@objectstack/spec 0.3.2 → 0.4.1

package/dist/permission/sharing.zod.d.ts

@@ -0,0 +1,146 @@
+import { z } from 'zod';
+/**
+ * Organization-Wide Defaults (OWD)
+ * The baseline security posture for an object.
+ */
+export declare const OWDModel: z.ZodEnum<["private", "public_read", "public_read_write", "controlled_by_parent"]>;
+/**
+ * Sharing Rule Type
+ * How is the data shared?
+ */
+export declare const SharingRuleType: z.ZodEnum<["owner", "criteria"]>;
+/**
+ * Sharing Level
+ * What access is granted?
+ */
+export declare const SharingLevel: z.ZodEnum<["read", "edit", "full"]>;
+/**
+ * Recipient Type
+ * Who receives the access?
+ */
+export declare const ShareRecipientType: z.ZodEnum<["user", "group", "role", "role_and_subordinates", "guest"]>;
+/**
+ * 1. Criteria-Based Sharing Rule
+ * Share records that meet specific field criteria.
+ */
+export declare const CriteriaSharingRuleSchema: z.ZodObject<{
+    name: z.ZodString;
+    label: z.ZodOptional<z.ZodString>;
+    description: z.ZodOptional<z.ZodString>;
+    object: z.ZodString;
+    active: z.ZodDefault<z.ZodBoolean>;
+    accessLevel: z.ZodDefault<z.ZodEnum<["read", "edit", "full"]>>;
+    sharedWith: z.ZodObject<{
+        type: z.ZodEnum<["user", "group", "role", "role_and_subordinates", "guest"]>;
+        value: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    }, {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    }>;
+} & {
+    type: z.ZodLiteral<"criteria">;
+    condition: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    object: string;
+    type: "criteria";
+    name: string;
+    active: boolean;
+    condition: string;
+    accessLevel: "full" | "read" | "edit";
+    sharedWith: {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    };
+    label?: string | undefined;
+    description?: string | undefined;
+}, {
+    object: string;
+    type: "criteria";
+    name: string;
+    condition: string;
+    sharedWith: {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    };
+    label?: string | undefined;
+    description?: string | undefined;
+    active?: boolean | undefined;
+    accessLevel?: "full" | "read" | "edit" | undefined;
+}>;
+/**
+ * 2. Owner-Based Sharing Rule
+ * Share records owned by a specific group of users.
+ */
+export declare const OwnerSharingRuleSchema: z.ZodObject<{
+    name: z.ZodString;
+    label: z.ZodOptional<z.ZodString>;
+    description: z.ZodOptional<z.ZodString>;
+    object: z.ZodString;
+    active: z.ZodDefault<z.ZodBoolean>;
+    accessLevel: z.ZodDefault<z.ZodEnum<["read", "edit", "full"]>>;
+    sharedWith: z.ZodObject<{
+        type: z.ZodEnum<["user", "group", "role", "role_and_subordinates", "guest"]>;
+        value: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    }, {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    }>;
+} & {
+    type: z.ZodLiteral<"owner">;
+    ownedBy: z.ZodObject<{
+        type: z.ZodEnum<["user", "group", "role", "role_and_subordinates", "guest"]>;
+        value: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    }, {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    }>;
+}, "strip", z.ZodTypeAny, {
+    object: string;
+    type: "owner";
+    name: string;
+    active: boolean;
+    accessLevel: "full" | "read" | "edit";
+    sharedWith: {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    };
+    ownedBy: {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    };
+    label?: string | undefined;
+    description?: string | undefined;
+}, {
+    object: string;
+    type: "owner";
+    name: string;
+    sharedWith: {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    };
+    ownedBy: {
+        value: string;
+        type: "user" | "group" | "role" | "role_and_subordinates" | "guest";
+    };
+    label?: string | undefined;
+    description?: string | undefined;
+    active?: boolean | undefined;
+    accessLevel?: "full" | "read" | "edit" | undefined;
+}>;
+/**
+ * Master Sharing Rule Schema
+ */
+export declare const SharingRuleSchema: z.ZodType<any>;
+export type SharingRule = z.infer<typeof SharingRuleSchema>;
+export type CriteriaSharingRule = z.infer<typeof CriteriaSharingRuleSchema>;
+export type OwnerSharingRule = z.infer<typeof OwnerSharingRuleSchema>;
+//# sourceMappingURL=sharing.zod.d.ts.map

package/dist/permission/sharing.zod.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sharing.zod.d.ts","sourceRoot":"","sources":["../../src/permission/sharing.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;GAGG;AACH,eAAO,MAAM,QAAQ,oFAKnB,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,eAAe,kCAG1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,YAAY,qCAIvB,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB,wEAM7B,CAAC;AA0BH;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAGpC,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMjC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAG3C,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC"}

package/dist/permission/sharing.zod.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SharingRuleSchema = exports.OwnerSharingRuleSchema = exports.CriteriaSharingRuleSchema = exports.ShareRecipientType = exports.SharingLevel = exports.SharingRuleType = exports.OWDModel = void 0;
+const zod_1 = require("zod");
+/**
+ * Organization-Wide Defaults (OWD)
+ * The baseline security posture for an object.
+ */
+exports.OWDModel = zod_1.z.enum([
+    'private', // Only owner can see
+    'public_read', // Everyone can see, owner can edit
+    'public_read_write', // Everyone can see and edit
+    'controlled_by_parent' // Access derived from parent record (Master-Detail)
+]);
+/**
+ * Sharing Rule Type
+ * How is the data shared?
+ */
+exports.SharingRuleType = zod_1.z.enum([
+    'owner', // Based on record ownership (Role Hierarchy)
+    'criteria', // Based on field values (e.g. Status = 'Open')
+]);
+/**
+ * Sharing Level
+ * What access is granted?
+ */
+exports.SharingLevel = zod_1.z.enum([
+    'read', // Read Only
+    'edit', // Read / Write
+    'full' // Full Access (Transfer, Share, Delete)
+]);
+/**
+ * Recipient Type
+ * Who receives the access?
+ */
+exports.ShareRecipientType = zod_1.z.enum([
+    'user',
+    'group',
+    'role',
+    'role_and_subordinates',
+    'guest' // for public sharing
+]);
+/**
+ * Base Sharing Rule
+ * Common metadata for all sharing strategies.
+ */
+const BaseSharingRuleSchema = zod_1.z.object({
+    // Identification
+    name: zod_1.z.string().regex(/^[a-z_][a-z0-9_]*$/).describe('Unique rule name (snake_case)'),
+    label: zod_1.z.string().optional().describe('Human-readable label'),
+    description: zod_1.z.string().optional().describe('Administrative notes'),
+    // Scope
+    object: zod_1.z.string().describe('Target Object Name'),
+    active: zod_1.z.boolean().default(true),
+    // Access
+    accessLevel: exports.SharingLevel.default('read'),
+    // Recipient (Whom to share with)
+    sharedWith: zod_1.z.object({
+        type: exports.ShareRecipientType,
+        value: zod_1.z.string().describe('ID or Code of the User/Group/Role'),
+    }).describe('The recipient of the shared access'),
+});
+/**
+ * 1. Criteria-Based Sharing Rule
+ * Share records that meet specific field criteria.
+ */
+exports.CriteriaSharingRuleSchema = BaseSharingRuleSchema.extend({
+    type: zod_1.z.literal('criteria'),
+    condition: zod_1.z.string().describe('Formula condition (e.g. "department = \'Sales\'")'),
+});
+/**
+ * 2. Owner-Based Sharing Rule
+ * Share records owned by a specific group of users.
+ */
+exports.OwnerSharingRuleSchema = BaseSharingRuleSchema.extend({
+    type: zod_1.z.literal('owner'),
+    ownedBy: zod_1.z.object({
+        type: exports.ShareRecipientType,
+        value: zod_1.z.string(),
+    }).describe('Source group/role whose records are being shared'),
+});
+/**
+ * Master Sharing Rule Schema
+ */
+exports.SharingRuleSchema = zod_1.z.discriminatedUnion('type', [
+    exports.CriteriaSharingRuleSchema,
+    exports.OwnerSharingRuleSchema
+]);

package/dist/{system → permission}/territory.zod.d.ts

@@ -39,6 +39,19 @@ export declare const TerritoryModelSchema: z.ZodObject<{
 /**
  * Territory Node Schema
  * A single node in the territory tree.
+ *
+ * **NAMING CONVENTION:**
+ * Territory names are machine identifiers and must be lowercase snake_case.
+ *
+ * @example Good territory names
+ * - 'west_coast'
+ * - 'emea_region'
+ * - 'healthcare_vertical'
+ * - 'strategic_accounts'
+ *
+ * @example Bad territory names (will be rejected)
+ * - 'WestCoast' (PascalCase)
+ * - 'West Coast' (spaces)
  */
 export declare const TerritorySchema: z.ZodObject<{
     /** Identity */

package/dist/permission/territory.zod.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"territory.zod.d.ts","sourceRoot":"","sources":["../../src/permission/territory.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;;;;;;;;;;;;GAcG;AAEH,eAAO,MAAM,aAAa,uEAKxB,CAAC;AAEH;;;;GAIG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;EAK/B,CAAC;AAEH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,eAAe;IAC1B,eAAe;;;IAIf,gBAAgB;;;;IAKhB;;;;OAIG;;IAGH;;;OAGG;;IAGH,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;EAInB,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AACxD,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}

package/dist/{system → permission}/territory.zod.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TerritorySchema = exports.TerritoryModelSchema = exports.TerritoryType = void 0;
 const zod_1 = require("zod");
+const identifiers_zod_1 = require("../shared/identifiers.zod");
 /**
  * Territory Management Protocol
  * Defines a matrix reporting structure that exists parallel to the Role Hierarchy.
@@ -37,10 +38,23 @@ exports.TerritoryModelSchema = zod_1.z.object({
 /**
  * Territory Node Schema
  * A single node in the territory tree.
+ *
+ * **NAMING CONVENTION:**
+ * Territory names are machine identifiers and must be lowercase snake_case.
+ *
+ * @example Good territory names
+ * - 'west_coast'
+ * - 'emea_region'
+ * - 'healthcare_vertical'
+ * - 'strategic_accounts'
+ *
+ * @example Bad territory names (will be rejected)
+ * - 'WestCoast' (PascalCase)
+ * - 'West Coast' (spaces)
  */
 exports.TerritorySchema = zod_1.z.object({
     /** Identity */
-    name: zod_1.z.string().regex(/^[a-z_][a-z0-9_]*$/),
+    name: identifiers_zod_1.SnakeCaseIdentifierSchema.describe('Territory unique name (lowercase snake_case)'),
     label: zod_1.z.string().describe('Territory Label (e.g. "West Coast")'),
     /** Structure */
     modelId: zod_1.z.string().describe('Belongs to which Territory Model'),

package/dist/shared/identifiers.zod.d.ts

@@ -0,0 +1,87 @@
+import { z } from 'zod';
+/**
+ * System Identifier Schema
+ *
+ * Universal naming convention for all machine identifiers (API Names) in ObjectStack.
+ * Enforces lowercase with underscores or dots to ensure:
+ * - Cross-platform compatibility (case-insensitive filesystems)
+ * - URL-friendliness (no encoding needed)
+ * - Database consistency (no collation issues)
+ * - Security (no case-sensitivity bugs in permission checks)
+ *
+ * **Applies to all metadata that acts as a machine identifier:**
+ * - Object names (tables/collections)
+ * - Field names
+ * - Role names
+ * - Permission set names
+ * - Action/trigger names
+ * - Event keys
+ * - App IDs
+ * - Menu/page IDs
+ * - Select option values
+ * - Workflow names
+ * - Webhook names
+ *
+ * **Naming Convention Summary:**
+ * | Type | Pattern | Example |
+ * |------|---------|---------|
+ * | Machine ID | snake_case | `crm_account`, `btn_submit`, `role_admin` |
+ * | Event keys | dot.notation | `user.login`, `order.created` |
+ * | Labels | Any case | `Client Account`, `Submit Form` |
+ *
+ * @example Valid identifiers
+ * - 'account'
+ * - 'crm_account'
+ * - 'user_profile'
+ * - 'order.created' (for events)
+ * - 'api_v2_endpoint'
+ *
+ * @example Invalid identifiers (will be rejected)
+ * - 'Account' (uppercase)
+ * - 'CrmAccount' (camelCase)
+ * - 'crm-account' (kebab-case - use underscore instead)
+ * - 'user profile' (spaces)
+ */
+export declare const SystemIdentifierSchema: z.ZodString;
+/**
+ * Strict Snake Case Identifier
+ *
+ * More restrictive than SystemIdentifierSchema - only allows underscores (no dots).
+ * Use this for identifiers that should NOT contain dots (e.g., database table/column names).
+ *
+ * @example Valid
+ * - 'account'
+ * - 'crm_account'
+ * - 'user_profile'
+ *
+ * @example Invalid
+ * - 'user.profile' (dots not allowed)
+ * - 'UserProfile' (uppercase)
+ */
+export declare const SnakeCaseIdentifierSchema: z.ZodString;
+/**
+ * Event Name Identifier
+ *
+ * Specialized identifier for event names that encourages dot notation.
+ * Used in event-driven systems, message queues, and webhooks.
+ *
+ * Pattern: `namespace.action` or `entity.event_type`
+ *
+ * @example Valid
+ * - 'user.created'
+ * - 'order.paid'
+ * - 'user.login_success'
+ * - 'alarm.high_cpu'
+ *
+ * @example Invalid
+ * - 'UserCreated' (camelCase)
+ * - 'user_created' (should use dots for namespacing)
+ */
+export declare const EventNameSchema: z.ZodString;
+/**
+ * Type Exports
+ */
+export type SystemIdentifier = z.infer<typeof SystemIdentifierSchema>;
+export type SnakeCaseIdentifier = z.infer<typeof SnakeCaseIdentifierSchema>;
+export type EventName = z.infer<typeof EventNameSchema>;
+//# sourceMappingURL=identifiers.zod.d.ts.map

package/dist/shared/identifiers.zod.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifiers.zod.d.ts","sourceRoot":"","sources":["../../src/shared/identifiers.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,eAAO,MAAM,sBAAsB,aAOkC,CAAC;AAEtE;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yBAAyB,aAOgC,CAAC;AAEvE;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,eAAe,aAO2C,CAAC;AAExE;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC"}

package/dist/shared/identifiers.zod.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventNameSchema = exports.SnakeCaseIdentifierSchema = exports.SystemIdentifierSchema = void 0;
+const zod_1 = require("zod");
+/**
+ * System Identifier Schema
+ *
+ * Universal naming convention for all machine identifiers (API Names) in ObjectStack.
+ * Enforces lowercase with underscores or dots to ensure:
+ * - Cross-platform compatibility (case-insensitive filesystems)
+ * - URL-friendliness (no encoding needed)
+ * - Database consistency (no collation issues)
+ * - Security (no case-sensitivity bugs in permission checks)
+ *
+ * **Applies to all metadata that acts as a machine identifier:**
+ * - Object names (tables/collections)
+ * - Field names
+ * - Role names
+ * - Permission set names
+ * - Action/trigger names
+ * - Event keys
+ * - App IDs
+ * - Menu/page IDs
+ * - Select option values
+ * - Workflow names
+ * - Webhook names
+ *
+ * **Naming Convention Summary:**
+ * | Type | Pattern | Example |
+ * |------|---------|---------|
+ * | Machine ID | snake_case | `crm_account`, `btn_submit`, `role_admin` |
+ * | Event keys | dot.notation | `user.login`, `order.created` |
+ * | Labels | Any case | `Client Account`, `Submit Form` |
+ *
+ * @example Valid identifiers
+ * - 'account'
+ * - 'crm_account'
+ * - 'user_profile'
+ * - 'order.created' (for events)
+ * - 'api_v2_endpoint'
+ *
+ * @example Invalid identifiers (will be rejected)
+ * - 'Account' (uppercase)
+ * - 'CrmAccount' (camelCase)
+ * - 'crm-account' (kebab-case - use underscore instead)
+ * - 'user profile' (spaces)
+ */
+exports.SystemIdentifierSchema = zod_1.z
+    .string()
+    .min(2, { message: 'System identifier must be at least 2 characters' })
+    .regex(/^[a-z][a-z0-9_.]*$/, {
+    message: 'System identifier must be lowercase, starting with a letter, and may contain letters, numbers, underscores, or dots (e.g., "user_profile" or "order.created")',
+})
+    .describe('System identifier (lowercase with underscores or dots)');
+/**
+ * Strict Snake Case Identifier
+ *
+ * More restrictive than SystemIdentifierSchema - only allows underscores (no dots).
+ * Use this for identifiers that should NOT contain dots (e.g., database table/column names).
+ *
+ * @example Valid
+ * - 'account'
+ * - 'crm_account'
+ * - 'user_profile'
+ *
+ * @example Invalid
+ * - 'user.profile' (dots not allowed)
+ * - 'UserProfile' (uppercase)
+ */
+exports.SnakeCaseIdentifierSchema = zod_1.z
+    .string()
+    .min(2, { message: 'Identifier must be at least 2 characters' })
+    .regex(/^[a-z][a-z0-9_]*$/, {
+    message: 'Identifier must be lowercase snake_case, starting with a letter, and may contain only letters, numbers, and underscores (e.g., "user_profile")',
+})
+    .describe('Snake case identifier (lowercase with underscores only)');
+/**
+ * Event Name Identifier
+ *
+ * Specialized identifier for event names that encourages dot notation.
+ * Used in event-driven systems, message queues, and webhooks.
+ *
+ * Pattern: `namespace.action` or `entity.event_type`
+ *
+ * @example Valid
+ * - 'user.created'
+ * - 'order.paid'
+ * - 'user.login_success'
+ * - 'alarm.high_cpu'
+ *
+ * @example Invalid
+ * - 'UserCreated' (camelCase)
+ * - 'user_created' (should use dots for namespacing)
+ */
+exports.EventNameSchema = zod_1.z
+    .string()
+    .min(3, { message: 'Event name must be at least 3 characters' })
+    .regex(/^[a-z][a-z0-9_.]*$/, {
+    message: 'Event name must be lowercase with dots for namespacing (e.g., "user.created", "order.paid")',
+})
+    .describe('Event name (lowercase with dot notation for namespacing)');

package/dist/shared/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Shared Schemas and Utilities
+ * Common schemas used across multiple modules
+ */
+export * from './identifiers.zod';
+//# sourceMappingURL=index.d.ts.map

package/dist/shared/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,mBAAmB,CAAC"}

package/dist/shared/index.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * Shared Schemas and Utilities
+ * Common schemas used across multiple modules
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./identifiers.zod"), exports);