docs: regenerate reference docs from latest spec schemas

content/docs/references/api/auth-endpoints.mdx

@@ -0,0 +1,51 @@
+---
+title: Auth Endpoints
+description: Auth Endpoints protocol schemas
+---
+
+Authentication Endpoint Specification
+
+Defines the canonical HTTP endpoints for the authentication service.
+
+Based on better-auth v1.4.18 endpoint conventions.
+
+NOTE: ObjectStack's auth implementation uses better-auth library which has
+
+established endpoint conventions. This spec documents those conventions as
+
+the canonical API contract.
+
+<Callout type="info">
+**Source:** `packages/spec/src/api/auth-endpoints.zod.ts`
+</Callout>
+
+## TypeScript Usage
+
+```typescript
+import { AuthEndpoint } from '@objectstack/spec/api';
+import type { AuthEndpoint } from '@objectstack/spec/api';
+
+// Validate data
+const result = AuthEndpoint.parse(data);
+```
+
+---
+
+## AuthEndpoint
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **signInEmail** | `Object` | ✅ |  |
+| **signUpEmail** | `Object` | ✅ |  |
+| **signOut** | `Object` | ✅ |  |
+| **getSession** | `Object` | ✅ |  |
+| **forgetPassword** | `Object` | ✅ |  |
+| **resetPassword** | `Object` | ✅ |  |
+| **sendVerificationEmail** | `Object` | ✅ |  |
+| **verifyEmail** | `Object` | ✅ |  |
+
+
+---
+

content/docs/references/api/auth.mdx

@@ -1,136 +1,18 @@
 ---
 title: Auth
-description: Auth protocol schemas and endpoints
+description: Auth protocol schemas
 ---
 
 Authentication Service Protocol
 
 Defines the standard API contracts for Identity, Session Management,
+
 and Access Control.
 
 <Callout type="info">
-**Source:** `packages/spec/src/api/auth.zod.ts`, `packages/spec/src/api/auth-endpoints.zod.ts`
+**Source:** `packages/spec/src/api/auth.zod.ts`
 </Callout>
 
-## Endpoints
-
-The authentication service uses [better-auth](https://www.better-auth.com/) endpoints as the canonical API contract.
-All endpoints are relative to the auth base path (default: `/api/v1/auth`).
-
-### Email/Password Authentication
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Sign In** | `POST` | `/sign-in/email` | Sign in with email and password |
-| **Sign Up** | `POST` | `/sign-up/email` | Register new user with email and password |
-| **Sign Out** | `POST` | `/sign-out` | Sign out current user |
-
-### Session Management
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Get Session** | `GET` | `/get-session` | Get current user session |
-
-### Password Management
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Forget Password** | `POST` | `/forget-password` | Request password reset email |
-| **Reset Password** | `POST` | `/reset-password` | Reset password with token |
-
-### Email Verification
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Send Verification** | `POST` | `/send-verification-email` | Send email verification link |
-| **Verify Email** | `GET` | `/verify-email` | Verify email with token |
-
-### OAuth (when providers configured)
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Authorize** | `GET` | `/authorize/:provider` | Start OAuth flow |
-| **Callback** | `GET` | `/callback/:provider` | OAuth callback |
-
-### 2FA (when enabled)
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Enable 2FA** | `POST` | `/two-factor/enable` | Enable two-factor authentication |
-| **Verify 2FA** | `POST` | `/two-factor/verify` | Verify 2FA code |
-
-### Passkeys (when enabled)
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Register Passkey** | `POST` | `/passkey/register` | Register a passkey |
-| **Authenticate** | `POST` | `/passkey/authenticate` | Authenticate with passkey |
-
-### Magic Links (when enabled)
-
-| Endpoint | Method | Path | Description |
-| :--- | :--- | :--- | :--- |
-| **Send Magic Link** | `POST` | `/magic-link/send` | Send magic link email |
-| **Verify Magic Link** | `GET` | `/magic-link/verify` | Verify magic link |
-
-## Usage Examples
-
-### Using the ObjectStack Client
-
-```typescript
-import { ObjectStackClient } from '@objectstack/client';
-
-const client = new ObjectStackClient({
-  baseUrl: 'http://localhost:3000'
-});
-
-// Register
-await client.auth.register({
-  email: 'user@example.com',
-  password: 'SecurePassword123!',
-  name: 'John Doe'
-});
-
-// Login
-await client.auth.login({
-  type: 'email',
-  email: 'user@example.com',
-  password: 'SecurePassword123!'
-});
-
-// Get session
-const session = await client.auth.me();
-
-// Logout
-await client.auth.logout();
-```
-
-### Using Direct API Calls
-
-```bash
-# Register
-curl -X POST http://localhost:3000/api/v1/auth/sign-up/email \
-  -H "Content-Type: application/json" \
-  -d '{"email":"user@example.com","password":"SecurePassword123!","name":"John Doe"}'
-
-# Login
-curl -X POST http://localhost:3000/api/v1/auth/sign-in/email \
-  -H "Content-Type: application/json" \
-  -d '{"email":"user@example.com","password":"SecurePassword123!"}'
-
-# Get session
-curl http://localhost:3000/api/v1/auth/get-session \
-  -H "Authorization: Bearer YOUR_TOKEN"
-
-# Logout
-curl -X POST http://localhost:3000/api/v1/auth/sign-out \
-  -H "Authorization: Bearer YOUR_TOKEN"
-```
-
----
-
-## Request/Response Schemas
-
 ## TypeScript Usage
 
 ```typescript

content/docs/references/api/index.mdx

@@ -8,6 +8,7 @@ This section contains all protocol schemas for the api layer of ObjectStack.
 <Cards>
   <Card href="/docs/references/api/analytics" title="Analytics" description="Source: packages/spec/src/api/analytics.zod.ts" />
   <Card href="/docs/references/api/auth" title="Auth" description="Source: packages/spec/src/api/auth.zod.ts" />
+  <Card href="/docs/references/api/auth-endpoints" title="Auth Endpoints" description="Source: packages/spec/src/api/auth-endpoints.zod.ts" />
   <Card href="/docs/references/api/batch" title="Batch" description="Source: packages/spec/src/api/batch.zod.ts" />
   <Card href="/docs/references/api/contract" title="Contract" description="Source: packages/spec/src/api/contract.zod.ts" />
   <Card href="/docs/references/api/discovery" title="Discovery" description="Source: packages/spec/src/api/discovery.zod.ts" />

content/docs/references/api/meta.json

@@ -3,6 +3,7 @@
   "pages": [
     "analytics",
     "auth",
+    "auth-endpoints",
     "batch",
     "connector",
     "contract",

content/docs/references/api/protocol.mdx

@@ -428,6 +428,7 @@ const result = AiChatRequest.parse(data);
 | **apiName** | `string` | ✅ | API name |
 | **capabilities** | `Object` | optional | Supported features/capabilities |
 | **endpoints** | `Object` | optional | Available endpoint paths |
+| **services** | `Record<string, Object>` | optional | Per-service availability map |
 
 
 ---

content/docs/references/data/data-engine.mdx

@@ -22,13 +22,24 @@ The Data Engine acts as the "Driver" layer in the Hexagonal Architecture.
 ## TypeScript Usage
 
 ```typescript
-import { DataEngineAggregateOptions, DataEngineAggregateRequest, DataEngineBatchRequest, DataEngineCountOptions, DataEngineCountRequest, DataEngineDeleteOptions, DataEngineDeleteRequest, DataEngineExecuteRequest, DataEngineFilter, DataEngineFindOneRequest, DataEngineFindRequest, DataEngineInsertOptions, DataEngineInsertRequest, DataEngineQueryOptions, DataEngineRequest, DataEngineSort, DataEngineUpdateOptions, DataEngineUpdateRequest, DataEngineVectorFindRequest } from '@objectstack/spec/data';
-import type { DataEngineAggregateOptions, DataEngineAggregateRequest, DataEngineBatchRequest, DataEngineCountOptions, DataEngineCountRequest, DataEngineDeleteOptions, DataEngineDeleteRequest, DataEngineExecuteRequest, DataEngineFilter, DataEngineFindOneRequest, DataEngineFindRequest, DataEngineInsertOptions, DataEngineInsertRequest, DataEngineQueryOptions, DataEngineRequest, DataEngineSort, DataEngineUpdateOptions, DataEngineUpdateRequest, DataEngineVectorFindRequest } from '@objectstack/spec/data';
+import { BaseEngineOptions, DataEngineAggregateOptions, DataEngineAggregateRequest, DataEngineBatchRequest, DataEngineCountOptions, DataEngineCountRequest, DataEngineDeleteOptions, DataEngineDeleteRequest, DataEngineExecuteRequest, DataEngineFilter, DataEngineFindOneRequest, DataEngineFindRequest, DataEngineInsertOptions, DataEngineInsertRequest, DataEngineQueryOptions, DataEngineRequest, DataEngineSort, DataEngineUpdateOptions, DataEngineUpdateRequest, DataEngineVectorFindRequest } from '@objectstack/spec/data';
+import type { BaseEngineOptions, DataEngineAggregateOptions, DataEngineAggregateRequest, DataEngineBatchRequest, DataEngineCountOptions, DataEngineCountRequest, DataEngineDeleteOptions, DataEngineDeleteRequest, DataEngineExecuteRequest, DataEngineFilter, DataEngineFindOneRequest, DataEngineFindRequest, DataEngineInsertOptions, DataEngineInsertRequest, DataEngineQueryOptions, DataEngineRequest, DataEngineSort, DataEngineUpdateOptions, DataEngineUpdateRequest, DataEngineVectorFindRequest } from '@objectstack/spec/data';
 
 // Validate data
-const result = DataEngineAggregateOptions.parse(data);
+const result = BaseEngineOptions.parse(data);
 ```
 
+---
+
+## BaseEngineOptions
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
+
+
 ---
 
 ## DataEngineAggregateOptions
@@ -39,6 +50,7 @@ Options for DataEngine.aggregate operations
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
 | **filter** | `Record<string, any> \| [__schema0](./__schema0)` | optional | Data Engine query filter conditions |
 | **groupBy** | `string[]` | optional |  |
 | **aggregations** | `Object[]` | optional |  |
@@ -80,6 +92,7 @@ Options for DataEngine.count operations
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
 | **filter** | `Record<string, any> \| [__schema0](./__schema0)` | optional | Data Engine query filter conditions |
 
 
@@ -106,6 +119,7 @@ Options for DataEngine.delete operations
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
 | **filter** | `Record<string, any> \| [__schema0](./__schema0)` | optional | Data Engine query filter conditions |
 | **multi** | `boolean` | optional |  |
 
@@ -196,6 +210,7 @@ Options for DataEngine.insert operations
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
 | **returning** | `boolean` | optional |  |
 
 
@@ -223,6 +238,7 @@ Query options for IDataEngine.find() operations
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
 | **filter** | `Record<string, any> \| [__schema0](./__schema0)` | optional | Data Engine query filter conditions |
 | **select** | `string[]` | optional |  |
 | **sort** | `Record<string, Enum<'asc' \| 'desc'>> \| Record<string, number \| number> \| Object[]` | optional | Sort order definition |
@@ -410,6 +426,7 @@ Options for DataEngine.update operations
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
+| **context** | `Object` | optional |  |
 | **filter** | `Record<string, any> \| [__schema0](./__schema0)` | optional | Data Engine query filter conditions |
 | **upsert** | `boolean` | optional |  |
 | **multi** | `boolean` | optional |  |

content/docs/references/kernel/execution-context.mdx

@@ -0,0 +1,59 @@
+---
+title: Execution Context
+description: Execution Context protocol schemas
+---
+
+Execution Context Schema
+
+Defines the runtime context that flows from HTTP request → data operations.
+
+This is the "identity + environment" envelope that every data operation can carry.
+
+Design:
+
+- All fields are optional for backward compatibility
+
+- `isSystem` bypasses permission checks (for internal/migration operations)
+
+- `transaction` carries the database transaction handle for atomicity
+
+- `traceId` enables distributed tracing across microservices
+
+Usage:
+
+engine.find('account', { context: { userId: '...', tenantId: '...' } })
+
+<Callout type="info">
+**Source:** `packages/spec/src/kernel/execution-context.zod.ts`
+</Callout>
+
+## TypeScript Usage
+
+```typescript
+import { ExecutionContext } from '@objectstack/spec/kernel';
+import type { ExecutionContext } from '@objectstack/spec/kernel';
+
+// Validate data
+const result = ExecutionContext.parse(data);
+```
+
+---
+
+## ExecutionContext
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **userId** | `string` | optional |  |
+| **tenantId** | `string` | optional |  |
+| **roles** | `string[]` | ✅ |  |
+| **permissions** | `string[]` | ✅ |  |
+| **isSystem** | `boolean` | ✅ |  |
+| **accessToken** | `string` | optional |  |
+| **transaction** | `any` | optional |  |
+| **traceId** | `string` | optional |  |
+
+
+---
+

content/docs/references/kernel/index.mdx

@@ -8,6 +8,7 @@ This section contains all protocol schemas for the kernel layer of ObjectStack.
 <Cards>
   <Card href="/docs/references/kernel/context" title="Context" description="Source: packages/spec/src/kernel/context.zod.ts" />
   <Card href="/docs/references/kernel/events" title="Events" description="Source: packages/spec/src/kernel/events.zod.ts" />
+  <Card href="/docs/references/kernel/execution-context" title="Execution Context" description="Source: packages/spec/src/kernel/execution-context.zod.ts" />
   <Card href="/docs/references/kernel/feature" title="Feature" description="Source: packages/spec/src/kernel/feature.zod.ts" />
   <Card href="/docs/references/kernel/manifest" title="Manifest" description="Source: packages/spec/src/kernel/manifest.zod.ts" />
   <Card href="/docs/references/kernel/metadata-loader" title="Metadata Loader" description="Source: packages/spec/src/kernel/metadata-loader.zod.ts" />

content/docs/references/kernel/meta.json

@@ -3,6 +3,7 @@
   "pages": [
     "context",
     "events",
+    "execution-context",
     "feature",
     "manifest",
     "metadata-persistence",