@objectstack/rest 4.1.0 → 4.1.1

package/dist/index.d.cts

@@ -226,7 +226,8 @@ declare class RestServer {
     private reportsServiceProvider?;
     private approvalsServiceProvider?;
     private sharingRulesServiceProvider?;
-    constructor(server: IHttpServer, protocol: ObjectStackProtocol, config?: RestServerConfig, kernelManager?: RestKernelManager, envRegistry?: RestEnvRegistry, defaultProjectIdProvider?: () => string | undefined, authServiceProvider?: (projectId?: string) => Promise<any | undefined>, objectQLProvider?: (projectId?: string) => Promise<any | undefined>, emailServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingServiceProvider?: (projectId?: string) => Promise<any | undefined>, reportsServiceProvider?: (projectId?: string) => Promise<any | undefined>, approvalsServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingRulesServiceProvider?: (projectId?: string) => Promise<any | undefined>);
+    private i18nServiceProvider?;
+    constructor(server: IHttpServer, protocol: ObjectStackProtocol, config?: RestServerConfig, kernelManager?: RestKernelManager, envRegistry?: RestEnvRegistry, defaultProjectIdProvider?: () => string | undefined, authServiceProvider?: (projectId?: string) => Promise<any | undefined>, objectQLProvider?: (projectId?: string) => Promise<any | undefined>, emailServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingServiceProvider?: (projectId?: string) => Promise<any | undefined>, reportsServiceProvider?: (projectId?: string) => Promise<any | undefined>, approvalsServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingRulesServiceProvider?: (projectId?: string) => Promise<any | undefined>, i18nServiceProvider?: (projectId?: string) => Promise<any | undefined>);
     /**
      * Resolve the protocol for a given request. When `projectId` is present
      * and a KernelManager is wired, fetch the per-project kernel's
@@ -388,6 +389,36 @@ declare class RestServer {
      *   }
      */
     private registerEmailEndpoints;
+    /**
+     * Register public (anonymous) form endpoints.
+     *
+     * Public forms are opt-in: a `FormView` becomes accessible to anonymous
+     * visitors only when `sharing.allowAnonymous === true` AND a
+     * `sharing.publicLink` slug is configured. Two routes are registered:
+     *
+     *   GET  {basePath}/forms/:slug          → resolved form spec
+     *   POST {basePath}/forms/:slug/submit   → INSERT record (no auth required)
+     *
+     * Both routes bypass `enforceAuth` even when `requireAuth=true` on the
+     * deployment (e.g. ObjectOS multi-tenant). Security is delegated to the
+     * `guest_portal` permission set carried on the execution context — the
+     * SecurityPlugin enforces INSERT-only access to the target object. If
+     * the deployment hasn't registered a `guest_portal` profile, the
+     * security middleware falls open with `permissions: []` (no userId),
+     * matching the existing anonymous-access semantics; deployers must
+     * keep `requireAuth=true` deployments paired with a `guest_portal`
+     * profile (the CRM example does this) to enforce the INSERT-only
+     * contract.
+     *
+     * The matched FormView's parent ViewSchema is found by scanning
+     * `protocol.getMetaItems({ type: 'view' })`. For each entry we inspect
+     * `form.sharing` and every entry in `formViews`; the first FormView
+     * whose `sharing.publicLink` matches `/forms/:slug` (or just `:slug`)
+     * wins. The response carries the matched form view under `form` and
+     * the inferred target object, matching what the frontend's
+     * `mapViewSpecToEmbeddableConfig` expects.
+     */
+    private registerFormEndpoints;
     /**
      * Register record-level sharing endpoints (M11.C17).
      *

package/dist/index.d.ts

@@ -226,7 +226,8 @@ declare class RestServer {
     private reportsServiceProvider?;
     private approvalsServiceProvider?;
     private sharingRulesServiceProvider?;
-    constructor(server: IHttpServer, protocol: ObjectStackProtocol, config?: RestServerConfig, kernelManager?: RestKernelManager, envRegistry?: RestEnvRegistry, defaultProjectIdProvider?: () => string | undefined, authServiceProvider?: (projectId?: string) => Promise<any | undefined>, objectQLProvider?: (projectId?: string) => Promise<any | undefined>, emailServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingServiceProvider?: (projectId?: string) => Promise<any | undefined>, reportsServiceProvider?: (projectId?: string) => Promise<any | undefined>, approvalsServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingRulesServiceProvider?: (projectId?: string) => Promise<any | undefined>);
+    private i18nServiceProvider?;
+    constructor(server: IHttpServer, protocol: ObjectStackProtocol, config?: RestServerConfig, kernelManager?: RestKernelManager, envRegistry?: RestEnvRegistry, defaultProjectIdProvider?: () => string | undefined, authServiceProvider?: (projectId?: string) => Promise<any | undefined>, objectQLProvider?: (projectId?: string) => Promise<any | undefined>, emailServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingServiceProvider?: (projectId?: string) => Promise<any | undefined>, reportsServiceProvider?: (projectId?: string) => Promise<any | undefined>, approvalsServiceProvider?: (projectId?: string) => Promise<any | undefined>, sharingRulesServiceProvider?: (projectId?: string) => Promise<any | undefined>, i18nServiceProvider?: (projectId?: string) => Promise<any | undefined>);
     /**
      * Resolve the protocol for a given request. When `projectId` is present
      * and a KernelManager is wired, fetch the per-project kernel's
@@ -388,6 +389,36 @@ declare class RestServer {
      *   }
      */
     private registerEmailEndpoints;
+    /**
+     * Register public (anonymous) form endpoints.
+     *
+     * Public forms are opt-in: a `FormView` becomes accessible to anonymous
+     * visitors only when `sharing.allowAnonymous === true` AND a
+     * `sharing.publicLink` slug is configured. Two routes are registered:
+     *
+     *   GET  {basePath}/forms/:slug          → resolved form spec
+     *   POST {basePath}/forms/:slug/submit   → INSERT record (no auth required)
+     *
+     * Both routes bypass `enforceAuth` even when `requireAuth=true` on the
+     * deployment (e.g. ObjectOS multi-tenant). Security is delegated to the
+     * `guest_portal` permission set carried on the execution context — the
+     * SecurityPlugin enforces INSERT-only access to the target object. If
+     * the deployment hasn't registered a `guest_portal` profile, the
+     * security middleware falls open with `permissions: []` (no userId),
+     * matching the existing anonymous-access semantics; deployers must
+     * keep `requireAuth=true` deployments paired with a `guest_portal`
+     * profile (the CRM example does this) to enforce the INSERT-only
+     * contract.
+     *
+     * The matched FormView's parent ViewSchema is found by scanning
+     * `protocol.getMetaItems({ type: 'view' })`. For each entry we inspect
+     * `form.sharing` and every entry in `formViews`; the first FormView
+     * whose `sharing.publicLink` matches `/forms/:slug` (or just `:slug`)
+     * wins. The response carries the matched form view under `form` and
+     * the inferred target object, matching what the frontend's
+     * `mapViewSpecToEmbeddableConfig` expects.
+     */
+    private registerFormEndpoints;
     /**
      * Register record-level sharing endpoints (M11.C17).
      *

package/dist/index.js

@@ -391,7 +391,7 @@ function rowsToCsv(fields, rows, includeHeader) {
   return lines.join("\r\n") + (lines.length > 0 ? "\r\n" : "");
 }
 var RestServer = class {
-  constructor(server, protocol, config = {}, kernelManager, envRegistry, defaultProjectIdProvider, authServiceProvider, objectQLProvider, emailServiceProvider, sharingServiceProvider, reportsServiceProvider, approvalsServiceProvider, sharingRulesServiceProvider) {
+  constructor(server, protocol, config = {}, kernelManager, envRegistry, defaultProjectIdProvider, authServiceProvider, objectQLProvider, emailServiceProvider, sharingServiceProvider, reportsServiceProvider, approvalsServiceProvider, sharingRulesServiceProvider, i18nServiceProvider) {
     this.protocol = protocol;
     this.config = this.normalizeConfig(config);
     this.routeManager = new RouteManager(server);
@@ -405,6 +405,7 @@ var RestServer = class {
     this.reportsServiceProvider = reportsServiceProvider;
     this.approvalsServiceProvider = approvalsServiceProvider;
     this.sharingRulesServiceProvider = sharingRulesServiceProvider;
+    this.i18nServiceProvider = i18nServiceProvider;
   }
   /**
    * Resolve the protocol for a given request. When `projectId` is present
@@ -472,14 +473,51 @@ var RestServer = class {
    * requests intentionally return `undefined` because the platform kernel
    * does not own per-app translation bundles.
    */
-  async resolveI18nService(projectId) {
-    if (!projectId || projectId === "platform" || !this.kernelManager) return void 0;
-    try {
-      const kernel = await this.kernelManager.getOrCreate(projectId);
-      return await kernel.getServiceAsync("i18n");
-    } catch {
-      return void 0;
+  async resolveI18nService(projectId, req) {
+    if (projectId === "platform") return void 0;
+    if (!projectId && req && this.envRegistry && this.kernelManager) {
+      const host = this.extractHostname(req);
+      if (host) {
+        try {
+          const result = await this.envRegistry.resolveByHostname(host);
+          if (result?.projectId) projectId = result.projectId;
+        } catch {
+        }
+      }
+      if (!projectId && typeof this.envRegistry.resolveById === "function") {
+        const headerVal = this.extractProjectIdHeader(req);
+        if (headerVal) {
+          try {
+            const driver = await this.envRegistry.resolveById(headerVal);
+            if (driver) projectId = headerVal;
+          } catch {
+          }
+        }
+      }
+    }
+    if (!projectId && this.defaultProjectIdProvider) {
+      try {
+        const def = this.defaultProjectIdProvider();
+        if (def) projectId = def;
+      } catch {
+      }
+    }
+    if (projectId && this.kernelManager) {
+      try {
+        const kernel = await this.kernelManager.getOrCreate(projectId);
+        const svc = await kernel.getServiceAsync("i18n");
+        if (svc) return svc;
+      } catch {
+      }
+    }
+    if (this.i18nServiceProvider) {
+      try {
+        return await this.i18nServiceProvider(projectId);
+      } catch {
+        return void 0;
+      }
     }
+    return void 0;
   }
   /**
    * Reject anonymous requests with HTTP 401 when `api.requireAuth` is set.
@@ -681,8 +719,8 @@ var RestServer = class {
    */
   async translateMetaItem(req, type, projectId, item) {
     if (!item || typeof item !== "object") return item;
-    if (type !== "view" && type !== "action") return item;
-    const i18n = await this.resolveI18nService(projectId);
+    if (type !== "view" && type !== "action" && type !== "object") return item;
+    const i18n = await this.resolveI18nService(projectId, req);
     const bundle = this.buildTranslationBundle(i18n);
     if (!bundle) return item;
     const locale = this.extractLocale(req, i18n);
@@ -695,8 +733,8 @@ var RestServer = class {
    */
   async translateMetaItems(req, type, projectId, items) {
     if (!Array.isArray(items)) return items;
-    if (type !== "view" && type !== "action") return items;
-    const i18n = await this.resolveI18nService(projectId);
+    if (type !== "view" && type !== "action" && type !== "object") return items;
+    const i18n = await this.resolveI18nService(projectId, req);
     const bundle = this.buildTranslationBundle(i18n);
     if (!bundle) return items;
     const locale = this.extractLocale(req, i18n);
@@ -856,6 +894,7 @@ var RestServer = class {
         this.registerSearchEndpoints(bp);
       }
       this.registerEmailEndpoints(bp);
+      this.registerFormEndpoints(bp);
       this.registerSharingEndpoints(bp);
       this.registerSharingRuleEndpoints(bp);
       this.registerReportsEndpoints(bp);
@@ -1785,6 +1824,348 @@ var RestServer = class {
       }
     });
   }
+  /**
+   * Register public (anonymous) form endpoints.
+   *
+   * Public forms are opt-in: a `FormView` becomes accessible to anonymous
+   * visitors only when `sharing.allowAnonymous === true` AND a
+   * `sharing.publicLink` slug is configured. Two routes are registered:
+   *
+   *   GET  {basePath}/forms/:slug          → resolved form spec
+   *   POST {basePath}/forms/:slug/submit   → INSERT record (no auth required)
+   *
+   * Both routes bypass `enforceAuth` even when `requireAuth=true` on the
+   * deployment (e.g. ObjectOS multi-tenant). Security is delegated to the
+   * `guest_portal` permission set carried on the execution context — the
+   * SecurityPlugin enforces INSERT-only access to the target object. If
+   * the deployment hasn't registered a `guest_portal` profile, the
+   * security middleware falls open with `permissions: []` (no userId),
+   * matching the existing anonymous-access semantics; deployers must
+   * keep `requireAuth=true` deployments paired with a `guest_portal`
+   * profile (the CRM example does this) to enforce the INSERT-only
+   * contract.
+   *
+   * The matched FormView's parent ViewSchema is found by scanning
+   * `protocol.getMetaItems({ type: 'view' })`. For each entry we inspect
+   * `form.sharing` and every entry in `formViews`; the first FormView
+   * whose `sharing.publicLink` matches `/forms/:slug` (or just `:slug`)
+   * wins. The response carries the matched form view under `form` and
+   * the inferred target object, matching what the frontend's
+   * `mapViewSpecToEmbeddableConfig` expects.
+   */
+  registerFormEndpoints(basePath) {
+    const isScoped = basePath.includes("/projects/:projectId");
+    const slugMatchesPublicLink = (publicLink, slug) => {
+      if (!publicLink || typeof publicLink !== "string") return false;
+      const normalized = publicLink.replace(/^\/+/, "").replace(/^forms\//, "");
+      return normalized === slug;
+    };
+    const findPublicFormView = (views, slug) => {
+      for (const view of views ?? []) {
+        if (!view || typeof view !== "object") continue;
+        const candidates = [];
+        if (view.form && view.form.sharing) candidates.push({ form: view.form });
+        const formViews = view.formViews;
+        if (formViews && typeof formViews === "object") {
+          for (const [key, fv] of Object.entries(formViews)) {
+            if (fv && typeof fv === "object" && fv.sharing) {
+              candidates.push({ form: fv, key });
+            }
+          }
+        }
+        for (const c of candidates) {
+          const sharing = c.form?.sharing;
+          if (!sharing || sharing.allowAnonymous !== true) continue;
+          if (!slugMatchesPublicLink(sharing.publicLink, slug)) continue;
+          const objectName = c.form?.data?.object ?? view?.list?.data?.object ?? view?.form?.data?.object ?? view?.object;
+          if (!objectName) continue;
+          return { view, form: c.form, object: objectName };
+        }
+      }
+      return null;
+    };
+    const resolveFormBySlug = async (projectId, req, slug) => {
+      const p = await this.resolveProtocol(projectId, req);
+      if (typeof p.getMetaItems !== "function") return null;
+      const result = await p.getMetaItems({
+        type: "view",
+        ...projectId ? { projectId } : {}
+      });
+      const items = Array.isArray(result?.items) ? result.items : Array.isArray(result) ? result : [];
+      return findPublicFormView(items, slug);
+    };
+    this.routeManager.register({
+      method: "GET",
+      path: `${basePath}/forms/:slug`,
+      handler: async (req, res) => {
+        try {
+          const projectId = isScoped ? req.params?.projectId : void 0;
+          const slug = String(req.params?.slug ?? "").trim();
+          if (!slug) {
+            res.status(400).json({ code: "INVALID_REQUEST", error: "slug is required" });
+            return;
+          }
+          const match = await resolveFormBySlug(projectId, req, slug);
+          if (!match) {
+            res.status(404).json({
+              code: "FORM_NOT_FOUND",
+              error: `No public form configured at /forms/${slug}`
+            });
+            return;
+          }
+          let objectSchema = null;
+          try {
+            const p = await this.resolveProtocol(projectId, req);
+            if (typeof p.getMetaItems === "function") {
+              const r = await p.getMetaItems({
+                type: "object",
+                ...projectId ? { projectId } : {}
+              });
+              const items = Array.isArray(r?.items) ? r.items : Array.isArray(r) ? r : [];
+              const obj = items.find((o) => o?.name === match.object);
+              if (obj && obj.fields && typeof obj.fields === "object") {
+                const allowed = /* @__PURE__ */ new Set();
+                for (const sec of match.form?.sections ?? []) {
+                  for (const f of sec?.fields ?? []) {
+                    if (typeof f === "string") allowed.add(f);
+                    else if (f?.field) allowed.add(f.field);
+                  }
+                }
+                const fields = {};
+                for (const [name, def] of Object.entries(obj.fields)) {
+                  if (allowed.size === 0 || allowed.has(name)) {
+                    fields[name] = def;
+                  }
+                }
+                objectSchema = { name: obj.name, label: obj.label, fields };
+                try {
+                  const i18n = await this.resolveI18nService(projectId, req);
+                  const bundle = this.buildTranslationBundle(i18n);
+                  const locale = this.extractLocale(req, i18n);
+                  if (bundle && locale) {
+                    const { translateMetadataDocument } = await import("@objectstack/spec/system");
+                    objectSchema = translateMetadataDocument("object", objectSchema, bundle, { locale });
+                  }
+                } catch (e) {
+                  logError("[REST] Public form schema translation failed:", e);
+                }
+              }
+            }
+          } catch (e) {
+            logError("[REST] Public form schema load failed:", e);
+          }
+          const safeForm = (() => {
+            if (!match.form || !Array.isArray(match.form.sections)) return match.form;
+            const allow = (name, cfg) => {
+              const def = objectSchema?.fields?.[name];
+              const t = def?.type;
+              if (t !== "lookup" && t !== "master_detail") return true;
+              return !!cfg?.publicPicker;
+            };
+            const sections = match.form.sections.map((sec) => {
+              const fields = (sec?.fields ?? []).filter((f) => {
+                const name = typeof f === "string" ? f : f?.field;
+                if (!name) return false;
+                const cfg = typeof f === "string" ? {} : f;
+                return allow(name, cfg);
+              });
+              return { ...sec, fields };
+            });
+            return { ...match.form, sections };
+          })();
+          res.header("Vary", "Accept-Language");
+          res.json({
+            slug,
+            object: match.object,
+            label: match.view?.label ?? match.form?.label,
+            form: safeForm,
+            objectSchema
+          });
+        } catch (error) {
+          logError("[REST] Public form resolve error:", error);
+          res.status(500).json({
+            code: "FORM_RESOLVE_FAILED",
+            error: String(error?.message ?? error ?? "resolve failed").slice(0, 500)
+          });
+        }
+      },
+      metadata: {
+        summary: "Resolve a public form spec by slug (anonymous)",
+        tags: ["forms", "public"]
+      }
+    });
+    this.routeManager.register({
+      method: "POST",
+      path: `${basePath}/forms/:slug/submit`,
+      handler: async (req, res) => {
+        try {
+          const projectId = isScoped ? req.params?.projectId : void 0;
+          const slug = String(req.params?.slug ?? "").trim();
+          if (!slug) {
+            res.status(400).json({ code: "INVALID_REQUEST", error: "slug is required" });
+            return;
+          }
+          const match = await resolveFormBySlug(projectId, req, slug);
+          if (!match) {
+            res.status(404).json({
+              code: "FORM_NOT_FOUND",
+              error: `No public form configured at /forms/${slug}`
+            });
+            return;
+          }
+          const allowedFields = /* @__PURE__ */ new Set();
+          for (const section of match.form?.sections ?? []) {
+            for (const f of section?.fields ?? []) {
+              if (typeof f === "string") allowedFields.add(f);
+              else if (f?.field) allowedFields.add(f.field);
+            }
+          }
+          const rawBody = req.body && typeof req.body === "object" ? req.body : {};
+          const filteredData = {};
+          if (allowedFields.size > 0) {
+            for (const [k, v] of Object.entries(rawBody)) {
+              if (allowedFields.has(k)) filteredData[k] = v;
+            }
+          } else {
+            Object.assign(filteredData, rawBody);
+          }
+          const context = {
+            permissions: ["guest_portal"],
+            anonymous: true
+          };
+          const p = await this.resolveProtocol(projectId, req);
+          const result = await p.createData({
+            object: match.object,
+            data: filteredData,
+            ...projectId ? { projectId } : {},
+            context
+          });
+          res.status(201).json(result);
+        } catch (error) {
+          const mapped = mapDataError(error);
+          if (!isExpectedDataStatus(mapped.status) && mapped.body?.code !== "VALIDATION_FAILED") {
+            logError("[REST] Public form submit error:", error);
+          }
+          res.status(mapped.status).json(mapped.body);
+        }
+      },
+      metadata: {
+        summary: "Submit an anonymous public form",
+        tags: ["forms", "public"]
+      }
+    });
+    this.routeManager.register({
+      method: "GET",
+      path: `${basePath}/forms/:slug/lookup/:field`,
+      handler: async (req, res) => {
+        try {
+          const projectId = isScoped ? req.params?.projectId : void 0;
+          const slug = String(req.params?.slug ?? "").trim();
+          const fieldName = String(req.params?.field ?? "").trim();
+          if (!slug || !fieldName) {
+            res.status(400).json({ code: "INVALID_REQUEST", error: "slug and field are required" });
+            return;
+          }
+          const match = await resolveFormBySlug(projectId, req, slug);
+          if (!match) {
+            res.status(404).json({
+              code: "FORM_NOT_FOUND",
+              error: `No public form configured at /forms/${slug}`
+            });
+            return;
+          }
+          let fieldCfg = null;
+          for (const sec of match.form?.sections ?? []) {
+            for (const f of sec?.fields ?? []) {
+              const name = typeof f === "string" ? f : f?.field;
+              if (name === fieldName) {
+                fieldCfg = typeof f === "string" ? {} : f;
+                break;
+              }
+            }
+            if (fieldCfg) break;
+          }
+          const picker = fieldCfg?.publicPicker;
+          if (!picker) {
+            res.status(403).json({
+              code: "LOOKUP_NOT_PUBLIC",
+              error: `Field "${fieldName}" is not enabled for public lookup on this form`
+            });
+            return;
+          }
+          const p = await this.resolveProtocol(projectId, req);
+          let referenceTo = picker.object;
+          if (!referenceTo && typeof p.getMetaItems === "function") {
+            try {
+              const r = await p.getMetaItems({
+                type: "object",
+                ...projectId ? { projectId } : {}
+              });
+              const items = Array.isArray(r?.items) ? r.items : Array.isArray(r) ? r : [];
+              const obj = items.find((o) => o?.name === match.object);
+              const def = obj?.fields?.[fieldName];
+              referenceTo = def?.referenceTo ?? def?.target ?? def?.options?.objectName;
+            } catch {
+            }
+          }
+          if (!referenceTo) {
+            res.status(500).json({
+              code: "LOOKUP_TARGET_MISSING",
+              error: `Could not resolve referenced object for "${fieldName}"`
+            });
+            return;
+          }
+          const displayFields = Array.isArray(picker.displayFields) && picker.displayFields.length > 0 ? picker.displayFields.slice(0, 5) : ["name"];
+          const hardCap = 50;
+          const maxResults = Math.min(Math.max(1, Number(picker.maxResults) || 20), hardCap);
+          const q = String(req.query?.q ?? "").trim().slice(0, 100);
+          const filters = [];
+          if (Array.isArray(picker.filter)) filters.push(...picker.filter);
+          if (q) filters.push({ field: displayFields[0], operator: "contains", value: q });
+          const context = {
+            permissions: ["guest_portal"],
+            anonymous: true
+          };
+          const result = await p.findData({
+            object: referenceTo,
+            query: {
+              limit: maxResults,
+              offset: 0,
+              filters,
+              select: ["id", ...displayFields],
+              sort: picker.sort ?? [{ field: displayFields[0], order: "asc" }]
+            },
+            ...projectId ? { projectId } : {},
+            context
+          });
+          const rows = Array.isArray(result?.data) ? result.data : Array.isArray(result?.items) ? result.items : [];
+          const projected = rows.slice(0, maxResults).map((row) => {
+            const out = { id: row?.id };
+            for (const f of displayFields) {
+              if (row && Object.prototype.hasOwnProperty.call(row, f)) out[f] = row[f];
+            }
+            return out;
+          });
+          res.json({
+            data: projected,
+            total: projected.length,
+            truncated: rows.length >= maxResults,
+            displayFields
+          });
+        } catch (error) {
+          const mapped = mapDataError(error);
+          if (!isExpectedDataStatus(mapped.status)) {
+            logError("[REST] Public form lookup error:", error);
+          }
+          res.status(mapped.status).json(mapped.body);
+        }
+      },
+      metadata: {
+        summary: "Scoped lookup picker for a public form field (anonymous)",
+        tags: ["forms", "public"]
+      }
+    });
+  }
   /**
    * Register record-level sharing endpoints (M11.C17).
    *
@@ -2898,6 +3279,13 @@ function createRestApiPlugin(config = {}) {
           return void 0;
         }
       };
+      const i18nServiceProvider = async (_projectId) => {
+        try {
+          return ctx.getService("i18n");
+        } catch {
+          return void 0;
+        }
+      };
       if (!server) {
         ctx.logger.warn(`RestApiPlugin: HTTP Server service '${serverService}' not found. REST routes skipped.`);
         return;
@@ -2908,7 +3296,7 @@ function createRestApiPlugin(config = {}) {
       }
       ctx.logger.info("Hydrating REST API from Protocol...");
       try {
-        const restServer = new RestServer(server, protocol, config.api, kernelManager, envRegistry, defaultProjectIdProvider, authServiceProvider, objectQLProvider, emailServiceProvider, sharingServiceProvider, reportsServiceProvider, approvalsServiceProvider, sharingRulesServiceProvider);
+        const restServer = new RestServer(server, protocol, config.api, kernelManager, envRegistry, defaultProjectIdProvider, authServiceProvider, objectQLProvider, emailServiceProvider, sharingServiceProvider, reportsServiceProvider, approvalsServiceProvider, sharingRulesServiceProvider, i18nServiceProvider);
         restServer.registerRoutes();
         ctx.logger.info("REST API successfully registered");
       } catch (err) {