Merge pull request #226 from objectstack-ai/copilot/update-packages-to-spec

Author: hotlong

packages/audit/src/plugin.ts

@@ -501,13 +501,15 @@ export class AuditLogPlugin implements Plugin {
      */
     async healthCheck(): Promise<PluginHealthReport> {
         const status = this.config.enabled ? 'healthy' : 'degraded';
+        const message = this.config.enabled ? 'Audit logging active' : 'Audit logging disabled';
         return {
-            pluginName: this.name,
-            pluginVersion: this.version,
             status,
-            uptime: this.startedAt ? Date.now() - this.startedAt : 0,
-            checks: [{ name: 'audit-storage', status, message: this.config.enabled ? 'Audit logging active' : 'Audit logging disabled', latency: 0, timestamp: new Date().toISOString() }],
             timestamp: new Date().toISOString(),
+            message,
+            metrics: {
+                uptime: this.startedAt ? Date.now() - this.startedAt : 0,
+            },
+            checks: [{ name: 'audit-storage', status: status === 'healthy' ? 'passed' : 'warning', message }],
         };
     }
 
@@ -516,49 +518,21 @@ export class AuditLogPlugin implements Plugin {
      */
     getManifest(): { capabilities: PluginCapabilityManifest; security: PluginSecurityManifest } {
         return {
-            capabilities: {
-                services: ['audit-log'],
-                emits: ['audit.event.recorded'],
-                listens: [
-                    // Data events
-                    'data.create', 'data.update', 'data.delete', 'data.find',
-                    // Auth events
-                    'auth.login', 'auth.login_failed', 'auth.logout',
-                    'auth.session_created', 'auth.session_expired',
-                    'auth.password_reset', 'auth.password_changed',
-                    'auth.email_verified',
-                    'auth.mfa_enabled', 'auth.mfa_disabled',
-                    'auth.account_locked', 'auth.account_unlocked',
-                    // Authorization events
-                    'authz.permission_granted', 'authz.permission_revoked',
-                    'authz.role_assigned', 'authz.role_removed',
-                    'authz.role_created', 'authz.role_updated', 'authz.role_deleted',
-                    'authz.policy_created', 'authz.policy_updated', 'authz.policy_deleted',
-                    // System events
-                    'system.config_changed',
-                    'system.plugin_installed', 'system.plugin_uninstalled',
-                    'system.backup_created', 'system.backup_restored',
-                    'system.integration_added', 'system.integration_removed',
-                    // Security events
-                    'security.access_denied', 'security.suspicious_activity',
-                    'security.data_breach',
-                    'security.api_key_created', 'security.api_key_revoked',
-                    // Job events
-                    'job.enqueued', 'job.started', 'job.completed', 'job.failed',
-                    'job.retried', 'job.cancelled', 'job.scheduled',
-                ],
-                routes: [],
-                objects: [],
+            capabilities: {},
+            security: {
+                pluginId: 'audit',
+                trustLevel: 'trusted',
+                permissions: { permissions: [], defaultGrant: 'deny' },
+                sandbox: { enabled: false, level: 'none' },
             },
-            security: { requiredPermissions: ['admin'], handlesSensitiveData: true, makesExternalCalls: false },
         };
     }
 
     /**
      * Startup result
      */
     getStartupResult(): PluginStartupResult {
-        return { pluginName: this.name, success: !!this.context, duration: 0, servicesRegistered: ['audit-log'] };
+        return { plugin: { name: this.name, version: this.version }, success: !!this.context, duration: 0 };
     }
 
     /**

packages/audit/src/types.ts

@@ -187,90 +187,31 @@ export type {
     AuditConfig,
 } from '@objectstack/spec/system';
 
-// ─── Kernel Compliance Types ───────────────────────────────────────────────────
+// ─── Kernel Compliance Types (from @objectstack/spec) ──────────────────────────
 
-/** Plugin health status */
-export type HealthStatus = 'healthy' | 'degraded' | 'unhealthy';
+import type {
+  PluginHealthStatus,
+  PluginHealthReport as SpecPluginHealthReport,
+  PluginCapabilityManifest as SpecPluginCapabilityManifest,
+  PluginSecurityManifest as SpecPluginSecurityManifest,
+  PluginStartupResult as SpecPluginStartupResult,
+  EventBusConfig as SpecEventBusConfig,
+} from '@objectstack/spec/kernel';
 
-/** Health check result for a single check */
-export interface HealthCheckResult {
-  name: string;
-  status: HealthStatus;
-  message?: string;
-  latency?: number;
-  timestamp: string;
-  metadata?: Record<string, unknown>;
-}
+/** Plugin health status — from @objectstack/spec */
+export type HealthStatus = PluginHealthStatus;
 
-/** Aggregate health report for a plugin */
-export interface PluginHealthReport {
-  pluginName: string;
-  pluginVersion: string;
-  status: HealthStatus;
-  uptime: number;
-  checks: HealthCheckResult[];
-  timestamp: string;
-}
+/** Aggregate health report — from @objectstack/spec */
+export type PluginHealthReport = SpecPluginHealthReport;
 
-/** Plugin capability declaration */
-export interface PluginCapabilityManifest {
-  services?: string[];
-  emits?: string[];
-  listens?: string[];
-  routes?: string[];
-  objects?: string[];
-}
+/** Plugin capability manifest — from @objectstack/spec */
+export type PluginCapabilityManifest = SpecPluginCapabilityManifest;
 
-/** Plugin security manifest */
-export interface PluginSecurityManifest {
-  requiredPermissions?: string[];
-  handlesSensitiveData?: boolean;
-  makesExternalCalls?: boolean;
-  allowedDomains?: string[];
-  executesUserScripts?: boolean;
-  sandboxConfig?: {
-    timeout?: number;
-    maxMemory?: number;
-    allowedModules?: string[];
-  };
-}
+/** Plugin security manifest — from @objectstack/spec */
+export type PluginSecurityManifest = SpecPluginSecurityManifest;
 
-/** Plugin startup result */
-export interface PluginStartupResult {
-  pluginName: string;
-  success: boolean;
-  duration: number;
-  servicesRegistered: string[];
-  warnings?: string[];
-  errors?: string[];
-}
+/** Plugin startup result — from @objectstack/spec */
+export type PluginStartupResult = SpecPluginStartupResult;
 
-/** Event bus configuration */
-export interface EventBusConfig {
-  persistence?: {
-    enabled: boolean;
-    storage?: 'memory' | 'redis' | 'sqlite';
-    maxEvents?: number;
-    ttl?: number;
-  };
-  retry?: {
-    enabled: boolean;
-    maxRetries?: number;
-    backoffMs?: number;
-    backoffMultiplier?: number;
-  };
-  deadLetterQueue?: {
-    enabled: boolean;
-    maxSize?: number;
-    storage?: 'memory' | 'redis' | 'sqlite';
-  };
-  webhooks?: {
-    enabled: boolean;
-    endpoints?: Array<{
-      url: string;
-      events: string[];
-      secret?: string;
-      timeout?: number;
-    }>;
-  };
-}
+/** Event bus configuration — from @objectstack/spec */
+export type EventBusConfig = SpecEventBusConfig;

packages/audit/test/plugin.test.ts

@@ -419,9 +419,8 @@ describe('Kernel Compliance', () => {
     describe('healthCheck()', () => {
         it('should return healthy status when enabled', async () => {
             const report = await plugin.healthCheck();
-            expect(report.pluginName).toBe('@objectos/audit');
             expect(report.status).toBe('healthy');
-            expect(report.checks[0].name).toBe('audit-storage');
+            expect(report.checks![0].name).toBe('audit-storage');
         });
 
         it('should return degraded when disabled', async () => {
@@ -436,37 +435,19 @@ describe('Kernel Compliance', () => {
     describe('getManifest()', () => {
         it('should declare audit services and events', () => {
             const manifest = plugin.getManifest();
-            expect(manifest.capabilities.services).toContain('audit-log');
-            expect(manifest.capabilities.emits).toContain('audit.event.recorded');
-            expect(manifest.capabilities.listens).toContain('data.create');
-            expect(manifest.security.handlesSensitiveData).toBe(true);
-        });
-
-        it('should declare full event type coverage', () => {
-            const manifest = plugin.getManifest();
-            const listens = manifest.capabilities.listens!;
-            // Auth events
-            expect(listens).toContain('auth.login');
-            expect(listens).toContain('auth.logout');
-            expect(listens).toContain('auth.session_created');
-            expect(listens).toContain('auth.session_expired');
-            expect(listens).toContain('auth.password_changed');
-            // Authz events
-            expect(listens).toContain('authz.permission_granted');
-            expect(listens).toContain('authz.role_assigned');
-            // System events
-            expect(listens).toContain('system.config_changed');
-            expect(listens).toContain('system.plugin_installed');
-            // Security events
-            expect(listens).toContain('security.access_denied');
-            expect(listens).toContain('security.suspicious_activity');
+            expect(manifest.capabilities).toBeDefined();
+            expect(manifest.security).toBeDefined();
+            expect(manifest.security.pluginId).toBe('audit');
+            expect(manifest.security.trustLevel).toBe('trusted');
+            expect(manifest.security.permissions).toEqual({ permissions: [] });
+            expect(manifest.security.sandbox).toEqual({});
         });
     });
 
     describe('getStartupResult()', () => {
         it('should return successful startup result', () => {
             const result = plugin.getStartupResult();
-            expect(result.pluginName).toBe('@objectos/audit');
+            expect(result.plugin.name).toBe('@objectos/audit');
             expect(result.success).toBe(true);
         });
     });

packages/auth/src/plugin.ts

@@ -202,18 +202,19 @@ export class BetterAuthPlugin implements Plugin {
      * Health check
      */
     async healthCheck(): Promise<PluginHealthReport> {
-        const start = Date.now();
         const isInitialized = !!this.authInstance;
         const status = isInitialized ? 'healthy' : 'unhealthy';
+        const message = isInitialized ? 'Better-Auth instance active' : 'Auth not initialized';
         return {
-            pluginName: this.name,
-            pluginVersion: this.version,
             status,
-            uptime: this.startedAt ? Date.now() - this.startedAt : 0,
+            timestamp: new Date().toISOString(),
+            message,
+            metrics: {
+                uptime: this.startedAt ? Date.now() - this.startedAt : 0,
+            },
             checks: [
-                { name: 'auth-instance', status, message: isInitialized ? 'Better-Auth instance active' : 'Auth not initialized', latency: Date.now() - start, timestamp: new Date().toISOString() },
+                { name: 'auth-instance', status: isInitialized ? 'passed' : 'failed', message },
             ],
-            timestamp: new Date().toISOString(),
         };
     }
 
@@ -222,21 +223,12 @@ export class BetterAuthPlugin implements Plugin {
      */
     getManifest(): { capabilities: PluginCapabilityManifest; security: PluginSecurityManifest } {
         return {
-            capabilities: {
-                services: ['auth', 'better-auth'],
-                emits: [
-                    'plugin.initialized', 'plugin.destroyed', 'auth.ready',
-                    'auth.session_created',
-                ],
-                listens: [],
-                routes: ['/api/v1/auth/*'],
-                objects: Object.keys(Objects),
-            },
+            capabilities: {},
             security: {
-                requiredPermissions: [],
-                handlesSensitiveData: true,
-                makesExternalCalls: true,
-                allowedDomains: ['*.google.com', '*.github.com', '*.microsoft.com'],
+                pluginId: 'auth',
+                trustLevel: 'trusted',
+                permissions: { permissions: [], defaultGrant: 'deny' },
+                sandbox: { enabled: false, level: 'none' },
             },
         };
     }
@@ -245,7 +237,7 @@ export class BetterAuthPlugin implements Plugin {
      * Startup result
      */
     getStartupResult(): PluginStartupResult {
-        return { pluginName: this.name, success: !!this.authInstance, duration: 0, servicesRegistered: ['auth', 'better-auth'] };
+        return { plugin: { name: this.name, version: this.version }, success: !!this.authInstance, duration: 0 };
     }
 
     /**