@objectstack/rest 7.2.1 → 7.4.0

package/dist/index.d.cts

@@ -521,19 +521,17 @@ declare class RestServer {
      */
     private registerReportsEndpoints;
     /**
-     * Register approval engine endpoints.
+     * Register approval endpoints (ADR-0019: approval as a flow node).
+     *
+     * Approval is no longer a standalone process engine — a flow's Approval
+     * node opens a request and suspends the run; a decision resumes it. There
+     * are no process-authoring or submit routes anymore.
      *
      * Routes (all under {basePath}/approvals):
-     *   GET    /processes                       — list approval processes
-     *   POST   /processes                       — upsert (defineProcess)
-     *   GET    /processes/:id                   — get by id or name
-     *   DELETE /processes/:id                   — delete process
-     *   POST   /requests                        — submit
      *   GET    /requests                        — list (filters: status, object, recordId, approverId, submitterId)
      *   GET    /requests/:id                    — get request
-     *   POST   /requests/:id/approve            — approve current step
-     *   POST   /requests/:id/reject             — reject current step
-     *   POST   /requests/:id/recall             — recall (submitter only)
+     *   POST   /requests/:id/approve            — record an approve decision (resumes the flow)
+     *   POST   /requests/:id/reject             — record a reject decision (resumes the flow)
      *   GET    /requests/:id/actions            — audit trail
      *
      * Returns 501 when `approvalsServiceProvider` is unset so deployments

package/dist/index.d.ts

@@ -521,19 +521,17 @@ declare class RestServer {
      */
     private registerReportsEndpoints;
     /**
-     * Register approval engine endpoints.
+     * Register approval endpoints (ADR-0019: approval as a flow node).
+     *
+     * Approval is no longer a standalone process engine — a flow's Approval
+     * node opens a request and suspends the run; a decision resumes it. There
+     * are no process-authoring or submit routes anymore.
      *
      * Routes (all under {basePath}/approvals):
-     *   GET    /processes                       — list approval processes
-     *   POST   /processes                       — upsert (defineProcess)
-     *   GET    /processes/:id                   — get by id or name
-     *   DELETE /processes/:id                   — delete process
-     *   POST   /requests                        — submit
      *   GET    /requests                        — list (filters: status, object, recordId, approverId, submitterId)
      *   GET    /requests/:id                    — get request
-     *   POST   /requests/:id/approve            — approve current step
-     *   POST   /requests/:id/reject             — reject current step
-     *   POST   /requests/:id/recall             — recall (submitter only)
+     *   POST   /requests/:id/approve            — record an approve decision (resumes the flow)
+     *   POST   /requests/:id/reject             — record a reject decision (resumes the flow)
      *   GET    /requests/:id/actions            — audit trail
      *
      * Returns 501 when `approvalsServiceProvider` is unset so deployments

package/dist/index.js

@@ -210,6 +210,7 @@ var RouteGroupBuilder = class {
 
 // src/rest-server.ts
 var logError = (...args) => globalThis.console?.error(...args);
+var TRANSLATABLE_META_TYPES = /* @__PURE__ */ new Set(["view", "action", "object", "app", "dashboard"]);
 function mapDataError(error, object) {
   if (error?.code === "CONCURRENT_UPDATE" || error?.name === "ConcurrentUpdateError") {
     return {
@@ -819,10 +820,10 @@ var RestServer = class {
    * locale yields a match. Falls through unchanged for unsupported types
    * or missing translations.
    */
-  async translateMetaItem(req, type, environmentId, item) {
+  async translateMetaItem(req, type, environmentId, item, i18nService) {
     if (!item || typeof item !== "object") return item;
-    if (type !== "view" && type !== "action" && type !== "object") return item;
-    const i18n = await this.resolveI18nService(environmentId, req);
+    if (!TRANSLATABLE_META_TYPES.has(type)) return item;
+    const i18n = i18nService !== void 0 ? i18nService : await this.resolveI18nService(environmentId, req);
     const bundle = this.buildTranslationBundle(i18n);
     if (!bundle) return item;
     const locale = this.extractLocale(req, i18n);
@@ -835,7 +836,7 @@ var RestServer = class {
    */
   async translateMetaItems(req, type, environmentId, items) {
     if (!Array.isArray(items)) return items;
-    if (type !== "view" && type !== "action" && type !== "object") return items;
+    if (!TRANSLATABLE_META_TYPES.has(type)) return items;
     const i18n = await this.resolveI18nService(environmentId, req);
     const bundle = this.buildTranslationBundle(i18n);
     if (!bundle) return items;
@@ -1338,6 +1339,15 @@ var RestServer = class {
                 }
               }
             }
+            if (req.params.type === "view" && req.query?.object) {
+              const obj = String(req.query.object);
+              const raw = visible;
+              const list = Array.isArray(raw) ? raw : raw && typeof raw === "object" && Array.isArray(raw.items) ? raw.items : null;
+              if (list) {
+                const filtered = list.filter((v) => v && typeof v === "object" && v.viewKind && v.object === obj).sort((a, b) => (a.order ?? 0) - (b.order ?? 0) || String(a.name).localeCompare(String(b.name)));
+                visible = Array.isArray(raw) ? filtered : { ...raw, items: filtered };
+              }
+            }
             const translated = await this.translateMetaItems(req, req.params.type, environmentId, visible);
             res.header("Vary", "Accept-Language");
             res.json(translated);
@@ -1404,10 +1414,13 @@ var RestServer = class {
                 ifNoneMatch: req.headers["if-none-match"],
                 ifModifiedSince: req.headers["if-modified-since"]
               };
+              const cacheI18n = await this.resolveI18nService(environmentId, req);
+              const cacheLocale = this.extractLocale(req, cacheI18n);
               const result = await p.getMetaItemCached({
                 type: req.params.type,
                 name: req.params.name,
                 cacheRequest,
+                ...cacheLocale ? { locale: cacheLocale } : {},
                 ...environmentId ? { environmentId } : {}
               });
               if (result.notModified) {
@@ -1427,7 +1440,7 @@ var RestServer = class {
                 res.header("Cache-Control", directives + maxAge);
               }
               res.header("Vary", "Accept-Language");
-              res.json(await this.translateMetaItem(req, req.params.type, environmentId, result.data));
+              res.json(await this.translateMetaItem(req, req.params.type, environmentId, result.data, cacheI18n));
             } else {
               const packageId = req.query?.package || void 0;
               const stateParam = typeof req.query?.state === "string" ? req.query.state.toLowerCase() : void 0;
@@ -1487,6 +1500,8 @@ var RestServer = class {
           const actor = typeof actorHeader === "string" ? actorHeader : void 0;
           const forceRaw = req.query?.force;
           const force = typeof forceRaw === "string" ? ["true", "1", "yes", "on"].includes(forceRaw.toLowerCase()) : !!forceRaw;
+          const packageRaw = req.query?.package;
+          const packageId = typeof packageRaw === "string" && packageRaw && packageRaw !== "all" ? packageRaw : void 0;
           const result = await p.saveMetaItem({
             type: req.params.type,
             name: req.params.name,
@@ -1495,6 +1510,7 @@ var RestServer = class {
             ...parentVersion !== void 0 ? { parentVersion } : {},
             ...actor ? { actor } : {},
             ...force ? { force: true } : {},
+            ...packageId ? { packageId } : {},
             ...typeof req.query?.mode === "string" && req.query.mode.toLowerCase() === "draft" ? { mode: "draft" } : {}
           });
           res.json(result);
@@ -1769,13 +1785,16 @@ var RestServer = class {
           const parentVersion = typeof ifMatchHeader === "string" ? ifMatchHeader.replace(/^"|"$/g, "") : void 0;
           const actorHeader = req.headers?.["x-actor"] ?? req.headers?.["X-Actor"] ?? req.user?.id ?? req.userId;
           const actor = typeof actorHeader === "string" ? actorHeader : void 0;
+          const packageRaw = req.query?.package;
+          const packageId = typeof packageRaw === "string" && packageRaw && packageRaw !== "all" ? packageRaw : void 0;
           const result = await p.saveMetaItem({
             type: req.params.type,
             name: compoundName,
             item: req.body,
             ...environmentId ? { environmentId } : {},
             ...parentVersion !== void 0 ? { parentVersion } : {},
-            ...actor ? { actor } : {}
+            ...actor ? { actor } : {},
+            ...packageId ? { packageId } : {}
           });
           res.json(result);
         } catch (error) {
@@ -3257,19 +3276,17 @@ var RestServer = class {
     });
   }
   /**
-   * Register approval engine endpoints.
+   * Register approval endpoints (ADR-0019: approval as a flow node).
+   *
+   * Approval is no longer a standalone process engine — a flow's Approval
+   * node opens a request and suspends the run; a decision resumes it. There
+   * are no process-authoring or submit routes anymore.
    *
    * Routes (all under {basePath}/approvals):
-   *   GET    /processes                       — list approval processes
-   *   POST   /processes                       — upsert (defineProcess)
-   *   GET    /processes/:id                   — get by id or name
-   *   DELETE /processes/:id                   — delete process
-   *   POST   /requests                        — submit
    *   GET    /requests                        — list (filters: status, object, recordId, approverId, submitterId)
    *   GET    /requests/:id                    — get request
-   *   POST   /requests/:id/approve            — approve current step
-   *   POST   /requests/:id/reject             — reject current step
-   *   POST   /requests/:id/recall             — recall (submitter only)
+   *   POST   /requests/:id/approve            — record an approve decision (resumes the flow)
+   *   POST   /requests/:id/reject             — record a reject decision (resumes the flow)
    *   GET    /requests/:id/actions            — audit trail
    *
    * Returns 501 when `approvalsServiceProvider` is unset so deployments
@@ -3297,8 +3314,6 @@ var RestServer = class {
         [/^DUPLICATE_REQUEST/, 409, "DUPLICATE_REQUEST"],
         [/^INVALID_STATE/, 409, "INVALID_STATE"],
         [/^FORBIDDEN/, 403, "FORBIDDEN"],
-        [/^NO_ACTIVE_PROCESS/, 404, "NO_ACTIVE_PROCESS"],
-        [/^PROCESS_NOT_FOUND/, 404, "PROCESS_NOT_FOUND"],
         [/^REQUEST_NOT_FOUND/, 404, "REQUEST_NOT_FOUND"]
       ];
       for (const [re, status, code] of mapping) {
@@ -3309,127 +3324,6 @@ var RestServer = class {
       }
       return false;
     };
-    this.routeManager.register({
-      method: "GET",
-      path: `${dataPath}/approvals/processes`,
-      handler: async (req, res) => {
-        try {
-          const environmentId = isScoped ? req.params?.environmentId : void 0;
-          const context = await this.resolveExecCtx(environmentId, req);
-          if (this.enforceAuth(req, res, context)) return;
-          const svc = await resolveService(environmentId);
-          if (!svc) return respond501(res);
-          const q = req.query ?? {};
-          const rows = await svc.listProcesses({
-            object: q.object,
-            activeOnly: q.activeOnly === "true" || q.activeOnly === true
-          }, context ?? {});
-          res.json({ data: rows });
-        } catch (error) {
-          logError("[REST] List approval processes error:", error);
-          res.status(500).json({ code: "APPROVAL_PROCESS_LIST_FAILED", error: String(error?.message ?? error).slice(0, 500) });
-        }
-      },
-      metadata: { summary: "List approval processes", tags: ["approvals"] }
-    });
-    this.routeManager.register({
-      method: "POST",
-      path: `${dataPath}/approvals/processes`,
-      handler: async (req, res) => {
-        try {
-          const environmentId = isScoped ? req.params?.environmentId : void 0;
-          const context = await this.resolveExecCtx(environmentId, req);
-          if (this.enforceAuth(req, res, context)) return;
-          const svc = await resolveService(environmentId);
-          if (!svc) return respond501(res);
-          try {
-            const row = await svc.defineProcess(req.body ?? {}, context ?? {});
-            res.status(201).json(row);
-          } catch (err) {
-            if (handleApprovalError(res, err)) return;
-            throw err;
-          }
-        } catch (error) {
-          logError("[REST] Define approval process error:", error);
-          res.status(500).json({ code: "APPROVAL_PROCESS_DEFINE_FAILED", error: String(error?.message ?? error).slice(0, 500) });
-        }
-      },
-      metadata: { summary: "Define (upsert) an approval process", tags: ["approvals"] }
-    });
-    this.routeManager.register({
-      method: "GET",
-      path: `${dataPath}/approvals/processes/:id`,
-      handler: async (req, res) => {
-        try {
-          const environmentId = isScoped ? req.params?.environmentId : void 0;
-          const context = await this.resolveExecCtx(environmentId, req);
-          if (this.enforceAuth(req, res, context)) return;
-          const svc = await resolveService(environmentId);
-          if (!svc) return respond501(res);
-          const row = await svc.getProcess(req.params.id, context ?? {});
-          if (!row) {
-            res.status(404).json({ code: "PROCESS_NOT_FOUND", error: `Approval process '${req.params.id}' not found` });
-            return;
-          }
-          res.json(row);
-        } catch (error) {
-          logError("[REST] Get approval process error:", error);
-          res.status(500).json({ code: "APPROVAL_PROCESS_GET_FAILED", error: String(error?.message ?? error).slice(0, 500) });
-        }
-      },
-      metadata: { summary: "Get an approval process by id or name", tags: ["approvals"] }
-    });
-    this.routeManager.register({
-      method: "DELETE",
-      path: `${dataPath}/approvals/processes/:id`,
-      handler: async (req, res) => {
-        try {
-          const environmentId = isScoped ? req.params?.environmentId : void 0;
-          const context = await this.resolveExecCtx(environmentId, req);
-          if (this.enforceAuth(req, res, context)) return;
-          const svc = await resolveService(environmentId);
-          if (!svc) return respond501(res);
-          await svc.deleteProcess(req.params.id, context ?? {});
-          res.status(204).end();
-        } catch (error) {
-          logError("[REST] Delete approval process error:", error);
-          res.status(500).json({ code: "APPROVAL_PROCESS_DELETE_FAILED", error: String(error?.message ?? error).slice(0, 500) });
-        }
-      },
-      metadata: { summary: "Delete an approval process", tags: ["approvals"] }
-    });
-    this.routeManager.register({
-      method: "POST",
-      path: `${dataPath}/approvals/requests`,
-      handler: async (req, res) => {
-        try {
-          const environmentId = isScoped ? req.params?.environmentId : void 0;
-          const context = await this.resolveExecCtx(environmentId, req);
-          if (this.enforceAuth(req, res, context)) return;
-          const svc = await resolveService(environmentId);
-          if (!svc) return respond501(res);
-          const body = req.body ?? {};
-          try {
-            const row = await svc.submit({
-              object: body.object,
-              recordId: body.recordId ?? body.record_id,
-              processName: body.processName ?? body.process_name,
-              submitterId: body.submitterId ?? body.submitter_id ?? context?.userId,
-              comment: body.comment,
-              payload: body.payload
-            }, context ?? {});
-            res.status(201).json(row);
-          } catch (err) {
-            if (handleApprovalError(res, err)) return;
-            throw err;
-          }
-        } catch (error) {
-          logError("[REST] Submit approval error:", error);
-          res.status(500).json({ code: "APPROVAL_SUBMIT_FAILED", error: String(error?.message ?? error).slice(0, 500) });
-        }
-      },
-      metadata: { summary: "Submit a record for approval", tags: ["approvals"] }
-    });
     this.routeManager.register({
       method: "GET",
       path: `${dataPath}/approvals/requests`,
@@ -3482,10 +3376,10 @@ var RestServer = class {
       },
       metadata: { summary: "Get an approval request by id", tags: ["approvals"] }
     });
-    const decisionRoute = (suffix, method) => {
+    const decisionRoute = (decision) => {
       this.routeManager.register({
         method: "POST",
-        path: `${dataPath}/approvals/requests/:id/${suffix}`,
+        path: `${dataPath}/approvals/requests/:id/${decision}`,
         handler: async (req, res) => {
           try {
             const environmentId = isScoped ? req.params?.environmentId : void 0;
@@ -3495,7 +3389,8 @@ var RestServer = class {
             if (!svc) return respond501(res);
             const body = req.body ?? {};
             try {
-              const out = await svc[method](req.params.id, {
+              const out = await svc.decide(req.params.id, {
+                decision,
                 actorId: body.actorId ?? body.actor_id ?? context?.userId,
                 comment: body.comment
               }, context ?? {});
@@ -3505,16 +3400,15 @@ var RestServer = class {
               throw err;
             }
           } catch (error) {
-            logError(`[REST] ${suffix} approval error:`, error);
-            res.status(500).json({ code: `APPROVAL_${suffix.toUpperCase()}_FAILED`, error: String(error?.message ?? error).slice(0, 500) });
+            logError(`[REST] ${decision} approval error:`, error);
+            res.status(500).json({ code: `APPROVAL_${decision.toUpperCase()}_FAILED`, error: String(error?.message ?? error).slice(0, 500) });
           }
         },
-        metadata: { summary: `${suffix[0].toUpperCase()}${suffix.slice(1)} an approval request`, tags: ["approvals"] }
+        metadata: { summary: `${decision[0].toUpperCase()}${decision.slice(1)} an approval request`, tags: ["approvals"] }
       });
     };
-    decisionRoute("approve", "approve");
-    decisionRoute("reject", "reject");
-    decisionRoute("recall", "recall");
+    decisionRoute("approve");
+    decisionRoute("reject");
     this.routeManager.register({
       method: "GET",
       path: `${dataPath}/approvals/requests/:id/actions`,
@@ -3787,6 +3681,66 @@ function registerPackageRoutes(server, packageService, basePath = "/api/v1", opt
   });
 }
 
+// src/external-datasource-routes.ts
+function registerExternalDatasourceRoutes(server, ctx, basePath = "/api/v1") {
+  const ext = `${basePath}/datasources/:name/external`;
+  const externalService = () => {
+    try {
+      return ctx.getService("external-datasource");
+    } catch {
+      return void 0;
+    }
+  };
+  const unavailable = (res) => res.status(503).json({ error: "external_service_unavailable" });
+  server.get(`${ext}/tables`, async (req, res) => {
+    const svc = externalService();
+    if (!svc?.listRemoteTables) return unavailable(res);
+    const schema = typeof req.query?.schema === "string" ? req.query.schema : void 0;
+    const tables = await svc.listRemoteTables(req.params.name, { schema });
+    res.json({ tables });
+  });
+  server.post(`${ext}/tables/:remote/draft`, async (req, res) => {
+    const svc = externalService();
+    if (!svc?.generateObjectDraft) return unavailable(res);
+    const draft = await svc.generateObjectDraft(
+      req.params.name,
+      req.params.remote,
+      req.body ?? {}
+    );
+    res.json({ draft });
+  });
+  server.post(`${ext}/tables/:remote/import`, async (req, res) => {
+    const svc = externalService();
+    if (!svc?.importObject) return unavailable(res);
+    try {
+      const result = await svc.importObject(
+        req.params.name,
+        req.params.remote,
+        req.body ?? {}
+      );
+      res.status(201).json({ object: result });
+    } catch (err) {
+      res.status(400).json({
+        error: "external_import_error",
+        message: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  server.post(`${ext}/refresh-catalog`, async (req, res) => {
+    const svc = externalService();
+    if (!svc?.refreshCatalog) return unavailable(res);
+    const catalog = await svc.refreshCatalog(req.params.name);
+    res.json({ catalog });
+  });
+  server.post(`${ext}/validate`, async (req, res) => {
+    const svc = externalService();
+    if (!svc?.validateAll) return unavailable(res);
+    const report = await svc.validateAll();
+    const results = (report.results ?? []).filter((r) => r.datasource === req.params.name);
+    res.json({ ok: results.every((r) => r.ok), results });
+  });
+}
+
 // src/rest-api-plugin.ts
 function createRestApiPlugin(config = {}) {
   return {
@@ -3899,14 +3853,14 @@ function createRestApiPlugin(config = {}) {
         ctx.logger.error("Failed to register REST API routes", { error: err.message });
         throw err;
       }
+      const basePath = config.api?.api?.basePath || "/api";
+      const version = config.api?.api?.version || "v1";
+      const versionedBase = `${basePath}/${version}`;
+      const enableProjectScoping = config.api?.api?.enableProjectScoping ?? false;
+      const projectResolution = config.api?.api?.projectResolution ?? "auto";
       try {
         const packageService = ctx.getService("package");
         if (packageService) {
-          const basePath = config.api?.api?.basePath || "/api";
-          const version = config.api?.api?.version || "v1";
-          const versionedBase = `${basePath}/${version}`;
-          const enableProjectScoping = config.api?.api?.enableProjectScoping ?? false;
-          const projectResolution = config.api?.api?.projectResolution ?? "auto";
           if (enableProjectScoping && projectResolution === "required") {
             registerPackageRoutes(server, packageService, `${versionedBase}/environments/:environmentId`, {
               protocol
@@ -3924,6 +3878,12 @@ function createRestApiPlugin(config = {}) {
       } catch (e) {
         ctx.logger.debug("Package service not available, package routes skipped");
       }
+      try {
+        registerExternalDatasourceRoutes(server, ctx, versionedBase);
+        ctx.logger.info("Datasource federation routes registered");
+      } catch (e) {
+        ctx.logger.warn("Datasource federation routes registration failed", { error: e?.message });
+      }
     }
   };
 }