ObjectQL
     id: Field.text({
       label: "User ID",
       required: true,
@@ -627,12 +697,10 @@ var AuthUser = ObjectSchema.create({
       required: false
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["email"], unique: true },
     { fields: ["created_at"], unique: false }
   ],
-  // Enable features
   enable: {
     trackHistory: true,
     searchable: true,
@@ -641,7 +709,6 @@ var AuthUser = ObjectSchema.create({
     trash: true,
     mru: true
   },
-  // Validation Rules
   validations: [
     {
       name: "email_unique",
@@ -654,13 +721,15 @@ var AuthUser = ObjectSchema.create({
   ]
 });
 
-// src/objects/auth-session.object.ts
+// src/objects/sys-session.object.ts
 import { ObjectSchema as ObjectSchema2, Field as Field2 } from "@objectstack/spec/data";
-var AuthSession = ObjectSchema2.create({
-  name: "sys_session",
+var SysSession = ObjectSchema2.create({
+  namespace: "sys",
+  name: "session",
   label: "Session",
   pluralLabel: "Sessions",
   icon: "key",
+  isSystem: true,
   description: "Active user sessions",
   titleFormat: "Session {token}",
   compactLayout: ["user_id", "expires_at", "ip_address"],
@@ -703,33 +772,30 @@ var AuthSession = ObjectSchema2.create({
       required: false
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["token"], unique: true },
     { fields: ["user_id"], unique: false },
     { fields: ["expires_at"], unique: false }
   ],
-  // Enable features
   enable: {
     trackHistory: false,
-    // Sessions don't need history tracking
     searchable: false,
     apiEnabled: true,
     apiMethods: ["get", "list", "create", "delete"],
-    // No update for sessions
     trash: false,
-    // Sessions should be hard deleted
     mru: false
   }
 });
 
-// src/objects/auth-account.object.ts
+// src/objects/sys-account.object.ts
 import { ObjectSchema as ObjectSchema3, Field as Field3 } from "@objectstack/spec/data";
-var AuthAccount = ObjectSchema3.create({
-  name: "sys_account",
+var SysAccount = ObjectSchema3.create({
+  namespace: "sys",
+  name: "account",
   label: "Account",
   pluralLabel: "Accounts",
   icon: "link",
+  isSystem: true,
   description: "OAuth and authentication provider accounts",
   titleFormat: "{provider_id} - {account_id}",
   compactLayout: ["provider_id", "user_id", "account_id"],
@@ -794,12 +860,10 @@ var AuthAccount = ObjectSchema3.create({
       description: "Hashed password for email/password provider"
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["user_id"], unique: false },
     { fields: ["provider_id", "account_id"], unique: true }
   ],
-  // Enable features
   enable: {
     trackHistory: false,
     searchable: false,
@@ -810,13 +874,15 @@ var AuthAccount = ObjectSchema3.create({
   }
 });
 
-// src/objects/auth-verification.object.ts
+// src/objects/sys-verification.object.ts
 import { ObjectSchema as ObjectSchema4, Field as Field4 } from "@objectstack/spec/data";
-var AuthVerification = ObjectSchema4.create({
-  name: "sys_verification",
+var SysVerification = ObjectSchema4.create({
+  namespace: "sys",
+  name: "verification",
   label: "Verification",
   pluralLabel: "Verifications",
   icon: "shield-check",
+  isSystem: true,
   description: "Email and phone verification tokens",
   titleFormat: "Verification for {identifier}",
   compactLayout: ["identifier", "expires_at", "created_at"],
@@ -851,21 +917,444 @@ var AuthVerification = ObjectSchema4.create({
       description: "Email address or phone number"
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["value"], unique: true },
     { fields: ["identifier"], unique: false },
     { fields: ["expires_at"], unique: false }
   ],
-  // Enable features
   enable: {
     trackHistory: false,
     searchable: false,
     apiEnabled: true,
     apiMethods: ["get", "create", "delete"],
-    // No list or update
     trash: false,
-    // Hard delete expired tokens
+    mru: false
+  }
+});
+
+// src/objects/sys-organization.object.ts
+import { ObjectSchema as ObjectSchema5, Field as Field5 } from "@objectstack/spec/data";
+var SysOrganization = ObjectSchema5.create({
+  namespace: "sys",
+  name: "organization",
+  label: "Organization",
+  pluralLabel: "Organizations",
+  icon: "building-2",
+  isSystem: true,
+  description: "Organizations for multi-tenant grouping",
+  titleFormat: "{name}",
+  compactLayout: ["name", "slug", "created_at"],
+  fields: {
+    id: Field5.text({
+      label: "Organization ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field5.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field5.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    name: Field5.text({
+      label: "Name",
+      required: true,
+      searchable: true,
+      maxLength: 255
+    }),
+    slug: Field5.text({
+      label: "Slug",
+      required: false,
+      maxLength: 255,
+      description: "URL-friendly identifier"
+    }),
+    logo: Field5.url({
+      label: "Logo",
+      required: false
+    }),
+    metadata: Field5.textarea({
+      label: "Metadata",
+      required: false,
+      description: "JSON-serialized organization metadata"
+    })
+  },
+  indexes: [
+    { fields: ["slug"], unique: true },
+    { fields: ["name"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: true
+  }
+});
+
+// src/objects/sys-member.object.ts
+import { ObjectSchema as ObjectSchema6, Field as Field6 } from "@objectstack/spec/data";
+var SysMember = ObjectSchema6.create({
+  namespace: "sys",
+  name: "member",
+  label: "Member",
+  pluralLabel: "Members",
+  icon: "user-check",
+  isSystem: true,
+  description: "Organization membership records",
+  titleFormat: "{user_id} in {organization_id}",
+  compactLayout: ["user_id", "organization_id", "role"],
+  fields: {
+    id: Field6.text({
+      label: "Member ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field6.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    organization_id: Field6.text({
+      label: "Organization ID",
+      required: true
+    }),
+    user_id: Field6.text({
+      label: "User ID",
+      required: true
+    }),
+    role: Field6.text({
+      label: "Role",
+      required: false,
+      description: "Member role within the organization (e.g. admin, member)",
+      maxLength: 100
+    })
+  },
+  indexes: [
+    { fields: ["organization_id", "user_id"], unique: true },
+    { fields: ["user_id"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-invitation.object.ts
+import { ObjectSchema as ObjectSchema7, Field as Field7 } from "@objectstack/spec/data";
+var SysInvitation = ObjectSchema7.create({
+  namespace: "sys",
+  name: "invitation",
+  label: "Invitation",
+  pluralLabel: "Invitations",
+  icon: "mail",
+  isSystem: true,
+  description: "Organization invitations for user onboarding",
+  titleFormat: "Invitation to {organization_id}",
+  compactLayout: ["email", "organization_id", "status"],
+  fields: {
+    id: Field7.text({
+      label: "Invitation ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field7.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    organization_id: Field7.text({
+      label: "Organization ID",
+      required: true
+    }),
+    email: Field7.email({
+      label: "Email",
+      required: true,
+      description: "Email address of the invited user"
+    }),
+    role: Field7.text({
+      label: "Role",
+      required: false,
+      maxLength: 100,
+      description: "Role to assign upon acceptance"
+    }),
+    status: Field7.select(["pending", "accepted", "rejected", "expired", "canceled"], {
+      label: "Status",
+      required: true,
+      defaultValue: "pending"
+    }),
+    inviter_id: Field7.text({
+      label: "Inviter ID",
+      required: true,
+      description: "User ID of the person who sent the invitation"
+    }),
+    expires_at: Field7.datetime({
+      label: "Expires At",
+      required: true
+    }),
+    team_id: Field7.text({
+      label: "Team ID",
+      required: false,
+      description: "Optional team to assign upon acceptance"
+    })
+  },
+  indexes: [
+    { fields: ["organization_id"] },
+    { fields: ["email"] },
+    { fields: ["expires_at"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-team.object.ts
+import { ObjectSchema as ObjectSchema8, Field as Field8 } from "@objectstack/spec/data";
+var SysTeam = ObjectSchema8.create({
+  namespace: "sys",
+  name: "team",
+  label: "Team",
+  pluralLabel: "Teams",
+  icon: "users",
+  isSystem: true,
+  description: "Teams within organizations for fine-grained grouping",
+  titleFormat: "{name}",
+  compactLayout: ["name", "organization_id", "created_at"],
+  fields: {
+    id: Field8.text({
+      label: "Team ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field8.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field8.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    name: Field8.text({
+      label: "Name",
+      required: true,
+      searchable: true,
+      maxLength: 255
+    }),
+    organization_id: Field8.text({
+      label: "Organization ID",
+      required: true
+    })
+  },
+  indexes: [
+    { fields: ["organization_id"] },
+    { fields: ["name", "organization_id"], unique: true }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: false
+  }
+});
+
+// src/objects/sys-team-member.object.ts
+import { ObjectSchema as ObjectSchema9, Field as Field9 } from "@objectstack/spec/data";
+var SysTeamMember = ObjectSchema9.create({
+  namespace: "sys",
+  name: "team_member",
+  label: "Team Member",
+  pluralLabel: "Team Members",
+  icon: "user-plus",
+  isSystem: true,
+  description: "Team membership records linking users to teams",
+  titleFormat: "{user_id} in {team_id}",
+  compactLayout: ["user_id", "team_id", "created_at"],
+  fields: {
+    id: Field9.text({
+      label: "Team Member ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field9.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    team_id: Field9.text({
+      label: "Team ID",
+      required: true
+    }),
+    user_id: Field9.text({
+      label: "User ID",
+      required: true
+    })
+  },
+  indexes: [
+    { fields: ["team_id", "user_id"], unique: true },
+    { fields: ["user_id"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-api-key.object.ts
+import { ObjectSchema as ObjectSchema10, Field as Field10 } from "@objectstack/spec/data";
+var SysApiKey = ObjectSchema10.create({
+  namespace: "sys",
+  name: "api_key",
+  label: "API Key",
+  pluralLabel: "API Keys",
+  icon: "key-round",
+  isSystem: true,
+  description: "API keys for programmatic access",
+  titleFormat: "{name}",
+  compactLayout: ["name", "user_id", "expires_at"],
+  fields: {
+    id: Field10.text({
+      label: "API Key ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field10.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field10.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    name: Field10.text({
+      label: "Name",
+      required: true,
+      maxLength: 255,
+      description: "Human-readable label for the API key"
+    }),
+    key: Field10.text({
+      label: "Key",
+      required: true,
+      description: "Hashed API key value"
+    }),
+    prefix: Field10.text({
+      label: "Prefix",
+      required: false,
+      maxLength: 16,
+      description: 'Visible prefix for identifying the key (e.g., "osk_")'
+    }),
+    user_id: Field10.text({
+      label: "User ID",
+      required: true,
+      description: "Owner user of this API key"
+    }),
+    scopes: Field10.textarea({
+      label: "Scopes",
+      required: false,
+      description: "JSON array of permission scopes"
+    }),
+    expires_at: Field10.datetime({
+      label: "Expires At",
+      required: false
+    }),
+    last_used_at: Field10.datetime({
+      label: "Last Used At",
+      required: false
+    }),
+    revoked: Field10.boolean({
+      label: "Revoked",
+      defaultValue: false
+    })
+  },
+  indexes: [
+    { fields: ["key"], unique: true },
+    { fields: ["user_id"] },
+    { fields: ["prefix"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-two-factor.object.ts
+import { ObjectSchema as ObjectSchema11, Field as Field11 } from "@objectstack/spec/data";
+var SysTwoFactor = ObjectSchema11.create({
+  namespace: "sys",
+  name: "two_factor",
+  label: "Two Factor",
+  pluralLabel: "Two Factor Credentials",
+  icon: "smartphone",
+  isSystem: true,
+  description: "Two-factor authentication credentials",
+  titleFormat: "Two-factor for {user_id}",
+  compactLayout: ["user_id", "created_at"],
+  fields: {
+    id: Field11.text({
+      label: "Two Factor ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field11.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field11.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    user_id: Field11.text({
+      label: "User ID",
+      required: true
+    }),
+    secret: Field11.text({
+      label: "Secret",
+      required: true,
+      description: "TOTP secret key"
+    }),
+    backup_codes: Field11.textarea({
+      label: "Backup Codes",
+      required: false,
+      description: "JSON-serialized backup recovery codes"
+    })
+  },
+  indexes: [
+    { fields: ["user_id"], unique: true }
+  ],
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "create", "update", "delete"],
+    trash: false,
     mru: false
   }
 });
@@ -883,12 +1372,23 @@ export {
   AUTH_TWO_FACTOR_USER_FIELDS,
   AUTH_USER_CONFIG,
   AUTH_VERIFICATION_CONFIG,
-  AuthAccount,
+  SysAccount as AuthAccount,
   AuthManager,
   AuthPlugin,
-  AuthSession,
-  AuthUser,
-  AuthVerification,
+  SysSession as AuthSession,
+  SysUser as AuthUser,
+  SysVerification as AuthVerification,
+  SysAccount,
+  SysApiKey,
+  SysInvitation,
+  SysMember,
+  SysOrganization,
+  SysSession,
+  SysTeam,
+  SysTeamMember,
+  SysTwoFactor,
+  SysUser,
+  SysVerification,
   buildOrganizationPluginSchema,
   buildTwoFactorPluginSchema,
   createObjectQLAdapter,