npm - @objectstack/runtime - Versions diffs - 6.8.0 → 6.9.0 - Mend

@objectstack/runtime 6.8.0 → 6.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -1468,6 +1468,66 @@ var init_app_plugin = __esm({
           } catch (err) {
             ctx.logger.error("[AppPlugin] Failed to schedule approval-process registration", err, { appId });
           }
+          try {
+            const jobs = Array.isArray(this.bundle.jobs) ? this.bundle.jobs : Array.isArray((this.bundle.manifest || {}).jobs) ? this.bundle.manifest.jobs : [];
+            if (jobs.length > 0) {
+              ctx.hook("kernel:ready", async () => {
+                let svc;
+                try {
+                  svc = ctx.getService("job");
+                } catch {
+                }
+                if (!svc || typeof svc.schedule !== "function") {
+                  ctx.logger.warn("[AppPlugin] job service not registered \u2014 skipping declarative jobs", {
+                    appId,
+                    jobCount: jobs.length
+                  });
+                  return;
+                }
+                const fnMap = collectBundleFunctions(this.bundle);
+                let ok = 0;
+                for (const job of jobs) {
+                  const jobName = job?.name;
+                  if (!jobName) {
+                    ctx.logger.warn("[AppPlugin] skipping job without name", { appId, job });
+                    continue;
+                  }
+                  if (job.enabled === false) {
+                    ctx.logger.debug("[AppPlugin] job disabled \u2014 skipping", { appId, job: jobName });
+                    continue;
+                  }
+                  const handler = fnMap[job.handler];
+                  if (typeof handler !== "function") {
+                    ctx.logger.warn("[AppPlugin] job handler not found in bundle.functions \u2014 skipping", {
+                      appId,
+                      job: jobName,
+                      handler: job.handler
+                    });
+                    continue;
+                  }
+                  try {
+                    await svc.schedule(
+                      jobName,
+                      job.schedule,
+                      async (jobCtx) => {
+                        await handler({ ...jobCtx, jobId: jobName, bundle: this.bundle });
+                      }
+                    );
+                    ok++;
+                  } catch (err) {
+                    ctx.logger.warn("[AppPlugin] Failed to schedule job", {
+                      appId,
+                      job: jobName,
+                      error: err?.message ?? String(err)
+                    });
+                  }
+                }
+                ctx.logger.info("[AppPlugin] Scheduled background jobs", { appId, count: ok });
+              });
+            }
+          } catch (err) {
+            ctx.logger.error("[AppPlugin] Failed to schedule background-job registration", err, { appId });
+          }
           this.emitCatalogEvent(ctx, "app:registered", sys);
           await this.loadTranslations(ctx, appId);
           const seedDatasets = [];
@@ -1540,7 +1600,7 @@ var init_app_plugin = __esm({
             } catch (e) {
               ctx.logger.warn("[Seeder] Failed to register seed-datasets/seed-replayer service", { error: e?.message });
             }
-            const multiTenant = String(process.env.OS_MULTI_TENANT ?? "true").toLowerCase() !== "false";
+            const multiTenant = String(process.env.OS_MULTI_TENANT ?? "false").toLowerCase() !== "false";
             if (multiTenant) {
               ctx.logger.info("[Seeder] multi-tenant mode \u2014 skipping inline seed; per-org replay will run on sys_organization insert");
             } else {
@@ -1595,10 +1655,22 @@ var init_app_plugin = __esm({
         };
         this.bundle = bundle;
         this.projectContext = projectContext;
-        const sys = bundle.manifest || bundle;
-        const appId = sys.id || sys.name || "unnamed-app";
+        const sys = bundle?.manifest || bundle;
+        const appId = sys?.id || sys?.name;
+        if (!appId) {
+          const bundleKeys = bundle && typeof bundle === "object" ? Object.keys(bundle).slice(0, 20).join(",") : typeof bundle;
+          const sysKeys = sys && typeof sys === "object" ? Object.keys(sys).slice(0, 20).join(",") : typeof sys;
+          const ctxHint = projectContext ? ` projectContext=${JSON.stringify({
+            environmentId: projectContext.environmentId,
+            packageId: projectContext.packageId,
+            source: projectContext.source
+          })}` : "";
+          throw new Error(
+            `[AppPlugin] bundle is missing manifest.id and manifest.name \u2014 cannot register as a plugin. bundleKeys=[${bundleKeys}] sysKeys=[${sysKeys}]${ctxHint}`
+          );
+        }
         this.name = `plugin.app.${appId}`;
-        this.version = sys.version;
+        this.version = sys?.version;
       }
       /**
        * Emit a kernel hook so the control-plane `AppCatalogService` can
@@ -2213,7 +2285,19 @@ var StandaloneStackConfigSchema = import_zod.z.object({
   databaseAuthToken: import_zod.z.string().optional(),
   databaseDriver: import_zod.z.enum(["sqlite", "sqlite-wasm", "turso", "memory", "postgres", "mongodb"]).optional(),
   environmentId: import_zod.z.string().optional(),
-  artifactPath: import_zod.z.string().optional()
+  artifactPath: import_zod.z.string().optional(),
+  /**
+   * Project root directory. When set (typically by the CLI after locating
+   * `objectstack.config.ts`), the default sqlite database is placed under
+   * `<projectRoot>/.objectstack/data/standalone.db` instead of the global
+   * `~/.objectstack/data/standalone.db`. This keeps per-project data
+   * scoped to the project folder so different examples / apps don't
+   * share a single database by accident.
+   *
+   * Explicit `databaseUrl` / `OS_DATABASE_URL` / `OS_HOME` still take
+   * precedence over this default.
+   */
+  projectRoot: import_zod.z.string().optional()
 });
 function detectDriverFromUrl(dbUrl) {
   if (/^memory:\/\//i.test(dbUrl)) return "memory";
@@ -2238,7 +2322,7 @@ async function createStandaloneStack(config) {
   const environmentId = cfg.environmentId ?? process.env.OS_ENVIRONMENT_ID ?? "proj_local";
   const artifactPathInput = cfg.artifactPath ?? process.env.OS_ARTIFACT_PATH ?? (0, import_node_path2.resolve)(cwd, "dist/objectstack.json");
   const artifactPath = isHttpUrl(artifactPathInput) ? artifactPathInput : artifactPathInput.startsWith("/") ? artifactPathInput : (0, import_node_path2.resolve)(cwd, artifactPathInput);
-  const dbUrl = cfg.databaseUrl ?? process.env.OS_DATABASE_URL?.trim() ?? process.env.TURSO_DATABASE_URL?.trim() ?? `file:${(0, import_node_path2.resolve)(resolveObjectStackHome(), "data/standalone.db")}`;
+  const dbUrl = cfg.databaseUrl ?? process.env.OS_DATABASE_URL?.trim() ?? process.env.TURSO_DATABASE_URL?.trim() ?? (process.env.OS_HOME?.trim() ? `file:${(0, import_node_path2.resolve)(resolveObjectStackHome(), "data/standalone.db")}` : cfg.projectRoot ? `file:${(0, import_node_path2.resolve)(cfg.projectRoot, ".objectstack/data/standalone.db")}` : `file:${(0, import_node_path2.resolve)(resolveObjectStackHome(), "data/standalone.db")}`);
   const dbAuthToken = cfg.databaseAuthToken ?? process.env.OS_DATABASE_AUTH_TOKEN?.trim() ?? process.env.TURSO_AUTH_TOKEN?.trim();
   const explicitDriver = cfg.databaseDriver ?? process.env.OS_DATABASE_DRIVER?.trim();
   const dbDriver = explicitDriver ?? detectDriverFromUrl(dbUrl);
@@ -2456,6 +2540,13 @@ function toHeaders(input) {
   }
   return h;
 }
+function safeJsonParse2(s, fallback) {
+  try {
+    return JSON.parse(s);
+  } catch {
+    return fallback;
+  }
+}
 async function tryFind(ql, object, where, limit = 100) {
   if (!ql || typeof ql.find !== "function") return [];
   try {
@@ -2471,6 +2562,7 @@ async function resolveExecutionContext(opts) {
   const ctx = {
     roles: [],
     permissions: [],
+    systemPermissions: [],
     isSystem: false
   };
   let userId;
@@ -2508,8 +2600,12 @@ async function resolveExecutionContext(opts) {
   if (!userId) {
     try {
       const authService = await opts.getService("auth");
+      let api = authService?.api;
+      if (!api && typeof authService?.getApi === "function") {
+        api = await authService.getApi();
+      }
       const headersInstance = toHeaders(headers);
-      const sessionData = await authService?.api?.getSession?.({ headers: headersInstance });
+      const sessionData = await api?.getSession?.({ headers: headersInstance });
       userId = sessionData?.user?.id ?? sessionData?.session?.userId;
       tenantId = tenantId ?? sessionData?.session?.activeOrganizationId;
       ctx.accessToken = sessionData?.session?.token ?? ctx.accessToken;
@@ -2579,10 +2675,38 @@ async function resolveExecutionContext(opts) {
       { id: { $in: Array.from(psIds) } },
       500
     );
+    const tabRank = {
+      hidden: 0,
+      default_off: 1,
+      default_on: 2,
+      visible: 3
+    };
+    const mergedTabs = {};
     for (const ps of psRows) {
       if (ps.name && !ctx.permissions.includes(ps.name)) {
         ctx.permissions.push(ps.name);
       }
+      const sysPerms = typeof ps.system_permissions === "string" ? safeJsonParse2(ps.system_permissions, []) : ps.system_permissions ?? ps.systemPermissions;
+      if (Array.isArray(sysPerms)) {
+        for (const p of sysPerms) {
+          if (typeof p === "string" && !ctx.systemPermissions.includes(p)) {
+            ctx.systemPermissions.push(p);
+          }
+        }
+      }
+      const tabs = typeof ps.tab_permissions === "string" ? safeJsonParse2(ps.tab_permissions, {}) : ps.tab_permissions ?? ps.tabPermissions;
+      if (tabs && typeof tabs === "object") {
+        for (const [app, val] of Object.entries(tabs)) {
+          if (typeof val !== "string" || !(val in tabRank)) continue;
+          const cur = mergedTabs[app];
+          if (!cur || tabRank[val] > tabRank[cur]) {
+            mergedTabs[app] = val;
+          }
+        }
+      }
+    }
+    if (Object.keys(mergedTabs).length > 0) {
+      ctx.tabPermissions = mergedTabs;
     }
   }
   return ctx;
@@ -5326,7 +5450,7 @@ var _HttpDispatcher = class _HttpDispatcher {
    * Handle AI service routes (/ai/chat, /ai/models, /ai/conversations, etc.)
    * Resolves the AI service and its built-in route handlers, then dispatches.
    */
-  async handleAI(subPath, method, body, query, _context) {
+  async handleAI(subPath, method, body, query, context) {
     let aiService;
     try {
       aiService = await this.resolveService("ai");
@@ -5370,7 +5494,23 @@ var _HttpDispatcher = class _HttpDispatcher {
       if (route.method !== method) continue;
       const params = matchRoute(route.path, fullPath);
       if (params === null) continue;
-      const result = await route.handler({ body, params, query });
+      const ec = context.executionContext;
+      const user = ec?.userId ? {
+        userId: ec.userId,
+        id: ec.userId,
+        displayName: ec.userDisplayName ?? ec.userName ?? ec.userId,
+        email: ec.userEmail,
+        roles: Array.isArray(ec.roles) ? ec.roles : [],
+        permissions: Array.isArray(ec.permissions) ? ec.permissions : [],
+        organizationId: ec.tenantId
+      } : void 0;
+      const result = await route.handler({
+        body,
+        params,
+        query,
+        headers: context.request?.headers,
+        user
+      });
       if (result.stream && result.events) {
         return {
           handled: true,
@@ -5865,13 +6005,22 @@ function resolveErrorReporter(ctx, override) {
 }
 // src/dispatcher-plugin.ts
-function mountRouteOnServer(route, server, routePath, securityHeaders) {
+function mountRouteOnServer(route, server, routePath, securityHeaders, resolveUser) {
   const handler = async (req, res) => {
     try {
+      let user;
+      if (resolveUser) {
+        try {
+          user = await resolveUser(req.headers ?? {});
+        } catch {
+        }
+      }
       const result = await route.handler({
         body: req.body,
         params: req.params,
-        query: req.query
+        query: req.query,
+        headers: req.headers,
+        user
       });
       if (result.stream && result.events) {
         res.status(result.status);
@@ -6608,6 +6757,32 @@ function createDispatcherPlugin(config = {}) {
         }
       }
       ctx.logger.info("Dispatcher bridge routes registered", { prefix, enableProjectScoping, projectResolution });
+      const resolveRequestUser = async (headers) => {
+        try {
+          const authService = ctx.getService("auth");
+          if (!authService) return void 0;
+          let api = authService.api;
+          if (!api && typeof authService.getApi === "function") {
+            api = await authService.getApi();
+          }
+          if (!api?.getSession) return void 0;
+          const headersInstance = headers instanceof Headers ? headers : new Headers(headers);
+          const sessionData = await api.getSession({ headers: headersInstance });
+          const userId = sessionData?.user?.id ?? sessionData?.session?.userId;
+          if (!userId) return void 0;
+          return {
+            userId,
+            id: userId,
+            displayName: sessionData?.user?.name ?? sessionData?.user?.email ?? userId,
+            email: sessionData?.user?.email,
+            roles: [],
+            permissions: [],
+            organizationId: sessionData?.session?.activeOrganizationId
+          };
+        } catch {
+          return void 0;
+        }
+      };
       const toScopedPath = (routePath) => {
         if (routePath.startsWith(prefix)) {
           const tail = routePath.slice(prefix.length);
@@ -6620,11 +6795,11 @@ function createDispatcherPlugin(config = {}) {
         const routePath = route.path.startsWith("/api/v1") ? route.path : `${prefix}${route.path}`;
         let count = 0;
         if (enableProjectScoping && projectResolution === "required") {
-          if (mountRouteOnServer(route, server, toScopedPath(routePath), securityHeaders)) count++;
+          if (mountRouteOnServer(route, server, toScopedPath(routePath), securityHeaders, resolveRequestUser)) count++;
         } else {
-          if (mountRouteOnServer(route, server, routePath, securityHeaders)) count++;
+          if (mountRouteOnServer(route, server, routePath, securityHeaders, resolveRequestUser)) count++;
           if (enableProjectScoping) {
-            if (mountRouteOnServer(route, server, toScopedPath(routePath), securityHeaders)) count++;
+            if (mountRouteOnServer(route, server, toScopedPath(routePath), securityHeaders, resolveRequestUser)) count++;
           }
         }
         return count;
@@ -7686,39 +7861,7 @@ var ArtifactKernelFactory = class {
           // intentionally do NOT pass crossSubDomainCookies here
           // so cookies stay isolated per project subdomain.
           trustedOrigins: trustedOriginsList.length ? trustedOriginsList : void 0,
-          ...oidcProviders ? { oidcProviders } : {},
-          // Auto-provision a personal organization for every new
-          // user. SecurityPlugin's ObjectQL middleware does this
-          // for direct `ql.insert` calls, but better-auth's
-          // adapter writes through `dataEngine` directly,
-          // bypassing that middleware — so JIT-created SSO users
-          // would otherwise land on the empty "create
-          // organization" screen on first login.
-          databaseHooks: {
-            user: {
-              create: {
-                after: async (user) => {
-                  try {
-                    const ql = kernel.getService("objectql");
-                    if (!ql) return;
-                    const [{ ensureUserHasOrganization, cloneTenantSeedData }] = await Promise.all([
-                      import("@objectstack/plugin-security")
-                    ]);
-                    await ensureUserHasOrganization(ql, user, {
-                      logger: this.logger,
-                      cloneSeedData: cloneTenantSeedData
-                    });
-                  } catch (e) {
-                    this.logger.warn?.("[ArtifactKernelFactory] auto-org provisioning hook failed", {
-                      environmentId,
-                      userId: user?.id,
-                      error: e?.message
-                    });
-                  }
-                }
-              }
-            }
-          }
+          ...oidcProviders ? { oidcProviders } : {}
         }));
         if (oidcProviders) {
           this.logger.info?.("[ArtifactKernelFactory] platform SSO wired", {
@@ -7737,7 +7880,7 @@ var ArtifactKernelFactory = class {
     }
     try {
       const { SecurityPlugin } = await import("@objectstack/plugin-security");
-      const multiTenant = String(process.env.OS_MULTI_TENANT ?? "true").toLowerCase() !== "false";
+      const multiTenant = String(process.env.OS_MULTI_TENANT ?? "false").toLowerCase() !== "false";
       await kernel.use(new SecurityPlugin({ multiTenant }));
     } catch (err) {
       this.logger.warn?.("[ArtifactKernelFactory] SecurityPlugin not registered", {
@@ -7746,8 +7889,15 @@ var ArtifactKernelFactory = class {
       });
     }
     const projectName = project.hostname ?? environmentId;
-    const bundle = artifact.metadata;
-    const sys = bundle?.manifest ?? bundle;
+    const artifactAny = artifact;
+    const topLevelManifest = artifactAny?.manifest && typeof artifactAny.manifest === "object" ? artifactAny.manifest : null;
+    const topLevelFunctions = Array.isArray(artifactAny?.functions) ? artifactAny.functions : [];
+    const bundle = {
+      ...artifact.metadata ?? {},
+      ...topLevelManifest ? { manifest: topLevelManifest } : {},
+      functions: topLevelFunctions
+    };
+    const sys = bundle.manifest ?? bundle;
     const packageId = sys?.packageId ?? sys?.package_id ?? bundle?.packageId;
     const i18nCfg = bundle?.i18n ?? sys?.i18n ?? {};
     const trArr = Array.isArray(bundle?.translations) ? bundle.translations : Array.isArray(sys?.translations) ? sys.translations : [];
@@ -9015,7 +9165,7 @@ var MarketplaceInstallLocalPlugin = class {
         }
       }
       if (opts.seedNow && datasets.length > 0) {
-        const multiTenant = String(process.env.OS_MULTI_TENANT ?? "true").toLowerCase() !== "false";
+        const multiTenant = String(process.env.OS_MULTI_TENANT ?? "false").toLowerCase() !== "false";
         try {
           const ql = ctx.getService("objectql");
           let metadata;