npm - @objectstack/runtime - Versions diffs - 4.0.4 → 4.1.0 - Mend

@objectstack/runtime 4.0.4 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/README.md +62 -0
package/dist/index.cjs +40646 -2294
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +1588 -6
package/dist/index.d.ts +1588 -6
package/dist/index.js +40671 -2328
package/dist/index.js.map +1 -1
package/package.json +45 -9
package/.turbo/turbo-build.log +0 -22
package/CHANGELOG.md +0 -763
package/src/app-plugin.test.ts +0 -274
package/src/app-plugin.ts +0 -285
package/src/dispatcher-plugin.ts +0 -503
package/src/driver-plugin.ts +0 -76
package/src/http-dispatcher.root.test.ts +0 -73
package/src/http-dispatcher.test.ts +0 -1317
package/src/http-dispatcher.ts +0 -1483
package/src/http-server.ts +0 -142
package/src/index.ts +0 -39
package/src/middleware.ts +0 -222
package/src/runtime.test.ts +0 -65
package/src/runtime.ts +0 -69
package/src/seed-loader.test.ts +0 -1123
package/src/seed-loader.ts +0 -713
package/tsconfig.json +0 -10
package/vitest.config.ts +0 -26

package/dist/index.d.ts CHANGED Viewed

@@ -1,9 +1,13 @@
 import { ObjectKernel, IHttpServer, ObjectKernelConfig, Plugin, PluginContext, RouteHandler, Middleware } from '@objectstack/core';
 export * from '@objectstack/core';
 export { ObjectKernel } from '@objectstack/core';
+import { z } from 'zod';
+import * as Contracts from '@objectstack/spec/contracts';
 import { ISeedLoaderService, IDataEngine, IMetadataService } from '@objectstack/spec/contracts';
-import { SeedLoaderRequest, SeedLoaderResult, ObjectDependencyGraph, Dataset, SeedLoaderConfigInput } from '@objectstack/spec/data';
+import { SeedLoaderRequest, SeedLoaderResult, ObjectDependencyGraph, Dataset, SeedLoaderConfigInput, ExpressionBody, ScriptBody, HookBody, Hook } from '@objectstack/spec/data';
+import { ExecutionContext } from '@objectstack/spec/kernel';
 import { MiddlewareConfig, MiddlewareType } from '@objectstack/spec/system';
+import { ProjectArtifact } from '@objectstack/spec/cloud';
 export { RestApiPluginConfig, RestServer, RouteEntry, RouteGroupBuilder, RouteManager, createRestApiPlugin } from '@objectstack/rest';
 interface RuntimeConfig {
@@ -51,6 +55,75 @@ declare class Runtime {
     getKernel(): ObjectKernel;
 }
+declare const StandaloneStackConfigSchema: z.ZodObject<{
+    databaseUrl: z.ZodOptional<z.ZodString>;
+    databaseAuthToken: z.ZodOptional<z.ZodString>;
+    databaseDriver: z.ZodOptional<z.ZodEnum<{
+        sqlite: "sqlite";
+        turso: "turso";
+        memory: "memory";
+        postgres: "postgres";
+        mongodb: "mongodb";
+    }>>;
+    projectId: z.ZodOptional<z.ZodString>;
+    artifactPath: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+type StandaloneStackConfig = z.input<typeof StandaloneStackConfigSchema>;
+interface StandaloneStackResult {
+    plugins: any[];
+    api: {
+        enableProjectScoping: false;
+        projectResolution: 'none';
+    };
+    /**
+     * Top-level metadata copied from the loaded artifact bundle (when an
+     * artifact was successfully loaded). These are surfaced so callers
+     * that wrap this result as a `defineStack()`-shaped config (e.g. the
+     * CLI's `serve` command without a host `objectstack.config.ts`) can
+     * still drive tier resolution, capability detection and driver
+     * auto-registration off the artifact's declarations.
+     */
+    requires?: string[];
+    objects?: any[];
+    manifest?: any;
+}
+declare function createStandaloneStack(config?: StandaloneStackConfig): Promise<StandaloneStackResult>;
+interface DefaultHostConfigOptions extends StandaloneStackConfig {
+    /**
+     * When true (the default), throws if no artifact source can be
+     * resolved (no explicit `artifactPath`, no `OS_ARTIFACT_PATH` env,
+     * and `<cwd>/dist/objectstack.json` does not exist).
+     *
+     * Set to false to allow booting an empty kernel — useful for tests
+     * that want to assemble plugins manually after the stack is built.
+     */
+    requireArtifact?: boolean;
+}
+type DefaultHostConfigResult = StandaloneStackResult;
+/**
+ * Resolve the artifact source for a default-host boot.
+ *
+ * Returns the explicit override, then `OS_ARTIFACT_PATH`, then the
+ * canonical `<cwd>/dist/objectstack.json` if it exists on disk.
+ * Returns `undefined` if none of these are available.
+ *
+ * URLs (`http(s)://`) are returned as-is — they are validated lazily by
+ * the loader, since we cannot stat a remote resource cheaply.
+ */
+declare function resolveDefaultArtifactPath(explicitPath?: string, cwd?: string): string | undefined;
+/**
+ * Build a `defineStack()`-shaped config from an `objectstack build`
+ * artifact, with no `objectstack.config.ts` required.
+ *
+ * @example
+ *   // packages/cli/src/commands/serve.ts
+ *   if (!fs.existsSync(absolutePath)) {
+ *       config = await createDefaultHostConfig();
+ *   }
+ */
+declare function createDefaultHostConfig(options?: DefaultHostConfigOptions): Promise<DefaultHostConfigResult>;
 /**
  * Driver Plugin
  *
@@ -65,16 +138,45 @@ declare class Runtime {
  * const driverPlugin = new DriverPlugin(memoryDriver, 'memory');
  * kernel.use(driverPlugin);
  */
+interface DriverPluginOptions {
+    /**
+     * If set, registers a named datasource so packages declaring
+     * `defaultDatasource: '<name>'` resolve to this driver.
+     */
+    datasourceName?: string;
+    /**
+     * If `true` (default), registers this driver as the `default` datasource
+     * when none exists. Set to `false` for proxy drivers (e.g. cloud proxy)
+     * that should never become the default.
+     */
+    registerAsDefault?: boolean;
+}
 declare class DriverPlugin implements Plugin {
     name: string;
     type: string;
     version: string;
     private driver;
-    constructor(driver: any, driverName?: string);
+    private options;
+    constructor(driver: any, driverNameOrOptions?: string | DriverPluginOptions, options?: DriverPluginOptions);
     init: (ctx: PluginContext) => Promise<void>;
     start: (ctx: PluginContext) => Promise<void>;
 }
+/**
+ * Optional per-project context attached when AppPlugin is instantiated by the
+ * project kernel factory. Required for the `app:registered` / `app:unregistered`
+ * hooks that drive the org-scoped `sys_app` catalog. Standalone (single-tenant)
+ * usages may omit this — no catalog hooks are emitted in that case.
+ */
+interface AppPluginProjectContext {
+    projectId: string;
+    organizationId: string;
+    projectName?: string;
+    /** When the app comes from a package installation, the source package id. */
+    packageId?: string;
+    /** Defaults to 'package' when packageId is set, otherwise 'user'. */
+    source?: 'package' | 'user';
+}
 /**
  * AppPlugin
  *
@@ -90,9 +192,18 @@ declare class AppPlugin implements Plugin {
     type: string;
     version?: string;
     private bundle;
-    constructor(bundle: any);
+    private projectContext?;
+    constructor(bundle: any, projectContext?: AppPluginProjectContext);
     init: (ctx: PluginContext) => Promise<void>;
     start: (ctx: PluginContext) => Promise<void>;
+    stop: (ctx: PluginContext) => Promise<void>;
+    /**
+     * Emit a kernel hook so the control-plane `AppCatalogService` can
+     * upsert / delete the corresponding `sys_app` row. Silently no-ops
+     * when no project context is attached (standalone single-tenant mode)
+     * or when the kernel has no `trigger` API available.
+     */
+    private emitCatalogEvent;
     /**
      * Auto-load i18n translation bundles from the app config into the
      * kernel's i18n service. Handles both `translations` (array of
@@ -103,6 +214,34 @@ declare class AppPlugin implements Plugin {
      */
     private loadTranslations;
 }
+/** Collect declarative `Hook` definitions from a bundle (top-level + manifest). */
+declare function collectBundleHooks(bundle: any): any[];
+/**
+ * Collect declarative actions from the bundle. Walks both root-level
+ * `actions[]` and per-object `objects[*].actions[]`, attaching the parent
+ * object name where applicable so `engine.registerAction(object, name, ...)`
+ * sees the correct routing key.
+ *
+ * Each returned record is a shallow copy with `object` set when the action
+ * originated under an object (and not already present on the action itself).
+ */
+declare function collectBundleActions(bundle: any): Array<{
+    name: string;
+    object?: string;
+    body?: unknown;
+    type?: string;
+    [k: string]: unknown;
+}>;
+/**
+ * Collect a name → handler map from `bundle.functions`. Accepted shapes:
+ *
+ *   - `{ functions: { foo: fn, bar: fn } }`           ← preferred map form
+ *   - `{ functions: [{ name: 'foo', handler: fn }] }` ← array of records
+ *
+ * String-named hook handlers (`Hook.handler: 'foo'`) are resolved against
+ * this map (and the engine's persistent function registry).
+ */
+declare function collectBundleFunctions(bundle: any): Record<string, (ctx: any) => any>;
 interface Logger {
     info(message: string, meta?: Record<string, any>): void;
@@ -132,6 +271,14 @@ declare class SeedLoaderService implements ISeedLoaderService {
     private loadDataset;
     private resolveFromDatabase;
     private resolveDeferredUpdates;
+    /**
+     * Seed writes always run as a privileged system context. This bypasses
+     * RBAC checks (so seeds can target system tables like `sys_*`) and
+     * disables the SecurityPlugin's auto-injection of `organization_id` /
+     * `owner_id` — seeds either declare those fields explicitly per
+     * record, or are intentionally cross-tenant / global.
+     */
+    private static readonly SEED_OPTIONS;
     private writeRecord;
     /**
      * Kahn's algorithm for topological sort with cycle detection.
@@ -148,12 +295,408 @@ declare class SeedLoaderService implements ISeedLoaderService {
     private buildResult;
 }
+/**
+ * Security response headers builder.
+ *
+ * Returns the conservative defaults every production API server should
+ * send on every response. Designed to be merged with route-specific
+ * headers by the dispatcher (`sendResult`) so all adapters (Hono,
+ * Fastify, Express, Next.js, …) get them uniformly without each one
+ * re-implementing helmet.
+ *
+ * What we DO opinionate:
+ *   - Content-Security-Policy (api-default: deny everything but self)
+ *   - Strict-Transport-Security (HSTS, prod-only — TLS is the caller's
+ *     responsibility; we just emit the header)
+ *   - X-Content-Type-Options: nosniff
+ *   - X-Frame-Options: DENY (anti clickjacking)
+ *   - Referrer-Policy: no-referrer
+ *   - Permissions-Policy: geolocation=(), camera=(), microphone=()
+ *   - Cross-Origin-Resource-Policy: same-origin
+ *
+ * What we DON'T opinionate:
+ *   - X-XSS-Protection (deprecated)
+ *   - CORS — that's an app concern, configure separately
+ *   - CSP for HTML pages — set a different CSP at the SPA host
+ *
+ * Every header can be overridden or disabled by config.
+ */
+interface SecurityHeadersOptions {
+    /**
+     * Enable HSTS. Set to `true` in production behind TLS. When `false`
+     * the Strict-Transport-Security header is omitted.
+     * @default false
+     */
+    hsts?: boolean | {
+        /** Max-age in seconds. @default 15552000 (180 days) */
+        maxAge?: number;
+        includeSubDomains?: boolean;
+        preload?: boolean;
+    };
+    /**
+     * Override the Content-Security-Policy header. Pass `false` to omit.
+     * @default "default-src 'none'; frame-ancestors 'none'"
+     */
+    contentSecurityPolicy?: string | false;
+    /**
+     * Override X-Frame-Options. @default 'DENY'
+     */
+    frameOptions?: 'DENY' | 'SAMEORIGIN' | false;
+    /**
+     * Override Referrer-Policy. @default 'no-referrer'
+     */
+    referrerPolicy?: string | false;
+    /**
+     * Override Permissions-Policy. Pass `false` to omit.
+     * @default 'geolocation=(), camera=(), microphone=(), payment=()'
+     */
+    permissionsPolicy?: string | false;
+    /**
+     * Override Cross-Origin-Resource-Policy. @default 'same-origin'
+     */
+    corp?: 'same-origin' | 'same-site' | 'cross-origin' | false;
+    /**
+     * Free-form extra headers merged last.
+     */
+    extra?: Record<string, string>;
+}
+/**
+ * Build a header map ready to be `Object.assign`'d into a response.
+ * Idempotent and synchronous — safe to call per-request.
+ */
+declare function buildSecurityHeaders(opts?: SecurityHeadersOptions): Record<string, string>;
+/**
+ * In-memory token-bucket rate limiter.
+ *
+ * Designed to be adapter-agnostic — the dispatcher calls `consume(key)`
+ * with a request fingerprint (IP, IP+route bucket, or user id) and
+ * short-circuits with 429 if the bucket is empty.
+ *
+ * For production multi-instance deploys, swap the in-memory store via
+ * `RateLimitStore`. The shape is intentionally narrow so a Redis-backed
+ * implementation is straightforward.
+ */
+interface RateLimitDecision {
+    allowed: boolean;
+    /** Remaining tokens in the bucket after this consume. */
+    remaining: number;
+    /** Wall-clock ms until next token is available (when not allowed). */
+    retryAfterMs: number;
+    /** UNIX ms when the limit window resets. */
+    resetAt: number;
+}
+interface RateLimitBucketConfig {
+    /** Max tokens (bucket capacity). */
+    capacity: number;
+    /** Tokens added per second. */
+    refillPerSec: number;
+    /** Optional cost override for the consume operation. @default 1 */
+    defaultCost?: number;
+}
+interface BucketState {
+    tokens: number;
+    /** Last refill timestamp (ms). */
+    lastRefill: number;
+}
+/**
+ * Storage interface — swap for Redis/Memcached in clustered deploys.
+ * Implementations MUST be safe under concurrent access.
+ */
+interface RateLimitStore {
+    get(key: string): BucketState | undefined;
+    set(key: string, state: BucketState): void;
+    /** Cleanup hint — implementations may evict idle entries. */
+    prune?(olderThanMs: number): void;
+}
+declare class RateLimiter {
+    private config;
+    private store;
+    private now;
+    constructor(config: RateLimitBucketConfig, opts?: {
+        store?: RateLimitStore;
+        now?: () => number;
+    });
+    /**
+     * Attempt to consume `cost` tokens for `key`. Returns a decision
+     * describing whether the request should proceed and, if not, how
+     * long the caller should wait before retrying.
+     */
+    consume(key: string, cost?: number): RateLimitDecision;
+    /** Force-reset a key (e.g. after a successful auth flow). */
+    reset(key: string): void;
+}
+/**
+ * Curated default buckets for the three traffic classes ObjectStack
+ * dispatches. Conservative — tune via `DispatcherPluginConfig.rateLimit`
+ * for your deployment.
+ *
+ *   - auth: 10 req / minute / IP — guards /auth/* against credential
+ *     stuffing and password-spray.
+ *   - write: 60 req / minute / IP — POST/PUT/PATCH/DELETE.
+ *   - read:  600 req / minute / IP — GET, including discovery and
+ *     metadata.
+ *
+ * "Per-IP" is just the suggested key shape; the dispatcher constructs
+ * the key from `${ip}:${bucket}` so a single noisy IP can saturate
+ * one bucket without blocking the others.
+ */
+interface RateLimitDefaults {
+    auth: RateLimitBucketConfig;
+    write: RateLimitBucketConfig;
+    read: RateLimitBucketConfig;
+}
+declare const DEFAULT_RATE_LIMITS: RateLimitDefaults;
+/**
+ * Extract a request id from incoming headers, validating shape. If
+ * the header is missing or malformed, returns `undefined` and the
+ * caller should mint one via {@link generateRequestId}.
+ *
+ * Header lookup is case-insensitive — adapters normalize differently.
+ */
+declare function extractRequestId(headers: unknown): string | undefined;
+/**
+ * Mint a fresh request id. Uses `crypto.randomUUID()` when available
+ * (Node 16+, modern browsers, edge runtimes); falls back to a
+ * timestamp+random suffix otherwise so the function is universally
+ * callable.
+ *
+ * Format is `req_<hex>`; the prefix makes it obvious in logs that the
+ * id was minted by this layer (vs. propagated from a client).
+ */
+declare function generateRequestId(): string;
+/**
+ * Return the incoming request id if valid, otherwise mint one.
+ */
+declare function resolveRequestId(headers: unknown, generate?: () => string): string;
+/**
+ * Parsed W3C Trace Context. `sampled` reflects the lowest flag bit.
+ */
+interface TraceContext {
+    traceId: string;
+    spanId: string;
+    sampled: boolean;
+}
+/**
+ * Parse a `traceparent` header value into its W3C fields. Returns
+ * `undefined` for malformed input, the all-zero trace/span ids
+ * (spec-mandated invalid), or unknown versions.
+ */
+declare function parseTraceparent(value: unknown): TraceContext | undefined;
+/**
+ * Build the response header equivalent so downstream services
+ * continue the trace.
+ */
+declare function formatTraceparent(ctx: TraceContext): string;
+/**
+ * Metrics registry contract.
+ *
+ * The runtime emits metrics via this interface so the host application
+ * can plug in whatever metrics backend it wants (Prometheus via
+ * `prom-client`, OTel via `@opentelemetry/api-metrics`, StatsD,
+ * CloudWatch, etc.) without the framework taking a hard dep on any of
+ * them.
+ *
+ * Naming follows Prometheus conventions:
+ *   - snake_case names
+ *   - unit suffix (`_ms`, `_seconds`, `_bytes`, `_total` for counters)
+ *
+ * Labels are arbitrary string maps; backends should map them to their
+ * native label/tag concept. Keep cardinality low — never label by raw
+ * url path or user id.
+ *
+ * All methods are fire-and-forget; implementations MUST NOT throw on
+ * the hot path. Use {@link NoopMetricsRegistry} when metrics are
+ * disabled.
+ */
+interface MetricsRegistry {
+    /** Monotonic counter. `value` defaults to 1. */
+    counter(name: string, labels?: Record<string, string>, value?: number): void;
+    /** Histogram / timing in arbitrary units (typically ms). */
+    histogram(name: string, value: number, labels?: Record<string, string>): void;
+    /** Point-in-time gauge. */
+    gauge(name: string, value: number, labels?: Record<string, string>): void;
+}
+/**
+ * No-op metrics registry — the default. Discards every observation.
+ * Production deployments should swap this for a real registry; tests
+ * can use {@link InMemoryMetricsRegistry} to assert emissions.
+ */
+declare class NoopMetricsRegistry implements MetricsRegistry {
+    counter(): void;
+    histogram(): void;
+    gauge(): void;
+}
+/** Recorded metric sample (in-memory registry). */
+interface MetricSample {
+    name: string;
+    kind: 'counter' | 'histogram' | 'gauge';
+    value: number;
+    labels: Record<string, string>;
+    /** Wall-clock timestamp; useful for ordering assertions in tests. */
+    at: number;
+}
+/**
+ * In-memory registry used for tests and local inspection. Stores
+ * every observation in insertion order; query via the helpers below
+ * or read {@link samples} directly.
+ *
+ * Not intended for production — unbounded growth.
+ */
+declare class InMemoryMetricsRegistry implements MetricsRegistry {
+    readonly samples: MetricSample[];
+    counter(name: string, labels?: Record<string, string>, value?: number): void;
+    histogram(name: string, value: number, labels?: Record<string, string>): void;
+    gauge(name: string, value: number, labels?: Record<string, string>): void;
+    /**
+     * Sum of all counter increments matching `name` (and optionally a
+     * label subset). Useful in tests: `metrics.totalCounter('http_requests_total', { status: '500' })`.
+     */
+    totalCounter(name: string, labelMatch?: Record<string, string>): number;
+    /**
+     * All histogram observations matching `name` (and optionally a
+     * label subset), as raw values.
+     */
+    histogramValues(name: string, labelMatch?: Record<string, string>): number[];
+    /** Clear all recorded samples. */
+    reset(): void;
+}
+/**
+ * Canonical metric names emitted by the runtime. Hosts may rely on
+ * these (e.g., to wire alerts) so they are listed here for reference
+ * rather than being string literals scattered through call sites.
+ */
+declare const RUNTIME_METRICS: {
+    /** Counter, labels: method, route, status. */
+    readonly httpRequestsTotal: "http_requests_total";
+    /** Histogram (ms), labels: method, route. */
+    readonly httpRequestDurationMs: "http_request_duration_ms";
+    /** Counter, labels: method, route. Incremented when an in-flight handler throws (after the response is sent). */
+    readonly httpRequestErrorsTotal: "http_request_errors_total";
+};
+/**
+ * Error reporter contract.
+ *
+ * Production deployments wire this to Sentry, Datadog APM, Rollbar,
+ * etc. The runtime calls {@link ErrorReporter.captureException} when a
+ * route handler results in a 5xx response so the host's APM gets the
+ * stack trace without each plugin/route needing to import the SDK.
+ *
+ * Implementations MUST NOT throw — error reporting failures should be
+ * swallowed (or at most logged) so the original error reaches the
+ * client unmolested.
+ *
+ * 4xx responses are intentionally NOT captured here. Client errors
+ * (validation failures, auth, not-found) flood APM systems with noise
+ * and obscure real bugs. If a deployment wants to track them, do it
+ * via the metrics counter (`http_requests_total{status="4xx"}`),
+ * not error reporting.
+ */
+interface ErrorReporter {
+    /**
+     * Capture a thrown error with optional context. Context typically
+     * includes `requestId`, `method`, `route`, `userId`, `orgId`.
+     *
+     * The reporter is responsible for redacting sensitive fields from
+     * `context` (the runtime does not know what is sensitive in the
+     * caller's deployment).
+     */
+    captureException(error: unknown, context?: Record<string, unknown>): void;
+}
+/** No-op reporter — the default. */
+declare class NoopErrorReporter implements ErrorReporter {
+    captureException(): void;
+}
+/** Recorded report (in-memory reporter). */
+interface CapturedError {
+    error: unknown;
+    context: Record<string, unknown>;
+    at: number;
+}
+/**
+ * In-memory reporter used in tests to assert that error capture was
+ * (or was not) invoked for a given request.
+ */
+declare class InMemoryErrorReporter implements ErrorReporter {
+    readonly captured: CapturedError[];
+    captureException(error: unknown, context?: Record<string, unknown>): void;
+    reset(): void;
+}
 interface DispatcherPluginConfig {
     /**
      * API path prefix for all endpoints.
      * @default '/api/v1'
      */
     prefix?: string;
+    /**
+     * Project-scoping configuration. Must match the REST API
+     * `enableProjectScoping` / `projectResolution` fields so AI / automation
+     * routes stay in lockstep with /data and /meta.
+     *
+     * When `enableProjectScoping` is true and `projectResolution` is:
+     *   - `required` — only `/projects/:projectId/...` variants are registered.
+     *   - `optional` / `auto` — both unscoped and scoped variants are registered
+     *     (the scoped handler forwards `req.params.projectId` into context).
+     */
+    scoping?: {
+        enableProjectScoping?: boolean;
+        projectResolution?: 'required' | 'optional' | 'auto';
+    };
+    /**
+     * Enforce per-project membership (`sys_project_member`) on scoped
+     * data-plane routes. Returns 403 for non-members unless they are
+     * staff (platform org) or the project is the well-known system
+     * project.
+     *
+     * Defaults to `true` when `scoping.enableProjectScoping` is enabled;
+     * explicitly set to `false` for tests and single-tenant deployments
+     * where membership has not been seeded.
+     */
+    enforceProjectMembership?: boolean;
+    /**
+     * Security response headers. When provided, every response routed
+     * through this plugin gets the headers merged in (route-specific
+     * headers still win on conflict).
+     *
+     * Pass `false` to disable. Pass `true` (or omit) to enable with
+     * conservative API-server defaults (CSP=deny-all, XCTO=nosniff,
+     * X-Frame-Options=DENY, etc.). Pass an object to customize — see
+     * {@link SecurityHeadersOptions}.
+     *
+     * @default true
+     */
+    securityHeaders?: boolean | SecurityHeadersOptions;
+    /**
+     * Observability wiring. All fields optional; defaults are noop
+     * (zero overhead, no behavior change).
+     *
+     *   - `metrics`: registry receiving `http_requests_total`,
+     *     `http_request_duration_ms`, `http_request_errors_total` for
+     *     every route this plugin mounts. Plug in `prom-client` /
+     *     `@opentelemetry/api-metrics` / your own adapter.
+     *
+     *   - `errorReporter`: invoked on 5xx responses with the thrown
+     *     error and `{ requestId, method, route }`. Plug in Sentry /
+     *     Datadog / Rollbar.
+     *
+     *   - `generateRequestId`: customize the format of minted request
+     *     ids (default: `req_<uuid>` via `crypto.randomUUID`). The
+     *     incoming `X-Request-Id` header is honored when present and
+     *     well-formed, regardless of this setting.
+     *
+     *   - `requestIdHeader`: response header name to echo the id back
+     *     on. Defaults to `X-Request-Id`.
+     */
+    observability?: {
+        metrics?: MetricsRegistry;
+        errorReporter?: ErrorReporter;
+        generateRequestId?: () => string;
+        requestIdHeader?: string;
+    };
 }
 /**
  * Dispatcher Plugin
@@ -177,6 +720,44 @@ interface DispatcherPluginConfig {
  */
 declare function createDispatcherPlugin(config?: DispatcherPluginConfig): Plugin;
+/**
+ * The well-known UUID for the built-in system project.
+ * Kept in lockstep with `ProjectProvisioningService.provisionSystemProject`.
+ */
+declare const SYSTEM_PROJECT_ID = "00000000-0000-0000-0000-000000000001";
+interface SystemProjectPluginConfig {
+    /**
+     * Service name that resolves to a `ProjectProvisioningService`-shaped
+     * object. Defaults to `tenant.provisioning` (convention used by
+     * `@objectstack/service-tenant`).
+     */
+    serviceName?: string;
+    /**
+     * When true, plugin treats a missing provisioning service as an error.
+     * Defaults to false — bootstrap is opt-in and must no-op gracefully when
+     * the tenant package is not part of the stack.
+     */
+    strict?: boolean;
+}
+/**
+ * System Project Bootstrap Plugin
+ *
+ * Ensures the built-in system project (well-known UUID
+ * {@link SYSTEM_PROJECT_ID}) exists on the control plane the first time the
+ * runtime starts. Calls are idempotent — `provisionSystemProject()` returns
+ * the existing row when the project has already been created.
+ *
+ * Register AFTER the tenant service is available so the provisioning service
+ * can be resolved from the kernel.
+ *
+ * @example
+ * ```ts
+ * kernel.use(tenantPlugin);
+ * kernel.use(createSystemProjectPlugin());
+ * ```
+ */
+declare function createSystemProjectPlugin(config?: SystemProjectPluginConfig): Plugin;
 /**
  * HttpServer - Unified HTTP Server Abstraction
  *
@@ -261,9 +842,89 @@ declare class HttpServer implements IHttpServer {
     getMiddlewares(): Middleware[];
 }
+/**
+ * Factory contract for instantiating a per-project {@link ObjectKernel}.
+ *
+ * Given a `projectId`, the factory is expected to:
+ * 1. Read control-plane metadata (`sys_project` + credentials + subscribed packages).
+ * 2. Construct a fresh `ObjectKernel` with project-scoped driver + plugins + Apps.
+ * 3. Return a **bootstrapped** kernel ready to serve requests.
+ */
+interface ProjectKernelFactory {
+    create(projectId: string): Promise<ObjectKernel>;
+}
+interface KernelManagerConfig {
+    factory: ProjectKernelFactory;
+    /** Maximum number of kernels to keep resident. Defaults to 32. */
+    maxSize?: number;
+    /**
+     * Time-to-live (ms). Kernels idle longer than this are evicted on next
+     * access. `0` disables TTL expiry. Defaults to 15 minutes.
+     */
+    ttlMs?: number;
+    /**
+     * Optional logger (duck-typed). Falls back to `console` when omitted.
+     */
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+}
+/**
+ * LRU + TTL cache of per-project {@link ObjectKernel} instances.
+ *
+ * Implements ADR-0003 multi-kernel scheduling: each project gets an
+ * isolated kernel (App/plugin/metadata namespaces) that is lazily built
+ * on first request and evicted under memory / idle pressure. Concurrent
+ * `getOrCreate()` calls for the same projectId share a single in-flight
+ * factory invocation (singleflight).
+ */
+declare class KernelManager {
+    private readonly factory;
+    private readonly maxSize;
+    private readonly ttlMs;
+    private readonly logger;
+    private readonly cache;
+    private readonly pending;
+    constructor(config: KernelManagerConfig);
+    /** Returns the currently cached projectIds (ordered by insertion). */
+    keys(): string[];
+    /** Cache size for diagnostics. */
+    get size(): number;
+    /**
+     * Resolve or construct the kernel for `projectId`.
+     *
+     * - Cache hit (fresh): bumps `lastAccess` and returns immediately.
+     * - Cache hit (TTL expired): evicts then falls through to factory.
+     * - Cache miss: dedupes concurrent callers through `pending`.
+     */
+    getOrCreate(projectId: string): Promise<ObjectKernel>;
+    /**
+     * Evict the kernel for `projectId` and invoke `kernel.shutdown()`.
+     * No-op when the entry is absent.
+     */
+    evict(projectId: string): Promise<void>;
+    /** Evict all resident kernels. Used on runtime shutdown. */
+    evictAll(): Promise<void>;
+    private enforceMaxSize;
+}
+/** Minimal local interface — full ProjectScopeManager was removed in Phase R. */
+interface ProjectScopeManager {
+    touch(projectId: string): void;
+}
 interface HttpProtocolContext {
     request: any;
     response?: any;
+    projectId?: string;
+    dataDriver?: any;
+    /**
+     * Identity envelope resolved by `resolveExecutionContext` and threaded
+     * into every ObjectQL call so the SecurityPlugin middleware can apply
+     * RBAC/RLS/FLS. Optional — anonymous requests carry an empty context.
+     */
+    executionContext?: ExecutionContext;
 }
 interface HttpDispatcherResult {
     handled: boolean;
@@ -274,6 +935,27 @@ interface HttpDispatcherResult {
     };
     result?: any;
 }
+/**
+ * Optional configuration passed to the dispatcher constructor. Supports the
+ * legacy `enforceProjectMembership` toggle plus the new multi-kernel
+ * scheduling hook required by ADR-0003's cloud runtime mode.
+ */
+interface HttpDispatcherOptions {
+    enforceProjectMembership?: boolean;
+    /**
+     * Optional {@link KernelManager}. When present, the dispatcher resolves
+     * `context.projectId` first and then routes the request against the
+     * project's dedicated kernel via `kernelManager.getOrCreate(projectId)`.
+     * Requests that fail to resolve a projectId fall through to the
+     * constructor-supplied kernel (self-hosted / legacy behavior).
+     */
+    kernelManager?: KernelManager;
+    /**
+     * Optional {@link ProjectScopeManager}. When present, `touch(projectId)` is
+     * called on every scoped request so idle projects are evicted after TTL.
+     */
+    scopeManager?: ProjectScopeManager;
+}
 /**
  * @deprecated Use `createDispatcherPlugin()` from `@objectstack/runtime` instead.
  * This class will be removed in v2. Prefer the plugin-based approach:
@@ -284,7 +966,33 @@ interface HttpDispatcherResult {
  */
 declare class HttpDispatcher {
     private kernel;
-    constructor(kernel: ObjectKernel);
+    private defaultKernel;
+    private envRegistry?;
+    private defaultProject?;
+    private kernelManager?;
+    private scopeManager?;
+    /**
+     * When `true`, scoped data-plane routes enforce a
+     * `sys_project_member` lookup and return 403 for non-members.
+     * Defaults to `true` when a projectId is resolvable — legacy callers
+     * can opt out via the third constructor argument (see
+     * `DispatcherConfig.enforceProjectMembership`).
+     */
+    private enforceMembership;
+    /**
+     * In-memory cache of positive membership checks, keyed by
+     * `${projectId}:${userId}`. Entries expire 60 seconds after insertion
+     * — a short TTL is acceptable because a user whose access was just
+     * revoked sees stale access for at most one minute.
+     */
+    private membershipCache;
+    private static readonly MEMBERSHIP_CACHE_TTL_MS;
+    /** Well-known system project id — bypassed for any authenticated user. */
+    private static readonly SYSTEM_PROJECT_ID;
+    /** Well-known platform org id — members bypass project membership. */
+    private static readonly PLATFORM_ORG_ID;
+    constructor(kernel: ObjectKernel, envRegistry?: any, options?: HttpDispatcherOptions);
+    private resolveDefaultProject;
     private success;
     private error;
     /**
@@ -294,8 +1002,55 @@ declare class HttpDispatcher {
     /**
      * Direct data service dispatch — replaces broker.call('data.*').
      * Tries protocol service first (supports expand/populate), falls back to ObjectQL.
+     *
+     * @param dataDriver - Optional environment-scoped driver to use instead of kernel default
+     * @param scopeId - Optional project ID for scoped service resolution (SharedProjectPlugin mode)
      */
     private callData;
+    /**
+     * Parse a project UUID out of a scoped URL path such as
+     * `/api/v1/projects/abc-123/data/task` or `/projects/abc-123/meta`.
+     * Returns `undefined` when the path does not match the scoped pattern.
+     */
+    private extractProjectIdFromPath;
+    /**
+     * Resolve environment context for incoming request.
+     *
+     * Precedence:
+     * 0. URL path matches `/projects/:projectId/...` OR request.params.projectId set by router
+     *    → envRegistry.resolveById(id)
+     * 1. request.headers.host → envRegistry.resolveByHostname(host)
+     * 2. request.headers['x-project-id'] → envRegistry.resolveById(id)
+     * 3. session.activeEnvironmentId → envRegistry.resolveById(id)
+     * 4. session.activeOrganizationId → find default project → envRegistry.resolveById(id)
+     * 5. single-project default (registered by `createSingleProjectPlugin`)
+     *    → envRegistry.resolveById(defaultProject.projectId). Lets bare
+     *    `/api/v1/data/...` URLs resolve to the lone project in
+     *    `cloudUrl: 'local'` deployments.
+     *
+     * Skip for paths: /auth, /cloud, /health, /discovery (NOT /meta when scoped,
+     * so project-scoped meta routes can resolve their project).
+     */
+    private resolveEnvironmentContext;
+    /**
+     * Check whether the authenticated user is a member of
+     * `context.projectId`. Runs after {@link resolveEnvironmentContext}
+     * and is a no-op when:
+     *
+     *   - Membership enforcement is disabled via the constructor.
+     *   - The route is control-plane (`/auth/*`, `/cloud/*`, `/health`,
+     *     `/discovery`) — already skipped upstream.
+     *   - No `projectId` was resolved (e.g. unscoped legacy routes).
+     *   - The project is the well-known system project (bypassed so any
+     *     authenticated user can read platform metadata).
+     *   - The user's active organization is the platform org (staff).
+     *
+     * Positive results are cached for 60 seconds to avoid hitting the
+     * control-plane on every request. A failed check returns a 403
+     * response object that callers should surface directly — no further
+     * dispatch happens.
+     */
+    private enforceProjectMembership;
     /**
      * Generates the discovery JSON response for the API root.
      *
@@ -615,6 +1370,62 @@ declare class HttpDispatcher {
      * Uses ObjectQL SchemaRegistry directly (via the 'objectql' service).
      */
     handlePackages(path: string, method: string, body: any, query: any, _context: HttpProtocolContext): Promise<HttpDispatcherResult>;
+    /**
+     * Cloud / Environment Control-Plane routes.
+     *
+     *  - GET    /cloud/drivers                                 → list registered ObjectQL drivers (for env provisioning)
+     *  - GET    /cloud/projects                            → list
+     *  - POST   /cloud/projects                            → provision (driver: memory | turso | <any registered driver>)
+     *  - GET    /cloud/projects/:id                        → detail (+ db, credential, membership)
+     *  - PATCH  /cloud/projects/:id                        → update displayName / plan / status / isDefault / metadata
+     *  - DELETE /cloud/projects/:id[?force=1]              → cascade-delete the project (cred/member/package install rows + physical DB)
+     *  - DELETE /cloud/organizations/:id                   → cascade-delete every project (and its DB) for the org, then drop the org
+     *  - POST   /cloud/projects/:id/retry                  → re-run provisioning for a failed environment
+     *  - POST   /cloud/projects/:id/activate               → mark as active for session (stub)
+     *  - POST   /cloud/projects/:id/credentials/rotate     → rotate credential
+     *  - GET    /cloud/projects/:id/members                → list members
+     *  - GET    /cloud/projects/:id/packages               → list installed packages
+     *  - POST   /cloud/projects/:id/packages               → install package into env
+     *  - GET    /cloud/projects/:id/packages/:pkgId        → get installation detail
+     *  - PATCH  /cloud/projects/:id/packages/:pkgId/enable  → enable package
+     *  - PATCH  /cloud/projects/:id/packages/:pkgId/disable → disable package
+     *  - DELETE /cloud/projects/:id/packages/:pkgId        → uninstall (scope=platform forbidden)
+     *  - POST   /cloud/projects/:id/packages/:pkgId/upgrade → upgrade to newer version
+     *
+     * Driver binding
+     * --------------
+     * Environments are not tied to any specific driver. At provisioning time the
+     * caller passes `driver` (a short name such as `memory`, `turso`, or any
+     * future `sql` / `postgres` driver). The dispatcher validates the name
+     * against the kernel's registered driver services (`driver.<name>`) and
+     * derives an appropriate placeholder `database_url` for the chosen driver.
+     * If `driver` is omitted, the dispatcher auto-selects the first available
+     * in preference order: turso → memory → any other registered driver.
+     *
+     * Backed by ObjectQL sys_project / sys_project_credential /
+     * sys_project_member tables (registered by
+     * `@objectstack/service-tenant`'s `createTenantPlugin`).
+     * Physical database addressing (database_url, database_driver, etc.)
+     * is stored directly on the sys_project row.
+     */
+    /**
+     * Resolve the calling user id from the request session, if any.
+     * Returns `undefined` for anonymous calls or when auth is not wired up.
+     */
+    private resolveActiveOrganizationId;
+    private resolveCallerUserId;
+    handleCloud(path: string, method: string, body: any, query: any, _context: HttpProtocolContext): Promise<HttpDispatcherResult>;
+    /**
+     * Cascade-delete a project: cred / member / package_installation rows,
+     * then the physical database via the provisioning adapter, then the
+     * `sys_project` row itself. Used by both `DELETE /cloud/projects/:id`
+     * and the org-cascade in `DELETE /cloud/organizations/:id`.
+     *
+     * Idempotent and best-effort: missing rows / unreachable adapters
+     * become warnings rather than hard failures, so a half-provisioned
+     * project can still be cleaned out.
+     */
+    private deleteProjectCascade;
     /**
      * Handles Storage requests
      * path: sub-path after /storage/
@@ -645,8 +1456,11 @@ declare class HttpDispatcher {
     private getService;
     /**
      * Resolve any service by name, supporting async factories.
-     * Fallback chain: getServiceAsync → getService (sync) → context.getService → services map.
+     * Fallback chain: getServiceAsync(scopeId) → getServiceAsync → getService (sync) → context.getService → services map.
      * Only returns when a non-null service is found; otherwise falls through to the next step.
+     *
+     * When `scopeId` is provided, tries the SCOPED factory on `defaultKernel` first (SharedProjectPlugin
+     * mode). Falls back to the current `kernel` for singleton / legacy services.
      */
     private resolveService;
     /**
@@ -654,6 +1468,24 @@ declare class HttpDispatcher {
      * Tries multiple access patterns since kernel structure varies.
      */
     private getObjectQLService;
+    /**
+     * Handle action invocation routes (`/actions/...`).
+     *
+     * Dispatches a named, server-registered action handler (registered via
+     * `engine.registerAction(objectName, actionName, handler)`) over HTTP.
+     * Three URL shapes are accepted to keep the client contract flexible:
+     *
+     *  - `POST /actions/:object/:action`              — record-scoped action
+     *  - `POST /actions/:object/:action/:recordId`    — record-scoped action with id in URL
+     *  - `POST /actions/global/:action`               — wildcard ("*") action
+     *
+     * Body shape: `{ recordId?: string, params?: Record<string, unknown> }`.
+     * The handler is invoked with an `ActionContext` of:
+     *   `{ record, user, engine, params }`
+     * where `engine` exposes the slimmed CRUD surface used by CRM handlers
+     * (`insert`, `update`, `delete`, `find`).
+     */
+    handleActions(path: string, method: string, body: any, _context: HttpProtocolContext): Promise<HttpDispatcherResult>;
     /**
      * Handle AI service routes (/ai/chat, /ai/models, /ai/conversations, etc.)
      * Resolves the AI service and its built-in route handlers, then dispatches.
@@ -779,4 +1611,754 @@ declare class MiddlewareManager {
     createCompositeMiddleware(): Middleware;
 }
-export { AppPlugin, type DispatcherPluginConfig, DriverPlugin, HttpDispatcher, type HttpDispatcherResult, type HttpProtocolContext, HttpServer, MiddlewareManager, Runtime, type RuntimeConfig, SeedLoaderService, createDispatcherPlugin };
+interface LoadArtifactBundleOptions {
+    /** Optional log tag for warnings (defaults to `[loadArtifactBundle]`). */
+    tag?: string;
+    /** When true, an unwrapped `{ schemaVersion, metadata }` envelope is unwrapped. */
+    unwrapEnvelope?: boolean;
+    /** Optional fetch timeout in ms for `http(s)://` sources (default 15000). */
+    fetchTimeoutMs?: number;
+}
+/** Returns true when `pathOrUrl` looks like an `http://` or `https://` URL. */
+declare function isHttpUrl(pathOrUrl: string): boolean;
+/**
+ * Read a JSON artifact from either a local file path or an `http(s)://` URL.
+ * Returns the raw text body. Throws on network or filesystem failure.
+ */
+declare function readArtifactSource(pathOrUrl: string, opts?: {
+    fetchTimeoutMs?: number;
+}): Promise<string>;
+declare function loadArtifactBundle(absArtifactPath: string, opts?: LoadArtifactBundleOptions): Promise<any | null>;
+declare function mergeRuntimeModule(bundle: any, artifactAbsPath: string, tag?: string): Promise<void>;
+/**
+ * Artifact API client.
+ *
+ * HTTP client that talks to the ObjectStack control plane (e.g.
+ * `apps/cloud`) to resolve hostnames to projects and to download a
+ * project's compiled artifact.
+ *
+ * The control plane is expected to expose two endpoints:
+ *
+ *   GET {controlPlaneUrl}/api/v1/cloud/resolve-hostname?host={hostname}
+ *     → { projectId: string, organizationId?: string, runtime?: ProjectRuntimeConfig }
+ *
+ *   GET {controlPlaneUrl}/api/v1/cloud/projects/:projectId/artifact
+ *     → ProjectArtifactResponse  (ProjectArtifact + optional `runtime` block)
+ *
+ * Both endpoints accept an optional `Authorization: Bearer <apiKey>`.
+ *
+ * Responses are cached in-memory with a TTL so each kernel-manager
+ * miss does not produce an extra HTTP round trip. Concurrent callers
+ * for the same key share a single in-flight promise (singleflight).
+ */
+/**
+ * Per-project runtime config injected by the control plane alongside
+ * the artifact. Carries the physical database URL the runtime should
+ * connect to (this is *not* part of the developer-authored compiled
+ * artifact — the control plane mints it when serving the API).
+ */
+interface ProjectRuntimeConfig {
+    organizationId?: string;
+    hostname?: string;
+    /** Driver type — e.g. `sqlite`, `postgres`, `turso`, `memory`. */
+    databaseDriver: string;
+    /** Driver-specific connection URL. */
+    databaseUrl: string;
+    /** Optional auth token (e.g. for libSQL/Turso). */
+    databaseAuthToken?: string;
+    /**
+     * Project-level metadata captured by the control plane at create time
+     * (e.g. `ownerSeed`, `orgSeed`). Forwarded to the runtime so cold-boot
+     * seed replay can mirror the cloud org + owner into the project DB
+     * before the user's first SSO callback arrives.
+     */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Hostname resolution response.
+ */
+interface ResolvedHostname {
+    projectId: string;
+    organizationId?: string;
+    /** Optional runtime config — when present, callers can skip the artifact fetch's runtime block. */
+    runtime?: ProjectRuntimeConfig;
+}
+/**
+ * Artifact response wrapping the spec's `ProjectArtifact` envelope plus
+ * an optional `runtime` block carrying the project's database
+ * connection details.
+ */
+interface ProjectArtifactResponse extends ProjectArtifact {
+    runtime?: ProjectRuntimeConfig;
+}
+interface ArtifactApiClientConfig {
+    /** Control-plane base URL (no trailing slash). */
+    controlPlaneUrl: string;
+    /** Optional bearer token. */
+    apiKey?: string;
+    /** Cache TTL in ms. Default: 5 min. */
+    cacheTtlMs?: number;
+    /** Timeout for control-plane HTTP calls in ms. Default: 10s. */
+    requestTimeoutMs?: number;
+    /** Optional fetch override (testing). */
+    fetch?: typeof fetch;
+    /** Optional logger. */
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+}
+declare class ArtifactApiClient {
+    private readonly base;
+    private readonly apiKey?;
+    private readonly cacheTtlMs;
+    private readonly requestTimeoutMs;
+    private readonly fetchImpl;
+    private readonly logger;
+    private readonly hostnameCache;
+    private readonly artifactCache;
+    private readonly pendingHostname;
+    private readonly pendingArtifact;
+    constructor(config: ArtifactApiClientConfig);
+    /**
+     * Resolve a hostname to its project. Returns `null` on 404 or
+     * malformed responses. Errors (network / 5xx) are thrown so
+     * upstream callers can retry.
+     */
+    resolveHostname(host: string): Promise<ResolvedHostname | null>;
+    /**
+     * Fetch the compiled artifact for a project.
+     *
+     * When `opts.commit` is set, requests that specific revision via the
+     * existing `?commit=` query param. Different commits are cached
+     * independently (the cache key includes the commit id) so the preview
+     * runtime can hold multiple versions in memory simultaneously.
+     */
+    fetchArtifact(projectId: string, opts?: {
+        commit?: string;
+    }): Promise<ProjectArtifactResponse | null>;
+    /**
+     * Resolve an 8-hex project short id (first 8 hex chars of the UUID,
+     * dashes stripped) to the full projectId. Used by the preview
+     * runtime, which encodes project ids in subdomains.
+     *
+     * Returns `null` on 404 or ambiguity (the control plane returns 409
+     * if the prefix matches more than one project).
+     */
+    lookupProjectByShortId(shortId: string): Promise<{
+        projectId: string;
+        organizationId?: string;
+    } | null>;
+    /**
+     * Fetch the head commit of a branch. Returns the commit id (and the
+     * matching revision row's `published_at` for cache-validity checks).
+     * Reuses the existing `GET /cloud/projects/:id/branches` endpoint.
+     */
+    fetchBranchHead(projectId: string, branchName: string): Promise<{
+        commitId: string;
+        publishedAt?: string | null;
+    } | null>;
+    /** Drop cached entries for a project (and any matching hostname). */
+    invalidate(projectId: string): void;
+    /** Drop everything. Used on shutdown / hot-reload. */
+    clear(): void;
+    private request;
+    private buildHeaders;
+}
+interface FileArtifactApiClientConfig {
+    /**
+     * Path to a compiled artifact JSON file (`dist/objectstack.json`).
+     * Resolved against `process.cwd()` when relative. Defaults to
+     * `<cwd>/dist/objectstack.json`.
+     */
+    artifactPath?: string;
+    /**
+     * Project id every hostname maps to. Defaults to
+     * `process.env.OS_PROJECT_ID` or `'proj_local'`.
+     */
+    projectId?: string;
+    /**
+     * Organization id surfaced alongside the project. Defaults to
+     * `process.env.OS_ORGANIZATION_ID` or `'org_local'`.
+     */
+    organizationId?: string;
+    /**
+     * Override runtime config. When unset, the client tries to derive
+     * one from the artifact's `datasources` array; if that fails it
+     * falls back to a local-file SQLite DB at
+     * `<cwd>/.objectstack/data/<projectId>.db`.
+     */
+    runtime?: ProjectRuntimeConfig;
+    /**
+     * Reload the artifact on every fetch instead of caching the first
+     * read. Useful when iterating on a project's metadata without
+     * restarting objectos. Defaults to `true` for dev ergonomics.
+     */
+    watch?: boolean;
+    /** Optional logger. */
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+}
+declare class FileArtifactApiClient {
+    private readonly artifactPath;
+    private readonly projectId;
+    private readonly organizationId;
+    private readonly overrideRuntime?;
+    private readonly watch;
+    private readonly logger;
+    private cached?;
+    constructor(config?: FileArtifactApiClientConfig);
+    resolveHostname(_host: string): Promise<ResolvedHostname | null>;
+    fetchArtifact(_projectId: string, _opts?: {
+        commit?: string;
+    }): Promise<ProjectArtifactResponse | null>;
+    lookupProjectByShortId(_shortId: string): Promise<{
+        projectId: string;
+        organizationId?: string;
+    } | null>;
+    fetchBranchHead(_projectId: string, _branchName: string): Promise<{
+        commitId: string;
+        publishedAt?: string | null;
+    } | null>;
+    invalidate(_projectId: string): void;
+    clear(): void;
+    private loadArtifact;
+    private readRuntimeFromArtifact;
+    private deriveRuntimeFromMetadata;
+    private defaultLocalSqliteRuntime;
+}
+interface ObjectOSStackConfig {
+    /**
+     * Control-plane base URL (HTTP) or a sentinel of `'file'` for the
+     * local file-backed dev mode. Required unless `client` is supplied.
+     *
+     * - `http(s)://…`  — talk to a real ObjectStack Cloud control plane
+     *   over HTTP and resolve hostnames via its `/cloud/*` API.
+     * - `'file'`       — load a single project from a local
+     *   `dist/objectstack.json` (or `fileConfig.artifactPath`). Every
+     *   request, regardless of hostname, resolves to the same project.
+     *   Intended for `pnpm dev` / smoke tests where standing up a
+     *   separate control plane is overkill.
+     */
+    controlPlaneUrl?: string;
+    /** Optional bearer token for the control-plane API. */
+    controlPlaneApiKey?: string;
+    /**
+     * Override the artifact client entirely. When supplied,
+     * `controlPlaneUrl` is ignored — useful for tests or custom transports.
+     */
+    client?: ArtifactApiClient | FileArtifactApiClient;
+    /** Config for the file-backed mode (used when `controlPlaneUrl === 'file'`). */
+    fileConfig?: FileArtifactApiClientConfig;
+    /** KernelManager LRU size. Default: 32. */
+    kernelCacheSize?: number;
+    /** KernelManager idle TTL (ms). Default: 15 min. */
+    kernelTtlMs?: number;
+    /** EnvironmentDriverRegistry cache TTL (ms). Default: 5 min. */
+    envCacheTtlMs?: number;
+    /** Artifact / hostname response cache TTL (ms). Default: 5 min. */
+    artifactCacheTtlMs?: number;
+    /** API prefix (carried for parity with cloud-stack). Default: /api/v1. */
+    apiPrefix?: string;
+}
+interface ObjectOSStackResult {
+    plugins: any[];
+    api: {
+        enableProjectScoping: true;
+        projectResolution: 'auto';
+        requireAuth: true;
+    };
+}
+declare function createObjectOSStack(config: ObjectOSStackConfig): Promise<ObjectOSStackResult>;
+/**
+ * Per-project driver registry contract.
+ *
+ * Resolves a project (by hostname or ID) and produces an instantiated
+ * `IDataDriver` bound to that project's physical database. Concrete
+ * implementations sit on top of either:
+ *   - the ObjectStack Cloud HTTP API (see {@link ArtifactEnvironmentRegistry})
+ *   - a local file artifact (see {@link FileArtifactApiClient} +
+ *     {@link ArtifactEnvironmentRegistry})
+ *
+ * The contract was extracted from `@objectstack/service-cloud` in Phase R
+ * so the runtime can express "fetch artifact + boot per-project kernel"
+ * without taking a dependency on the cloud control plane.
+ */
+type IDataDriver$1 = Contracts.IDataDriver;
+interface EnvironmentDriverRegistry {
+    /** Resolve a project by hostname. Returns `null` when unknown. */
+    resolveByHostname(host: string): Promise<{
+        projectId: string;
+        driver: IDataDriver$1;
+    } | null>;
+    /** Resolve a project's driver by ID. Returns `null` when unknown. */
+    resolveById(projectId: string): Promise<IDataDriver$1 | null>;
+    /**
+     * Look up the cached project row + driver by ID without triggering a
+     * remote/file fetch. Returns the full cached entry when fresh.
+     */
+    peekById(projectId: string): {
+        projectId: string;
+        driver: IDataDriver$1;
+        project: any;
+    } | null;
+    /** Drop cached entries for the given project. */
+    invalidate(projectId: string): void;
+}
+/**
+ * EnvironmentDriverRegistry implementation that talks to the control plane
+ * over HTTP via {@link ArtifactApiClient}.
+ *
+ * Mirrors {@link DefaultEnvironmentDriverRegistry} from `environment-registry.ts`
+ * but does **not** read from a local control-plane database. Hostname →
+ * projectId resolution and per-project runtime config (database URL /
+ * driver) come from the control plane API.
+ *
+ * The cached `project` payload exposed by `peekById()` is shaped to look
+ * like a `sys_project` row so callers downstream (notably
+ * `ArtifactKernelFactory`) can read `id`, `organization_id`,
+ * `database_url` and `database_driver` without branching.
+ */
+type IDataDriver = Contracts.IDataDriver;
+interface ArtifactEnvironmentRegistryConfig {
+    client: ArtifactApiClient;
+    /** Cache TTL for resolved drivers in ms. Default: 5 min. */
+    cacheTtlMs?: number;
+    /** Optional logger. */
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+}
+declare class ArtifactEnvironmentRegistry implements EnvironmentDriverRegistry {
+    private readonly client;
+    private readonly cacheTTL;
+    private readonly logger;
+    private readonly hostnameCache;
+    private readonly idCache;
+    private readonly pending;
+    constructor(config: ArtifactEnvironmentRegistryConfig);
+    resolveByHostname(host: string): Promise<{
+        projectId: string;
+        driver: IDataDriver;
+    } | null>;
+    resolveById(projectId: string): Promise<IDataDriver | null>;
+    peekById(projectId: string): {
+        projectId: string;
+        driver: IDataDriver;
+        project: any;
+    } | null;
+    invalidate(projectId: string): void;
+    private buildCacheEntry;
+}
+interface ArtifactKernelFactoryConfig {
+    client: ArtifactApiClient;
+    envRegistry: EnvironmentDriverRegistry;
+    /** Optional logger. */
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+    /** Optional kernel constructor config. */
+    kernelConfig?: ConstructorParameters<typeof ObjectKernel>[0];
+    /**
+     * Base secret used to derive per-project AuthPlugin secrets via
+     * HKDF-style HMAC-SHA256(baseSecret, projectId). Falls back to
+     * `process.env.OS_AUTH_SECRET` / `AUTH_SECRET` at construction time.
+     */
+    authBaseSecret?: string;
+}
+declare class ArtifactKernelFactory implements ProjectKernelFactory {
+    private readonly client;
+    private readonly envRegistry;
+    private readonly logger;
+    private readonly kernelConfig?;
+    private readonly authBaseSecret;
+    constructor(config: ArtifactKernelFactoryConfig);
+    create(projectId: string): Promise<ObjectKernel>;
+}
+/**
+ * AuthProxyPlugin
+ *
+ * Mounts a single `/api/v1/auth/*` wildcard route on the host's Hono server
+ * that forwards every request to the per-project `AuthManager` registered
+ * by `ArtifactKernelFactory`.
+ *
+ * Why a dedicated plugin: AuthPlugin (better-auth) registers its routes by
+ * grabbing the host's `http-server` service from its own `PluginContext`.
+ * In objectos runtime mode AuthPlugin lives on a per-project kernel — it
+ * has no access to the host's HTTP server, so its `kernel:ready` route
+ * registration is a no-op. The dispatcher plugin's wildcard registration
+ * via `IHttpServer.post('/auth/*', …)` proved unreliable in practice,
+ * so this plugin uses Hono's raw app directly (same path AuthPlugin took
+ * historically) which is rock solid.
+ *
+ * Routing:
+ *   1. Resolve the project from the request hostname via `env-registry`.
+ *   2. Acquire the project's kernel via `kernel-manager`.
+ *   3. Look up the `auth` service on that kernel — this is the better-auth
+ *      handler injected by `ArtifactKernelFactory`.
+ *   4. Build a Web `Request` using the project's canonical baseUrl and
+ *      hand it to the better-auth handler.
+ *   5. Stream the response back through Hono.
+ */
+declare class AuthProxyPlugin implements Plugin {
+    readonly name = "com.objectstack.runtime.auth-proxy";
+    readonly version = "1.0.0";
+    init: (_ctx: PluginContext) => Promise<void>;
+    start: (ctx: PluginContext) => Promise<void>;
+}
+/**
+ * Provider id used in better-auth's `genericOAuth` and as part of the
+ * callback URL: `/api/v1/auth/oauth2/callback/<PROVIDER_ID>`. Keep stable —
+ * changing it invalidates every registered redirect_uri.
+ */
+declare const PLATFORM_SSO_PROVIDER_ID = "objectstack-cloud";
+/**
+ * Derive the per-project OAuth client_id used in `sys_oauth_application`
+ * (cloud side) and {@link genericOAuth} config (project side).
+ */
+declare function derivePlatformSsoClientId(projectId: string): string;
+/**
+ * Derive the per-project OAuth client_secret deterministically from the
+ * shared master secret. HMAC-SHA256(baseSecret, 'oauth-client:' + projectId)
+ * yields a 64-char hex string that is:
+ *   - stable across container cold-starts (no DB lookup needed)
+ *   - independent per project (compromising one does not compromise others)
+ *   - rotatable via OS_AUTH_SECRET rotation (invalidates all SSO clients)
+ *
+ * This is the **plaintext** value the RP must present at the token endpoint.
+ * The cloud-side `sys_oauth_application.client_secret` column instead stores
+ * {@link hashPlatformSsoClientSecret}(plaintext) — better-auth's oauth-provider
+ * defaults to `storeClientSecret: 'hashed'` (SHA-256 + base64url) when the JWT
+ * plugin is enabled, and looks up the row by hashing the presented secret.
+ */
+declare function derivePlatformSsoClientSecret(baseSecret: string, projectId: string): string;
+/**
+ * Build the redirect_uri better-auth's `genericOAuth` plugin will use
+ * when the project kernel mounts the provider with id
+ * {@link PLATFORM_SSO_PROVIDER_ID}. MUST be one of the URIs registered
+ * on the cloud-side oauth client or the authorization server will reject
+ * the callback with `invalid_request`.
+ */
+declare function buildPlatformSsoRedirectUri(hostname: string, basePath?: string): string;
+interface SeedPlatformSsoClientOptions {
+    /**
+     * Cloud control-plane ObjectQL engine. Must expose `find(object, query)`,
+     * `insert(object, data)`, and `update(object, data, {where})`. Both the
+     * `apps/cloud` boot kernel (via `kernel.getService('objectql')`) and the
+     * dispatcher's local `ql` reference satisfy this shape.
+     */
+    ql: {
+        find: (object: string, query: any, opts?: any) => Promise<any>;
+        insert: (object: string, data: any, opts?: any) => Promise<any>;
+        update: (object: string, data: any, where: any, opts?: any) => Promise<any>;
+    };
+    /** Project id (also used to derive client_id + client_secret). */
+    projectId: string;
+    /**
+     * Project hostname (e.g. `acme-crm.objectos.app`). Optional — projects
+     * may be created before a hostname is assigned, in which case no
+     * redirect_uri is registered yet and the row is upserted with an
+     * empty `redirect_uris` array. Calling this function again once the
+     * hostname is known will merge the new URI in.
+     */
+    hostname?: string | null;
+    /** Master secret shared between cloud and project containers. */
+    baseSecret: string;
+    /** Optional logger for diagnostics. */
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+    /** When true, rethrow insert/update errors instead of swallowing them.
+     * Backfill uses this to surface real failures via the admin endpoint. */
+    throwOnError?: boolean;
+}
+/**
+ * Idempotently upsert a `sys_oauth_application` row for the given project.
+ * Re-running with the same `projectId` is a no-op (the deterministic
+ * `client_id` is uniquely indexed and the secret derivation is stable).
+ * Re-running with a new `hostname` adds the new redirect_uri to the
+ * existing row's JSON array.
+ */
+declare function seedPlatformSsoClient(opts: SeedPlatformSsoClientOptions): Promise<void>;
+interface BackfillPlatformSsoClientsOptions {
+    ql: SeedPlatformSsoClientOptions['ql'];
+    baseSecret: string;
+    logger?: {
+        info?: (...a: any[]) => void;
+        warn?: (...a: any[]) => void;
+        error?: (...a: any[]) => void;
+    };
+    /** Hard cap on rows scanned (default: 1000). */
+    limit?: number;
+}
+/**
+ * Scan `sys_project` and ensure every active project has a corresponding
+ * `sys_oauth_application` row. Intended to run once at cloud boot — the
+ * happy path is dominated by the project-create hook
+ * ({@link seedPlatformSsoClient}); the backfill exists so projects
+ * created before this feature shipped also get SSO support without an
+ * out-of-band migration.
+ */
+declare function backfillPlatformSsoClients(opts: BackfillPlatformSsoClientsOptions): Promise<{
+    scanned: number;
+    seeded: number;
+    alreadyExisted: number;
+    failures: Array<{
+        projectId: string;
+        error: string;
+    }>;
+}>;
+/**
+ * # Hook & Action Body Sandbox
+ *
+ * Pluggable execution engine for L2 `ScriptBody` payloads coming from
+ * `@objectstack/spec/data` `HookBodySchema`.
+ *
+ * ## Engine choice — quickjs-emscripten
+ *
+ * Two candidates were evaluated:
+ *
+ * | Property                | isolated-vm                | quickjs-emscripten        |
+ * |-------------------------|----------------------------|---------------------------|
+ * | True isolation          | ✅ V8 isolate               | ✅ separate JS heap        |
+ * | Memory limit enforced   | ✅ hard cap                 | ⚠️ soft (engine-level)     |
+ * | CPU timeout enforced    | ✅ hard kill                | ✅ interrupt handler       |
+ * | Native dependency       | ❌ requires N-API build     | ✅ pure WASM               |
+ * | Edge runtime support    | ❌ Cloudflare/Vercel ban    | ✅ runs on every JS host   |
+ * | Cold-start cost         | ~50ms (native init)        | ~100ms (WASM init)        |
+ * | Per-invocation overhead | very low                   | low–medium                |
+ *
+ * **Decision:** `quickjs-emscripten`.
+ *
+ * The single biggest constraint for ObjectStack is that `objectos` ships as a
+ * pure-JS runtime so it can run on serverless edges, Cloudflare Workers,
+ * Vercel Edge, Deno Deploy, plus traditional Node servers. `isolated-vm`
+ * disqualifies us from every edge target because of its N-API dependency.
+ * The performance penalty of QuickJS for short hook/action bodies (typically
+ * <1 ms of script logic) is dominated by `ctx.api` round-trips anyway, so the
+ * trade is favorable.
+ *
+ * The engine sits behind the `ScriptRunner` interface — if a host environment
+ * can guarantee node-only deployment we can plug `isolated-vm` later without
+ * touching call sites.
+ */
+/**
+ * Identity / origin information used by the sandbox for diagnostics, capability
+ * gating, and audit logs.
+ */
+interface ScriptOrigin {
+    /** Whether the body is attached to a Hook or an Action. */
+    kind: 'hook' | 'action';
+    /** Object the hook/action targets, when applicable. */
+    object?: string;
+    /** Hook/Action name, used in error messages and traces. */
+    name: string;
+}
+/**
+ * Context object exposed to the script. The shape mirrors `HookContext` /
+ * `ActionContext` from `@objectstack/spec`. The sandbox copies a subset of
+ * these into the isolated heap; capability checks gate which methods are
+ * actually wired up.
+ */
+interface ScriptContext {
+    input: unknown;
+    previous?: unknown;
+    user?: unknown;
+    session?: unknown;
+    /**
+     * The lifecycle event name the hook is firing for (e.g. `beforeInsert`,
+     * `afterUpdate`). Required for hooks that subscribe to multiple events
+     * and dispatch on event name.
+     */
+    event?: string;
+    /** The object the hook/action targets — surfaces from `HookContext.object`. */
+    object?: string;
+    /**
+     * Action only: the record id passed in the action invocation URL
+     * (`POST /api/v1/actions/:object/:action/:recordId`). Hooks always have
+     * the record on `input` so this stays undefined for them.
+     */
+    recordId?: string;
+    /**
+     * Action only: the record loaded by the dispatcher before the action ran
+     * (when the dispatcher pre-fetches it). May be undefined for actions
+     * declared with `requiresRecord: false` or when no `recordId` was supplied.
+     */
+    record?: unknown;
+    /** Engine-side `result` (only set for after* hooks). */
+    result?: unknown;
+    api?: unknown;
+    log?: {
+        info: (msg: string, data?: unknown) => void;
+        warn: (msg: string, data?: unknown) => void;
+        error: (msg: string, data?: unknown) => void;
+    };
+    crypto?: {
+        randomUUID?: () => string;
+        hash?: (algo: string, data: string | Uint8Array) => Promise<string>;
+    };
+}
+/**
+ * Result returned to the caller after script execution.
+ * - For hooks the `value` is typically `undefined` (mutations happen on `ctx`).
+ * - For actions the `value` is the script's return value.
+ */
+interface ScriptResult {
+    value: unknown;
+    /** Total wall-clock time inside the sandbox, milliseconds. */
+    durationMs: number;
+    /**
+     * Snapshot of `ctx.input` *as observed inside the VM after the script settled*.
+     *
+     * Hooks frequently mutate `ctx.input.x = y` directly without returning a value.
+     * The runner dumps the post-execution `ctx.input` so the host body-runner can
+     * write the mutations back through to the engine's `hookContext.input` (which
+     * is itself usually a flat-record Proxy).
+     *
+     * `undefined` if the dump failed or the script context did not expose `input`.
+     */
+    mutatedInput?: Record<string, unknown>;
+}
+interface ScriptRunOptions {
+    origin: ScriptOrigin;
+    /** Hard timeout for this invocation. The smaller of body.timeoutMs and this wins. */
+    timeoutMs?: number;
+    /** Optional abort signal from the surrounding kernel. */
+    signal?: AbortSignal;
+}
+/**
+ * The sandbox engine contract. Implementations live under
+ * `packages/runtime/src/sandbox/engines/`.
+ */
+interface ScriptRunner {
+    /** Execute an L1 expression. Pure, side-effect-free. */
+    evalExpression(body: ExpressionBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    /** Execute an L2 sandboxed JS script body. */
+    runScript(body: ScriptBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    /** Convenience dispatch on the discriminated union. */
+    run(body: HookBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    /** Release any underlying VM resources. */
+    dispose(): Promise<void>;
+}
+/**
+ * Default no-op runner — throws on every call. The real engine is injected
+ * during runtime bootstrap once `quickjs-emscripten` is wired in. This stub
+ * lets the rest of the pipeline (loader, dispatcher, type plumbing) compile
+ * and be unit-tested ahead of the engine landing.
+ */
+declare class UnimplementedScriptRunner implements ScriptRunner {
+    evalExpression(_body: ExpressionBody, _ctx: ScriptContext, _opts: ScriptRunOptions): Promise<ScriptResult>;
+    runScript(_body: ScriptBody, _ctx: ScriptContext, _opts: ScriptRunOptions): Promise<ScriptResult>;
+    run(body: HookBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    dispose(): Promise<void>;
+}
+interface QuickJSScriptRunnerOptions {
+    /** Default per-invocation timeout for hooks (ms). */
+    hookTimeoutMs?: number;
+    /** Default per-invocation timeout for actions (ms). */
+    actionTimeoutMs?: number;
+    /** Default memory cap in MB. */
+    memoryMb?: number;
+}
+declare class QuickJSScriptRunner implements ScriptRunner {
+    private opts;
+    constructor(opts?: QuickJSScriptRunnerOptions);
+    evalExpression(body: ExpressionBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    runScript(body: ScriptBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    run(body: HookBody, ctx: ScriptContext, opts: ScriptRunOptions): Promise<ScriptResult>;
+    dispose(): Promise<void>;
+    /** Pick the smallest of body / opts / engine-default. */
+    private resolveTimeout;
+    private execute;
+    /**
+     * Install ctx onto the VM's globalThis. Each capability is wired in only if
+     * the body declared it; missing methods throw at call-time inside the VM
+     * with a clear diagnostic.
+     *
+     * Host API methods are installed via {@link QuickJSAsyncContext.newAsyncifiedFunction}
+     * so they may return Promises (real ObjectQL `find/count/insert/...` are async).
+     */
+    private installCtx;
+}
+declare class SandboxError extends Error {
+    constructor(message: string);
+}
+/**
+ * Hook & Action Body Runner Factory
+ *
+ * Bridges the metadata-only `Hook.body` / `Action.body` discriminated union
+ * (defined in `@objectstack/spec/data/hook-body.zod`) into an executable
+ * handler registered on the ObjectQL engine.
+ *
+ * The runtime owns this bridge — `objectql` itself never imports the
+ * sandbox engine, so it can stay light enough to embed in tooling and
+ * tests. `AppPlugin` constructs one factory per bundle bind and passes it
+ * through `bindHooksToEngine({ bodyRunner })` for hooks, and walks the
+ * bundle actions to register them via `engine.registerAction`.
+ *
+ * Per-invocation flow when a triggered hook fires:
+ *   1. ObjectQL calls the wrapped handler with its native `(ctx)` arg.
+ *   2. We adapt that engine-context into the sandbox `ScriptContext`
+ *      shape and proxy `ctx.api.object(...)` to the running ObjectQL
+ *      proxy bound to the current organization/user.
+ *   3. `ScriptRunner.runScript` evaluates the body inside QuickJS with
+ *      the declared capabilities + timeout.
+ *   4. After settle, we write back two kinds of mutations to the host
+ *      `ctx.input`:
+ *      a. `result.mutatedInput` — a snapshot of `ctx.input` taken inside
+ *         the VM, used to propagate direct property writes such as
+ *         `ctx.input.account_number = 'ABC'`.
+ *      b. `result.value` — if the script returned an object, it is
+ *         shallow-merged on top of `mutatedInput` as an explicit patch.
+ *      Writes go through `Object.assign`, which means the host engine's
+ *      flat-record Proxy (installed by `wrapDeclarativeHook`) sees them
+ *      via its set trap.
+ */
+interface FactoryOptions {
+    ql: any;
+    appId: string;
+    logger?: any;
+}
+declare function hookBodyRunnerFactory(runner: ScriptRunner, opts: FactoryOptions): (hook: Hook) => ((engineCtx: any) => Promise<void>) | undefined;
+/**
+ * Action body runner factory.
+ *
+ * Returns a handler with the shape ObjectQL's `executeAction` expects:
+ * `(actionCtx) => Promise<unknown>`. The action's return value bubbles up
+ * to the HTTP dispatcher which JSON-serialises it back to the caller.
+ */
+declare function actionBodyRunnerFactory(runner: ScriptRunner, opts: FactoryOptions): (action: {
+    name: string;
+    body?: unknown;
+    object?: string;
+    timeoutMs?: number;
+}) => ((actionCtx: any) => Promise<unknown>) | undefined;
+export { AppPlugin, ArtifactApiClient, type ArtifactApiClientConfig, ArtifactEnvironmentRegistry, type ArtifactEnvironmentRegistryConfig, ArtifactKernelFactory, type ArtifactKernelFactoryConfig, AuthProxyPlugin, type BackfillPlatformSsoClientsOptions, type CapturedError, DEFAULT_RATE_LIMITS, type DefaultHostConfigOptions, type DefaultHostConfigResult, type DispatcherPluginConfig, DriverPlugin, type EnvironmentDriverRegistry, type ErrorReporter, FileArtifactApiClient, type FileArtifactApiClientConfig, HttpDispatcher, type HttpDispatcherResult, type HttpProtocolContext, HttpServer, InMemoryErrorReporter, InMemoryMetricsRegistry, KernelManager, type KernelManagerConfig, type LoadArtifactBundleOptions, type MetricSample, type MetricsRegistry, MiddlewareManager, NoopErrorReporter, NoopMetricsRegistry, type ObjectOSStackConfig, type ObjectOSStackResult, PLATFORM_SSO_PROVIDER_ID, type ProjectArtifactResponse, type ProjectKernelFactory, type ProjectRuntimeConfig, QuickJSScriptRunner, type QuickJSScriptRunnerOptions, RUNTIME_METRICS, type RateLimitBucketConfig, type RateLimitDecision, type RateLimitDefaults, type RateLimitStore, RateLimiter, type ResolvedHostname, Runtime, type RuntimeConfig, SYSTEM_PROJECT_ID, SandboxError, type ScriptContext, type ScriptOrigin, type ScriptResult, type ScriptRunOptions, type ScriptRunner, type SecurityHeadersOptions, SeedLoaderService, type SeedPlatformSsoClientOptions, type StandaloneStackConfig, type StandaloneStackResult, type SystemProjectPluginConfig, type TraceContext, UnimplementedScriptRunner, actionBodyRunnerFactory, backfillPlatformSsoClients, buildPlatformSsoRedirectUri, buildSecurityHeaders, collectBundleActions, collectBundleFunctions, collectBundleHooks, createDefaultHostConfig, createDispatcherPlugin, createObjectOSStack, createStandaloneStack, createSystemProjectPlugin, derivePlatformSsoClientId, derivePlatformSsoClientSecret, extractRequestId, formatTraceparent, generateRequestId, hookBodyRunnerFactory, isHttpUrl, loadArtifactBundle, mergeRuntimeModule, parseTraceparent, readArtifactSource, resolveDefaultArtifactPath, resolveRequestId, seedPlatformSsoClient };