Merge pull request #253 from objectstack-ai/copilot/continue-development-based-on-roadmap

Author: hotlong

ROADMAP.md

@@ -1,8 +1,8 @@
 # ObjectOS Roadmap
 
-> **Version**: 8.0.0
+> **Version**: 9.0.0
 > **Date**: February 12, 2026
-> **Status**: Phase M — Technical Debt Resolution ✅ COMPLETE
+> **Status**: Phase N — Enterprise Features 🔄 In Progress
 > **Spec SDK**: `@objectstack/spec@2.0.7`
 > **ObjectUI**: `@object-ui/*@2.0.0`
 
@@ -48,6 +48,7 @@ The integration of **@object-ui** (6 packages at v2.0.0) marks a strategic shift
 | Permissions | `@objectos/permissions` | ✅ |
 | Realtime | `@objectos/realtime` | ✅ |
 | Storage | `@objectos/storage` | ✅ |
+| Telemetry | `@objectos/telemetry` | ✅ |
 | Workflow | `@objectos/workflow` | ✅ |
 
 **Server Metrics**: 21,947 source lines · 107 TypeScript files · 47 test files · 350+ tests
@@ -97,7 +98,8 @@ The integration of **@object-ui** (6 packages at v2.0.0) marks a strategic shift
 | J | Workflow & Automation UI | Feb 2026 | ✅ |
 | K | Offline & Sync | Feb 2026 | ✅ |
 | L | Polish & Performance | Feb 2026 | ✅ |
-| **M** | **Technical Debt Resolution** | **Feb–Sep 2026** | **🔄 In Progress** |
+| **M** | **Technical Debt Resolution** | **Feb–Sep 2026** | **✅ Complete** |
+| **N** | **Enterprise Features** | **Feb 2026** | **🔄 In Progress** |
 
 ### Phase G Outcomes
 
@@ -274,6 +276,42 @@ Integrate `@objectos/browser` with the Admin Console for offline-first capabilit
 
 ---
 
+## Phase N — Enterprise Features (Current — Feb 2026)
+
+Enterprise-grade capabilities for production multi-tenant deployments and observability.
+
+### N.1 — OpenTelemetry Integration (`@objectos/telemetry`)
+
+New plugin providing OpenTelemetry-compatible distributed tracing.
+
+| # | Task | Priority | Status |
+|---|------|:--------:|:------:|
+| N.1.1 | TelemetryPlugin with span management and buffered export | 🔴 | ✅ |
+| N.1.2 | W3C Trace Context propagation (traceparent / tracestate) | 🔴 | ✅ |
+| N.1.3 | Automatic HTTP request instrumentation (Hono middleware) | 🔴 | ✅ |
+| N.1.4 | Data operation span creation (CRUD hooks) | 🟡 | ✅ |
+| N.1.5 | Plugin lifecycle tracing (load/enable hooks) | 🟡 | ✅ |
+| N.1.6 | OTLP HTTP exporter (Jaeger, Zipkin, Grafana Tempo compatible) | 🔴 | ✅ |
+| N.1.7 | Console exporter for development | 🟢 | ✅ |
+| N.1.8 | Probabilistic sampling with configurable rate | 🟡 | ✅ |
+| N.1.9 | Telemetry stats API (`/api/v1/telemetry/stats`) | 🟢 | ✅ |
+
+### N.2 — Multi-tenancy Data Isolation
+
+Extend permissions system with organization-scoped data access control.
+
+| # | Task | Priority | Status |
+|---|------|:--------:|:------:|
+| N.2.1 | Add `organizationId` to `PermissionContext` | 🔴 | ✅ |
+| N.2.2 | Add `TenantContext` type for middleware integration | 🔴 | ✅ |
+| N.2.3 | Automatic tenant field stamping on write operations (create/update) | 🔴 | ✅ |
+| N.2.4 | Automatic tenant filter on read operations (find/delete) | 🔴 | ✅ |
+| N.2.5 | Configurable tenant field name (`tenantIsolation`, `tenantField`) | 🟡 | ✅ |
+| N.2.6 | Metadata fallback for `organizationId` extraction | 🟡 | ✅ |
+| N.2.7 | 12 tenant isolation tests (write, read, custom field, disabled) | 🟡 | ✅ |
+
+---
+
 ## Release Timeline
 
 ### v1.0.0 — Production Release (Target: March 2026)
@@ -312,8 +350,8 @@ Integrate `@objectos/browser` with the Admin Console for offline-first capabilit
 
 - Phase J.3-J.6: Full Workflow & Automation UI ✅
 - Phase K: Offline & Sync ✅
-- Multi-tenancy data isolation
-- OpenTelemetry integration
+- Multi-tenancy data isolation ✅ Phase N.2
+- OpenTelemetry integration ✅ Phase N.1
 
 ### v2.0.0 — Platform (Target: September 2026)
 

objectstack.config.ts

@@ -20,6 +20,7 @@ import { NotificationPlugin } from '@objectos/notification';
 import { PermissionsPlugin } from '@objectos/permissions';
 import { createRealtimePlugin } from '@objectos/realtime';
 import { StoragePlugin } from '@objectos/storage';
+import { TelemetryPlugin } from '@objectos/telemetry';
 import { UIPlugin } from '@objectos/ui';
 import { WorkflowPlugin } from '@objectos/workflow';
 import { resolve } from 'path';
@@ -64,6 +65,15 @@ export default defineStack({
     new MetricsPlugin(),
     new CachePlugin(),
     new StoragePlugin(),
+    new TelemetryPlugin({
+      serviceName: 'objectos',
+      serviceVersion: '0.1.0',
+      environment: process.env.NODE_ENV || 'development',
+      exporter: {
+        protocol: (process.env.OTEL_EXPORTER_PROTOCOL as any) || 'none',
+        endpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT || 'http://localhost:4318/v1/traces',
+      },
+    }),
 
     // Core
     new AuthPlugin({
@@ -76,7 +86,9 @@ export default defineStack({
       })(),
       baseUrl: process.env.BETTER_AUTH_URL || 'http://localhost:5320',
     }),
-    new PermissionsPlugin(),
+    new PermissionsPlugin({
+      tenantIsolation: true,
+    }),
     new AuditLogPlugin(),
 
     // Logic

package.json

@@ -89,6 +89,7 @@
     "@objectos/permissions": "workspace:*",
     "@objectos/realtime": "workspace:*",
     "@objectos/storage": "workspace:*",
+    "@objectos/telemetry": "workspace:*",
     "@objectos/ui": "workspace:*",
     "@objectos/workflow": "workspace:*",
     "@objectql/core": "^4.2.0",

packages/permissions/src/index.ts

@@ -53,6 +53,8 @@ export type {
     // Runtime
     PermissionContext,
     PermissionCheckResult,
+    // Multi-tenancy
+    TenantContext,
     // Plugin Config
     PermissionPluginConfig,
 } from './types.js';

packages/permissions/src/plugin.ts

@@ -56,6 +56,8 @@ export class PermissionsPlugin implements Plugin {
             defaultDeny: true,
             permissionsDir: './permissions',
             cachePermissions: true,
+            tenantIsolation: false,
+            tenantField: '_organizationId',
             ...config,
         };
 
@@ -95,6 +97,11 @@ export class PermissionsPlugin implements Plugin {
         // Subscribe to data.* hooks for permission checking
         await this.setupEventListeners(context);
 
+        // Set up tenant isolation hooks (independent of permission checking)
+        if (this.config.tenantIsolation) {
+            await this.setupTenantIsolation(context);
+        }
+
         context.logger.info('[Permissions Plugin] Initialized successfully');
 
         await context.trigger('plugin.initialized', { pluginId: this.name, timestamp: new Date().toISOString() });
@@ -253,6 +260,70 @@ export class PermissionsPlugin implements Plugin {
         this.context?.logger.info('[Permissions Plugin] Event listeners registered');
     }
 
+    /**
+     * Set up tenant isolation hooks — separate from permission checking.
+     * These hooks run independently and enforce organization-scoped data access.
+     */
+    private async setupTenantIsolation(context: PluginContext): Promise<void> {
+        context.hook('data.beforeCreate', async (data: any) => {
+            this.applyTenantToWrite(data);
+        });
+
+        context.hook('data.beforeUpdate', async (data: any) => {
+            this.applyTenantToWrite(data);
+        });
+
+        context.hook('data.beforeDelete', async (data: any) => {
+            this.applyTenantFilter(data);
+        });
+
+        context.hook('data.beforeFind', async (data: any) => {
+            this.applyTenantFilter(data);
+        });
+
+        context.logger.info(`[Permissions Plugin] Tenant isolation enabled (field: ${this.config.tenantField})`);
+    }
+
+    /**
+     * Apply tenant ID to write operations (create/update).
+     * Stamps the tenant field on the record data so it belongs to the user's organization.
+     */
+    private applyTenantToWrite(data: any): void {
+        if (!this.config.tenantIsolation) return;
+
+        const organizationId = data.organizationId || data.metadata?.organizationId;
+        if (!organizationId) return;
+
+        const tenantField = this.config.tenantField || '_organizationId';
+
+        // Stamp the tenant field on the record being written
+        if (data.doc) {
+            data.doc[tenantField] = organizationId;
+        }
+        if (data.record) {
+            data.record[tenantField] = organizationId;
+        }
+    }
+
+    /**
+     * Apply tenant filter to read/delete operations.
+     * Ensures queries are automatically scoped to the user's organization.
+     */
+    private applyTenantFilter(data: any): void {
+        if (!this.config.tenantIsolation) return;
+
+        const organizationId = data.organizationId || data.metadata?.organizationId;
+        if (!organizationId) return;
+
+        const tenantField = this.config.tenantField || '_organizationId';
+
+        // Merge tenant filter into existing query filters
+        data.filters = {
+            ...data.filters,
+            [tenantField]: organizationId,
+        };
+    }
+
     /**
      * Check permission for a data operation
      */
@@ -266,6 +337,7 @@ export class PermissionsPlugin implements Plugin {
 
         const permissionContext: PermissionContext = {
             userId,
+            organizationId: data.organizationId || data.metadata?.organizationId,
             profiles: userProfiles || [],
             metadata: data.metadata,
         };
@@ -302,6 +374,7 @@ export class PermissionsPlugin implements Plugin {
 
         const permissionContext: PermissionContext = {
             userId,
+            organizationId: data.organizationId || data.metadata?.organizationId,
             profiles: userProfiles || [],
             metadata: data.metadata,
         };

packages/permissions/src/types.ts

@@ -344,6 +344,8 @@ export interface RLSEvaluationResult {
 export interface PermissionContext {
     /** User ID */
     userId: string;
+    /** Organization / Tenant ID for multi-tenancy data isolation */
+    organizationId?: string;
     /** User's profile name */
     profileName?: string;
     /** User's profiles (array of profile names) */
@@ -356,6 +358,21 @@ export interface PermissionContext {
     metadata?: Record<string, any>;
 }
 
+/**
+ * Tenant context — extracted from authenticated session for data isolation.
+ * Used by the tenant middleware to scope all data queries to a specific organization.
+ */
+export interface TenantContext {
+    /** Organization / Tenant ID */
+    organizationId: string;
+    /** Organization slug (for URL routing) */
+    slug?: string;
+    /** User ID within the organization */
+    userId: string;
+    /** User's role within the organization (e.g., 'owner', 'admin', 'member') */
+    role?: string;
+}
+
 /**
  * Permission check result
  */
@@ -384,6 +401,10 @@ export interface PermissionPluginConfig {
     cachePermissions?: boolean;
     /** Custom storage implementation */
     storage?: any; // PermissionStorage
+    /** Enable multi-tenancy data isolation — automatically scopes data queries to the user's organization */
+    tenantIsolation?: boolean;
+    /** Field name used to store the tenant/organization ID on data records (default: '_organizationId') */
+    tenantField?: string;
 }
 
 // ─── Kernel Compliance Types (from @objectstack/spec) ──────────────────────────