| title | ObjectOS - System Layer Architecture |
|---|---|
| description | Deep dive into the ObjectOS (Operating System) runtime architecture |
Deep dive into the ObjectOS (Operating System) runtime architecture
ObjectOS is the runtime kernel that orchestrates the entire ObjectStack ecosystem. It manages application lifecycle, plugins, identity, and system resources.
Application packaging and dependencies:
// objectstack.config.ts
export default {
name: 'sales_crm',
version: '1.0.0',
label: 'Sales CRM',
description: 'Customer relationship management system',
dependencies: {
'@objectstack/core': '^1.0.0',
'@objectstack/plugin-analytics': '^0.5.0',
},
objects: ['./src/objects/**/*.object.ts'],
flows: ['./src/flows/**/*.flow.ts'],
apps: ['./src/apps/**/*.app.ts'],
features: ['workflows', 'reports', 'ai_assistant'],
license: 'MIT',
};Extensibility through plugins:
interface Plugin {
name: string;
version: string;
// Lifecycle hooks
onLoad?(context: PluginContext): Promise<void>;
onUnload?(): Promise<void>;
onActivate?(): Promise<void>;
onDeactivate?(): Promise<void>;
// Extension points
registerRoutes?(router: Router): void;
registerDrivers?(): Driver[];
registerWidgets?(): FieldWidget[];
registerValidators?(): Validator[];
}
// Example plugin
export class AnalyticsPlugin implements Plugin {
name = 'analytics';
version = '1.0.0';
async onLoad(context: PluginContext) {
// Initialize analytics service
const analytics = new AnalyticsService(context.ql);
context.services.set('analytics', analytics);
}
registerRoutes(router: Router) {
router.get('/analytics/reports', this.listReports);
router.post('/analytics/query', this.executeQuery);
}
}User authentication and authorization:
const authConfig = {
providers: [
{
type: 'email_password',
enabled: true,
requireEmailVerification: true,
passwordPolicy: {
minLength: 12,
requireUppercase: true,
requireLowercase: true,
requireNumbers: true,
requireSpecialChars: true,
},
},
{
type: 'oauth',
provider: 'google',
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
},
{
type: 'saml',
entityId: 'https://myapp.com/saml',
ssoUrl: 'https://idp.example.com/sso',
certificate: process.env.SAML_CERT,
},
],
session: {
lifetime: 86400, // 24 hours
extendOnActivity: true,
singleSessionPerUser: false,
},
twoFactor: {
enabled: true,
methods: ['totp', 'sms'],
},
};const role = {
name: 'sales_manager',
label: 'Sales Manager',
permissionSets: ['sales_user', 'report_viewer'],
inheritsFrom: 'sales_user',
};Database abstraction layer:
interface DriverInterface {
name: string;
type: 'sql' | 'nosql' | 'rest' | 'graphql';
capabilities: {
transactions: boolean;
queryFilters: boolean;
queryAggregations: boolean;
querySorting: boolean;
queryPagination: boolean;
queryWindowFunctions: boolean;
querySubqueries: boolean;
};
// CRUD operations
create(params: CreateParams): Promise<Record>;
read(params: ReadParams): Promise<Record>;
update(params: UpdateParams): Promise<Record>;
delete(params: DeleteParams): Promise<void>;
// Query operations
query(params: QueryParams): Promise<QueryResult>;
// Schema operations
syncSchema(objects: Object[]): Promise<void>;
}
// Example: PostgreSQL driver
export class PostgreSQLDriver implements DriverInterface {
name = 'postgresql';
type = 'sql' as const;
capabilities = {
transactions: true,
queryFilters: true,
queryAggregations: true,
querySorting: true,
queryPagination: true,
queryWindowFunctions: true,
querySubqueries: true,
};
async query(params: QueryParams): Promise<QueryResult> {
const sql = this.buildSQL(params.query);
return this.execute(sql);
}
}External integrations and webhooks:
const webhook = {
name: 'salesforce_sync',
url: 'https://api.salesforce.com/webhook',
events: ['record.created', 'record.updated'],
objects: ['customer_account', 'opportunity'],
headers: {
'Authorization': 'Bearer ${SALESFORCE_TOKEN}',
'Content-Type': 'application/json',
},
retryPolicy: {
maxRetries: 3,
backoffStrategy: 'exponential',
},
};Tenant isolation and management:
const organization = {
id: 'org_123',
name: 'Acme Corporation',
subdomain: 'acme',
limits: {
maxUsers: 100,
maxStorage: 10 * 1024 * 1024 * 1024, // 10 GB
maxAPICallsPerDay: 100000,
},
features: ['workflows', 'ai_assistant', 'advanced_analytics'],
datasources: [
{
name: 'primary',
driver: 'postgresql',
connectionString: process.env.DATABASE_URL,
}
],
};┌─────────────────────────────────────────────────────────┐
│ API Gateway │
│ REST, GraphQL, WebSocket endpoints │
└─────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────┐
│ ObjectOS Kernel │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Plugin Manager │ │
│ │ - Plugin discovery and loading │ │
│ │ - Dependency resolution │ │
│ │ - Lifecycle management │ │
│ └───────────────────────────────────────────────────┘ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Identity Service │ │
│ │ - Authentication │ │
│ │ - Authorization │ │
│ │ - Session management │ │
│ └───────────────────────────────────────────────────┘ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Data Access Layer (ObjectQL) │ │
│ │ - Query building │ │
│ │ - Permission checking │ │
│ │ - Validation │ │
│ └───────────────────────────────────────────────────┘ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Driver Manager │ │
│ │ - Driver registration │ │
│ │ - Connection pooling │ │
│ │ - Query translation │ │
│ └───────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────┐
│ Storage Layer (Drivers) │
│ PostgreSQL | MongoDB | MySQL | Redis | etc. │
└─────────────────────────────────────────────────────────┘
- Static Registration: Import and register plugins explicitly
- Auto-Discovery: Scan
node_modules/@objectstack/plugin-* - Remote Registry: Fetch plugins from marketplace
┌────────────┐
│ Installed │ ──register──> ┌──────────┐
└────────────┘ │ Loaded │
└──────────┘
│
activate │
↓
┌──────────┐
│ Active │
└──────────┘
│
deactivate │
↓
┌──────────┐
│ Inactive │
└──────────┘
│
unload │
↓
┌──────────┐
│ Unloaded │
└──────────┘
Plugins can extend:
- Routes: Add custom API endpoints
- Drivers: Add database/API connectors
- Widgets: Add custom field widgets
- Validators: Add validation logic
- Workflows: Add workflow actions
- Reports: Add chart types
- Themes: Add UI themes
- Email/Password
- OAuth 2.0 (Google, GitHub, etc.)
- SAML 2.0
- LDAP/Active Directory
- Magic Links
- Passkeys (WebAuthn)
- Role-Based Access Control (RBAC)
- Permission Sets
- Organization-Wide Defaults (OWD)
- Sharing Rules
- Field-Level Security
const auditPolicy = {
enabled: true,
retention: 90, // days
events: [
'user.login',
'user.logout',
'record.created',
'record.updated',
'record.deleted',
'permission.changed',
],
storage: {
driver: 'postgresql',
table: 'audit_logs',
},
};const rateLimit = {
enabled: true,
limits: {
api: {
window: 60, // seconds
max: 100, // requests
},
login: {
window: 300, // 5 minutes
max: 5, // attempts
},
},
};- Metadata Cache: Object/field definitions
- Permission Cache: User permissions
- Query Cache: Frequently accessed data
- Session Cache: User sessions
const datasource = {
driver: 'postgresql',
pool: {
min: 2,
max: 10,
idleTimeoutMillis: 30000,
connectionTimeoutMillis: 2000,
},
};- Load plugins on-demand
- Defer non-critical initialization
- Stream large datasets
-
Plugin Development
- Keep plugins focused and modular
- Declare all dependencies
- Handle errors gracefully
- Provide clear documentation
-
Security
- Use environment variables for secrets
- Implement rate limiting
- Enable audit logging
- Regular security updates
-
Performance
- Use connection pooling
- Implement caching strategies
- Monitor resource usage
- Optimize database queries
-
Multi-Tenancy
- Isolate tenant data
- Enforce quota limits
- Monitor per-tenant metrics
- Scale horizontally
For complete API reference, see System Protocol References.