Skip to content

Releases: objectstack-ai/framework

objectstack-vscode@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:42
119719b
objectstack-vscode@13.0.0

create-objectstack@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:40
119719b
create-objectstack@13.0.0

@objectstack/verify@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:42
119719b

Patch Changes

  • Updated dependencies [6d83431]
  • Updated dependencies [01917c2]
  • Updated dependencies [b271691]
  • Updated dependencies [a5a1e41]
  • Updated dependencies [466adf6]
  • Updated dependencies [799b285]
  • Updated dependencies [b1081b8]
  • Updated dependencies [57b89b4]
  • Updated dependencies [5be00c3]
  • Updated dependencies [466adf6]
  • Updated dependencies [a1766fe]
  • Updated dependencies [2bee609]
  • Updated dependencies [fc7e7f7]
    • @objectstack/spec@13.0.0
    • @objectstack/core@13.0.0
    • @objectstack/runtime@13.0.0
    • @objectstack/objectql@13.0.0
    • @objectstack/rest@13.0.0
    • @objectstack/plugin-security@13.0.0
    • @objectstack/plugin-sharing@13.0.0
    • @objectstack/plugin-auth@13.0.0
    • @objectstack/service-automation@13.0.0
    • @objectstack/plugin-hono-server@13.0.0
    • @objectstack/driver-sqlite-wasm@13.0.0
    • @objectstack/service-analytics@13.0.0
    • @objectstack/service-datasource@13.0.0
    • @objectstack/service-settings@13.0.0

@objectstack/types@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:43
119719b

Minor Changes

  • 57b89b4: feat(mcp): the MCP surface is now default-on — a core platform capability (#2698)

    /api/v1/mcp is served (and advertised in /discovery) out of the box; the
    OAuth 2.1 authorization track and Dynamic Client Registration follow it, so a
    fresh deployment is connectable by any MCP client with zero configuration.
    Operators opt OUT with OS_MCP_SERVER_ENABLED=false.

    • New single decision point isMcpServerEnabled() in @objectstack/types
      (default on; explicit false/0/off/no disables). The runtime
      dispatcher's /mcp route gate, the CLI's MCP plugin auto-load, the REST
      /discovery advertisement, and the auth service's OAuth/DCR follow-defaults
      all delegate to it — the served route, the advertised route, and the
      authorization track can never disagree.
    • The env var is now effectively tri-state: unset → HTTP surface on;
      explicit true → additionally auto-start the long-lived stdio transport
      at boot (unchanged, still opt-in — a default must not claim the process's
      stdin/stdout); explicit false → everything off, fail-closed (404, no
      metadata, no DCR).
    • The OAuth 2.1 TLS rule is unaffected: on a plain-HTTP non-loopback origin
      the OAuth track stays dark and the default-on surface remains API-key-only.

Patch Changes

@objectstack/trigger-schedule@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:42
119719b

Patch Changes

  • Updated dependencies [6d83431]
  • Updated dependencies [01917c2]
  • Updated dependencies [b271691]
  • Updated dependencies [a5a1e41]
  • Updated dependencies [466adf6]
  • Updated dependencies [5be00c3]
  • Updated dependencies [466adf6]
  • Updated dependencies [2bee609]
  • Updated dependencies [fc7e7f7]
    • @objectstack/spec@13.0.0
    • @objectstack/core@13.0.0

@objectstack/trigger-record-change@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:42
119719b

Major Changes

  • 6d83431: ADR-0090 P1 breaking wave — permission model v2 concept convergence.

    Pre-launch one-step renames and secure defaults (no compatibility aliases, per
    ADR-0090 D3/D4 superseding ADR-0057 D5/D7's alias discipline):

    • sys_rolesys_position, sys_user_rolesys_user_position (field
      roleposition), sys_role_permission_setsys_position_permission_set
      (field role_idposition_id); RoleSchema/defineRole
      PositionSchema/definePosition with no parent (positions are flat;
      hierarchy lives on the business-unit tree).
    • ExecutionContext.roles[]positions[]; the EvalUser/CEL contract
      current_user.rolescurrent_user.positions (formula validators updated);
      stack property roles:positions:; metadata kinds role/profile
      position (profile kind removed).
    • isProfile removed from PermissionSetSchema (ADR-0090 D2); isDefault
      narrows to an install-time suggestion; appDefaultProfileName
      appDefaultPermissionSetName (isDefault-only).
    • OWD enum drops legacy aliases read/read_write/full; new optional
      externalSharingModel (external dial, private default) lands as P1 spec
      shape (ADR-0090 D11).
    • Secure default (D1): a custom object with an owner field and NO
      sharingModel now resolves private (was: fully public). System objects
      keep their explicit posture. Unrecognised stored values fail closed.
    • ExecutionContext gains the P1 principal-taxonomy shape (D10):
      principalKind / audience / onBehalfOf (optional, semantics phase in
      later).
    • Sharing recipients: roleposition (expanded via sys_user_position
      ∪ the better-auth membership transition source); role_and_subordinates
      removed — unit_and_subordinates now expands the business-unit subtree
      (finishes ADR-0057 D5's re-homing).

Patch Changes

  • Updated dependencies [6d83431]
  • Updated dependencies [01917c2]
  • Updated dependencies [b271691]
  • Updated dependencies [a5a1e41]
  • Updated dependencies [466adf6]
  • Updated dependencies [5be00c3]
  • Updated dependencies [466adf6]
  • Updated dependencies [2bee609]
  • Updated dependencies [fc7e7f7]
    • @objectstack/spec@13.0.0
    • @objectstack/core@13.0.0

@objectstack/trigger-api@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:42
119719b

Patch Changes

  • Updated dependencies [6d83431]
  • Updated dependencies [01917c2]
  • Updated dependencies [b271691]
  • Updated dependencies [a5a1e41]
  • Updated dependencies [466adf6]
  • Updated dependencies [5be00c3]
  • Updated dependencies [466adf6]
  • Updated dependencies [2bee609]
  • Updated dependencies [fc7e7f7]
    • @objectstack/spec@13.0.0
    • @objectstack/core@13.0.0

@objectstack/studio@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:40
119719b

Patch Changes

  • Updated dependencies [6d83431]
  • Updated dependencies [01917c2]
  • Updated dependencies [b271691]
  • Updated dependencies [a5a1e41]
  • Updated dependencies [466adf6]
  • Updated dependencies [5be00c3]
  • Updated dependencies [466adf6]
  • Updated dependencies [2bee609]
  • Updated dependencies [9fa84f9]
  • Updated dependencies [fc7e7f7]
    • @objectstack/spec@13.0.0
    • @objectstack/platform-objects@13.0.0

@objectstack/spec@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:42
119719b

Major Changes

  • 6d83431: ADR-0090 P1 breaking wave — permission model v2 concept convergence.

    Pre-launch one-step renames and secure defaults (no compatibility aliases, per
    ADR-0090 D3/D4 superseding ADR-0057 D5/D7's alias discipline):

    • sys_rolesys_position, sys_user_rolesys_user_position (field
      roleposition), sys_role_permission_setsys_position_permission_set
      (field role_idposition_id); RoleSchema/defineRole
      PositionSchema/definePosition with no parent (positions are flat;
      hierarchy lives on the business-unit tree).
    • ExecutionContext.roles[]positions[]; the EvalUser/CEL contract
      current_user.rolescurrent_user.positions (formula validators updated);
      stack property roles:positions:; metadata kinds role/profile
      position (profile kind removed).
    • isProfile removed from PermissionSetSchema (ADR-0090 D2); isDefault
      narrows to an install-time suggestion; appDefaultProfileName
      appDefaultPermissionSetName (isDefault-only).
    • OWD enum drops legacy aliases read/read_write/full; new optional
      externalSharingModel (external dial, private default) lands as P1 spec
      shape (ADR-0090 D11).
    • Secure default (D1): a custom object with an owner field and NO
      sharingModel now resolves private (was: fully public). System objects
      keep their explicit posture. Unrecognised stored values fail closed.
    • ExecutionContext gains the P1 principal-taxonomy shape (D10):
      principalKind / audience / onBehalfOf (optional, semantics phase in
      later).
    • Sharing recipients: roleposition (expanded via sys_user_position
      ∪ the better-auth membership transition source); role_and_subordinates
      removed — unit_and_subordinates now expands the business-unit subtree
      (finishes ADR-0057 D5's re-homing).

Minor Changes

  • 01917c2: ADR-0090 P2 — audience anchors: everyone/guest builtin positions.

    • EVERYONE_POSITION / GUEST_POSITION constants in @objectstack/spec;
      both anchors seeded (system-managed) alongside the builtin identity names.
    • Every authenticated principal implicitly holds everyone in
      ctx.positions, so sets bound to it resolve as ordinary position-bound
      grants — ADDITIVE. The fallback CLIFF is abolished: the configured
      baseline (fallbackPermissionSet, default member_default) now applies
      in addition to explicit grants instead of only when the user had none,
      and is also seeded as an everyone binding (same table/audit/explain
      path as admin-authored defaults).
    • Sessionless HTTP principals resolve as principalKind: 'guest' holding
      exactly ['guest']; internal bare contexts are untouched.
    • Audience-anchor binding gate: sys_position_permission_set writes that
      would bind a high-privilege set (VAMA, delete/purge/transfer, system
      permissions, '*' wildcard) to everyone/guest are rejected at the
      data layer, unconditionally (describeHighPrivilegeBits predicate is
      exported and shared with the seed-time validation).
  • b271691: ADR-0090 P3 — security-domain publish linter (D7) and delegated administration (D12).

    D7 — validateSecurityPosture (@objectstack/lint), wired into os compile (errors gate the build) and os lint. Rules, each with a failing fixture: security-owd-unset (custom object with no sharingModel — the objectui#2348 leave_request shape), security-owd-alias (retired D4 alias values, with fix-it), security-external-wider-than-internal (D11 external ≤ internal), security-wildcard-vama ('*' + View/Modify All outside the platform admin set, ADR-0066), security-anchor-high-privilege (an isDefault/everyone-suggested set carrying anchor-forbidden bits), security-role-word (D3 vocabulary freeze in security identifiers/labels; ARIA/page roles exempt), and advisory security-private-no-readscope.

    D12 — delegated administration (@objectstack/plugin-security DelegatedAdminGate). PermissionSetSchema.adminScope (new in spec, persisted as sys_permission_set.admin_scope) declares WHERE (a sys_business_unit subtree), WHAT (manageAssignments / manageBindings / authorEnvironmentSets), and WHICH sets a delegate may hand out (assignablePermissionSets allowlist). Writes to sys_user_position, sys_position_permission_set, sys_user_permission_set, and sys_permission_set are now governed: tenant-level admins (ADR-0066 superuser wildcard) pass through; delegates need a covering scope — inside their subtree, allowlisted sets only (to others AND themselves), single-row writes, granted_by audit-stamped; everyone else (including holders of plain CRUD on RBAC tables) is denied. Granting or authoring a set that itself carries an adminScope requires a held scope that STRICTLY contains it. The everyone/guest anchors stay tenant-level only, and direct position assignments to an anchor are rejected for every caller.

    ADR-0090 Addendum — assignment-level BU anchor. sys_user_position.business_unit_id lands with its three consumers scoped: D12 delegation boundary (enforced here), audit fact, and the depth-anchor contract for enterprise hierarchy-scope-resolver implementations (documented on IHierarchyScopeResolver).

    D9 tier tightening. describeHighPrivilegeBits moved to @objectstack/spec/security (re-exported from plugin-security) alongside new describeAnchorForbiddenBits: guest bindings now additionally reject edit bits (read-only by default; create stays the case-by-case exception).

    BREAKING (@objectstack/plugin-security): exports renamed to the ADR-0090 D3 vocabulary — SysRoleSysPosition, SysUserRoleSysUserPosition, SysRolePermissionSetSysPositionPermissionSet (no aliases, pre-launch one-step rename). sys_position row actions/list views renamed (activate_position, …), labels relabeled Role→Position. Non-tenant-admin writes to the RBAC link tables without an adminScope are now denied (previously any CRUD grant on those tables sufficed).

    BREAKING (@objectstack/platform-objects): sys_business_unit_member.role_in_business_unitfunction_in_business_unit (D3 reserved-word sweep; values member/lead/deputy unchanged).

  • a5a1e41: ADR-0090 P4 — explain engine (D6), access-matrix snapshot gate, recalibrated benchmark.

    Explain contract (@objectstack/spec). ExplainRequestSchema / ExplainDecisionSchema / ExplainLayerSchema: explain(principal, object, operation) reports the verdict of every evaluation-pipeline layer in order (principal → required_permissions → object_crud → fls → owd_baseline → depth → sharing → vama_bypass → rls), with per-layer contributor attribution (which permission set, reached via which position/baseline) and — for reads — the composed row filter as the machine artifact. Carries the D10 dual attribution (principalKind, onBehalfOf).

    Explain engine (@objectstack/plugin-security). explainAccess is "explained by construction": it calls the SAME permission-set resolution, evaluator, FLS mask, and RLS composition the enforcement middleware calls (injected from SecurityPlugin), so the report cannot drift from enforcement. Exposed on the security kernel service as explain(request, callerContext); explaining another user requires manage_users (the target's context is reconstructed from sys_user_position / sys_user_permission_set with everyone-anchor semantics via buildContextForUser).

    Access-matrix snapshot gate (@objectstack/lint + os compile). buildAccessMatrix(stack) derives the (permission set × object) capability matrix purely from metadata; diffAccessMatrix renders semantic review lines ("'crm_admin' gains delete on 'crm_lead'", depth changes, OWD swings, entry add/remove). os compile gains an opt-in gate: with access-matrix.json committed next to the config, any drift fails the build with those lines until re-snapshotted via --update-access-matrix — every capability change becomes a reviewable diff. Seeded for examples/app-crm.

    Benchmark (ADR-0090 Addendum). scripts/bench/permission-bench.mts — single-org 10k users × 1M rows per the recalibrated topology; asserts the O()-shape property (per-request cost independent of user population; unit-depth IN-set cost tracks unit size). Passing at 0.1µs/eval and 59ms/1M-row IN-set scan.

  • 466adf6: Author-time capability-reference lint (ADR-0066 ⑨) — os validate / os lint
    now warn when a requiredPermissions names a capability that is registered
    nowhere.

    requiredPermissions (on objects, fields, apps, actions) is a free string, so a
    typo like mange_users is schema-valid and fails closed at runtime (the caller
    is denied) — safe, but silent. The new validateCapabilityReferences rule
    (@objectstack/lint) resolves every reference against the author-time known set
    and warns on the unresolved ones:

    • built-in platform capabilities — now sourced from a single canonical list in
      @objectstack/spec (security/capabilities.ts: PLATFORM_CAPABILITIES /
      PLATFORM_CAPABILITY_NAMES), which @objectstack/plugin-security's
      bootstrapSystemCapabilities also seeds from (one source of truth, no drift),
    • any capability a permission set in the stack grants via systemPermissions
      (granting is what declares it — mirrors the runtime derived-defaults rule), and
    • any sys_capability row shipped as seed data.

    It is a warning, not an error: a single package can't see capabilities
    declared by other installed packages, and the reference fails closed anyway.
    systemPermissions itself is never flagged — it is the declaration side, and a
    package legitimately introduces new capabilities there. The object case also
    understands the per-operation requiredPermissions map form (ADR-0066 ⑤) and
    points a finding at the exact operation slice.

  • 5be00c3: feat(mcp): spec-compliant OA...

Read more

@objectstack/setup@13.0.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:40
119719b

Patch Changes

  • Updated dependencies [6d83431]
  • Updated dependencies [01917c2]
  • Updated dependencies [b271691]
  • Updated dependencies [a5a1e41]
  • Updated dependencies [466adf6]
  • Updated dependencies [5be00c3]
  • Updated dependencies [466adf6]
  • Updated dependencies [2bee609]
  • Updated dependencies [9fa84f9]
  • Updated dependencies [fc7e7f7]
    • @objectstack/spec@13.0.0
    • @objectstack/platform-objects@13.0.0