npm - @objectstack/spec - Versions diffs - 0.2.0 → 0.3.1 - Mend

@objectstack/spec 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (422) hide show

package/dist/system/tenant.zod.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tenant.zod.d.ts","sourceRoot":"","sources":["../../src/system/tenant.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;GAWG;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,gEAI/B,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;GAGG;AACH,eAAO,MAAM,iBAAiB;IAC5B;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;;;;;;;;;EAEH,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB;;OAEG;;IAGH;;OAEG;;IAGH;;;OAGG;;IAGH;;;OAGG;;IAGH;;OAEG;;QA/CH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqCH,CAAC;AAEH,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAElD;;;;;GAKG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,eAAO,MAAM,+BAA+B;;IAG1C;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGL,CAAC;AAEH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAExF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,eAAO,MAAM,kCAAkC;;IAG7C;;OAEG;;QAED;;;;WAIG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGL,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAE9F;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACH,eAAO,MAAM,oCAAoC;;IAG/C;;OAEG;;QAED;;;;WAIG;;QAGH;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGL,CAAC;AAEH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAC;AAElG;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B;;IAzUtC;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuDL;;OAEG;;QAED;;;;WAIG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA0DL;;OAEG;;QAED;;;;WAIG;;QAGH;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAOH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAiBL,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF;;;GAGG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;;;;;;;;;;;;IAIL;;OAEG;;QAED;;WAEG;;QAUH;;WAEG;;QAGH;;WAEG;;QAGH;;WAEG;;YAED;;eAEG;;YAGH;;eAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAIP,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC"}

package/dist/system/tenant.zod.js ADDED Viewed

@@ -0,0 +1,498 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TenantSecurityPolicySchema = exports.TenantIsolationConfigSchema = exports.DatabaseLevelIsolationStrategySchema = exports.SchemaLevelIsolationStrategySchema = exports.RowLevelIsolationStrategySchema = exports.TenantSchema = exports.TenantQuotaSchema = exports.TenantIsolationLevel = void 0;
+const zod_1 = require("zod");
+/**
+ * Tenant Schema (Multi-Tenant Architecture)
+ *
+ * Defines the tenant/tenancy model for ObjectStack SaaS deployments.
+ * Supports different levels of data isolation to meet varying security,
+ * performance, and compliance requirements.
+ *
+ * Isolation Levels:
+ * - shared_schema: All tenants share the same database and schema (row-level isolation)
+ * - isolated_schema: Tenants have separate schemas within a shared database
+ * - isolated_db: Each tenant has a completely separate database
+ */
+/**
+ * Tenant Isolation Level Enum
+ * Defines how tenant data is separated in the system
+ */
+exports.TenantIsolationLevel = zod_1.z.enum([
+    'shared_schema', // Shared DB, shared schema, row-level isolation (most economical)
+    'isolated_schema', // Shared DB, separate schema per tenant (balanced)
+    'isolated_db', // Separate database per tenant (maximum isolation)
+]);
+/**
+ * Tenant Quota Schema
+ * Defines resource limits and usage quotas for a tenant
+ */
+exports.TenantQuotaSchema = zod_1.z.object({
+    /**
+     * Maximum number of users allowed for this tenant
+     */
+    maxUsers: zod_1.z.number().int().positive().optional().describe('Maximum number of users'),
+    /**
+     * Maximum storage space in bytes
+     */
+    maxStorage: zod_1.z.number().int().positive().optional().describe('Maximum storage in bytes'),
+    /**
+     * API rate limit (requests per minute)
+     */
+    apiRateLimit: zod_1.z.number().int().positive().optional().describe('API requests per minute'),
+});
+/**
+ * Tenant Schema
+ * Represents a tenant in a multi-tenant SaaS deployment
+ */
+exports.TenantSchema = zod_1.z.object({
+    /**
+     * Unique tenant identifier
+     */
+    id: zod_1.z.string().describe('Unique tenant identifier'),
+    /**
+     * Tenant name (display name)
+     */
+    name: zod_1.z.string().describe('Tenant display name'),
+    /**
+     * Data isolation level for this tenant
+     * Determines how tenant data is segregated from other tenants
+     */
+    isolationLevel: exports.TenantIsolationLevel.describe('Data isolation strategy'),
+    /**
+     * Custom configurations and metadata specific to this tenant
+     * Can store tenant-specific settings, branding, features, etc.
+     */
+    customizations: zod_1.z.record(zod_1.z.any()).optional().describe('Tenant-specific customizations'),
+    /**
+     * Resource quotas and limits for this tenant
+     */
+    quotas: exports.TenantQuotaSchema.optional().describe('Resource quotas and limits'),
+});
+/**
+ * Tenant Isolation Strategy Documentation
+ *
+ * Comprehensive documentation of three isolation strategies for multi-tenant systems.
+ * Each strategy has different trade-offs in terms of security, cost, complexity, and compliance.
+ */
+/**
+ * Row-Level Isolation Strategy (shared_schema)
+ *
+ * Recommended for: Most SaaS applications, cost-sensitive deployments
+ *
+ * IMPLEMENTATION:
+ * - All tenants share the same database and schema
+ * - Each table includes a tenant_id column
+ * - PostgreSQL Row-Level Security (RLS) enforces isolation
+ * - Queries automatically filter by tenant_id via RLS policies
+ *
+ * ADVANTAGES:
+ * ✅ Simple backup and restore (single database)
+ * ✅ Cost-effective (shared resources, minimal overhead)
+ * ✅ Easy tenant migration (update tenant_id)
+ * ✅ Efficient resource utilization (connection pooling)
+ * ✅ Simple schema migrations (single schema to update)
+ * ✅ Lower operational complexity
+ *
+ * DISADVANTAGES:
+ * ❌ RLS misconfiguration can lead to data leakage
+ * ❌ Performance impact from RLS policy evaluation
+ * ❌ Noisy neighbor problem (one tenant can affect others)
+ * ❌ Cannot easily isolate tenant to different hardware
+ * ❌ Compliance challenges for regulated industries
+ *
+ * SECURITY CONSIDERATIONS:
+ * - Requires careful RLS policy configuration
+ * - Must validate tenant_id in all queries
+ * - Need comprehensive testing of RLS policies
+ * - Audit all database access patterns
+ * - Implement application-level validation as defense-in-depth
+ *
+ * EXAMPLE RLS POLICY (PostgreSQL):
+ * ```sql
+ * -- Example: Apply RLS policy to a table (e.g., "app_data")
+ * CREATE POLICY tenant_isolation ON app_data
+ *   USING (tenant_id = current_setting('app.current_tenant')::text);
+ *
+ * ALTER TABLE app_data ENABLE ROW LEVEL SECURITY;
+ * ```
+ */
+exports.RowLevelIsolationStrategySchema = zod_1.z.object({
+    strategy: zod_1.z.literal('shared_schema').describe('Row-level isolation strategy'),
+    /**
+     * Database configuration for row-level isolation
+     */
+    database: zod_1.z.object({
+        /**
+         * Whether to enable Row-Level Security (RLS)
+         */
+        enableRLS: zod_1.z.boolean().default(true).describe('Enable PostgreSQL Row-Level Security'),
+        /**
+         * Tenant context setting method
+         */
+        contextMethod: zod_1.z.enum([
+            'session_variable', // SET app.current_tenant = 'tenant_123'
+            'search_path', // SET search_path = tenant_123, public
+            'application_name', // SET application_name = 'tenant_123'
+        ]).default('session_variable').describe('How to set tenant context'),
+        /**
+         * Session variable name for tenant context
+         */
+        contextVariable: zod_1.z.string().default('app.current_tenant').describe('Session variable name'),
+        /**
+         * Whether to validate tenant_id at application level
+         */
+        applicationValidation: zod_1.z.boolean().default(true).describe('Application-level tenant validation'),
+    }).optional().describe('Database configuration'),
+    /**
+     * Performance optimization settings
+     */
+    performance: zod_1.z.object({
+        /**
+         * Whether to use partial indexes for tenant_id
+         */
+        usePartialIndexes: zod_1.z.boolean().default(true).describe('Use partial indexes per tenant'),
+        /**
+         * Whether to use table partitioning
+         */
+        usePartitioning: zod_1.z.boolean().default(false).describe('Use table partitioning by tenant_id'),
+        /**
+         * Connection pool size per tenant
+         */
+        poolSizePerTenant: zod_1.z.number().int().positive().optional().describe('Connection pool size per tenant'),
+    }).optional().describe('Performance settings'),
+});
+/**
+ * Schema-Level Isolation Strategy (isolated_schema)
+ *
+ * Recommended for: Enterprise SaaS, B2B platforms with compliance needs
+ *
+ * IMPLEMENTATION:
+ * - All tenants share the same database server
+ * - Each tenant has a separate database schema
+ * - Schema name typically: tenant_<tenant_id>
+ * - Application switches schema using SET search_path
+ *
+ * ADVANTAGES:
+ * ✅ Better isolation than row-level (schema boundaries)
+ * ✅ Easier to debug (separate schemas)
+ * ✅ Can grant different database permissions per schema
+ * ✅ Reduced risk of data leakage
+ * ✅ Performance isolation (indexes, statistics per schema)
+ * ✅ Simplified queries (no tenant_id filtering needed)
+ *
+ * DISADVANTAGES:
+ * ❌ More complex backups (must backup all schemas)
+ * ❌ Higher migration costs (schema changes across all tenants)
+ * ❌ Schema proliferation (PostgreSQL has limits)
+ * ❌ Connection overhead (switching schemas)
+ * ❌ More complex monitoring and maintenance
+ *
+ * SECURITY CONSIDERATIONS:
+ * - Ensure proper schema permissions (GRANT USAGE ON SCHEMA)
+ * - Validate schema name to prevent SQL injection
+ * - Implement connection-level schema switching
+ * - Audit schema access patterns
+ * - Prevent cross-schema queries in application
+ *
+ * EXAMPLE IMPLEMENTATION (PostgreSQL):
+ * ```sql
+ * -- Create tenant schema
+ * CREATE SCHEMA tenant_123;
+ *
+ * -- Grant access
+ * GRANT USAGE ON SCHEMA tenant_123 TO app_user;
+ *
+ * -- Switch to tenant schema
+ * SET search_path TO tenant_123, public;
+ * ```
+ */
+exports.SchemaLevelIsolationStrategySchema = zod_1.z.object({
+    strategy: zod_1.z.literal('isolated_schema').describe('Schema-level isolation strategy'),
+    /**
+     * Schema configuration
+     */
+    schema: zod_1.z.object({
+        /**
+         * Schema naming pattern
+         * Use {tenant_id} as placeholder (must contain only alphanumeric and underscores)
+         * The tenant_id will be sanitized before substitution to prevent SQL injection
+         */
+        namingPattern: zod_1.z.string().default('tenant_{tenant_id}').describe('Schema naming pattern'),
+        /**
+         * Whether to include public schema in search_path
+         */
+        includePublicSchema: zod_1.z.boolean().default(true).describe('Include public schema'),
+        /**
+         * Default schema for shared resources
+         */
+        sharedSchema: zod_1.z.string().default('public').describe('Schema for shared resources'),
+        /**
+         * Whether to automatically create schema on tenant creation
+         */
+        autoCreateSchema: zod_1.z.boolean().default(true).describe('Auto-create schema'),
+    }).optional().describe('Schema configuration'),
+    /**
+     * Migration configuration
+     */
+    migrations: zod_1.z.object({
+        /**
+         * Migration strategy
+         */
+        strategy: zod_1.z.enum([
+            'parallel', // Run migrations on all schemas in parallel
+            'sequential', // Run migrations one schema at a time
+            'on_demand', // Run migrations when tenant accesses system
+        ]).default('parallel').describe('Migration strategy'),
+        /**
+         * Maximum concurrent migrations
+         */
+        maxConcurrent: zod_1.z.number().int().positive().default(10).describe('Max concurrent migrations'),
+        /**
+         * Whether to rollback on first failure
+         */
+        rollbackOnError: zod_1.z.boolean().default(true).describe('Rollback on error'),
+    }).optional().describe('Migration configuration'),
+    /**
+     * Performance optimization settings
+     */
+    performance: zod_1.z.object({
+        /**
+         * Whether to use connection pooling per schema
+         */
+        poolPerSchema: zod_1.z.boolean().default(false).describe('Separate pool per schema'),
+        /**
+         * Schema cache TTL in seconds
+         */
+        schemaCacheTTL: zod_1.z.number().int().positive().default(3600).describe('Schema cache TTL'),
+    }).optional().describe('Performance settings'),
+});
+/**
+ * Database-Level Isolation Strategy (isolated_db)
+ *
+ * Recommended for: Regulated industries (healthcare, finance), strict compliance requirements
+ *
+ * IMPLEMENTATION:
+ * - Each tenant has a completely separate database
+ * - Database name typically: tenant_<tenant_id>
+ * - Requires separate connection pool per tenant
+ * - Complete physical and logical isolation
+ *
+ * ADVANTAGES:
+ * ✅ Perfect data isolation (strongest security)
+ * ✅ Meets strict regulatory requirements (HIPAA, SOX, PCI-DSS)
+ * ✅ Complete performance isolation (no noisy neighbors)
+ * ✅ Can place databases on different hardware
+ * ✅ Easy to backup/restore individual tenant
+ * ✅ Simplified compliance auditing per tenant
+ * ✅ Can apply different encryption keys per database
+ *
+ * DISADVANTAGES:
+ * ❌ Most expensive option (resource overhead)
+ * ❌ Complex database server management (many databases)
+ * ❌ Connection pool limits (max connections per server)
+ * ❌ Difficult cross-tenant analytics
+ * ❌ Higher operational complexity
+ * ❌ Schema migrations take longer (many databases)
+ *
+ * SECURITY CONSIDERATIONS:
+ * - Each database can have separate credentials
+ * - Enables per-tenant encryption at rest
+ * - Simplifies compliance and audit trails
+ * - Prevents any cross-tenant data access
+ * - Supports tenant-specific backup schedules
+ *
+ * EXAMPLE IMPLEMENTATION (PostgreSQL):
+ * ```sql
+ * -- Create tenant database
+ * CREATE DATABASE tenant_123
+ *   WITH OWNER = tenant_123_user
+ *   ENCODING = 'UTF8'
+ *   LC_COLLATE = 'en_US.UTF-8'
+ *   LC_CTYPE = 'en_US.UTF-8';
+ *
+ * -- Connect to tenant database
+ * \c tenant_123
+ * ```
+ */
+exports.DatabaseLevelIsolationStrategySchema = zod_1.z.object({
+    strategy: zod_1.z.literal('isolated_db').describe('Database-level isolation strategy'),
+    /**
+     * Database configuration
+     */
+    database: zod_1.z.object({
+        /**
+         * Database naming pattern
+         * Use {tenant_id} as placeholder (must contain only alphanumeric and underscores)
+         * The tenant_id will be sanitized before substitution to prevent SQL injection
+         */
+        namingPattern: zod_1.z.string().default('tenant_{tenant_id}').describe('Database naming pattern'),
+        /**
+         * Database server/cluster assignment strategy
+         */
+        serverStrategy: zod_1.z.enum([
+            'shared', // All tenant databases on same server
+            'sharded', // Tenant databases distributed across servers
+            'dedicated', // Each tenant gets dedicated server (enterprise)
+        ]).default('shared').describe('Server assignment strategy'),
+        /**
+         * Whether to use separate credentials per tenant
+         */
+        separateCredentials: zod_1.z.boolean().default(true).describe('Separate credentials per tenant'),
+        /**
+         * Whether to automatically create database on tenant creation
+         */
+        autoCreateDatabase: zod_1.z.boolean().default(true).describe('Auto-create database'),
+    }).optional().describe('Database configuration'),
+    /**
+     * Connection pooling configuration
+     */
+    connectionPool: zod_1.z.object({
+        /**
+         * Pool size per tenant database
+         */
+        poolSize: zod_1.z.number().int().positive().default(10).describe('Connection pool size'),
+        /**
+         * Maximum number of tenant pools to keep active
+         */
+        maxActivePools: zod_1.z.number().int().positive().default(100).describe('Max active pools'),
+        /**
+         * Idle pool timeout in seconds
+         */
+        idleTimeout: zod_1.z.number().int().positive().default(300).describe('Idle pool timeout'),
+        /**
+         * Whether to use connection pooler (PgBouncer, etc.)
+         */
+        usePooler: zod_1.z.boolean().default(true).describe('Use connection pooler'),
+    }).optional().describe('Connection pool configuration'),
+    /**
+     * Backup and restore configuration
+     */
+    backup: zod_1.z.object({
+        /**
+         * Backup strategy per tenant
+         */
+        strategy: zod_1.z.enum([
+            'individual', // Separate backup per tenant
+            'consolidated', // Combined backup with all tenants
+            'on_demand', // Backup only when requested
+        ]).default('individual').describe('Backup strategy'),
+        /**
+         * Backup frequency in hours
+         */
+        frequencyHours: zod_1.z.number().int().positive().default(24).describe('Backup frequency'),
+        /**
+         * Retention period in days
+         */
+        retentionDays: zod_1.z.number().int().positive().default(30).describe('Backup retention days'),
+    }).optional().describe('Backup configuration'),
+    /**
+     * Encryption configuration
+     */
+    encryption: zod_1.z.object({
+        /**
+         * Whether to use per-tenant encryption keys
+         */
+        perTenantKeys: zod_1.z.boolean().default(false).describe('Per-tenant encryption keys'),
+        /**
+         * Encryption algorithm
+         */
+        algorithm: zod_1.z.string().default('AES-256-GCM').describe('Encryption algorithm'),
+        /**
+         * Key management service
+         */
+        keyManagement: zod_1.z.enum(['aws_kms', 'azure_key_vault', 'gcp_kms', 'hashicorp_vault', 'custom']).optional().describe('Key management service'),
+    }).optional().describe('Encryption configuration'),
+});
+/**
+ * Tenant Isolation Configuration Schema
+ *
+ * Complete configuration for tenant isolation strategy.
+ * Supports all three isolation levels with detailed configuration options.
+ */
+exports.TenantIsolationConfigSchema = zod_1.z.discriminatedUnion('strategy', [
+    exports.RowLevelIsolationStrategySchema,
+    exports.SchemaLevelIsolationStrategySchema,
+    exports.DatabaseLevelIsolationStrategySchema,
+]);
+/**
+ * Tenant Security Policy Schema
+ * Defines security policies and compliance requirements for tenants
+ */
+exports.TenantSecurityPolicySchema = zod_1.z.object({
+    /**
+     * Encryption requirements
+     */
+    encryption: zod_1.z.object({
+        /**
+         * Require encryption at rest
+         */
+        atRest: zod_1.z.boolean().default(true).describe('Require encryption at rest'),
+        /**
+         * Require encryption in transit
+         */
+        inTransit: zod_1.z.boolean().default(true).describe('Require encryption in transit'),
+        /**
+         * Require field-level encryption for sensitive data
+         */
+        fieldLevel: zod_1.z.boolean().default(false).describe('Require field-level encryption'),
+    }).optional().describe('Encryption requirements'),
+    /**
+     * Access control requirements
+     */
+    accessControl: zod_1.z.object({
+        /**
+         * Require multi-factor authentication
+         */
+        requireMFA: zod_1.z.boolean().default(false).describe('Require MFA'),
+        /**
+         * Require SSO/SAML authentication
+         */
+        requireSSO: zod_1.z.boolean().default(false).describe('Require SSO'),
+        /**
+         * IP whitelist
+         */
+        ipWhitelist: zod_1.z.array(zod_1.z.string()).optional().describe('Allowed IP addresses'),
+        /**
+         * Session timeout in seconds
+         */
+        sessionTimeout: zod_1.z.number().int().positive().default(3600).describe('Session timeout'),
+    }).optional().describe('Access control requirements'),
+    /**
+     * Audit and compliance requirements
+     */
+    compliance: zod_1.z.object({
+        /**
+         * Compliance standards to enforce
+         */
+        standards: zod_1.z.array(zod_1.z.enum([
+            'sox',
+            'hipaa',
+            'gdpr',
+            'pci_dss',
+            'iso_27001',
+            'fedramp',
+        ])).optional().describe('Compliance standards'),
+        /**
+         * Require audit logging for all operations
+         */
+        requireAuditLog: zod_1.z.boolean().default(true).describe('Require audit logging'),
+        /**
+         * Audit log retention period in days
+         */
+        auditRetentionDays: zod_1.z.number().int().positive().default(365).describe('Audit retention days'),
+        /**
+         * Data residency requirements
+         */
+        dataResidency: zod_1.z.object({
+            /**
+             * Required geographic region
+             */
+            region: zod_1.z.string().optional().describe('Required region (e.g., US, EU, APAC)'),
+            /**
+             * Prohibited regions
+             */
+            excludeRegions: zod_1.z.array(zod_1.z.string()).optional().describe('Prohibited regions'),
+        }).optional().describe('Data residency requirements'),
+    }).optional().describe('Compliance requirements'),
+});

package/dist/system/webhook.zod.d.ts CHANGED Viewed

@@ -36,8 +36,8 @@ export declare const WebhookSchema: z.ZodObject<{
     retryCount: number;
     isActive: boolean;
     label?: string | undefined;
-    secret?: string | undefined;
     headers?: Record<string, string> | undefined;
+    secret?: string | undefined;
     payloadFields?: string[] | undefined;
 }, {
     object: string;
@@ -45,9 +45,9 @@ export declare const WebhookSchema: z.ZodObject<{
     name: string;
     triggers: ("create" | "update" | "delete" | "api" | "undelete")[];
     label?: string | undefined;
-    secret?: string | undefined;
     method?: "GET" | "POST" | "PUT" | undefined;
     headers?: Record<string, string> | undefined;
+    secret?: string | undefined;
     payloadFields?: string[] | undefined;
     includeSession?: boolean | undefined;
     retryCount?: number | undefined;

package/dist/ui/action.zod.d.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { z } from 'zod';
 export declare const ActionParamSchema: z.ZodObject<{
     name: z.ZodString;
     label: z.ZodString;
-    type: z.ZodEnum<["text", "textarea", "email", "url", "phone", "password", "markdown", "html", "richtext", "number", "currency", "percent", "date", "datetime", "time", "boolean", "select", "lookup", "master_detail", "image", "file", "avatar", "formula", "summary", "autonumber", "location", "address", "code", "color", "rating", "signature"]>;
+    type: z.ZodEnum<["text", "textarea", "email", "url", "phone", "password", "markdown", "html", "richtext", "number", "currency", "percent", "date", "datetime", "time", "boolean", "select", "lookup", "master_detail", "image", "file", "avatar", "formula", "summary", "autonumber", "location", "geolocation", "address", "code", "color", "rating", "slider", "signature", "qrcode"]>;
     required: z.ZodDefault<z.ZodBoolean>;
     options: z.ZodOptional<z.ZodArray<z.ZodObject<{
         label: z.ZodString;
@@ -19,7 +19,7 @@ export declare const ActionParamSchema: z.ZodObject<{
         label: string;
     }>, "many">>;
 }, "strip", z.ZodTypeAny, {
-    type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "address" | "code" | "color" | "rating" | "signature";
+    type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "geolocation" | "address" | "code" | "color" | "rating" | "slider" | "signature" | "qrcode";
     label: string;
     name: string;
     required: boolean;
@@ -28,7 +28,7 @@ export declare const ActionParamSchema: z.ZodObject<{
         label: string;
     }[] | undefined;
 }, {
-    type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "address" | "code" | "color" | "rating" | "signature";
+    type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "geolocation" | "address" | "code" | "color" | "rating" | "slider" | "signature" | "qrcode";
     label: string;
     name: string;
     options?: {
@@ -60,7 +60,7 @@ export declare const ActionSchema: z.ZodObject<{
     params: z.ZodOptional<z.ZodArray<z.ZodObject<{
         name: z.ZodString;
         label: z.ZodString;
-        type: z.ZodEnum<["text", "textarea", "email", "url", "phone", "password", "markdown", "html", "richtext", "number", "currency", "percent", "date", "datetime", "time", "boolean", "select", "lookup", "master_detail", "image", "file", "avatar", "formula", "summary", "autonumber", "location", "address", "code", "color", "rating", "signature"]>;
+        type: z.ZodEnum<["text", "textarea", "email", "url", "phone", "password", "markdown", "html", "richtext", "number", "currency", "percent", "date", "datetime", "time", "boolean", "select", "lookup", "master_detail", "image", "file", "avatar", "formula", "summary", "autonumber", "location", "geolocation", "address", "code", "color", "rating", "slider", "signature", "qrcode"]>;
         required: z.ZodDefault<z.ZodBoolean>;
         options: z.ZodOptional<z.ZodArray<z.ZodObject<{
             label: z.ZodString;
@@ -73,7 +73,7 @@ export declare const ActionSchema: z.ZodObject<{
             label: string;
         }>, "many">>;
     }, "strip", z.ZodTypeAny, {
-        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "address" | "code" | "color" | "rating" | "signature";
+        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "geolocation" | "address" | "code" | "color" | "rating" | "slider" | "signature" | "qrcode";
         label: string;
         name: string;
         required: boolean;
@@ -82,7 +82,7 @@ export declare const ActionSchema: z.ZodObject<{
             label: string;
         }[] | undefined;
     }, {
-        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "address" | "code" | "color" | "rating" | "signature";
+        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "geolocation" | "address" | "code" | "color" | "rating" | "slider" | "signature" | "qrcode";
         label: string;
         name: string;
         options?: {
@@ -98,13 +98,13 @@ export declare const ActionSchema: z.ZodObject<{
     /** Access */
     visible: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
-    type: "url" | "script" | "api" | "flow" | "modal";
+    type: "url" | "script" | "api" | "modal" | "flow";
     label: string;
     name: string;
     refreshAfter: boolean;
     location?: any;
     params?: {
-        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "address" | "code" | "color" | "rating" | "signature";
+        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "geolocation" | "address" | "code" | "color" | "rating" | "slider" | "signature" | "qrcode";
         label: string;
         name: string;
         required: boolean;
@@ -125,7 +125,7 @@ export declare const ActionSchema: z.ZodObject<{
     name: string;
     location?: any;
     params?: {
-        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "address" | "code" | "color" | "rating" | "signature";
+        type: "number" | "boolean" | "text" | "textarea" | "email" | "url" | "phone" | "password" | "markdown" | "html" | "richtext" | "currency" | "percent" | "date" | "datetime" | "time" | "select" | "lookup" | "master_detail" | "image" | "file" | "avatar" | "formula" | "summary" | "autonumber" | "location" | "geolocation" | "address" | "code" | "color" | "rating" | "slider" | "signature" | "qrcode";
         label: string;
         name: string;
         options?: {
@@ -134,7 +134,7 @@ export declare const ActionSchema: z.ZodObject<{
         }[] | undefined;
         required?: boolean | undefined;
     }[] | undefined;
-    type?: "url" | "script" | "api" | "flow" | "modal" | undefined;
+    type?: "url" | "script" | "api" | "modal" | "flow" | undefined;
     icon?: string | undefined;
     target?: string | undefined;
     execute?: string | undefined;

package/dist/ui/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * UI Protocol Exports
+ *
+ * Presentation & Interaction
+ * - App, Page, View (Grid/Kanban)
+ * - Dashboard (Widgets), Report
+ * - Action (Triggers)
+ */
+export * from './app.zod';
+export * from './view.zod';
+export * from './dashboard.zod';
+export * from './report.zod';
+export * from './action.zod';
+export * from './page.zod';
+export * from './widget.zod';
+export * from './theme.zod';
+//# sourceMappingURL=index.d.ts.map

package/dist/ui/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ui/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC"}