Enforce RBAC end-to-end: REST→ObjectQL context propagation

Author: hotlong

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- **Phase-1 RBAC end-to-end enforcement (multi-tenant isolation)** — Every authenticated REST request now arrives at the SecurityPlugin middleware with a populated `ExecutionContext`, so RLS/FLS/CRUD checks actually fire. Three previously-silent context-drop sites were closed: (1) `@objectstack/objectql` `protocol.{find,get,create,update,delete}Data` now forward `request.context` into the engine call options; (2) `@objectstack/rest` `RestServer` gained `resolveExecCtx()` plus an `authServiceProvider` constructor hook (wired in `RestApiPlugin` from `ctx.getService('auth')`) that resolves the better-auth session for both single-kernel and multi-kernel deployments and threads `context` into all five CRUD handlers; (3) `@objectstack/plugin-hono-server` raw `/data/:object` fallback handlers now resolve the same context inline and map `PermissionDeniedError` → HTTP 403. `@objectstack/runtime` `resolveExecutionContext()` wraps plain header objects as Web `Headers` so better-auth's cookie lookup works. New seed link tables `sys_user_permission_set` / `sys_role_permission_set` (in `@objectstack/platform-objects`) plus default permission sets `admin_full_access` / `member_default` / `viewer_readonly`; `member_default` carries a wildcard `object: '*'` RLS policy (`tenant_id = current_user.tenant_id`) that SecurityPlugin rewrites onto the configured `tenantField` (default `organization_id`) and skips for tables that lack the field. Verified end-to-end on `pnpm dev:crm`: two users in different organizations each create records and only see their own org's rows on subsequent LISTs across multiple object types. **Known follow-up:** anonymous REST traffic still bypasses enforcement (SecurityPlugin short-circuits when `userId` is absent) — default-deny tightening, Sharing Rule evaluator, Studio RLS visual editor, per-user×org permission cache, and audit UI / denied-access logging remain queued.
 - **Hooks auto-register from `defineStack({ hooks })` (`@objectstack/objectql` + `@objectstack/runtime`)** — Hooks are metadata, and the runtime now treats them as such: `AppPlugin.start()`, `MultiProjectPlugin` seeders, and `ObjectQLPlugin.loadMetadataFromService` all funnel `Hook[]` through a single canonical entry point (`bindHooksToEngine` / `engine.bindHooks`), eliminating the previous boilerplate `engine.registerHook(...)` calls in user code. The binder honours every declarative field on `Hook` — `condition` (compiled as a formula), `async` (fire-and-forget on `after*` events), `retryPolicy` (max retries × linear backoff), `timeout` (Promise.race), `onError` (`'abort'` rethrows, `'log'` swallows), and `priority` — through a new `wrapDeclarativeHook` higher-order function so the engine's `triggerHooks` stays minimal. Adds `engine.registerFunction` / `resolveFunction` / `unregisterFunctionsByPackage` plus `engine.unregisterHooksByPackage(packageId)` for clean hot-reload, and a new `functions` field on `defineStack` so string-named handlers can be resolved by the binder. The built-in audit hooks in `ObjectQLPlugin.registerAuditHooks` were migrated to the same declarative form (dogfood). Example cleanup: `examples/app-crm/src/hooks/register-hooks.ts` deleted; the CRM example now just exports `allHooks` and lists them under `defineStack({ hooks })`.
 - **Formula expression evaluator (`@objectstack/objectql`)** — `packages/objectql/src/formula.ts` ships a hand-written tokenizer + recursive-descent parser + tree-walking evaluator for the formula function library documented in `packages/spec/docs/formula-functions.md`. Supports text (`CONCAT`/`CONCATENATE`/`UPPER`/`LOWER`/`TEXT`/`LEN`), math (`SUM`/`AVERAGE`/`ROUND`/`CEILING`/`FLOOR`), date (`TODAY`/`NOW`/`YEAR`/`MONTH`/`DAY`/`ADDDAYS`), and logical (`IF`/`AND`/`OR`/`NOT`/`ISBLANK`) functions, plus comparison (`= == != <> < > <= >=`) and arithmetic operators with standard precedence. Public API: `compileFormula(expr)` (cached AST + dependency list) and `evaluateFormula(expr, record)`. Implementation is `eval`-free — untrusted formula strings are safe to evaluate. Used by `formula`-typed fields and decision-node conditions in flows.
 - **Studio Flow Viewer + Flow Test Runner** — `apps/studio/src/components/FlowViewer.tsx` renders a flow's metadata (variables, nodes, edges, error handling) as inspector cards; `FlowTestRunner.tsx` provides an interactive form for the flow's `isInput` variables, executes the flow against the per-project kernel, and surfaces the result + run record. Wired into the Studio metadata browser via `flow-viewer-plugin.tsx` (registered in `apps/studio/src/plugins/built-in/index.ts`), so any `flow` metadata page exposes a "Run" tab. New `FlowRunsPanel.tsx` lists historical executions for the selected flow.

content/docs/concepts/implementation-status.mdx

@@ -263,16 +263,17 @@ The `auth` service in `CoreServiceName` covers both **authentication** (identity
 | **Organization** | Authentication | ✅ | ❌ | ✅ | 📋 Plugin |
 | **Policy** | Authentication | ✅ | ❌ | ✅ | 📋 Plugin |
 | **SCIM** | Authentication | ✅ | ❌ | ✅ | 📋 Plugin |
-| **Permission** | Authorization | ✅ | ❌ | ✅ | 📋 Plugin |
+| **Permission** | Authorization | ✅ | ✅ Phase-1 | ✅ | ✅ `plugin-security` |
 | **Sharing** | Authorization | ✅ | ❌ | ✅ | 📋 Plugin |
-| **RLS** | Authorization | ✅ | ❌ | ✅ | 📋 Plugin |
+| **RLS** | Authorization | ✅ | ✅ Phase-1 (tenant + owner) | ✅ | ✅ `plugin-security` |
 | **Territory** | Authorization | ✅ | ❌ | ✅ | 📋 Plugin |
 
 **Notes:**
 - All security protocols (identity + permission) are delivered by a single `auth` plugin — matching `CoreServiceName`
 - Client SDK supports bearer token header — but token validation requires the auth plugin
 - Auth route (`/auth/*`) only appears in Discovery when the auth plugin is registered
 - Fine-grained authorization (RLS, sharing, territory) is internal to the auth plugin
+- **Phase-1 RBAC enforcement is live end-to-end**: REST → ObjectQL → SecurityPlugin middleware now receives a populated `ExecutionContext` (userId, tenantId, roles, permissions). Default `member_default` permission set ships a wildcard RLS rule `tenant_id = current_user.tenant_id` (rewritten to `organization_id`), which guarantees cross-organization isolation for authenticated users. **Anonymous traffic still bypasses enforcement** until a default-deny pass lands.
 
 ---
 
@@ -386,11 +387,16 @@ The `auth` service in `CoreServiceName` covers both **authentication** (identity
 - [ ] ETL Pipeline Plugin
 - [ ] Trigger Registry Plugin
 
-### Phase 9: Security (Plugin) 📋 **PLANNED**
-- [ ] Authentication Plugin
-- [ ] Authorization Plugin
-- [ ] Row-Level Security Plugin
-- [ ] Multi-tenancy Plugin
+### Phase 9: Security (Plugin) 🟡 **PHASE-1 LANDED**
+- [x] Authentication Plugin (`@objectstack/plugin-auth`, better-auth)
+- [x] Authorization Plugin — `@objectstack/plugin-security` enforces CRUD/FLS/RLS in the ObjectQL middleware chain; REST → ObjectQL now propagates `ExecutionContext` end-to-end (Phase-1)
+- [x] Row-Level Security — default `member_default` permission set applies a wildcard `tenant_id = current_user.tenant_id` rule, rewritten to `organization_id`
+- [x] Multi-tenancy — verified cross-organization isolation on `pnpm dev:crm` (Alice@OrgAlpha vs. Bob@OrgBeta only see their own records)
+- [ ] Default-deny for anonymous traffic
+- [ ] Sharing Rule evaluator
+- [ ] Studio RLS visual editor
+- [ ] Per-user×org permission cache
+- [ ] Audit UI / denied-access logging
 
 ### Phase 10: AI Integration 📋 **PLANNED**
 - [ ] Agent Framework

content/docs/guides/security.mdx

@@ -7,6 +7,8 @@ description: "Complete guide to implementing enterprise-grade security in Object
 
 Complete guide to implementing enterprise-grade security in ObjectStack with fine-grained permissions and data access controls.
 
+> **Implementation status — Phase-1 RBAC is live.** REST → ObjectQL now propagates a populated `ExecutionContext` (userId, tenantId, roles, permissions) into the SecurityPlugin middleware, so CRUD / FLS / RLS checks actually fire on every authenticated request. The default `member_default` permission set ships a wildcard RLS rule `tenant_id = current_user.tenant_id` (rewritten onto the configured `tenantField`, default `organization_id`), giving multi-tenant isolation out of the box. **Anonymous traffic still bypasses enforcement** until a default-deny pass lands; Sharing Rules, Studio RLS visual editor, per-user×org permission cache, and audit UI for denied access are queued. See `CHANGELOG.md` and `concepts/implementation-status.mdx` for the latest matrix.
+
 ## Table of Contents
 
 1. [Security Architecture](#security-architecture)

content/docs/references/system/translation.mdx

@@ -109,6 +109,8 @@ Translation data for a single object
 | **pluralLabel** | `string` | optional | Translated plural label |
 | **description** | `string` | optional | Translated object description |
 | **fields** | `Record<string, Object>` | optional | Field-level translations |
+| **_views** | `Record<string, Object>` | optional | View translations keyed by view name |
+| **_actions** | `Record<string, Object>` | optional | Action translations keyed by action name |
 
 
 ---
@@ -192,6 +194,7 @@ Translation data for objects, apps, and UI messages
 | **apps** | `Record<string, Object>` | optional | App translations keyed by app name |
 | **messages** | `Record<string, string>` | optional | UI message translations keyed by message ID |
 | **validationMessages** | `Record<string, string>` | optional | Translatable validation error messages keyed by rule name (e.g., `{"discount_limit": "折扣不能超过40%"}`) |
+| **globalActions** | `Record<string, Object>` | optional | Global action translations keyed by action name |
 | **dashboards** | `Record<string, Object>` | optional | Dashboard translations keyed by dashboard name |
 
 

packages/objectql/src/protocol.ts

@@ -505,8 +505,14 @@ export class ObjectStackProtocolImplementation implements ObjectStackProtocol {
         }
     }
 
-    async findData(request: { object: string, query?: any }) {
+    async findData(request: { object: string, query?: any, context?: any }) {
         const options: any = { ...request.query };
+        // Forward the dispatcher's ExecutionContext so RBAC/RLS middleware
+        // can apply per-request enforcement. The protocol layer is purely
+        // a normalizer — it must never strip security context.
+        if (request.context !== undefined) {
+            options.context = request.context;
+        }
 
         // ====================================================================
         // Normalize legacy params → QueryAST standard (where/fields/orderBy/offset/expand)
@@ -643,10 +649,13 @@ export class ObjectStackProtocolImplementation implements ObjectStackProtocol {
         };
     }
 
-    async getData(request: { object: string, id: string, expand?: string | string[], select?: string | string[] }) {
+    async getData(request: { object: string, id: string, expand?: string | string[], select?: string | string[], context?: any }) {
         const queryOptions: any = {
             where: { id: request.id }
         };
+        if (request.context !== undefined) {
+            queryOptions.context = request.context;
+        }
 
         // Support fields for single-record retrieval
         if (request.select) {
@@ -677,28 +686,34 @@ export class ObjectStackProtocolImplementation implements ObjectStackProtocol {
         throw new Error(`Record ${request.id} not found in ${request.object}`);
     }
 
-    async createData(request: { object: string, data: any }) {
-        const result = await this.engine.insert(request.object, request.data);
+    async createData(request: { object: string, data: any, context?: any }) {
+        const result = await this.engine.insert(
+            request.object,
+            request.data,
+            request.context !== undefined ? { context: request.context } as any : undefined,
+        );
         return {
             object: request.object,
             id: result.id,
             record: result
         };
     }
 
-    async updateData(request: { object: string, id: string, data: any }) {
-        // Adapt: update(obj, id, data) -> update(obj, data, options)
-        const result = await this.engine.update(request.object, request.data, { where: { id: request.id } });
+    async updateData(request: { object: string, id: string, data: any, context?: any }) {
+        const opts: any = { where: { id: request.id } };
+        if (request.context !== undefined) opts.context = request.context;
+        const result = await this.engine.update(request.object, request.data, opts);
         return {
             object: request.object,
             id: request.id,
             record: result
         };
     }
 
-    async deleteData(request: { object: string, id: string }) {
-        // Adapt: delete(obj, id) -> delete(obj, options)
-        await this.engine.delete(request.object, { where: { id: request.id } });
+    async deleteData(request: { object: string, id: string, context?: any }) {
+        const opts: any = { where: { id: request.id } };
+        if (request.context !== undefined) opts.context = request.context;
+        await this.engine.delete(request.object, opts);
         return {
             object: request.object,
             id: request.id,

packages/platform-objects/src/apps/setup.app.ts

@@ -59,6 +59,8 @@ export const SETUP_APP: App = {
         { id: 'nav_api_keys', type: 'object', label: 'API Keys', objectName: 'sys_api_key', icon: 'key' },
         { id: 'nav_roles', type: 'object', label: 'Roles', objectName: 'sys_role', icon: 'shield-check' },
         { id: 'nav_permission_sets', type: 'object', label: 'Permission Sets', objectName: 'sys_permission_set', icon: 'lock' },
+        { id: 'nav_user_permission_sets', type: 'object', label: 'User Permission Sets', objectName: 'sys_user_permission_set', icon: 'user-check' },
+        { id: 'nav_role_permission_sets', type: 'object', label: 'Role Permission Sets', objectName: 'sys_role_permission_set', icon: 'shield-plus' },
         { id: 'nav_oauth_apps', type: 'object', label: 'OAuth Apps', objectName: 'sys_oauth_application', icon: 'app-window' },
         { id: 'nav_jwks', type: 'object', label: 'Signing Keys', objectName: 'sys_jwks', icon: 'key-round' },
       ],

packages/platform-objects/src/platform-objects.test.ts

@@ -15,7 +15,13 @@ import {
   SysUserPreference,
   SysVerification,
 } from './identity/index.js';
-import { SysPermissionSet, SysRole } from './security/index.js';
+import {
+  SysPermissionSet,
+  SysRole,
+  SysUserPermissionSet,
+  SysRolePermissionSet,
+  defaultPermissionSets,
+} from './security/index.js';
 import { SysAuditLog, SysPresence } from './audit/index.js';
 import {
   SysApp,
@@ -51,6 +57,8 @@ const systemObjects = [
   ['SysUserPreference', SysUserPreference, 'sys_user_preference'],
   ['SysRole', SysRole, 'sys_role'],
   ['SysPermissionSet', SysPermissionSet, 'sys_permission_set'],
+  ['SysUserPermissionSet', SysUserPermissionSet, 'sys_user_permission_set'],
+  ['SysRolePermissionSet', SysRolePermissionSet, 'sys_role_permission_set'],
   ['SysAuditLog', SysAuditLog, 'sys_audit_log'],
   ['SysPresence', SysPresence, 'sys_presence'],
   ['SysProject', SysProject, 'sys_project'],
@@ -82,4 +90,44 @@ describe('@objectstack/platform-objects', () => {
     expect((object as any).namespace).toBeUndefined();
     expect((object as any).tableName).toBeUndefined();
   });
+
+  describe('default permission sets', () => {
+    it('exposes the three canonical platform permission sets', () => {
+      const names = defaultPermissionSets.map((p) => p.name).sort();
+      expect(names).toEqual(['admin_full_access', 'member_default', 'viewer_readonly']);
+    });
+
+    it('admin_full_access grants wildcard CRUD with viewAll/modifyAll', () => {
+      const admin = defaultPermissionSets.find((p) => p.name === 'admin_full_access')!;
+      const wildcard = admin.objects['*'];
+      expect(wildcard).toBeDefined();
+      expect(wildcard.allowRead).toBe(true);
+      expect(wildcard.allowCreate).toBe(true);
+      expect(wildcard.allowEdit).toBe(true);
+      expect(wildcard.allowDelete).toBe(true);
+      expect(wildcard.viewAllRecords).toBe(true);
+      expect(wildcard.modifyAllRecords).toBe(true);
+    });
+
+    it('member_default ships tenant + owner RLS policies', () => {
+      const member = defaultPermissionSets.find((p) => p.name === 'member_default')!;
+      const policyNames = (member.rowLevelSecurity ?? []).map((p) => p.name).sort();
+      expect(policyNames).toEqual([
+        'owner_only_deletes',
+        'owner_only_writes',
+        'tenant_isolation',
+      ]);
+      const tenantPolicy = (member.rowLevelSecurity ?? []).find((p) => p.name === 'tenant_isolation')!;
+      expect(tenantPolicy.using).toBe('tenant_id = current_user.tenant_id');
+    });
+
+    it('viewer_readonly denies writes', () => {
+      const viewer = defaultPermissionSets.find((p) => p.name === 'viewer_readonly')!;
+      const wildcard = viewer.objects['*'];
+      expect(wildcard.allowRead).toBe(true);
+      expect(wildcard.allowCreate).toBe(false);
+      expect(wildcard.allowEdit).toBe(false);
+      expect(wildcard.allowDelete).toBe(false);
+    });
+  });
 });

packages/platform-objects/src/security/default-permission-sets.ts

@@ -0,0 +1,98 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { PermissionSetSchema, type PermissionSet } from '@objectstack/spec/security';
+
+/**
+ * Default permission sets seeded by the platform.
+ *
+ * These are referenced by name (`admin_full_access`, `member_default`,
+ * `viewer_readonly`) from `sys_role_permission_set` rows or assigned
+ * directly to users via `sys_user_permission_set`.
+ *
+ * The runtime SecurityPlugin reads these via the metadata service when a
+ * permission set name appears in the request `ExecutionContext.permissions[]`.
+ *
+ * Each entry is run through `PermissionSetSchema.parse(...)` so Zod fills
+ * in the boolean/`priority`/`enabled` defaults — keeping the literal
+ * source readable while still satisfying the strict output type.
+ *
+ * `objects: { '*': … }` uses the wildcard sentinel honoured by
+ * `PermissionEvaluator` — admins do not need an explicit row per object.
+ *
+ * RLS policies use the canonical `current_user.*` placeholders compiled
+ * by `RLSCompiler`. The default tenant column is `organization_id` so the
+ * SecurityPlugin's `tenantField` config (defaults to `organization_id`)
+ * rewrites `tenant_id = current_user.tenant_id` accordingly at runtime.
+ */
+export const defaultPermissionSets: PermissionSet[] = [
+  PermissionSetSchema.parse({
+    name: 'admin_full_access',
+    label: 'Administrator — Full Access',
+    isProfile: true,
+    objects: {
+      '*': {
+        allowRead: true,
+        allowCreate: true,
+        allowEdit: true,
+        allowDelete: true,
+        viewAllRecords: true,
+        modifyAllRecords: true,
+      },
+    },
+    systemPermissions: ['manage_users', 'manage_metadata', 'setup.access'],
+  }),
+  PermissionSetSchema.parse({
+    name: 'member_default',
+    label: 'Member — Standard Access',
+    isProfile: true,
+    objects: {
+      '*': {
+        allowRead: true,
+        allowCreate: true,
+        allowEdit: true,
+        allowDelete: true,
+      },
+    },
+    rowLevelSecurity: [
+      {
+        name: 'tenant_isolation',
+        object: '*',
+        operation: 'all',
+        using: 'tenant_id = current_user.tenant_id',
+      },
+      {
+        name: 'owner_only_writes',
+        object: '*',
+        operation: 'update',
+        using: 'owner_id = current_user.id',
+      },
+      {
+        name: 'owner_only_deletes',
+        object: '*',
+        operation: 'delete',
+        using: 'owner_id = current_user.id',
+      },
+    ],
+  }),
+  PermissionSetSchema.parse({
+    name: 'viewer_readonly',
+    label: 'Viewer — Read-Only',
+    isProfile: true,
+    objects: {
+      '*': {
+        allowRead: true,
+        allowCreate: false,
+        allowEdit: false,
+        allowDelete: false,
+      },
+    },
+    rowLevelSecurity: [
+      {
+        name: 'tenant_isolation',
+        object: '*',
+        operation: 'select',
+        using: 'tenant_id = current_user.tenant_id',
+      },
+    ],
+  }),
+];