qdadm 0.36.0 → 0.38.0

package/src/composables/useCurrentEntity.js

@@ -1,44 +1,53 @@
 /**
- * useCurrentEntity - Share page entity data with navigation context
+ * useCurrentEntity - Share page entity data with navigation context (breadcrumb)
  *
- * When a page loads an entity (e.g., ProductDetailPage fetches a product),
- * it can call setCurrentEntity() to share that data with the navigation context.
- * This avoids a second fetch for breadcrumb display.
+ * When a page loads an entity, it calls setBreadcrumbEntity() to share
+ * the data with AppLayout for breadcrumb display.
  *
  * Usage in a detail page:
  * ```js
- * const { setCurrentEntity } = useCurrentEntity()
+ * const { setBreadcrumbEntity } = useCurrentEntity()
  *
  * async function loadProduct() {
  *   product.value = await productsManager.get(productId)
- *   setCurrentEntity(product.value)  // Share with navigation
+ *   setBreadcrumbEntity(product.value)  // Level 1 (main entity)
  * }
  * ```
  *
- * The navigation context (useNavContext) will use this data instead of
- * fetching the entity again for the breadcrumb.
+ * For nested routes with parent/child entities:
+ * ```js
+ * // Parent page loaded first
+ * setBreadcrumbEntity(book, 1)  // Level 1: the book
+ *
+ * // Child page
+ * setBreadcrumbEntity(loan, 2)  // Level 2: the loan under the book
+ * ```
  */
 import { inject } from 'vue'
 
 /**
- * Composable to share current page entity with navigation context
- * @returns {{ setCurrentEntity: (data: object) => void }}
+ * Composable to share page entity data with breadcrumb
+ * @returns {{ setBreadcrumbEntity: (data: object, level?: number) => void }}
  */
 export function useCurrentEntity() {
-  const currentEntityData = inject('qdadmCurrentEntityData', null)
+  const setBreadcrumbEntityFn = inject('qdadmSetBreadcrumbEntity', null)
 
   /**
-   * Set the current entity data for navigation context
-   * Call this after loading an entity to avoid double fetch
+   * Set entity data for breadcrumb at a specific level
    * @param {object} data - Entity data
+   * @param {number} level - Breadcrumb level (1 = main entity, 2 = child, etc.)
    */
-  function setCurrentEntity(data) {
-    if (currentEntityData) {
-      currentEntityData.value = data
+  function setBreadcrumbEntity(data, level = 1) {
+    if (setBreadcrumbEntityFn) {
+      setBreadcrumbEntityFn(data, level)
     }
   }
 
+  // Backwards compat alias
+  const setCurrentEntity = (data) => setBreadcrumbEntity(data, 1)
+
   return {
-    setCurrentEntity
+    setBreadcrumbEntity,
+    setCurrentEntity  // deprecated alias
   }
 }

package/src/composables/useForm.js

@@ -65,6 +65,7 @@
 import { ref, computed, watch, onMounted, inject, provide } from 'vue'
 import { useBareForm } from './useBareForm'
 import { useHooks } from './useHooks'
+import { useCurrentEntity } from './useCurrentEntity'
 import { deepClone } from '../utils/transformers'
 
 export function useForm(options = {}) {
@@ -93,6 +94,9 @@ export function useForm(options = {}) {
   // Get HookRegistry for form:alter hook (optional, may not exist in tests)
   const hooks = useHooks()
 
+  // Share entity data with navigation context (for breadcrumb)
+  const { setCurrentEntity } = useCurrentEntity()
+
   // Read config from manager with option overrides
   const routePrefix = options.routePrefix ?? manager.routePrefix
   const entityName = options.entityName ?? manager.label
@@ -241,6 +245,9 @@ export function useForm(options = {}) {
       originalData.value = deepClone(data)
       takeSnapshot()
 
+      // Share with navigation context for breadcrumb
+      setCurrentEntity(data)
+
       // Invoke form:alter hooks after data is loaded
       await invokeFormAlterHook()
 

package/src/composables/useFormPageBuilder.js

@@ -84,6 +84,7 @@ import { useConfirm } from 'primevue/useconfirm'
 import { useDirtyState } from './useDirtyState'
 import { useUnsavedChangesGuard } from './useUnsavedChangesGuard'
 import { useBreadcrumb } from './useBreadcrumb'
+import { useCurrentEntity } from './useCurrentEntity'
 import { registerGuardDialog, unregisterGuardDialog } from './useGuardStore'
 import { deepClone } from '../utils/transformers'
 import { onUnmounted } from 'vue'
@@ -133,6 +134,9 @@ export function useFormPageBuilder(config = {}) {
   // Provide entity context for child components (e.g., SeverityTag auto-discovery)
   provide('mainEntity', entity)
 
+  // Share entity data with navigation context (for breadcrumb)
+  const { setCurrentEntity } = useCurrentEntity()
+
   // Read config from manager with option overrides
   const entityName = config.entityName ?? manager.label
   const routePrefix = config.routePrefix ?? manager.routePrefix
@@ -258,6 +262,9 @@ export function useFormPageBuilder(config = {}) {
       originalData.value = deepClone(transformed)
       takeSnapshot()
 
+      // Share with navigation context for breadcrumb
+      setCurrentEntity(transformed)
+
       if (onLoadSuccess) {
         await onLoadSuccess(transformed)
       }

package/src/composables/useNavContext.js

@@ -27,7 +27,7 @@
  *   Path: /books/:bookId/loans/:id/edit   meta: { entity: 'loans', parent: { entity: 'books', param: 'bookId' } }
  *   → Home > Books > "Le Petit Prince" > Loans > "Loan #abc123"
  */
-import { ref, computed, watch, inject, unref } from 'vue'
+import { ref, computed, watch, inject } from 'vue'
 import { useRoute, useRouter } from 'vue-router'
 import { getSiblingRoutes } from '../module/moduleRegistry.js'
 
@@ -42,6 +42,12 @@ export function useNavContext(options = {}) {
   const orchestrator = inject('qdadmOrchestrator', null)
   const homeRouteName = inject('qdadmHomeRoute', null)
 
+  // Breadcrumb entity data - multi-level Map from AppLayout
+  // Updated by pages via setBreadcrumbEntity(data, level)
+  // Can be passed directly (for layout component that provides AND uses breadcrumb)
+  // or injected from parent (for child pages)
+  const breadcrumbEntities = options.breadcrumbEntities ?? inject('qdadmBreadcrumbEntities', null)
+
   // Entity data cache
   const entityDataCache = ref(new Map())
 
@@ -215,34 +221,42 @@ export function useNavContext(options = {}) {
    *
    * For PARENT items: always fetches from manager
    */
-  // Watch navChain and entityData ref (deep watch to catch value changes)
-  const entityDataRef = computed(() => options.entityData ? unref(options.entityData) : null)
-  watch([navChain, entityDataRef], async ([chain, externalData]) => {
+  // Watch navChain and breadcrumbEntities to populate chainData
+  // breadcrumbEntities is a ref to Map: level -> entityData (set by pages via setBreadcrumbEntity)
+  // Note: watch ref directly, not () => ref.value, for proper reactivity tracking
+  watch([navChain, breadcrumbEntities], async ([chain, entitiesMap]) => {
     // Build new Map (reassignment triggers Vue reactivity, Map.set() doesn't)
     const newChainData = new Map()
 
+    // Count item segments to determine their level (1-based)
+    let itemLevel = 0
+
     for (let i = 0; i < chain.length; i++) {
       const segment = chain[i]
       if (segment.type !== 'item') continue
 
+      itemLevel++
       const isLastItem = !chain.slice(i + 1).some(s => s.type === 'item')
 
-      // For the last item, use external data from page (don't fetch)
-      if (isLastItem) {
-        if (externalData) {
-          newChainData.set(i, externalData)
-        }
-        // If no externalData, breadcrumb will show "..." until page provides it
+      // Check if page provided data for this level via setBreadcrumbEntity
+      const providedData = entitiesMap?.get(itemLevel)
+      if (providedData) {
+        newChainData.set(i, providedData)
         continue
       }
 
-      // For parent items, fetch from manager
-      try {
-        const data = await segment.manager.get(segment.id)
-        newChainData.set(i, data)
-      } catch (e) {
-        console.warn(`[useNavContext] Failed to fetch ${segment.entity}:${segment.id}`, e)
+      // For items without provided data:
+      // - Last item: show "..." (page should call setBreadcrumbEntity)
+      // - Parent items: fetch from manager
+      if (!isLastItem) {
+        try {
+          const data = await segment.manager.get(segment.id)
+          newChainData.set(i, data)
+        } catch (e) {
+          console.warn(`[useNavContext] Failed to fetch ${segment.entity}:${segment.id}`, e)
+        }
       }
+      // Last item without data will show "..." in breadcrumb
     }
 
     // Assign new Map to trigger reactivity

package/src/core/index.js

@@ -11,9 +11,6 @@ export {
 
 export {
   createDecoratedManager,
-  withAuditLog as withAuditLogDecorator,
-  withSoftDelete as withSoftDeleteDecorator,
-  withTimestamps as withTimestampsDecorator,
   withValidation,
 } from './decorator.js'
 

package/src/debug/AuthCollector.js

@@ -40,9 +40,8 @@ export class AuthCollector extends Collector {
     this._ctx = null
     this._signalCleanups = []
     // Activity tracking for login/logout events
-    // Keep recent events to show stacked (last N events)
+    // Events auto-expire after TTL (no max limit)
     this._recentEvents = [] // Array of { type: 'login'|'logout', timestamp: Date, seen: boolean }
-    this._maxEvents = 5
     this._eventTtl = options.eventTtl ?? 60000 // Events expire after 60s by default
     this._expiryTimer = null
   }
@@ -97,6 +96,11 @@ export class AuthCollector extends Collector {
       this._addEvent('impersonate-stop', payload)
     })
     this._signalCleanups.push(impersonateStopCleanup)
+
+    const loginErrorCleanup = signals.on('auth:login:error', (payload) => {
+      this._addEvent('login-error', payload)
+    })
+    this._signalCleanups.push(loginErrorCleanup)
   }
 
   /**
@@ -113,23 +117,33 @@ export class AuthCollector extends Collector {
       seen: false,
       data
     })
-    // Keep only last N events
-    if (this._recentEvents.length > this._maxEvents) {
-      this._recentEvents.pop()
-    }
+    // Events auto-expire via TTL, no max limit
     this._scheduleExpiry()
     this.notifyChange()
   }
 
   /**
-   * Schedule event expiry check
+   * Schedule event expiry check based on oldest event
    * @private
    */
   _scheduleExpiry() {
-    if (this._expiryTimer) return // Already scheduled
+    // Clear existing timer
+    if (this._expiryTimer) {
+      clearTimeout(this._expiryTimer)
+      this._expiryTimer = null
+    }
+
+    if (this._recentEvents.length === 0) return
+
+    // Find the oldest event and calculate when it expires
+    const now = Date.now()
+    const oldest = this._recentEvents[this._recentEvents.length - 1]
+    const age = now - oldest.timestamp.getTime()
+    const delay = Math.max(100, this._eventTtl - age) // At least 100ms
+
     this._expiryTimer = setTimeout(() => {
       this._expireOldEvents()
-    }, this._eventTtl)
+    }, delay)
   }
 
   /**
@@ -225,32 +239,71 @@ export class AuthCollector extends Collector {
    * @returns {Array<object>} Auth info as entries
    */
   getEntries() {
-    if (!this._authAdapter) {
+    // Always get fresh authAdapter from ctx (may have updated state)
+    const authAdapter = this._ctx?.auth || this._ctx?.authAdapter || this._authAdapter
+    if (!authAdapter) {
       return [{ type: 'status', message: 'No auth adapter configured' }]
     }
 
     const entries = []
 
-    // User info
+    // User info with effective permissions
     try {
-      const user = this._authAdapter.getUser?.()
+      const user = authAdapter.getUser?.()
+      // Always get fresh security (created after collector install)
+      const securityChecker = this._ctx?.security || this._securityChecker
+
       if (user) {
+        // Check if impersonating (use fresh authAdapter)
+        const isImpersonating = authAdapter.isImpersonating?.() || false
+        const originalUser = isImpersonating ? authAdapter.getOriginalUser?.() : null
+
+        // Current User = the real logged in user (original when impersonating)
+        const realUser = originalUser || user
+        const realRoles = this._normalizeRoles(realUser.roles || realUser.role)
+        const realPermissions = this._getEffectivePermissions(securityChecker, realRoles)
+
         entries.push({
           type: 'user',
           label: 'Current User',
           data: {
-            id: user.id || user.userId,
-            username: user.username || user.name || user.email,
-            email: user.email,
-            roles: user.roles || [],
-            ...this._sanitizeUser(user)
+            id: realUser.id || realUser.userId,
+            username: realUser.username || realUser.name || realUser.email,
+            email: realUser.email,
+            roles: realRoles,
+            permissions: realPermissions
           }
         })
+
+        // Impersonated User (when active) - shown separately with type 'impersonated'
+        if (isImpersonating) {
+          const impersonatedRoles = this._normalizeRoles(user.roles || user.role)
+          const impersonatedPermissions = this._getEffectivePermissions(securityChecker, impersonatedRoles)
+
+          entries.push({
+            type: 'impersonated',
+            label: 'Impersonated User',
+            data: {
+              id: user.id || user.userId,
+              username: user.username || user.name || user.email,
+              roles: impersonatedRoles,
+              permissions: impersonatedPermissions  // These are the ACTIVE permissions!
+            }
+          })
+        }
       } else {
+        // Show anonymous role when not authenticated
+        const anonymousRole = securityChecker?.roleGranter?.getAnonymousRole?.() || 'ROLE_ANONYMOUS'
+        const effectivePermissions = this._getEffectivePermissions(securityChecker, [anonymousRole])
+
         entries.push({
-          type: 'status',
-          label: 'Status',
-          message: 'Not authenticated'
+          type: 'user',
+          label: 'Anonymous',
+          data: {
+            role: anonymousRole,
+            authenticated: false,
+            permissions: effectivePermissions
+          }
         })
       }
     } catch (e) {
@@ -263,7 +316,7 @@ export class AuthCollector extends Collector {
 
     // Token info
     try {
-      const token = this._authAdapter.getToken?.()
+      const token = authAdapter.getToken?.()
       if (token) {
         const decoded = this._decodeToken(token)
         entries.push({
@@ -281,14 +334,14 @@ export class AuthCollector extends Collector {
       // Token not available or decode failed
     }
 
-    // Permissions
+    // User's effective permissions (from authAdapter)
     try {
-      const permissions = this._authAdapter.getPermissions?.()
-      if (permissions && permissions.length > 0) {
+      const userPermissions = authAdapter.getPermissions?.()
+      if (userPermissions && userPermissions.length > 0) {
         entries.push({
-          type: 'permissions',
-          label: 'Permissions',
-          data: permissions
+          type: 'user-permissions',
+          label: 'User Permissions',
+          data: userPermissions
         })
       }
     } catch (e) {
@@ -318,23 +371,112 @@ export class AuthCollector extends Collector {
       // Security checker not available
     }
 
+    // Registered permissions from PermissionRegistry (flat list of all permission keys)
+    try {
+      // Try multiple paths to find permissionRegistry
+      const permissionRegistry = this._ctx?.permissionRegistry
+        || this._ctx?._kernel?.permissionRegistry
+        || this._ctx?.orchestrator?.kernel?.permissionRegistry
+      if (permissionRegistry && permissionRegistry.size > 0) {
+        // Get flat list of permission keys (e.g., ['entity:books:read', 'auth:impersonate'])
+        const permissions = permissionRegistry.getKeys()
+        entries.push({
+          type: 'permissions',
+          label: 'Permissions',
+          data: permissions
+        })
+      }
+    } catch (e) {
+      // Permission registry not available
+      console.warn('[AuthCollector] Error accessing permissionRegistry:', e)
+    }
+
     // Adapter info
     entries.push({
       type: 'adapter',
       label: 'Auth Adapter',
       data: {
-        type: this._authAdapter.constructor?.name || 'Unknown',
-        hasUser: !!this._authAdapter.getUser,
-        hasToken: !!this._authAdapter.getToken,
-        hasPermissions: !!this._authAdapter.getPermissions,
-        hasLogin: !!this._authAdapter.login,
-        hasLogout: !!this._authAdapter.logout
+        type: authAdapter.constructor?.name || 'Unknown',
+        hasUser: !!authAdapter.getUser,
+        hasToken: !!authAdapter.getToken,
+        hasPermissions: !!authAdapter.getPermissions,
+        hasLogin: !!authAdapter.login,
+        hasLogout: !!authAdapter.logout,
+        hasImpersonate: !!authAdapter.impersonate,
+        isImpersonating: authAdapter.isImpersonating?.() || false
       }
     })
 
     return entries
   }
 
+  /**
+   * Get effective permissions for a set of roles
+   * Uses SecurityChecker.getUserPermissions() which resolves hierarchy
+   *
+   * @param {object} securityChecker - SecurityChecker instance
+   * @param {string[]} roles - User's roles
+   * @returns {string[]} Effective permissions (deduplicated, sorted)
+   * @private
+   */
+  _getEffectivePermissions(securityChecker, roles) {
+    if (!securityChecker || !roles || roles.length === 0) {
+      return []
+    }
+
+    try {
+      // Use SecurityChecker.getUserPermissions with a mock user
+      if (securityChecker.getUserPermissions) {
+        const mockUser = { roles }
+        const perms = securityChecker.getUserPermissions(mockUser)
+        return [...new Set(perms)].sort()
+      }
+
+      // Fallback: direct access to roleGranter
+      const roleGranter = securityChecker.roleGranter
+      if (!roleGranter) return []
+
+      const permissions = new Set()
+      for (const role of roles) {
+        // Get reachable roles (includes inherited)
+        const reachable = securityChecker.roleHierarchy?.getReachableRoles?.(role) || [role]
+        for (const r of reachable) {
+          const rolePerms = roleGranter.getPermissions?.(r) || []
+          for (const perm of rolePerms) {
+            permissions.add(perm)
+          }
+        }
+      }
+
+      return [...permissions].sort()
+    } catch (e) {
+      console.warn('[AuthCollector] Error getting effective permissions:', e)
+      return []
+    }
+  }
+
+  /**
+   * Normalize roles to array with ROLE_ prefix
+   * Supports: 'admin' → ['ROLE_ADMIN'], ['user'] → ['ROLE_USER'], ['ROLE_ADMIN'] → ['ROLE_ADMIN']
+   *
+   * @param {string|string[]} roles - Role(s) to normalize
+   * @returns {string[]} Normalized roles array
+   * @private
+   */
+  _normalizeRoles(roles) {
+    if (!roles) return []
+
+    // Convert to array
+    const arr = Array.isArray(roles) ? roles : [roles]
+
+    // Add ROLE_ prefix if missing and uppercase
+    return arr.map(role => {
+      if (!role) return null
+      const upper = role.toUpperCase()
+      return upper.startsWith('ROLE_') ? upper : `ROLE_${upper}`
+    }).filter(Boolean)
+  }
+
   /**
    * Sanitize user object - remove sensitive fields
    * @param {object} user - User object

package/src/debug/Collector.js

@@ -55,6 +55,7 @@ export class Collector {
     this._ctx = null
     this._seenCount = 0  // Number of entries that have been "seen"
     this._bridge = null  // Set by DebugBridge when added
+    this._notifyCallbacks = []  // Direct notification subscribers
   }
 
   /**
@@ -120,8 +121,8 @@ export class Collector {
         this._seenCount--
       }
     }
-    // Notify bridge for reactive UI update
-    this._bridge?.notify()
+    // Notify bridge and direct subscribers
+    this.notifyChange()
   }
 
   /**
@@ -130,6 +131,27 @@ export class Collector {
    */
   notifyChange() {
     this._bridge?.notify()
+    // Call direct subscribers
+    for (const cb of this._notifyCallbacks) {
+      try {
+        cb()
+      } catch (e) {
+        console.warn('[Collector] Notify callback error:', e)
+      }
+    }
+  }
+
+  /**
+   * Subscribe to change notifications
+   * @param {Function} callback - Called when collector state changes
+   * @returns {Function} Unsubscribe function
+   */
+  onNotify(callback) {
+    this._notifyCallbacks.push(callback)
+    return () => {
+      const idx = this._notifyCallbacks.indexOf(callback)
+      if (idx >= 0) this._notifyCallbacks.splice(idx, 1)
+    }
   }
 
   /**

package/src/debug/EntitiesCollector.js

@@ -196,6 +196,13 @@ export class EntitiesCollector extends Collector {
       }
     }
 
+    // Sort: system entities first, then alphabetically
+    entries.sort((a, b) => {
+      if (a.system && !b.system) return -1
+      if (!a.system && b.system) return 1
+      return (a.name || '').localeCompare(b.name || '')
+    })
+
     return entries
   }
 
@@ -212,6 +219,7 @@ export class EntitiesCollector extends Collector {
 
     return {
       name,
+      system: manager.system ?? false,
       hasActivity: this._activeEntities.has(name),
       label: manager.label,
       labelPlural: manager.labelPlural,

package/src/debug/SignalCollector.js

@@ -28,6 +28,13 @@ export class SignalCollector extends Collector {
    */
   static name = 'signals'
 
+  /**
+   * Signals to skip recording (internal kernel signals with non-serializable data)
+   * @type {Set<string>}
+   * @private
+   */
+  static _skipSignals = new Set(['kernel:ready', 'kernel:shutdown'])
+
   /**
    * Internal install - subscribe to all signals
    *
@@ -45,14 +52,65 @@ export class SignalCollector extends Collector {
     // QuarKernel supports wildcards with the configured delimiter (:)
     // '**' matches all signals including multi-segment (entity:data-invalidate)
     this._unsubscribe = ctx.signals.on('**', (event) => {
+      // Skip internal signals with non-serializable data (kernel, orchestrator)
+      if (SignalCollector._skipSignals.has(event.name)) {
+        return
+      }
+
+      // Sanitize data to avoid cyclic references
+      const data = this._sanitizeData(event.data)
+
       this.record({
         name: event.name,
-        data: event.data,
-        source: event.data?.source ?? null
+        data,
+        source: data?.source ?? null
       })
     })
   }
 
+  /**
+   * Sanitize event data to remove non-serializable objects
+   *
+   * Handles cases where data contains references to Kernel, Orchestrator,
+   * or other complex objects that would cause cyclic reference errors.
+   *
+   * @param {*} data - Raw event data
+   * @returns {*} Sanitized data safe for recording
+   * @private
+   */
+  _sanitizeData(data) {
+    if (data === null || data === undefined) return data
+    if (typeof data !== 'object') return data
+
+    // Try to create a simple clone, fallback to description if cyclic
+    try {
+      // Quick check for obviously problematic properties
+      if (data.kernel || data.orchestrator || data._kernel) {
+        // Extract only safe properties
+        const safe = {}
+        for (const [key, value] of Object.entries(data)) {
+          if (key !== 'kernel' && key !== 'orchestrator' && key !== '_kernel') {
+            if (typeof value !== 'object' || value === null) {
+              safe[key] = value
+            } else if (Array.isArray(value)) {
+              safe[key] = `[Array(${value.length})]`
+            } else {
+              safe[key] = '[Object]'
+            }
+          }
+        }
+        return safe
+      }
+
+      // For other objects, try JSON roundtrip to detect cycles
+      JSON.stringify(data)
+      return data
+    } catch {
+      // If serialization fails, return a safe representation
+      return { _type: 'unserializable', keys: Object.keys(data) }
+    }
+  }
+
   /**
    * Internal uninstall - cleanup subscription
    * @protected