feat: add isSystem field to Project and provisionSystemProject function

Claude · xuyushun441-sys · web-flow · commit 330f3fa8dc4c · 2026-04-21T17:38:32.000Z
- Added isSystem field to ProjectSchema in cloud/project.zod.ts
- Added is_system field to sys_project object schema
- Implemented provisionSystemProject() method for bootstrapping platform
- System project uses well-known ID and operates on control plane DB
- Idempotent provisioning - returns existing if already created

Co-authored-by: xuyushun441-sys &lt;255036401+xuyushun441-sys@users.noreply.github.com&gt;
diff --git a/packages/services/service-tenant/src/objects/sys-project.object.ts b/packages/services/service-tenant/src/objects/sys-project.object.ts
@@ -90,6 +90,13 @@ export const SysProject = ObjectSchema.create({
       description: 'Whether this is the default project for the organization. Exactly one per org.',
     }),
 
+    is_system: Field.boolean({
+      label: 'Is System',
+      required: true,
+      defaultValue: false,
+      description: 'Whether this is a system project (platform infrastructure, not user data).',
+    }),
+
     region: Field.text({
       label: 'Region',
       required: false,
diff --git a/packages/services/service-tenant/src/project-provisioning.ts b/packages/services/service-tenant/src/project-provisioning.ts
@@ -480,6 +480,145 @@ export class ProjectProvisioningService {
     return credential;
   }
 
+  /**
+   * Provision the built-in system project during platform bootstrap.
+   * This project contains system-level packages and operates on the control plane DB.
+   *
+   * @returns The provisioned system project or existing if already created (idempotent)
+   */
+  async provisionSystemProject(): Promise<ProvisionProjectResponse> {
+    const SYSTEM_PROJECT_ID = '00000000-0000-0000-0000-000000000001';
+    const PLATFORM_ORG_ID = '00000000-0000-0000-0000-000000000000';
+    const startedAt = Date.now();
+    const warnings: string[] = [];
+
+    // Check if system project already exists (idempotent operation)
+    if (this.config.controlPlaneDriver) {
+      try {
+        const existing = await this.config.controlPlaneDriver.findOne('project', {
+          where: { id: SYSTEM_PROJECT_ID },
+        });
+
+        if (existing) {
+          // System project already exists - return it
+          const credentialId = randomUUID();
+          const nowIso = new Date().toISOString();
+
+          return {
+            project: {
+              id: existing.id,
+              organizationId: existing.organization_id,
+              slug: existing.slug,
+              displayName: existing.display_name,
+              projectType: existing.project_type,
+              isDefault: existing.is_default,
+              isSystem: existing.is_system ?? true,
+              region: existing.region,
+              plan: existing.plan,
+              status: existing.status,
+              createdBy: existing.created_by,
+              createdAt: existing.created_at,
+              updatedAt: existing.updated_at,
+              databaseUrl: existing.database_url,
+              databaseDriver: existing.database_driver,
+              storageLimitMb: existing.storage_limit_mb,
+              provisionedAt: existing.provisioned_at,
+              metadata: existing.metadata ? JSON.parse(existing.metadata) : undefined,
+              hostname: existing.hostname,
+            },
+            credential: {
+              id: credentialId,
+              projectId: SYSTEM_PROJECT_ID,
+              secretCiphertext: '',
+              encryptionKeyId: this.encryptor.keyId,
+              authorization: 'full_access',
+              status: 'active',
+              createdAt: nowIso,
+            },
+            durationMs: Date.now() - startedAt,
+            warnings: ['System project already exists'],
+          };
+        }
+      } catch (error) {
+        // Project not found - proceed with creation
+      }
+    }
+
+    // Create new system project
+    const nowIso = new Date().toISOString();
+    const credentialId = randomUUID();
+
+    const project: Project = {
+      id: SYSTEM_PROJECT_ID,
+      organizationId: PLATFORM_ORG_ID,
+      slug: 'system',
+      displayName: 'System',
+      projectType: 'production',
+      isDefault: false,
+      isSystem: true,
+      region: this.config.defaultRegion,
+      plan: 'enterprise',
+      status: 'active',
+      createdBy: 'system',
+      createdAt: nowIso,
+      updatedAt: nowIso,
+      metadata: {
+        description: 'Built-in system project for platform infrastructure',
+        protected: true,
+      },
+      databaseUrl: undefined,
+      databaseDriver: undefined,
+      storageLimitMb: undefined,
+      provisionedAt: nowIso,
+      hostname: 'system.objectstack.internal',
+    };
+
+    const credential: ProjectCredential = {
+      id: credentialId,
+      projectId: SYSTEM_PROJECT_ID,
+      secretCiphertext: '',
+      encryptionKeyId: this.encryptor.keyId,
+      authorization: 'full_access',
+      status: 'active',
+      createdAt: nowIso,
+    };
+
+    // Persist to control plane
+    if (this.config.controlPlaneDriver) {
+      try {
+        await this.config.controlPlaneDriver.create('project', {
+          id: project.id,
+          organization_id: project.organizationId,
+          slug: project.slug,
+          display_name: project.displayName,
+          project_type: project.projectType,
+          is_default: project.isDefault,
+          is_system: project.isSystem,
+          region: project.region,
+          plan: project.plan,
+          status: project.status,
+          created_by: project.createdBy,
+          created_at: project.createdAt,
+          updated_at: project.updatedAt,
+          database_url: project.databaseUrl,
+          database_driver: project.databaseDriver,
+          storage_limit_mb: project.storageLimitMb,
+          provisioned_at: project.provisionedAt,
+          metadata: project.metadata ? JSON.stringify(project.metadata) : null,
+          hostname: project.hostname,
+        });
+
+        warnings.push('System project created successfully');
+      } catch (error) {
+        throw new Error(
+          `Failed to persist system project: ${error instanceof Error ? error.message : String(error)}`,
+        );
+      }
+    }
+
+    return { project, credential, durationMs: Date.now() - startedAt, warnings };
+  }
+
   registerAdapter(adapter: ProjectDatabaseAdapter): void {
     this.adapters.set(adapter.driver, adapter);
   }
diff --git a/packages/spec/src/cloud/project.zod.ts b/packages/spec/src/cloud/project.zod.ts
@@ -83,6 +83,9 @@ export const ProjectSchema = z.object({
   /** Whether this is the organization's **default** project. Exactly one per org. */
   isDefault: z.boolean().default(false).describe('Whether this is the default project for the organization'),
 
+  /** Whether this is a system project (platform infrastructure, not user data). */
+  isSystem: z.boolean().default(false).describe('Whether this is a system project (platform infrastructure, not user data)'),
+
   /** Region where the physical database is deployed. */
   region: z.string().optional().describe('Region where the physical database is deployed (e.g. us-east-1)'),
 
