openxiangda 1.0.138 → 1.0.140

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -40,7 +40,7 @@ OpenXiangda supports two workspace modes. Classic `sy-lowcode-app-workspace` pub
40
40
  ### Hard rules — always
41
41
 
42
42
  - ✅ Publish classic workspaces through `openxiangda workspace publish --profile <name>`; publish React SPA forms first with `openxiangda workspace publish --form <formCode>`, then resources/runtime through `openxiangda resource validate` → `openxiangda resource publish --dry-run` → `openxiangda resource publish` → `openxiangda runtime deploy`.
43
- - ✅ High-risk changes must be attached to SDD records before implementation/publish. Run `openxiangda sdd context --json`; for forms/pages/resources/functions/automations/workflows/JS_CODE/runtime/config changes create or continue `openxiangda sdd propose <change>`, wait for user confirmation, run `openxiangda sdd approve <change>`, then verify with `openxiangda sdd verify <change> --changed`.
43
+ - ✅ High-risk changes must be attached to OpenXiangda SDD v2 records before implementation/publish. Run `openxiangda sdd context --json`; for forms/pages/resources/functions/automations/workflows/JS_CODE/runtime/config changes create or continue `openxiangda sdd propose <change>`, wait for user confirmation, run `openxiangda sdd approve <change>`, then complete `coverage.json`, `release.json`, `evidence.md`, and `tasks.md` before `openxiangda sdd verify <change> --changed`.
44
44
  - ✅ Before publishing AI-authored changes, run `openxiangda workspace plan --changed --json` and `openxiangda workspace check --changed`. Fix reported fake IDs, fallback data, direct `/openxiangda-api` page calls, missing schema, or resource/runtime omissions before publish.
45
45
  - ✅ When unsure about runtime response shape, run `openxiangda contract explain <contract-name> --json`. `sdk.form.create` returns identifiers and generated serial number values only; fetch detail explicitly for full row data, formula results, or other server-generated fields.
46
46
  - ✅ Architecture-class requests are plan-gated by default. For 新应用、复杂页面、登录注册、公开访问、权限数据范围、流程自动化、连接器/通知、外部集成, first run `openxiangda doctor --json` when a workspace exists and `openxiangda design gates --topic <code> --json`; then ask the user to confirm the design. Before confirmation, only read files, inspect/snapshot, dry-run, ask questions, and write/output design docs. Do not edit source files, write platform resources, send notifications, publish, or deploy.
@@ -162,9 +162,11 @@ Default semantics:
162
162
  - Authorization source rows should include an explicit status/enabled field and
163
163
  grant sources should use `filterJson` or `enabledField` so drafts, disabled
164
164
  rows, or rejected assignments are not materialized.
165
- - Source forms must have a sync path. `sync: true` on the manifest runs during
166
- publish; runtime changes need an automation/App Function or platform API call
167
- that resyncs the affected grant source after create/update/delete.
165
+ - Source authorization forms are synced by the platform after form
166
+ create/update/delete/import when the grant source uses the default
167
+ `syncMode: "on_write"`. Use `syncMode: "manual"` only for externally
168
+ maintained sources or unusual bulk jobs; `sync: true` still performs an
169
+ immediate full sync during resource publish.
168
170
  - Policy target fields should normally be hidden scalar keys. If targeting a
169
171
  JSONB option/person/department field directly, declare `valuePath: "value"` or
170
172
  `componentType`; multi-value fields should be normalized into a scalar key or
@@ -260,6 +260,7 @@ Declare scope resources:
260
260
  { "field": "status", "op": "eq", "value": "enabled" }
261
261
  ]
262
262
  },
263
+ "syncMode": "on_write",
263
264
  "sync": true
264
265
  }
265
266
  ```
@@ -354,10 +355,11 @@ Default runtime semantics:
354
355
  - `filterJson` filters authorization source rows before materializing grants.
355
356
  Use it for enabled/approved/effective authorization rows; unsupported filter
356
357
  operations do not match.
357
- - Source authorization forms must be synced after changes. For formal apps,
358
- create an automation/App Function that runs `openxiangda scope sync` or the
359
- equivalent platform API after authorization rows are created, updated, or
360
- deleted. Publishing with `"sync": true` only syncs during resource publish.
358
+ - Source authorization forms are synced by the platform after create/update/
359
+ delete/import when the grant source uses the default `syncMode: "on_write"`.
360
+ Use `syncMode: "manual"` only for externally maintained sources or unusual
361
+ bulk jobs that explicitly call `openxiangda scope sync`. Publishing with
362
+ `"sync": true` still performs an immediate full sync during resource publish.
361
363
  - App Function `ctx.form.queryOne/queryMany/getById` enforces the caller's view
362
364
  permission when there is a real current user. No matching view permission
363
365
  group means deny; backend system automations can still use trusted internal
@@ -334,6 +334,7 @@ Grant source:
334
334
  { "field": "status", "op": "eq", "value": "enabled" }
335
335
  ]
336
336
  },
337
+ "syncMode": "on_write",
337
338
  "sync": true
338
339
  }
339
340
  ```
@@ -373,9 +374,12 @@ Data View permission groups use the same `dataPermission` object inside
373
374
  default; large grant sets use DB `EXISTS` instead of huge `IN` SQL. Prefer
374
375
  hidden scalar target fields such as `collegeCode`; if the target is a JSONB
375
376
  option/person/department field, set `valuePath: "value"` or `componentType`.
376
- Runtime changes to the authorization source form need an automation/App
377
- Function or explicit platform API call to resync the grant source; manifest
378
- `sync: true` only runs during resource publish.
377
+ Authorization source form changes are synced by the platform after
378
+ create/update/delete/import when the grant source uses the default
379
+ `syncMode: "on_write"`. Use `syncMode: "manual"` only for externally maintained
380
+ sources or special bulk jobs that explicitly call `openxiangda scope sync`.
381
+ Manifest `sync: true` still performs an immediate full sync during resource
382
+ publish.
379
383
 
380
384
  ## 3. Connector — `src/resources/connectors/<code>.json`
381
385
 
@@ -19,10 +19,10 @@ description: Core OpenXiangda CLI workflow — normal-user token login, platform
19
19
  openxiangda env --profile <name>
20
20
  openxiangda auth status --profile <name>
21
21
  openxiangda update check --json # if updateAvailable: openxiangda update install
22
- openxiangda sdd context --json # high-risk changes need an approved SDD change
22
+ openxiangda sdd context --json # high-risk changes need an approved SDD v2 change
23
23
 
24
24
  # 2. preview the change set (NEVER skip --dry-run on routine edits)
25
- openxiangda sdd verify <change> --changed
25
+ openxiangda sdd verify <change> --changed # checks tasks, delta specs, coverage.json, release.json, evidence.md
26
26
  openxiangda workspace publish --profile <name> --changed --dry-run
27
27
 
28
28
  # 3. publish only what changed
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "openxiangda",
3
- "version": "1.0.138",
3
+ "version": "1.0.140",
4
4
  "description": "OpenXiangda CLI, workspace build tools, runtime SDK, and form components.",
5
5
  "private": false,
6
6
  "bin": {
@@ -21,7 +21,7 @@ This is an OpenXiangda React SPA workspace. See [AGENTS.md](mdc:AGENTS.md) for f
21
21
 
22
22
  - Writes and deploys must pass `--profile <name>` explicitly.
23
23
  - Architecture-class work is plan-gated: run `openxiangda design gates --topic <code> --json` and wait for confirmation.
24
- - High-risk changes must start with `openxiangda sdd context --json`, use an approved change, and run `openxiangda sdd verify <change> --changed` before release.
24
+ - High-risk changes must start with `openxiangda sdd context --json`, use an approved change, complete `coverage.json`, `release.json`, `evidence.md`, and `tasks.md`, then run `openxiangda sdd verify <change> --changed` before release.
25
25
  - Account/role/permission/RBAC/organization-account/query-param authorization work must run `openxiangda design gates --topic permissions --json`, choose `managed-platform-account`, `existing-platform-user-assignment`, `static-role-permission`, or `query-param-context`, and write the permission matrix.
26
26
  - Roles that create roles, assign members, grant API permissions, maintain permission groups, or manage organization accounts must declare `apiPermissionCodes`, such as `app:role:manage`, `app:page-permission-group:manage`, `app:form-permission-group:manage`, and `app:organization:manage`.
27
27
  - `src/resources/**` is the resource source of truth; use `validate -> plan -> publish`.
@@ -21,7 +21,7 @@ This is an OpenXiangda React SPA workspace. Read [AGENTS.md](AGENTS.md) for full
21
21
 
22
22
  - 发布和写平台资源必须显式传 `--profile <name>`。
23
23
  - 架构类需求先跑 `openxiangda design gates --topic <code> --json` 并等用户确认。
24
- - 高风险变更先跑 `openxiangda sdd context --json`,创建/继续 change,并在用户确认后 `openxiangda sdd approve <change>`;发布前 `openxiangda sdd verify <change> --changed`。
24
+ - 高风险变更先跑 `openxiangda sdd context --json`,创建/继续 change,并在用户确认后 `openxiangda sdd approve <change>`;发布前必须补齐 `coverage.json` / `release.json` / `evidence.md`、完成 `tasks.md`,再运行 `openxiangda sdd verify <change> --changed`。
25
25
  - 账号/角色/权限/RBAC/组织账号/查询参数授权需求先跑 `openxiangda design gates --topic permissions --json`,选择 `managed-platform-account` / `existing-platform-user-assignment` / `static-role-permission` / `query-param-context` 并输出权限矩阵。
26
26
  - 角色能新增角色、分配成员、授接口权限、维护权限组或管理组织账号时,角色资源必须声明 `apiPermissionCodes`,例如 `app:role:manage`、`app:page-permission-group:manage`、`app:form-permission-group:manage`、`app:organization:manage`。
27
27
  - `src/resources/**` 是工程化资源来源,正式多资源变更走 `validate -> plan -> publish`。
@@ -5,7 +5,7 @@
5
5
  ## 开发原则
6
6
 
7
7
  - 架构类需求默认只规划、不实现。新应用、复杂页面、登录注册、公开访问、权限数据范围、流程自动化、连接器/通知等需求,先运行 `openxiangda doctor --json` 和 `openxiangda design gates --topic <code> --json`,输出设计并等用户确认;确认前只允许读取、快照、dry-run、提问和写设计文档,不允许改源码、写平台、发布或发送通知。
8
- - 高风险变更必须挂到 SDD change。修改 `src/forms/**`、`src/pages/**`、`src/resources/**`、`src/functions/**`、`src/automations/**`、`src/workflows/**`、`src/js-code-nodes/**`、`src/runtime/**` 或 `app-workspace.config.ts` 前,先运行 `openxiangda sdd context --json`,没有合适 change 就 `openxiangda sdd propose <change>`,等用户确认后运行 `openxiangda sdd approve <change>` 再实现。发布前运行 `openxiangda sdd verify <change> --changed`、`openxiangda workspace check --changed`、`openxiangda resource plan --profile <name>`。
8
+ - 高风险变更必须挂到 SDD change。修改 `src/forms/**`、`src/pages/**`、`src/resources/**`、`src/functions/**`、`src/automations/**`、`src/workflows/**`、`src/js-code-nodes/**`、`src/runtime/**` 或 `app-workspace.config.ts` 前,先运行 `openxiangda sdd context --json`,没有合适 change 就 `openxiangda sdd propose <change>`,等用户确认后运行 `openxiangda sdd approve <change>` 再实现。`approve` 只代表允许进入实现;发布前必须补齐 `coverage.json` / `release.json` / `evidence.md`,完成 `tasks.md`,运行 `openxiangda sdd verify <change> --changed`、`openxiangda workspace check --changed`、`openxiangda resource plan --profile <name>`。
9
9
  - 账号、角色、权限、数据范围、组织账号、RBAC、查询参数授权需求必须先运行 `openxiangda design gates --topic permissions --json`,选择 `managed-platform-account` / `existing-platform-user-assignment` / `static-role-permission` / `query-param-context`,输出权限矩阵后再实现。
10
10
  - 应用角色如果要创建角色、分配角色成员、给角色授接口权限、维护页面/表单权限组或管理组织账号,必须在角色资源声明 `apiPermissionCodes`,例如 `app:role:manage`、`app:page-permission-group:manage`、`app:form-permission-group:manage`、`app:organization:manage`。
11
11
  - 默认用户界面保持克制:左侧应用导航、顶部账号信息、首页内容区域。
@@ -42,6 +42,7 @@ export default defineAppWorkspaceConfig({
42
42
  strictHighRisk:
43
43
  process.env.OPENXIANGDA_SDD_STRICT_HIGH_RISK === "false" ? false : true,
44
44
  path: process.env.OPENXIANGDA_SDD_PATH || "openspec",
45
+ schemaVersion: "openxiangda-sdd-v2",
45
46
  },
46
47
  },
47
48
  });
@@ -25,7 +25,7 @@ This is a `sy-lowcode-app-workspace` managed by the `openxiangda` CLI. See [AGEN
25
25
  ## Always
26
26
 
27
27
  - For routine edits, default to incremental publish: `workspace publish --profile <name> --changed --dry-run` then `--changed` or targeted `--page <code>` / `--form <code>`.
28
- - High-risk changes must use SDD first: `openxiangda sdd context --json` -> `openxiangda sdd propose <change>` -> user confirmation -> `openxiangda sdd approve <change>`; before release run `openxiangda sdd verify <change> --changed`.
28
+ - High-risk changes must use SDD first: `openxiangda sdd context --json` -> `openxiangda sdd propose <change>` -> user confirmation -> `openxiangda sdd approve <change>`; before release complete `coverage.json`, `release.json`, `evidence.md`, and `tasks.md`, then run `openxiangda sdd verify <change> --changed`.
29
29
  - Account/role/permission/RBAC/organization-account/query-param authorization work must choose a mode first: `managed-platform-account`, `existing-platform-user-assignment`, `static-role-permission`, or `query-param-context`, then write the permission matrix.
30
30
  - Roles that create roles, assign members, grant API permissions, maintain permission groups, or manage organization accounts must declare `apiPermissionCodes` in `src/resources/roles/<code>.json`, such as `app:role:manage`, `app:page-permission-group:manage`, `app:form-permission-group:manage`, and `app:organization:manage`.
31
31
  - Confirm current profile before any write: `openxiangda env --profile <name>`.
@@ -25,7 +25,7 @@ This is a `sy-lowcode-app-workspace` managed by the `openxiangda` CLI. Read [AGE
25
25
  ## Always
26
26
 
27
27
  - 单文件改动默认增量发布:先 `workspace publish --profile <name> --changed --dry-run`,再 `--changed` 或 `--page <code>` / `--form <code>`。
28
- - 高风险变更先走 SDD:`openxiangda sdd context --json` → `openxiangda sdd propose <change>` → 用户确认 → `openxiangda sdd approve <change>`;发布前 `openxiangda sdd verify <change> --changed`。
28
+ - 高风险变更先走 SDD:`openxiangda sdd context --json` → `openxiangda sdd propose <change>` → 用户确认 → `openxiangda sdd approve <change>`;发布前必须补齐 `coverage.json` / `release.json` / `evidence.md`、完成 `tasks.md`,再运行 `openxiangda sdd verify <change> --changed`。
29
29
  - 账号/角色/权限/RBAC/组织账号/查询参数授权需求先选权限模式:`managed-platform-account` / `existing-platform-user-assignment` / `static-role-permission` / `query-param-context`,并输出权限矩阵。
30
30
  - 角色能新增角色、分配成员、授接口权限、维护权限组或管理组织账号时,`src/resources/roles/<code>.json` 必须声明 `apiPermissionCodes`,例如 `app:role:manage`、`app:page-permission-group:manage`、`app:form-permission-group:manage`、`app:organization:manage`。
31
31
  - 任何写操作前确认当前 profile:`openxiangda env --profile <name>`。
@@ -9,7 +9,7 @@
9
9
 
10
10
  **架构类需求默认只规划、不实现。** 新应用、复杂页面、登录注册、公开访问、权限数据范围、流程自动化、连接器/通知等需求,先 `openxiangda doctor --json` + `openxiangda design gates --topic <code> --json`,输出设计并等待用户确认;确认前只允许读取、快照、dry-run、提问和写设计文档,不允许改源码、写平台、发布、部署或发送通知。
11
11
 
12
- **高风险变更必须挂到 SDD change。** 修改 `src/forms/**`、`src/pages/**`、`src/resources/**`、`src/functions/**`、`src/automations/**`、`src/workflows/**`、`src/js-code-nodes/**`、`src/runtime/**` 或 `app-workspace.config.ts` 前,先运行 `openxiangda sdd context --json`,没有合适 change 就 `openxiangda sdd propose <change>`,等用户确认后运行 `openxiangda sdd approve <change>` 再实现。发布前运行 `openxiangda sdd verify <change> --changed` 和 `openxiangda workspace check --changed`。
12
+ **高风险变更必须挂到 SDD change。** 修改 `src/forms/**`、`src/pages/**`、`src/resources/**`、`src/functions/**`、`src/automations/**`、`src/workflows/**`、`src/js-code-nodes/**`、`src/runtime/**` 或 `app-workspace.config.ts` 前,先运行 `openxiangda sdd context --json`,没有合适 change 就 `openxiangda sdd propose <change>`,等用户确认后运行 `openxiangda sdd approve <change>` 再实现。`approve` 只代表允许进入实现;发布前必须补齐 `coverage.json` / `release.json` / `evidence.md`,完成 `tasks.md`,运行 `openxiangda sdd verify <change> --changed` 和 `openxiangda workspace check --changed`。
13
13
 
14
14
  工作区内的 npm scripts(`publish:all` / `publish:oss` / `register`)已加 `_guard:publish` 守卫;缺少 `OPENXIANGDA_PROFILE` 环境变量时会立即 fail,提示重新走 CLI 入口。
15
15
 
@@ -36,7 +36,7 @@
36
36
 
37
37
  - ✅ 先 preflight:`openxiangda env --profile <name>` + `openxiangda auth status --profile <name>` + `openxiangda update check --json`。
38
38
  - ✅ 架构类需求先 plan gate:`openxiangda doctor --profile <name> --json` + `openxiangda design gates --topic <code> --json`,用户确认后再实现。
39
- - ✅ 高风险变更先 SDD gate:`openxiangda sdd context --json` → `openxiangda sdd propose <change>` → 用户确认 → `openxiangda sdd approve <change>`。
39
+ - ✅ 高风险变更先 SDD gate:`openxiangda sdd context --json` → `openxiangda sdd propose <change>` → 用户确认 → `openxiangda sdd approve <change>` → 补齐 `coverage.json` / `release.json` / `evidence.md` → `openxiangda sdd verify <change> --changed`。
40
40
  - ✅ 涉及账号、角色、权限、数据范围、组织账号、RBAC、查询参数授权时,先跑 `openxiangda design gates --topic permissions --json`,选择 `managed-platform-account` / `existing-platform-user-assignment` / `static-role-permission` / `query-param-context`,并输出权限矩阵后再改资源。
41
41
  - ✅ 某个应用角色如果要创建角色、分配角色成员、给角色授接口权限、维护页面/表单权限组或管理组织账号,必须在 `src/resources/roles/<code>.json` 声明 `apiPermissionCodes`,例如 `app:role:manage`、`app:page-permission-group:manage`、`app:form-permission-group:manage`、`app:organization:manage`。
42
42
  - ✅ 单文件改动默认增量发布:`workspace publish --profile <name> --changed --dry-run` → `--changed` / `--page` / `--form`。
@@ -83,7 +83,7 @@ sy-lowcode-app-workspace/
83
83
  ├── AGENTS.md # 本文件
84
84
  ├── .qoder/rules/openxiangda.md # Qoder always-on 项目规则
85
85
  ├── .cursor/rules/openxiangda.mdc # Cursor always-on 项目规则
86
- ├── openspec/ # SDD specs / changes / archive
86
+ ├── openspec/ # SDD v2 specs / changes / coverage / release / archive
87
87
  ├── .openxiangda/state.json # profile → appType → 资源 ID 的权威映射(CLI 维护)
88
88
  ├── app-workspace.config.ts
89
89
  ├── package.json # publish:all/publish:oss/register 都被 _guard:publish 守卫
@@ -43,6 +43,7 @@ export default defineAppWorkspaceConfig({
43
43
  strictHighRisk:
44
44
  process.env.OPENXIANGDA_SDD_STRICT_HIGH_RISK === "false" ? false : true,
45
45
  path: process.env.OPENXIANGDA_SDD_PATH || "openspec",
46
+ schemaVersion: "openxiangda-sdd-v2",
46
47
  },
47
48
  },
48
49
  });
@@ -39,6 +39,7 @@ export interface AppWorkspaceConfig {
39
39
  enabled?: boolean;
40
40
  strictHighRisk?: boolean;
41
41
  path?: string;
42
+ schemaVersion?: "openxiangda-sdd-v2" | string;
42
43
  };
43
44
  };
44
45
  }