Releases: objectstack-ai/framework
Release list
objectstack-vscode@13.0.0
objectstack-vscode@13.0.0
create-objectstack@13.0.0
create-objectstack@13.0.0
@objectstack/verify@13.0.0
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [799b285]
- Updated dependencies [b1081b8]
- Updated dependencies [57b89b4]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [a1766fe]
- Updated dependencies [2bee609]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
- @objectstack/core@13.0.0
- @objectstack/runtime@13.0.0
- @objectstack/objectql@13.0.0
- @objectstack/rest@13.0.0
- @objectstack/plugin-security@13.0.0
- @objectstack/plugin-sharing@13.0.0
- @objectstack/plugin-auth@13.0.0
- @objectstack/service-automation@13.0.0
- @objectstack/plugin-hono-server@13.0.0
- @objectstack/driver-sqlite-wasm@13.0.0
- @objectstack/service-analytics@13.0.0
- @objectstack/service-datasource@13.0.0
- @objectstack/service-settings@13.0.0
@objectstack/types@13.0.0
Minor Changes
-
57b89b4: feat(mcp): the MCP surface is now default-on — a core platform capability (#2698)
/api/v1/mcpis served (and advertised in/discovery) out of the box; the
OAuth 2.1 authorization track and Dynamic Client Registration follow it, so a
fresh deployment is connectable by any MCP client with zero configuration.
Operators opt OUT withOS_MCP_SERVER_ENABLED=false.- New single decision point
isMcpServerEnabled()in@objectstack/types
(default on; explicitfalse/0/off/nodisables). The runtime
dispatcher's/mcproute gate, the CLI's MCP plugin auto-load, the REST
/discoveryadvertisement, and the auth service's OAuth/DCR follow-defaults
all delegate to it — the served route, the advertised route, and the
authorization track can never disagree. - The env var is now effectively tri-state: unset → HTTP surface on;
explicittrue→ additionally auto-start the long-lived stdio transport
at boot (unchanged, still opt-in — a default must not claim the process's
stdin/stdout); explicitfalse→ everything off, fail-closed (404, no
metadata, no DCR). - The OAuth 2.1 TLS rule is unaffected: on a plain-HTTP non-loopback origin
the OAuth track stays dark and the default-on surface remains API-key-only.
- New single decision point
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [2bee609]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
@objectstack/trigger-schedule@13.0.0
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [2bee609]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
- @objectstack/core@13.0.0
@objectstack/trigger-record-change@13.0.0
Major Changes
-
6d83431: ADR-0090 P1 breaking wave — permission model v2 concept convergence.
Pre-launch one-step renames and secure defaults (no compatibility aliases, per
ADR-0090 D3/D4 superseding ADR-0057 D5/D7's alias discipline):sys_role→sys_position,sys_user_role→sys_user_position(field
role→position),sys_role_permission_set→sys_position_permission_set
(fieldrole_id→position_id);RoleSchema/defineRole→
PositionSchema/definePositionwith noparent(positions are flat;
hierarchy lives on the business-unit tree).ExecutionContext.roles[]→positions[]; the EvalUser/CEL contract
current_user.roles→current_user.positions(formula validators updated);
stack propertyroles:→positions:; metadata kindsrole/profile→
position(profile kind removed).isProfileremoved fromPermissionSetSchema(ADR-0090 D2);isDefault
narrows to an install-time suggestion;appDefaultProfileName→
appDefaultPermissionSetName(isDefault-only).- OWD enum drops legacy aliases
read/read_write/full; new optional
externalSharingModel(external dial,privatedefault) lands as P1 spec
shape (ADR-0090 D11). - Secure default (D1): a custom object with an owner field and NO
sharingModelnow resolvesprivate(was: fully public). System objects
keep their explicit posture. Unrecognised stored values fail closed. - ExecutionContext gains the P1 principal-taxonomy shape (D10):
principalKind/audience/onBehalfOf(optional, semantics phase in
later). - Sharing recipients:
role→position(expanded viasys_user_position
∪ the better-auth membership transition source);role_and_subordinates
removed —unit_and_subordinatesnow expands the business-unit subtree
(finishes ADR-0057 D5's re-homing).
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [2bee609]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
- @objectstack/core@13.0.0
@objectstack/trigger-api@13.0.0
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [2bee609]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
- @objectstack/core@13.0.0
@objectstack/studio@13.0.0
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [2bee609]
- Updated dependencies [9fa84f9]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
- @objectstack/platform-objects@13.0.0
@objectstack/spec@13.0.0
Major Changes
-
6d83431: ADR-0090 P1 breaking wave — permission model v2 concept convergence.
Pre-launch one-step renames and secure defaults (no compatibility aliases, per
ADR-0090 D3/D4 superseding ADR-0057 D5/D7's alias discipline):sys_role→sys_position,sys_user_role→sys_user_position(field
role→position),sys_role_permission_set→sys_position_permission_set
(fieldrole_id→position_id);RoleSchema/defineRole→
PositionSchema/definePositionwith noparent(positions are flat;
hierarchy lives on the business-unit tree).ExecutionContext.roles[]→positions[]; the EvalUser/CEL contract
current_user.roles→current_user.positions(formula validators updated);
stack propertyroles:→positions:; metadata kindsrole/profile→
position(profile kind removed).isProfileremoved fromPermissionSetSchema(ADR-0090 D2);isDefault
narrows to an install-time suggestion;appDefaultProfileName→
appDefaultPermissionSetName(isDefault-only).- OWD enum drops legacy aliases
read/read_write/full; new optional
externalSharingModel(external dial,privatedefault) lands as P1 spec
shape (ADR-0090 D11). - Secure default (D1): a custom object with an owner field and NO
sharingModelnow resolvesprivate(was: fully public). System objects
keep their explicit posture. Unrecognised stored values fail closed. - ExecutionContext gains the P1 principal-taxonomy shape (D10):
principalKind/audience/onBehalfOf(optional, semantics phase in
later). - Sharing recipients:
role→position(expanded viasys_user_position
∪ the better-auth membership transition source);role_and_subordinates
removed —unit_and_subordinatesnow expands the business-unit subtree
(finishes ADR-0057 D5's re-homing).
Minor Changes
-
01917c2: ADR-0090 P2 — audience anchors:
everyone/guestbuiltin positions.EVERYONE_POSITION/GUEST_POSITIONconstants in@objectstack/spec;
both anchors seeded (system-managed) alongside the builtin identity names.- Every authenticated principal implicitly holds
everyonein
ctx.positions, so sets bound to it resolve as ordinary position-bound
grants — ADDITIVE. The fallback CLIFF is abolished: the configured
baseline (fallbackPermissionSet, defaultmember_default) now applies
in addition to explicit grants instead of only when the user had none,
and is also seeded as aneveryonebinding (same table/audit/explain
path as admin-authored defaults). - Sessionless HTTP principals resolve as
principalKind: 'guest'holding
exactly['guest']; internal bare contexts are untouched. - Audience-anchor binding gate:
sys_position_permission_setwrites that
would bind a high-privilege set (VAMA, delete/purge/transfer, system
permissions,'*'wildcard) toeveryone/guestare rejected at the
data layer, unconditionally (describeHighPrivilegeBitspredicate is
exported and shared with the seed-time validation).
-
b271691: ADR-0090 P3 — security-domain publish linter (D7) and delegated administration (D12).
D7 —
validateSecurityPosture(@objectstack/lint), wired intoos compile(errors gate the build) andos lint. Rules, each with a failing fixture:security-owd-unset(custom object with nosharingModel— the objectui#2348 leave_request shape),security-owd-alias(retired D4 alias values, with fix-it),security-external-wider-than-internal(D11external ≤ internal),security-wildcard-vama('*'+ View/Modify All outside the platform admin set, ADR-0066),security-anchor-high-privilege(anisDefault/everyone-suggested set carrying anchor-forbidden bits),security-role-word(D3 vocabulary freeze in security identifiers/labels; ARIA/page roles exempt), and advisorysecurity-private-no-readscope.D12 — delegated administration (@objectstack/plugin-security
DelegatedAdminGate).PermissionSetSchema.adminScope(new in spec, persisted assys_permission_set.admin_scope) declares WHERE (asys_business_unitsubtree), WHAT (manageAssignments/manageBindings/authorEnvironmentSets), and WHICH sets a delegate may hand out (assignablePermissionSetsallowlist). Writes tosys_user_position,sys_position_permission_set,sys_user_permission_set, andsys_permission_setare now governed: tenant-level admins (ADR-0066 superuser wildcard) pass through; delegates need a covering scope — inside their subtree, allowlisted sets only (to others AND themselves), single-row writes,granted_byaudit-stamped; everyone else (including holders of plain CRUD on RBAC tables) is denied. Granting or authoring a set that itself carries anadminScoperequires a held scope that STRICTLY contains it. Theeveryone/guestanchors stay tenant-level only, and direct position assignments to an anchor are rejected for every caller.ADR-0090 Addendum — assignment-level BU anchor.
sys_user_position.business_unit_idlands with its three consumers scoped: D12 delegation boundary (enforced here), audit fact, and the depth-anchor contract for enterprisehierarchy-scope-resolverimplementations (documented onIHierarchyScopeResolver).D9 tier tightening.
describeHighPrivilegeBitsmoved to@objectstack/spec/security(re-exported from plugin-security) alongside newdescribeAnchorForbiddenBits:guestbindings now additionally reject edit bits (read-only by default; create stays the case-by-case exception).BREAKING (@objectstack/plugin-security): exports renamed to the ADR-0090 D3 vocabulary —
SysRole→SysPosition,SysUserRole→SysUserPosition,SysRolePermissionSet→SysPositionPermissionSet(no aliases, pre-launch one-step rename).sys_positionrow actions/list views renamed (activate_position, …), labels relabeled Role→Position. Non-tenant-admin writes to the RBAC link tables without anadminScopeare now denied (previously any CRUD grant on those tables sufficed).BREAKING (@objectstack/platform-objects):
sys_business_unit_member.role_in_business_unit→function_in_business_unit(D3 reserved-word sweep; values member/lead/deputy unchanged). -
a5a1e41: ADR-0090 P4 — explain engine (D6), access-matrix snapshot gate, recalibrated benchmark.
Explain contract (@objectstack/spec).
ExplainRequestSchema/ExplainDecisionSchema/ExplainLayerSchema:explain(principal, object, operation)reports the verdict of every evaluation-pipeline layer in order (principal → required_permissions → object_crud → fls → owd_baseline → depth → sharing → vama_bypass → rls), with per-layer contributor attribution (which permission set, reached via which position/baseline) and — for reads — the composed row filter as the machine artifact. Carries the D10 dual attribution (principalKind,onBehalfOf).Explain engine (@objectstack/plugin-security).
explainAccessis "explained by construction": it calls the SAME permission-set resolution, evaluator, FLS mask, and RLS composition the enforcement middleware calls (injected fromSecurityPlugin), so the report cannot drift from enforcement. Exposed on thesecuritykernel service asexplain(request, callerContext); explaining another user requiresmanage_users(the target's context is reconstructed fromsys_user_position/sys_user_permission_setwith everyone-anchor semantics viabuildContextForUser).Access-matrix snapshot gate (@objectstack/lint + os compile).
buildAccessMatrix(stack)derives the (permission set × object) capability matrix purely from metadata;diffAccessMatrixrenders semantic review lines ("'crm_admin' gains delete on 'crm_lead'", depth changes, OWD swings, entry add/remove).os compilegains an opt-in gate: withaccess-matrix.jsoncommitted next to the config, any drift fails the build with those lines until re-snapshotted via--update-access-matrix— every capability change becomes a reviewable diff. Seeded forexamples/app-crm.Benchmark (ADR-0090 Addendum).
scripts/bench/permission-bench.mts— single-org 10k users × 1M rows per the recalibrated topology; asserts the O()-shape property (per-request cost independent of user population; unit-depth IN-set cost tracks unit size). Passing at 0.1µs/eval and 59ms/1M-row IN-set scan. -
466adf6: Author-time capability-reference lint (ADR-0066 ⑨) —
os validate/os lint
now warn when arequiredPermissionsnames a capability that is registered
nowhere.requiredPermissions(on objects, fields, apps, actions) is a free string, so a
typo likemange_usersis schema-valid and fails closed at runtime (the caller
is denied) — safe, but silent. The newvalidateCapabilityReferencesrule
(@objectstack/lint) resolves every reference against the author-time known set
and warns on the unresolved ones:- built-in platform capabilities — now sourced from a single canonical list in
@objectstack/spec(security/capabilities.ts:PLATFORM_CAPABILITIES/
PLATFORM_CAPABILITY_NAMES), which@objectstack/plugin-security's
bootstrapSystemCapabilitiesalso seeds from (one source of truth, no drift), - any capability a permission set in the stack grants via
systemPermissions
(granting is what declares it — mirrors the runtime derived-defaults rule), and - any
sys_capabilityrow shipped as seed data.
It is a warning, not an error: a single package can't see capabilities
declared by other installed packages, and the reference fails closed anyway.
systemPermissionsitself is never flagged — it is the declaration side, and a
package legitimately introduces new capabilities there. The object case also
understands the per-operationrequiredPermissionsmap form (ADR-0066 ⑤) and
points a finding at the exact operation slice. - built-in platform capabilities — now sourced from a single canonical list in
-
5be00c3: feat(mcp): spec-compliant OA...
@objectstack/setup@13.0.0
Patch Changes
- Updated dependencies [6d83431]
- Updated dependencies [01917c2]
- Updated dependencies [b271691]
- Updated dependencies [a5a1e41]
- Updated dependencies [466adf6]
- Updated dependencies [5be00c3]
- Updated dependencies [466adf6]
- Updated dependencies [2bee609]
- Updated dependencies [9fa84f9]
- Updated dependencies [fc7e7f7]
- @objectstack/spec@13.0.0
- @objectstack/platform-objects@13.0.0