From c9f0e66aea761c1d75e3f9f2ea61e4ecdb007aea Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 20 Mar 2026 05:11:10 +0000 Subject: [PATCH 1/2] Initial plan From 40df7501faa63bba571133bfa7fa658b99e3ae0a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 20 Mar 2026 05:16:05 +0000 Subject: [PATCH 2/2] fix: register ObjectQLSecurityPlugin as 'security' service instead of 'auth' to avoid conflict with @objectstack/plugin-auth Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com> --- ROADMAP.md | 2 +- .../plugin-security/__tests__/plugin.test.ts | 4 ++-- packages/foundation/plugin-security/src/plugin.ts | 10 ++++++---- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index eb8eb4b8..bd2fee0a 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -968,7 +968,7 @@ Standardize third-party plugin distribution. | `packages/foundation/plugin-query` | `@objectql/plugin-query` | Universal | QueryService, QueryBuilder, QueryAnalyzer, FilterTranslator. | | `packages/foundation/plugin-optimizations` | `@objectql/plugin-optimizations` | Universal | Connection pooling, query compilation, compiled hooks, lazy metadata. | | `packages/foundation/platform-node` | `@objectql/platform-node` | Node.js | File system integration, YAML loading, glob-based plugin discovery. | -| `packages/foundation/plugin-security` | `@objectql/plugin-security` | Universal | RBAC, FLS, RLS with AST-level enforcement. | +| `packages/foundation/plugin-security` | `@objectql/plugin-security` | Universal | RBAC, FLS, RLS with AST-level enforcement. Registers as `'security'` service (not `'auth'`; `'auth'` is reserved for `@objectstack/plugin-auth`). | | `packages/foundation/plugin-validator` | `@objectql/plugin-validator` | Universal | 5-type validation engine. | | `packages/foundation/plugin-formula` | `@objectql/plugin-formula` | Universal | Computed fields with sandboxed JS expressions. | | `packages/foundation/plugin-workflow` | `@objectql/plugin-workflow` | Universal | State machine executor with guards, actions, compound states. | diff --git a/packages/foundation/plugin-security/__tests__/plugin.test.ts b/packages/foundation/plugin-security/__tests__/plugin.test.ts index cd53507a..fc76ecee 100644 --- a/packages/foundation/plugin-security/__tests__/plugin.test.ts +++ b/packages/foundation/plugin-security/__tests__/plugin.test.ts @@ -113,7 +113,7 @@ describe('ObjectQLSecurityPlugin', () => { expect(kernel.use).not.toHaveBeenCalled(); }); - it('should register auth service when registerService is available', async () => { + it('should register security service when registerService is available', async () => { const plugin = new ObjectQLSecurityPlugin({ permissions: [ACCOUNTS_PERM], }); @@ -122,7 +122,7 @@ describe('ObjectQLSecurityPlugin', () => { await plugin.install({ engine: kernel, registerService }); - expect(registerService).toHaveBeenCalledWith('auth', expect.anything()); + expect(registerService).toHaveBeenCalledWith('security', expect.anything()); }); it('should not register hooks when RLS/FLS are disabled', async () => { diff --git a/packages/foundation/plugin-security/src/plugin.ts b/packages/foundation/plugin-security/src/plugin.ts index 57353c0c..310cceed 100644 --- a/packages/foundation/plugin-security/src/plugin.ts +++ b/packages/foundation/plugin-security/src/plugin.ts @@ -147,11 +147,13 @@ export class ObjectQLSecurityPlugin implements RuntimePlugin { // Register security hooks this.registerSecurityHooks(kernel, ctx); - // Register 'auth' service alias if available in context - // This allows ApiRegistry and other components to find the security service + // Register 'security' service alias if available in context + // This allows ApiRegistry and other components to find the security service. + // NOTE: We register as 'security' (authorization/RBAC), NOT 'auth'. + // The 'auth' service is reserved for @objectstack/plugin-auth (authentication). if (typeof (ctx as any).registerService === 'function') { - (ctx as any).registerService('auth', kernel.security); - this.logger.info("Registered 'auth' service alias"); + (ctx as any).registerService('security', kernel.security); + this.logger.info("Registered 'security' service alias"); } this.logger.info('Security plugin installed successfully');