Date: 2026-02-12
Version: 3.0.0 → v4.0 Planning
Scope: Evaluate ALL metadata protocols and kernel design against top-tier enterprise management software
Benchmarks: Salesforce, ServiceNow, SAP S/4HANA, Microsoft Dynamics 365, Oracle Fusion, Workday
Based On: Full audit of 171 Zod schemas, 191 test files, 5,243 tests, 19 packages
ObjectStack v3.0 delivers a solid metadata-driven protocol with 171 schemas covering data, UI, automation, security, AI, integration, and kernel domains. The platform's Zod-first approach, XState-inspired state machines, and AI-native vector fields position it ahead of legacy enterprise platforms in key areas.
However, a thorough benchmark against the world's leading enterprise management software reveals 23 critical gaps and 31 enhancement opportunities across 6 protocol domains that must be addressed to meet Fortune 500 production requirements.
| Advantage | ObjectStack | Traditional Enterprise |
|---|---|---|
| State Machines | XState-inspired, parallel lifecycles, nested states | Basic picklist-driven status |
| AI-Native Fields | Vector embeddings, RAG pipelines, agent planning | Bolt-on AI services |
| Plugin Architecture | Sandboxed, lifecycle-managed, capability-declared | Monolithic extensions |
| Type Safety | Zod-first runtime + compile-time validation | Runtime XML/JSON validation only |
| Multi-Tenancy | 3-level isolation (row/schema/database) | Single-strategy |
| Hook System | Before/after with 14 event types, priority-based | Limited trigger points |
| Connector Resilience | Circuit breaker, health checks, error mapping | Basic retry |
| # | Gap | Severity | Domain | Benchmark |
|---|---|---|---|---|
| 1 | No Formula/Expression Language Spec | 🔴 Critical | Data | Salesforce Formula Fields |
| 2 | No Page Layout / Form Layout Engine | 🔴 Critical | UI | Salesforce Page Layouts |
| 3 | No Record Types (Business Process Variants) | 🔴 Critical | Data | Salesforce Record Types |
| 4 | No Deployment / Change Management Protocol | 🔴 Critical | System | Salesforce Change Sets, ServiceNow Update Sets |
| 5 | No Sandbox / Environment Management | 🔴 Critical | System | Salesforce Sandbox, SAP Transport System |
| 6 | No Custom Metadata Types | 🔴 Critical | Data | Salesforce Custom Metadata |
| 7 | No Scheduled Job Protocol (standalone) | 🔴 Critical | Automation | Salesforce Scheduled Apex |
| 8 | No SLA / Entitlement Engine | 🔴 Critical | Automation | ServiceNow SLA, Salesforce Entitlements |
| 9 | No Predictive Analytics / ML Models | 🟡 High | AI | Salesforce Einstein, ServiceNow Predictive Intelligence |
| 10 | No Process Mining / Optimization | 🟡 High | AI | SAP Signavio, ServiceNow Process Optimization |
| 11 | No Data Import / Export Wizard Protocol | 🟡 High | Data | Salesforce Data Loader |
| 12 | No Print / Document Generation Templates | 🟡 High | UI | Salesforce Quotes, ServiceNow PDF Generation |
| 13 | No Multi-Currency Management | 🟡 High | Data | Salesforce Multi-Currency, SAP Currency |
| 14 | No Fiscal Year / Calendar Protocol | 🟡 High | System | Salesforce Fiscal Year |
| 15 | No Knowledge Base / Article Management | 🟡 High | Data | Salesforce Knowledge, ServiceNow Knowledge |
| 16 | No Queue / Assignment Rules | 🟡 High | Automation | Salesforce Assignment Rules |
| 17 | No Duplicate Detection Rules | 🟡 High | Data | Salesforce Duplicate Management |
| 18 | No Email-to-Case / Web-to-Lead Capture | 🟡 High | Integration | Salesforce Web-to-Lead |
| 19 | No Portal / Community Protocol | 🟡 High | UI | Salesforce Experience Cloud |
| 20 | No Report Scheduling / Subscriptions | 🟡 High | UI | Salesforce Report Subscriptions |
| 21 | No Dashboard Drill-Down / Drill-Through | 🟡 High | UI | All enterprise platforms |
| 22 | No Audit Trail Query API Protocol | 🟡 High | Security | Salesforce Setup Audit Trail |
| 23 | No Delegated Administration Protocol | 🟡 High | Security | Salesforce Delegated Admin |
Current State: 47 field types, object schema with CDC/versioning/partitioning/state machines, hooks with 14 events, analytics cubes, datasets, external lookups.
Score: ⭐⭐⭐⭐ (4/5) — Strong foundation, missing business-critical features.
- Field Type Richness: 47 types including vector, signature, QR code — exceeds Salesforce (~50 standard types)
- State Machines: XState-inspired pattern superior to simple picklist-driven workflows
- CDC (Change Data Capture): Explicit streaming configuration per object
- Versioning: snapshot/delta/event-sourcing strategies
- Data Quality Rules: Uniqueness, completeness, accuracy validation per field
- Encryption & Masking: Field-level PII protection with audit trail
Gap 1: Formula/Expression Language Specification
ObjectStack references expression in field schemas and condition in workflows, but no formal expression language specification exists. Salesforce's formula language supports 400+ functions across math, text, date, logical, and advanced categories.
Current state: Fields have expression: z.string() — an opaque string with no grammar, no function catalog, no type checking.
Recommendation:
Create src/data/expression.zod.ts:
- ExpressionLanguageSpec: function catalog, return types, argument signatures
- ExpressionContext: available fields, current user, system variables
- ExpressionFunction categories: Math, Text, Date, Logical, Advanced
- ExpressionValidation: type checking rules, null handling
- Cross-field references: object.field notation
- System variables: $User, $Organization, $System, $Record, $Api
Benchmark:
| Platform | Functions | Type Checking | Cross-Object |
|---|---|---|---|
| Salesforce | 400+ | ✅ Compile-time | ✅ Via $ObjectType |
| ServiceNow | GlideScript (JS) | ❌ Runtime only | ✅ Via GlideRecord |
| ObjectStack (needed) | 100+ minimum | ✅ Zod-validated | ✅ Via dot notation |
Gap 2: Record Types (Business Process Variants)
Enterprise objects need multiple business processes on the same object. Example: "Case" object with record types "Support Case", "Billing Inquiry", "Feature Request" — each with different fields, picklist values, and page layouts.
Current state: Object schema has no recordTypes property. All records share the same field visibility and layout.
Recommendation:
Add to src/data/object.zod.ts → ObjectSchema:
recordTypes: z.record(z.string(), RecordTypeSchema).optional()
RecordTypeSchema:
name, label, description, active
availableFields: string[] // Which fields are visible
requiredFields: string[] // Which fields are required for this type
picklistValues: Record<fieldName, string[]> // Filtered picklist options
defaultValues: Record<fieldName, any>
pageLayout: string // Reference to a PageLayout
businessProcess: string // Reference to a sales/support process
Benchmark:
| Platform | Record Types | Picklist Filtering | Layout Mapping |
|---|---|---|---|
| Salesforce | ✅ Full | ✅ Per-type | ✅ Per-type |
| ServiceNow | ✅ Via Views | ✅ Via form views | |
| Dynamics 365 | ✅ Business Process Flows | ✅ Per-flow | ✅ Per-flow |
| ObjectStack (needed) | ✅ | ✅ | ✅ |
Gap 3: Custom Metadata Types
Enterprise applications need configurable metadata that travels with the package — not regular data records. Examples: tax rates, country codes, feature toggles, SLA definitions that are deployable, versionable, and testable.
Current state: No distinction between data records and metadata records.
Recommendation:
Create src/data/custom-metadata.zod.ts:
CustomMetadataType:
name, label, description
fields: Record<string, Field> // Same field model
deployable: true // Always deployable with package
visibility: 'public' | 'protected' | 'private'
records: Record<string, Record<string, any>> // Inline metadata values
Use cases:
- Tax rates by country/region
- Feature flags per tenant
- SLA definitions
- Integration endpoint mappings
- Validation rule templates
Gap 4: Duplicate Detection Rules
Enterprise data integrity requires automatic duplicate detection at record creation/update time.
Recommendation:
Add to src/data/object.zod.ts or create src/data/duplicate-rule.zod.ts:
DuplicateRule:
name, label, object, active
matchRules: MatchRule[]
field, matchType: 'exact' | 'fuzzy' | 'phonetic' | 'normalized'
threshold: number (0-100 for fuzzy)
action: 'block' | 'warn' | 'allow_with_flag'
alertEmail: string (notify on duplicate)
scope: 'all_records' | 'same_owner' | 'same_tenant'
Gap 5: Multi-Currency Management
The field schema supports currencyConfig with mode: 'dynamic' | 'fixed', but there's no organizational currency management protocol — exchange rates, corporate currency, dated conversion rates.
Recommendation:
Create src/data/currency.zod.ts:
CurrencyManagement:
corporateCurrency: string (ISO 4217)
activeCurrencies: CurrencyConfig[]
isoCode, label, symbol, decimalPlaces, conversionRate, active
datedConversionRates: boolean // Historical rates
advancedCurrencyManagement: boolean // Per-opportunity rates
rateSource: 'manual' | 'api' | 'ecb' | 'openexchangerates'
rateRefreshSchedule: CronExpression
Current State: 7 list view types (grid/kanban/gallery/calendar/timeline/gantt/map), apps with navigation, dashboards with grid layout, reports (tabular/summary/matrix/joined), actions, themes, components.
Score: ⭐⭐⭐½ (3.5/5) — Good view model, lacking page layout engine and document generation.
- View Diversity: 7 list types including timeline and gantt — matches or exceeds enterprise platforms
- Kanban: Full column mapping with drag-and-drop support
- Conditional Formatting: Rule-based cell styling
- Export Options: CSV, XLSX, PDF, JSON
- Responsive Design: Per-breakpoint layout overrides in dashboards
Gap 6: Page Layout / Form Layout Engine
Enterprise platforms have dedicated page layout engines that control field placement, section organization, and related list positioning on record detail pages. ObjectStack has no form layout schema.
Recommendation:
Create src/ui/page-layout.zod.ts:
PageLayout:
name, label, object, recordType (optional)
header: FieldReference[] // Highlights panel
sections: LayoutSection[]
label, columns: 1 | 2 | 3
fields: LayoutField[]
name, required, readonly, span: 1 | 2 | 3
relatedLists: RelatedListConfig[]
object, relationship, columns[], sortBy, filters, pageSize
actions: string[] // Available button actions
compactLayout: string[] // Mobile/summary view fields
miniLayout: string[] // Hover card fields
Benchmark:
| Platform | Layout Designer | Sections | Related Lists | Dynamic Layouts |
|---|---|---|---|---|
| Salesforce | ✅ Drag-and-drop | ✅ Multi-column | ✅ Configurable | ✅ Lightning Dynamic Forms |
| ServiceNow | ✅ Form Designer | ✅ | ✅ Related lists | ✅ UI Policies |
| Dynamics 365 | ✅ Form Editor | ✅ Tabs + sections | ✅ Sub-grids | ✅ Business rules |
| ObjectStack (needed) | ✅ | ✅ | ✅ | ✅ Via record types |
Gap 7: Print / Document Generation Templates
Enterprise software generates PDF quotes, invoices, contracts, certificates from record data. No document template protocol exists.
Recommendation:
Create src/ui/document-template.zod.ts:
DocumentTemplate:
name, label, object
type: 'pdf' | 'html' | 'docx' | 'xlsx'
orientation: 'portrait' | 'landscape'
pageSize: 'A4' | 'letter' | 'legal'
header: TemplateSection
body: TemplateSection
footer: TemplateSection
styles: CSS/styling rules
variables: FieldMapping[] // {{record.field}} bindings
relatedLists: RelatedListData[] // Line items in quotes/invoices
conditions: ConditionalSection[] // Show/hide based on field values
watermark: string (optional)
locale: string // Number/date formatting
Gap 8: Report Scheduling / Subscriptions
Enterprise platforms allow scheduled report delivery via email. ObjectStack reports have no scheduling or subscription protocol.
Recommendation:
Add to src/ui/report.zod.ts → ReportSchema:
schedule: ReportSchedule (optional)
frequency: 'daily' | 'weekly' | 'monthly' | 'quarterly'
dayOfWeek, dayOfMonth, time, timezone
recipients: string[] // User IDs or email addresses
format: 'pdf' | 'csv' | 'xlsx'
conditions: ReportCondition[] // Only send if data matches criteria
active: boolean
Gap 9: Dashboard Drill-Down
Enterprise dashboards allow clicking a chart segment to drill into the underlying records. ObjectStack dashboards are display-only.
Recommendation:
Add to src/ui/dashboard.zod.ts → DashboardWidgetSchema:
drillDown: DrillDownConfig (optional)
targetView: string // View to navigate to
filters: Record<string, string> // Dynamic filters from clicked segment
type: 'view' | 'report' | 'dashboard' | 'url'
openIn: 'same_page' | 'new_tab' | 'modal' | 'drawer'
Gap 10: Portal / Community / External User Protocol
Enterprise software serves external users (customers, partners, vendors) through portals with restricted access. No portal protocol exists.
Recommendation:
Create src/ui/portal.zod.ts:
Portal:
name, label, description
type: 'customer' | 'partner' | 'vendor' | 'employee_self_service'
domain: string // Custom domain
branding: PortalBranding (logo, colors, CSS)
authentication: 'sso' | 'social' | 'credentials' | 'magic_link'
navigation: PortalNavItem[]
objects: PortalObjectAccess[]
object, operations: ('read'|'create'|'edit')[]
fields: string[] // Visible fields only
filters: FilterExpression // Row-level scoping (e.g., own records only)
selfRegistration: boolean
guestAccess: boolean
Current State: Workflows (7 action types), Flows (14 node types), Approval Processes (multi-step with escalation), State Machines (XState-inspired), ETL Pipelines, Sync rules, Webhooks.
Score: ⭐⭐⭐⭐ (4/5) — Strong automation foundation, missing SLA engine and assignment rules.
- State Machines: Best-in-class design with nested/parallel states, guards, and meta
- Approval Processes: Multi-step with escalation, timeout, and 5 approver types
- Flow Nodes: 14 types including screen flows, connectors, and HTTP callouts
- ETL Pipelines: 10 transformation types with incremental/CDC sync modes
- Webhook System: Full outbound/inbound with signature verification
Gap 11: SLA / Entitlement Engine
ServiceNow and Salesforce have dedicated SLA engines that track response times, resolution times, and escalation based on service agreements. This is essential for customer support, ITSM, and field service management.
Recommendation:
Create src/automation/sla.zod.ts:
SLADefinition:
name, label, object, active
entitlementProcess: string // Which process to apply
milestones: Milestone[]
name, type: 'first_response' | 'resolution' | 'custom'
criteria: FilterExpression // When does this SLA apply
timeTarget: Duration // e.g., 4 hours, 1 business day
businessHours: string // Reference to business hours calendar
warningAction: Action[] // At 75% of target
violationAction: Action[] // At 100% of target
successAction: Action[] // When met
startCondition: FilterExpression
stopCondition: FilterExpression
pauseCondition: FilterExpression // e.g., waiting on customer
recurrence: 'once' | 'repeating'
BusinessHours:
name, timezone
schedule: WeeklySchedule // Mon-Sun with hours
holidays: Holiday[]
Gap 12: Queue / Assignment Rules
Enterprise platforms automatically route records to queues or users based on criteria (territory, skill, round-robin, load balancing).
Recommendation:
Create src/automation/assignment-rule.zod.ts:
AssignmentRule:
name, label, object, active
entries: AssignmentEntry[]
order: number
criteria: FilterExpression
assignTo: AssignmentTarget
type: 'user' | 'queue' | 'role' | 'territory' | 'round_robin' | 'least_loaded'
value: string
overwriteExisting: boolean
Queue:
name, label, objects: string[] // Which objects this queue supports
members: QueueMember[]
type: 'user' | 'role' | 'group'
id: string
notifyOnAssignment: boolean
defaultOwner: string // Fallback user
routingConfig: RoutingConfig
type: 'round_robin' | 'most_available' | 'skill_based' | 'priority_weighted'
weights: Record<userId, number> (optional)
Gap 13: Scheduled Job Protocol (standalone)
ETL pipelines have schedules, but there's no general-purpose scheduled job protocol for recurring tasks like data cleanup, report generation, integration sync, or cache invalidation.
Recommendation:
Create src/automation/scheduled-job.zod.ts:
ScheduledJob:
name, label, description
type: 'flow' | 'script' | 'etl' | 'report' | 'cleanup' | 'sync' | 'custom'
schedule: CronExpression | IntervalConfig
timezone: string
handler: string // Flow name, script path, or function reference
input: Record<string, any> // Parameters
retryPolicy: RetryConfig
timeout: Duration
concurrencyPolicy: 'allow' | 'forbid' | 'replace' // What if previous run still active
enabled: boolean
notifications: NotificationConfig
onSuccess, onFailure, onTimeout: Action[]
executionWindow: TimeWindow (optional) // Only run between X and Y
dependencies: string[] // Other jobs that must complete first
Current State: Permission Sets (object/field-level), Row-Level Security (PostgreSQL-inspired), Sharing Rules (Salesforce-pattern), Security Policies (password, network, session), Territory management.
Score: ⭐⭐⭐⭐ (4/5) — Excellent multi-layer security model, needs audit API and delegated admin.
- RLS: PostgreSQL-inspired with USING/CHECK clauses and parameterized SQL
- Sharing Model: Organization-Wide Defaults + criteria/owner-based sharing rules
- Permission Sets: Salesforce-compatible with object, field, system, and tab permissions
- Territory Management: For sales territory-based access control
- SCIM 2.0: Full RFC 7643/7644 implementation for user provisioning
Gap 14: Audit Trail Query API Protocol
Security teams need to query audit logs programmatically — who changed what, when, and from where. The current audit trail support is at the field level, but there's no audit query protocol.
Recommendation:
Create src/security/audit.zod.ts:
AuditTrailQuery:
object: string (optional)
recordId: string (optional)
userId: string (optional)
action: 'create' | 'update' | 'delete' | 'login' | 'logout' | 'export' | 'api_call'
dateRange: { start, end }
fields: string[] // Which fields to track
ipAddress: string (optional)
AuditTrailEntry:
id, timestamp, object, recordId
userId, userEmail, userName
action, field, oldValue, newValue
ipAddress, userAgent, sessionId
source: 'ui' | 'api' | 'automation' | 'import' | 'system'
delegateUser: string (optional) // If performed on behalf of another user
Gap 15: Delegated Administration Protocol
Large organizations need delegated admins who manage subsets of users/data without full system admin access.
Recommendation:
Create src/security/delegated-admin.zod.ts:
DelegatedAdminGroup:
name, label
administrators: string[] // User IDs
scope: DelegatedScope
roles: string[] // Can manage users in these roles
groups: string[] // Can manage these groups
objects: string[] // Can manage metadata for these objects
capabilities: DelegatedCapability[]
'manage_users' | 'reset_passwords' | 'assign_roles' | 'manage_permissions'
| 'view_audit_logs' | 'manage_custom_fields' | 'manage_views'
| 'manage_reports' | 'manage_dashboards' | 'manage_automation'
Current State: Auth config (OIDC/SAML), cache, compliance (GDPR/SOC2/HIPAA/PCI-DSS), encryption, HTTP server, jobs, licensing, masking, message queue, migration, notification, search, tenant, tracing, worker.
Score: ⭐⭐⭐⭐ (4/5) — Comprehensive system layer, missing deployment and environment management.
Gap 16: Deployment / Change Management Protocol
Enterprise software requires structured deployment of metadata changes across environments (Dev → Staging → Production). Salesforce has Change Sets, ServiceNow has Update Sets, SAP has Transport Requests.
Recommendation:
Create src/system/deployment.zod.ts:
DeploymentPackage:
name, version, description
source: Environment
target: Environment
components: DeploymentComponent[]
type: 'object' | 'field' | 'view' | 'workflow' | 'flow' | 'permission'
| 'report' | 'dashboard' | 'app' | 'connector' | 'agent'
name: string
action: 'create' | 'update' | 'delete' | 'no_change'
dependencies: string[]
validationResults: ValidationResult[]
rollbackStrategy: 'automatic' | 'manual' | 'snapshot'
approvalRequired: boolean
scheduledDeployment: DateTime (optional)
Environment:
name, label, type: 'development' | 'staging' | 'uat' | 'production' | 'sandbox'
url, datasource
seedData: boolean
refreshSchedule: CronExpression (optional)
DeploymentHistory:
id, package, deployedBy, deployedAt
status: 'pending' | 'validating' | 'deploying' | 'success' | 'failed' | 'rolled_back'
duration, componentResults[]
Gap 17: Sandbox / Environment Management
Enterprise development requires sandbox environments that clone production metadata and optionally data for testing.
Recommendation:
Create src/system/sandbox.zod.ts:
Sandbox:
name, label, description
type: 'developer' | 'developer_pro' | 'partial_copy' | 'full_copy'
source: string // Source environment name
cloneMetadata: boolean // Always true
cloneData: DataCloneConfig
objects: string[] // Which objects to copy
maxRecords: number // Per object
maskPII: boolean // Anonymize sensitive data
samplePercentage: number // Random sample
refreshSchedule: CronExpression (optional)
autoExpire: Duration (optional) // Auto-delete after N days
status: 'creating' | 'ready' | 'refreshing' | 'expired' | 'deleted'
Gap 18: Fiscal Year / Business Calendar Protocol
Enterprise financial reporting requires fiscal year definitions that may not align with calendar years. Also, business hours calendars for SLA calculations.
Recommendation:
Create src/system/fiscal-calendar.zod.ts:
FiscalYear:
startMonth: 1-12 // e.g., April for UK/Japan fiscal year
type: 'standard' | 'custom'
periods: FiscalPeriod[] (for custom)
name, startDate, endDate
namingConvention: 'year_start' | 'year_end' // FY2026 = starts or ends 2026
BusinessCalendar:
name, label, timezone
weeklySchedule: DaySchedule[] // Mon-Sun with open/close times
holidays: Holiday[]
name, date, recurring: boolean
type: 'full_day' | 'half_day'
timeZoneAware: boolean
Current State: Agents with 4 planning strategies (ReAct, Plan-and-Execute, Reflexion, Tree of Thought), RAG pipelines, model registry, orchestration, NLQ, predictive models, cost tracking, feedback loops, MCP.
Score: ⭐⭐⭐⭐ (4/5) — Advanced agent architecture, needs predictive analytics integration and model governance.
- Agent Planning: 4 strategies including Tree of Thought — ahead of Salesforce Einstein
- Memory Management: Short-term + long-term + reflection patterns
- Tool Integration: Agents can invoke flows, queries, and vector search
- Guardrails: Token budgets, time limits, blocked topics
- Multi-Provider: OpenAI, Anthropic, Azure, local models
Gap 19: Predictive Analytics / ML Model Protocol
Enterprise platforms offer built-in predictive models for lead scoring, churn prediction, opportunity forecasting, and anomaly detection. While ai/predictive.zod.ts exists, it needs integration with the data protocol.
Recommendation:
Enhance src/ai/predictive.zod.ts:
PredictionDefinition:
name, label, object
type: 'classification' | 'regression' | 'timeseries' | 'anomaly' | 'clustering'
outcomeField: string // Field to predict
trainingConfig:
features: string[] // Input fields
excludeFields: string[]
sampleSize: number
refreshSchedule: CronExpression
scoreField: string // Where to write prediction score
confidenceField: string // Where to write confidence
threshold: number // Minimum confidence to apply
actions: PredictionAction[] // Trigger automation based on prediction
monitoring:
driftDetection: boolean
performanceMetrics: ('accuracy'|'precision'|'recall'|'f1'|'rmse')[]
retrainThreshold: number // Auto-retrain when performance drops below
Add to ObjectSchema:
predictions: Record<string, PredictionDefinition>
Gap 20: AI Model Governance Protocol
Enterprise AI requires governance — bias detection, explainability, audit trail of model decisions.
Recommendation:
Create src/ai/governance.zod.ts:
AIGovernancePolicy:
name, label
scope: 'organization' | 'object' | 'agent'
requirements:
explainability: boolean // Must provide reasoning
biasAudit: boolean // Regular bias checks
humanInTheLoop: boolean // Require human approval for actions
dataRetention: Duration // How long to keep decision logs
consentRequired: boolean // User consent for AI processing
auditConfig:
logDecisions: boolean
logPrompts: boolean
logInputData: boolean
retentionDays: number
approvedModels: string[] // Whitelist of allowed models
blockedDataFields: string[] // Fields AI cannot access (PII)
reviewCadence: 'weekly' | 'monthly' | 'quarterly'
Current State: Plugin system with lifecycle events, sandboxing, capability declaration, service registry, feature flags, metadata plugins, startup orchestration, event bus, package registry.
Score: ⭐⭐⭐⭐½ (4.5/5) — Excellent extensibility platform, on par with Salesforce Managed Packages.
- Plugin Security: Sandboxed execution with capability declaration
- Lifecycle Events: Install, upgrade, uninstall hooks
- Service Registry: Plugin-provided services with dependency injection
- Feature Flags: Gradual rollout with targeting rules
- Event Bus: Pub/sub with dead letter queue and retry
Enhancement 1: Plugin Marketplace Protocol
The cloud/marketplace.zod.ts now includes ArtifactReferenceSchema and ArtifactDownloadResponseSchema for artifact storage and distribution. The kernel has been extended with:
package-artifact.zod.ts— Standard artifact format (.tgz) with checksums and digital signaturesdependency-resolution.zod.ts— Runtime dependency resolution with conflict detection and topological orderingManifestSchema.engine— Platform version compatibility requirementsUpgradeContextSchema— Version migration context for onUpgrade hooksNamespaceRegistryEntrySchema/NamespaceConflictErrorSchema— Namespace collision detectionInstalledPackageSchema.upgradeHistory— Version upgrade tracking
Further integration needed for auto-update orchestration and telemetry reporting.
Enhancement 2: Plugin Telemetry Protocol
Plugins should report usage metrics, error rates, and performance back to the kernel for health monitoring.
Current State: Connectors with OAuth2/SAML auth, bidirectional sync, webhook management, rate limiting, circuit breakers, health checks, error mapping.
Score: ⭐⭐⭐⭐ (4/5) — Robust connector pattern, needs inbound capture protocols.
Gap 21: Email-to-Case / Web-to-Lead Inbound Capture
Enterprise platforms capture inbound communications (emails, web forms, social media) and automatically create records. No inbound capture protocol exists.
Recommendation:
Create src/integration/inbound-capture.zod.ts:
InboundCapture:
name, label, type: 'email' | 'web_form' | 'social' | 'chat' | 'api'
targetObject: string // Which object to create
fieldMapping: FieldMapping[]
source: 'subject' | 'body' | 'from' | 'custom_field' | 'header'
target: string // Object field name
transform: 'none' | 'trim' | 'lowercase' | 'extract_email' | 'parse_date'
deduplication: DuplicateRule (optional)
autoResponse: EmailTemplate (optional)
assignmentRule: string // Reference to assignment rule
defaultValues: Record<string, any>
spamFiltering: boolean
active: boolean
Current State: 24 service contracts covering AI, analytics, auth, cache, data engine, jobs, notifications, queue, search, storage, GraphQL, realtime, workflow.
Score: ⭐⭐⭐⭐ (4/5) — Comprehensive service abstraction.
New contracts needed:
- IAuditService: Query and manage audit trails
- IDeploymentService: Package deployment and rollback
- ISLAService: SLA evaluation and escalation
- ISchedulerService: Scheduled job management
- IDocumentService: Document generation from templates
- IPortalService: External user portal management
Gap 22: Knowledge Base / Article Management
Enterprise platforms have dedicated knowledge management for internal documentation, customer self-service, and AI training data.
Recommendation:
This can be implemented as a standard ObjectStack package using existing primitives:
- Object: knowledge_article (title, body_html, category, status, version)
- State Machine: draft → review → published → archived
- Search: Full-text + vector for semantic search
- Versioning: Article version tracking
- Portal: External knowledge base for customers
No new protocol needed — just a reference implementation example.
Gap 23: Advanced Analytics Features
| Feature | Current | Needed |
|---|---|---|
| Cross-object reports | ❌ | Joined report types with lookup traversal |
| Conditional formatting | ❌ | Cell-level styling based on value thresholds |
| Report formulas | ❌ | Cross-row calculations (% of total, running sum) |
| Analytic snapshots | ❌ | Point-in-time data capture for trend analysis |
| Exception reporting | ❌ | Highlight records outside normal ranges |
| Natural language queries | ❌ | "Show me deals closing this month over $50k" |
Recommendation: Enhance src/ui/report.zod.ts and src/data/analytics.zod.ts with:
conditionalFormattingarray on report columnsformulasfor cross-row calculationssnapshotschedule for historical trend trackingexceptionRulesfor automated highlighting- NLQ integration via existing AI agent protocol
| # | Task | Priority | Complexity | Schema |
|---|---|---|---|---|
| A1 | Expression Language Spec | 🔴 Critical | High | data/expression.zod.ts |
| A2 | Record Types | 🔴 Critical | Medium | Add to data/object.zod.ts |
| A3 | Custom Metadata Types | 🔴 Critical | Medium | data/custom-metadata.zod.ts |
| A4 | Duplicate Detection Rules | 🟡 High | Low | data/duplicate-rule.zod.ts |
| A5 | Multi-Currency Management | 🟡 High | Medium | data/currency.zod.ts |
| A6 | Data Import/Export Wizard | 🟡 High | Medium | data/data-import.zod.ts |
| # | Task | Priority | Complexity | Schema |
|---|---|---|---|---|
| B1 | Page Layout Engine | 🔴 Critical | High | ui/page-layout.zod.ts |
| B2 | Document Generation Templates | 🟡 High | Medium | ui/document-template.zod.ts |
| B3 | Report Scheduling & Subscriptions | 🟡 High | Low | Add to ui/report.zod.ts |
| B4 | Dashboard Drill-Down | 🟡 High | Low | Add to ui/dashboard.zod.ts |
| B5 | Portal / Community Protocol | 🟡 High | High | ui/portal.zod.ts |
| B6 | Advanced Report Features | 🟡 Medium | Medium | Enhance ui/report.zod.ts |
| # | Task | Priority | Complexity | Schema |
|---|---|---|---|---|
| C1 | SLA / Entitlement Engine | 🔴 Critical | High | automation/sla.zod.ts |
| C2 | Queue / Assignment Rules | 🟡 High | Medium | automation/assignment-rule.zod.ts |
| C3 | Scheduled Job Protocol | 🔴 Critical | Medium | automation/scheduled-job.zod.ts |
| C4 | Inbound Capture (Email-to-Case) | 🟡 High | Medium | integration/inbound-capture.zod.ts |
| # | Task | Priority | Complexity | Schema |
|---|---|---|---|---|
| D1 | Deployment / Change Management | 🔴 Critical | High | system/deployment.zod.ts |
| D2 | Sandbox / Environment Management | 🔴 Critical | Medium | system/sandbox.zod.ts |
| D3 | Fiscal Year / Business Calendar | 🟡 High | Low | system/fiscal-calendar.zod.ts |
| D4 | Audit Trail Query Protocol | 🟡 High | Medium | security/audit.zod.ts |
| D5 | Delegated Administration | 🟡 High | Medium | security/delegated-admin.zod.ts |
| # | Task | Priority | Complexity | Schema |
|---|---|---|---|---|
| E1 | Predictive Analytics Integration | 🟡 High | High | Enhance ai/predictive.zod.ts |
| E2 | AI Model Governance | 🟡 High | Medium | ai/governance.zod.ts |
| E3 | Process Mining Protocol | 🟡 Medium | High | ai/process-mining.zod.ts |
| E4 | Recommendation Engine | 🟡 Medium | Medium | ai/recommendation.zod.ts |
| # | Task | Priority | Complexity | Schema |
|---|---|---|---|---|
| F1 | IAuditService | 🟡 High | Low | contracts/audit-service.ts |
| F2 | IDeploymentService | 🟡 High | Low | contracts/deployment-service.ts |
| F3 | ISLAService | 🟡 High | Low | contracts/sla-service.ts |
| F4 | ISchedulerService | 🟡 Medium | Low | contracts/scheduler-service.ts |
| F5 | IDocumentService | 🟡 Medium | Low | contracts/document-service.ts |
| F6 | IPortalService | 🟡 Medium | Low | contracts/portal-service.ts |
These gaps block enterprise adoption and must be resolved first:
- Expression Language Spec — Every enterprise app needs formulas
- Page Layout Engine — Every enterprise app needs form layouts
- Record Types — Every enterprise app needs business process variants
- Deployment Protocol — Every enterprise team needs CI/CD for metadata
- SLA Engine — Every customer-facing enterprise needs SLA tracking
- Scheduled Jobs — Every enterprise needs recurring task automation
These gaps limit competitiveness against Salesforce/ServiceNow:
- Custom Metadata Types
- Sandbox Management
- Assignment Rules / Queues
- Audit Trail Query API
- Document Generation
- Portal / Community
- Multi-Currency Management
- Report Scheduling
These gaps represent differentiation opportunities:
- Predictive Analytics Integration
- AI Model Governance
- Process Mining
- Duplicate Detection
- Fiscal Year / Calendar
- Delegated Administration
- Dashboard Drill-Down
- Advanced Report Features
- Inbound Capture
| Category | Salesforce | ServiceNow | SAP | ObjectStack v3.0 | ObjectStack v4.0 (Target) |
|---|---|---|---|---|---|
| Data Model | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
| UI / Forms | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐½ | ⭐⭐⭐⭐½ |
| Automation | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
| Security | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐½ |
| AI/ML | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐½ |
| Integration | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐½ |
| DevOps | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ |
| Extensibility | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐½ | ⭐⭐⭐⭐½ |
- Open-core — No vendor lock-in, self-hostable
- Zod-first — Runtime + compile-time type safety
- AI-native — Vector fields, RAG, agent planning built-in
- Local-first — Works offline with sync
- State Machines — XState-inspired, superior to simple workflows
- Plugin Architecture — Sandboxed, secure, composable
- Zod First: Every definition starts with a Zod schema
- Type Derivation:
z.infer<typeof Schema>for all TypeScript types - No Business Logic: Only definitions — no runtime code in spec
- Naming: Config keys in
camelCase, machine names insnake_case - Describe Everything: Every field must have
.describe()annotation - Test Everything: Every
.zod.tsfile must have a.test.tscompanion - Backward Compatible: New schemas must not break existing v3.0 configurations
- Optional by Default: New properties on existing schemas must be
.optional()
src/data/expression.zod.ts → Schema definition
src/data/expression.test.ts → Tests
src/automation/sla.zod.ts → Schema definition
src/automation/sla.test.ts → Tests
New schemas must be integrated into StackDefinitionSchema in stack.zod.ts:
// Example: Adding SLA to the stack
slas: z.record(z.string(), SLADefinitionSchema).optional()
.describe('SLA definitions for service level management'),v4.0-alpha (2026 Q2 — 6 weeks)
├── Phase A: Data Model Completeness [3 weeks]
└── Phase B: UI & Reporting Enhancement [3 weeks]
v4.0-beta (2026 Q3 — 4 weeks)
├── Phase C: Automation Maturity [2 weeks]
└── Phase D: System & DevOps [2 weeks]
v4.0-GA (2026 Q3-Q4 — 3 weeks)
├── Phase E: AI & Intelligence [2 weeks]
└── Phase F: Service Contracts [1 week]
Estimated Total: 13 weeks (≈ 3 months)
New Schemas: ~18 new files + ~12 enhancements to existing files
New Tests: ~18 new test files + ~500 new tests
New Service Contracts: 6
| Document | Location | Status |
|---|---|---|
| v3.0 Release Roadmap | ROADMAP.md |
✅ Complete |
| DX Roadmap | DX_ROADMAP.md |
🔄 Active (Phase 4-6) |
| Studio Roadmap | apps/studio/ROADMAP.md |
🔄 Active |
| Architecture | ARCHITECTURE.md |
✅ Current |
| Enterprise Assessment (this file) | ENTERPRISE_ASSESSMENT.md |
📋 v4.0 Planning |
Last Updated: 2026-02-12
Author: ObjectStack Core Team
Status: 📋 Assessment Complete — Ready for v4.0 Planning