Add Field and Object protocol enhancements with encryption, masking, audit, caching, tenancy, versioning

Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>

Author: Copilot

content/docs/references/data/field.mdx

@@ -12,8 +12,8 @@ description: Field protocol schemas
 ## TypeScript Usage
 
 ```typescript
-import { AddressSchema, CurrencyConfigSchema, CurrencyValueSchema, FieldSchema, FieldTypeSchema, FileAttachmentConfigSchema, LocationCoordinatesSchema, SelectOptionSchema, VectorConfigSchema } from '@objectstack/spec/data';
-import type { Address, CurrencyConfig, CurrencyValue, Field, FieldType, FileAttachmentConfig, LocationCoordinates, SelectOption, VectorConfig } from '@objectstack/spec/data';
+import { AddressSchema, ComputedFieldCacheSchema, CurrencyConfigSchema, CurrencyValueSchema, DataQualityRulesSchema, FieldSchema, FieldTypeSchema, FileAttachmentConfigSchema, LocationCoordinatesSchema, SelectOptionSchema, VectorConfigSchema } from '@objectstack/spec/data';
+import type { Address, ComputedFieldCache, CurrencyConfig, CurrencyValue, DataQualityRules, Field, FieldType, FileAttachmentConfig, LocationCoordinates, SelectOption, VectorConfig } from '@objectstack/spec/data';
 
 // Validate data
 const result = AddressSchema.parse(data);
@@ -37,6 +37,18 @@ const result = AddressSchema.parse(data);
 
 ---
 
+## ComputedFieldCache
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | ✅ | Enable caching for computed field results |
+| **ttl** | `number` | ✅ | Cache TTL in seconds (0 = no expiration) |
+| **invalidateOn** | `string[]` | ✅ | Field paths that invalidate cache (e.g., ["inventory.quantity", "pricing.base_price"]) |
+
+---
+
 ## CurrencyConfig
 
 ### Properties
@@ -60,6 +72,18 @@ const result = AddressSchema.parse(data);
 
 ---
 
+## DataQualityRules
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **uniqueness** | `boolean` | optional | Enforce unique values across all records |
+| **completeness** | `number` | optional | Minimum ratio of non-null values (0-1, default: 1) |
+| **accuracy** | `object` | optional | Accuracy validation configuration |
+
+---
+
 ## Field
 
 ### Properties
@@ -111,9 +135,15 @@ const result = AddressSchema.parse(data);
 | **currencyConfig** | `object` | optional | Configuration for currency field type |
 | **vectorConfig** | `object` | optional | Configuration for vector field type (AI/ML embeddings) |
 | **fileAttachmentConfig** | `object` | optional | Configuration for file and attachment field types |
+| **encryptionConfig** | `object` | optional | Field-level encryption configuration for sensitive data (GDPR/HIPAA/PCI-DSS) |
+| **maskingRule** | `object` | optional | Data masking rules for PII protection |
+| **auditTrail** | `boolean` | optional | Enable detailed audit trail for this field (tracks all changes with user and timestamp) |
+| **dependencies** | `string[]` | optional | Array of field names that this field depends on (for formulas, visibility rules, etc.) |
+| **cached** | `object` | optional | Caching configuration for computed/formula fields |
+| **dataQuality** | `object` | optional | Data quality validation and monitoring rules |
 | **hidden** | `boolean` | optional | Hidden from default UI |
 | **readonly** | `boolean` | optional | Read-only in UI |
-| **encryption** | `boolean` | optional | Encrypt at rest |
+| **encryption** | `boolean` | optional | Deprecated: Use encryptionConfig for enhanced encryption features. Simple flag for backward compatibility. |
 | **index** | `boolean` | optional | Create standard database index |
 | **externalId** | `boolean` | optional | Is external ID for upsert operations |
 

content/docs/references/data/object.mdx

@@ -12,25 +12,38 @@ description: Object protocol schemas
 ## TypeScript Usage
 
 ```typescript
-import { IndexSchema, ObjectSchema, ObjectCapabilitiesSchema } from '@objectstack/spec/data';
-import type { Index, Object, ObjectCapabilities } from '@objectstack/spec/data';
+import { CDCConfigSchema, IndexSchema, ObjectSchema, ObjectCapabilitiesSchema, PartitioningConfigSchema, SoftDeleteConfigSchema, TenancyConfigSchema, VersioningConfigSchema } from '@objectstack/spec/data';
+import type { CDCConfig, Index, Object, ObjectCapabilities, PartitioningConfig, SoftDeleteConfig, TenancyConfig, VersioningConfig } from '@objectstack/spec/data';
 
 // Validate data
-const result = IndexSchema.parse(data);
+const result = CDCConfigSchema.parse(data);
 ```
 
 ---
 
+## CDCConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | ✅ | Enable Change Data Capture |
+| **events** | `Enum<'insert' \| 'update' \| 'delete'>[]` | ✅ | Event types to capture |
+| **destination** | `string` | ✅ | Destination endpoint (e.g., "kafka://topic", "webhook://url") |
+
+---
+
 ## Index
 
 ### Properties
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
-| **name** | `string` | optional | Index name |
+| **name** | `string` | ✅ | Index name (auto-generated if not provided) |
 | **fields** | `string[]` | ✅ | Fields included in the index |
-| **unique** | `boolean` | optional | Whether the index is unique |
-| **type** | `Enum<'btree' \| 'hash' \| 'gin' \| 'gist'>` | optional | Index type (default: btree) |
+| **type** | `Enum<'btree' \| 'hash' \| 'gin' \| 'gist' \| 'fulltext'>` | optional | Index algorithm type |
+| **unique** | `boolean` | optional | Whether the index enforces uniqueness |
+| **partial** | `string` | optional | Partial index condition (SQL WHERE clause for conditional indexes) |
 
 ---
 
@@ -53,6 +66,11 @@ const result = IndexSchema.parse(data);
 | **tableName** | `string` | optional | Physical table/collection name in the target datasource |
 | **fields** | `Record<string, object>` | ✅ | Field definitions map |
 | **indexes** | `object[]` | optional | Database performance indexes |
+| **tenancy** | `object` | optional | Multi-tenancy configuration for SaaS applications |
+| **softDelete** | `object` | optional | Soft delete (trash/recycle bin) configuration |
+| **versioning** | `object` | optional | Record versioning and history tracking configuration |
+| **partitioning** | `object` | optional | Table partitioning configuration for performance |
+| **cdc** | `object` | optional | Change Data Capture (CDC) configuration for real-time data streaming |
 | **validations** | `object \| object \| object \| object \| object \| object \| object \| object \| object[]` | optional | Object-level validation rules |
 | **titleFormat** | `string` | optional | Title expression (e.g. "`{name}` - `{code}`"). Overrides nameField. |
 | **compactLayout** | `string[]` | optional | Primary fields for hover/cards/lookups |
@@ -78,3 +96,54 @@ const result = IndexSchema.parse(data);
 | **mru** | `boolean` | optional | Track Most Recently Used (MRU) list for users |
 | **clone** | `boolean` | optional | Allow record deep cloning |
 
+---
+
+## PartitioningConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | ✅ | Enable table partitioning |
+| **strategy** | `Enum<'range' \| 'hash' \| 'list'>` | ✅ | Partitioning strategy: range (date ranges), hash (consistent hashing), list (predefined values) |
+| **key** | `string` | ✅ | Field name to partition by |
+| **interval** | `string` | optional | Partition interval for range strategy (e.g., "1 month", "1 year") |
+
+---
+
+## SoftDeleteConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | ✅ | Enable soft delete (trash/recycle bin) |
+| **field** | `string` | optional | Field name for soft delete timestamp |
+| **cascadeDelete** | `boolean` | optional | Cascade soft delete to related records |
+
+---
+
+## TenancyConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | ✅ | Enable multi-tenancy for this object |
+| **strategy** | `Enum<'shared' \| 'isolated' \| 'hybrid'>` | ✅ | Tenant isolation strategy: shared (single DB, row-level), isolated (separate DB per tenant), hybrid (mix) |
+| **tenantField** | `string` | optional | Field name for tenant identifier |
+| **crossTenantAccess** | `boolean` | optional | Allow cross-tenant data access (with explicit permission) |
+
+---
+
+## VersioningConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **enabled** | `boolean` | ✅ | Enable record versioning |
+| **strategy** | `Enum<'snapshot' \| 'delta' \| 'event-sourcing'>` | ✅ | Versioning strategy: snapshot (full copy), delta (changes only), event-sourcing (event log) |
+| **retentionDays** | `number` | optional | Number of days to retain old versions (undefined = infinite) |
+| **versionField** | `string` | optional | Field name for version number/timestamp |
+

content/docs/references/system/driver.mdx

@@ -12,8 +12,8 @@ description: Driver protocol schemas
 ## TypeScript Usage
 
 ```typescript
-import { DriverCapabilitiesSchema, DriverInterfaceSchema, DriverOptionsSchema } from '@objectstack/spec/system';
-import type { DriverCapabilities, DriverInterface, DriverOptions } from '@objectstack/spec/system';
+import { DriverCapabilitiesSchema, DriverConfigSchema, DriverInterfaceSchema, DriverOptionsSchema, PoolConfigSchema } from '@objectstack/spec/system';
+import type { DriverCapabilities, DriverConfig, DriverInterface, DriverOptions, PoolConfig } from '@objectstack/spec/system';
 
 // Validate data
 const result = DriverCapabilitiesSchema.parse(data);
@@ -27,19 +27,52 @@ const result = DriverCapabilitiesSchema.parse(data);
 
 | Property | Type | Required | Description |
 | :--- | :--- | :--- | :--- |
-| **transactions** | `boolean` | ✅ | Supports transactions |
-| **queryFilters** | `boolean` | ✅ | Supports WHERE clause filtering |
-| **queryAggregations** | `boolean` | ✅ | Supports GROUP BY and aggregation functions |
-| **querySorting** | `boolean` | ✅ | Supports ORDER BY sorting |
-| **queryPagination** | `boolean` | ✅ | Supports LIMIT/OFFSET pagination |
-| **queryWindowFunctions** | `boolean` | ✅ | Supports window functions with OVER clause |
-| **querySubqueries** | `boolean` | ✅ | Supports subqueries |
-| **joins** | `boolean` | ✅ | Supports SQL joins |
-| **fullTextSearch** | `boolean` | ✅ | Supports full-text search |
-| **jsonFields** | `boolean` | ✅ | Supports JSON field types |
-| **arrayFields** | `boolean` | ✅ | Supports array field types |
+| **create** | `boolean` | optional | Supports CREATE operations |
+| **read** | `boolean` | optional | Supports READ operations |
+| **update** | `boolean` | optional | Supports UPDATE operations |
+| **delete** | `boolean` | optional | Supports DELETE operations |
+| **bulkCreate** | `boolean` | optional | Supports bulk CREATE operations |
+| **bulkUpdate** | `boolean` | optional | Supports bulk UPDATE operations |
+| **bulkDelete** | `boolean` | optional | Supports bulk DELETE operations |
+| **transactions** | `boolean` | optional | Supports ACID transactions |
+| **savepoints** | `boolean` | optional | Supports transaction savepoints |
+| **isolationLevels** | `Enum<'read-uncommitted' \| 'read-committed' \| 'repeatable-read' \| 'serializable'>[]` | optional | Supported transaction isolation levels |
+| **queryFilters** | `boolean` | optional | Supports WHERE clause filtering |
+| **queryAggregations** | `boolean` | optional | Supports GROUP BY and aggregation functions |
+| **querySorting** | `boolean` | optional | Supports ORDER BY sorting |
+| **queryPagination** | `boolean` | optional | Supports LIMIT/OFFSET pagination |
+| **queryWindowFunctions** | `boolean` | optional | Supports window functions with OVER clause |
+| **querySubqueries** | `boolean` | optional | Supports subqueries |
+| **queryCTE** | `boolean` | optional | Supports Common Table Expressions (WITH clause) |
+| **joins** | `boolean` | optional | Supports SQL joins |
+| **fullTextSearch** | `boolean` | optional | Supports full-text search |
+| **jsonQuery** | `boolean` | optional | Supports JSON field querying |
+| **geospatialQuery** | `boolean` | optional | Supports geospatial queries |
+| **streaming** | `boolean` | optional | Supports result streaming (cursors/iterators) |
+| **jsonFields** | `boolean` | optional | Supports JSON field types |
+| **arrayFields** | `boolean` | optional | Supports array field types |
 | **vectorSearch** | `boolean` | optional | Supports vector embeddings and similarity search |
-| **geoSpatial** | `boolean` | optional | Supports geospatial queries |
+| **geoSpatial** | `boolean` | optional | Supports geospatial queries (deprecated: use geospatialQuery) |
+| **schemaSync** | `boolean` | optional | Supports automatic schema synchronization |
+| **migrations** | `boolean` | optional | Supports database migrations |
+| **indexes** | `boolean` | optional | Supports index creation and management |
+| **connectionPooling** | `boolean` | optional | Supports connection pooling |
+| **preparedStatements** | `boolean` | optional | Supports prepared statements (SQL injection prevention) |
+| **queryCache** | `boolean` | optional | Supports query result caching |
+
+---
+
+## DriverConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **name** | `string` | ✅ | Driver instance name |
+| **type** | `Enum<'sql' \| 'nosql' \| 'cache' \| 'search' \| 'graph' \| 'timeseries'>` | ✅ | Driver type category |
+| **capabilities** | `object` | ✅ | Driver capability flags |
+| **connectionString** | `string` | optional | Database connection string (driver-specific format) |
+| **poolConfig** | `object` | optional | Connection pool configuration |
 
 ---
 
@@ -67,3 +100,16 @@ const result = DriverCapabilitiesSchema.parse(data);
 | **traceContext** | `Record<string, string>` | optional | OpenTelemetry context or request ID |
 | **tenantId** | `string` | optional | Tenant Isolation identifier |
 
+---
+
+## PoolConfig
+
+### Properties
+
+| Property | Type | Required | Description |
+| :--- | :--- | :--- | :--- |
+| **min** | `number` | optional | Minimum number of connections in pool |
+| **max** | `number` | optional | Maximum number of connections in pool |
+| **idleTimeoutMillis** | `number` | optional | Time in ms before idle connection is closed |
+| **connectionTimeoutMillis** | `number` | optional | Time in ms to wait for available connection |
+

content/docs/references/system/index.mdx

@@ -16,6 +16,7 @@ This section contains all protocol schemas for the system layer of ObjectStack.
   <Card href="./data-engine" title="Data Engine" description="Source: packages/spec/src/system/data-engine.zod.ts" />
   <Card href="./datasource" title="Datasource" description="Source: packages/spec/src/system/datasource.zod.ts" />
   <Card href="./driver" title="Driver" description="Source: packages/spec/src/system/driver.zod.ts" />
+  <Card href="./driver-sql" title="Driver Sql" description="Source: packages/spec/src/system/driver-sql.zod.ts" />
   <Card href="./encryption" title="Encryption" description="Source: packages/spec/src/system/encryption.zod.ts" />
   <Card href="./events" title="Events" description="Source: packages/spec/src/system/events.zod.ts" />
   <Card href="./feature" title="Feature" description="Source: packages/spec/src/system/feature.zod.ts" />

content/docs/references/system/meta.json

@@ -9,6 +9,7 @@
     "data-engine",
     "datasource",
     "driver",
+    "driver-sql",
     "encryption",
     "events",
     "feature",

packages/spec/json-schema/data/CDCConfig.json

@@ -0,0 +1,37 @@
+{
+  "$ref": "#/definitions/CDCConfig",
+  "definitions": {
+    "CDCConfig": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Enable Change Data Capture"
+        },
+        "events": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "enum": [
+              "insert",
+              "update",
+              "delete"
+            ]
+          },
+          "description": "Event types to capture"
+        },
+        "destination": {
+          "type": "string",
+          "description": "Destination endpoint (e.g., \"kafka://topic\", \"webhook://url\")"
+        }
+      },
+      "required": [
+        "enabled",
+        "events",
+        "destination"
+      ],
+      "additionalProperties": false
+    }
+  },
+  "$schema": "http://json-schema.org/draft-07/schema#"
+}

packages/spec/json-schema/data/ComputedFieldCache.json

@@ -0,0 +1,33 @@
+{
+  "$ref": "#/definitions/ComputedFieldCache",
+  "definitions": {
+    "ComputedFieldCache": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Enable caching for computed field results"
+        },
+        "ttl": {
+          "type": "number",
+          "minimum": 0,
+          "description": "Cache TTL in seconds (0 = no expiration)"
+        },
+        "invalidateOn": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "Field paths that invalidate cache (e.g., [\"inventory.quantity\", \"pricing.base_price\"])"
+        }
+      },
+      "required": [
+        "enabled",
+        "ttl",
+        "invalidateOn"
+      ],
+      "additionalProperties": false
+    }
+  },
+  "$schema": "http://json-schema.org/draft-07/schema#"
+}