Fix Vercel deployment: pin Node 20.x, build all packages, fix TS2742 errors

- Pin engines.node to "20.x" (matches .node-version) to ensure Vercel uses
  Node 20 LTS with prebuilt better-sqlite3 binaries instead of Node 24
- Update build:vercel to build all packages except site (API function needs
  workspace packages compiled to dist/)
- Sync pnpm-workspace.yaml onlyBuiltDependencies with package.json
- Fix TS2742 declaration emit errors in @objectos/permissions by adding
  explicit ServiceObject type annotations
- Remove unused ACCESS_LEVELS constant

Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>

Author: Copilot

package.json

@@ -4,7 +4,7 @@
   "license": "AGPL-3.0",
   "packageManager": "pnpm@10.28.2",
   "engines": {
-    "node": ">=20.0.0"
+    "node": "20.x"
   },
   "pnpm": {
     "onlyBuiltDependencies": [
@@ -23,7 +23,7 @@
     "dev:all": "concurrently -n api,web,site -c blue,green,yellow \"pnpm objectstack:serve\" \"pnpm web:dev\" \"pnpm site:dev\"",
     "start": "pnpm objectstack:serve",
     "build": "turbo run build",
-    "build:vercel": "turbo run build --filter=@objectos/web...",
+    "build:vercel": "turbo run build --filter='!@objectos/site'",
     "test": "turbo run test --concurrency=3",
     "test:coverage": "turbo run test:coverage --concurrency=3",
     "lint": "turbo run lint",

packages/permissions/src/objects/field_permission.ts

@@ -15,13 +15,15 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#field-level-security
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-export const FieldPermissionObject = ObjectSchema.create({
+export const FieldPermissionObject: ServiceObject = ObjectSchema.create({
   name: 'field_permission',
   label: 'Field Permission',
   pluralLabel: 'Field Permissions',
   icon: 'columns',
-  description: 'Controls visibility and editability of specific fields, scoped to a permission set.',
+  description:
+    'Controls visibility and editability of specific fields, scoped to a permission set.',
   isSystem: true,
 
   fields: {

packages/permissions/src/objects/index.ts

@@ -34,6 +34,7 @@ export { SharingRuleObject } from './sharing_rule.js';
 
 // ── Convenience aggregate ──────────────────────────────────────────────────────
 
+import type { ServiceObject } from '@objectstack/spec/data';
 import { PermissionSetObject } from './permission_set.js';
 import { PermissionSetAssignmentObject } from './permission_set_assignment.js';
 import { ObjectPermissionObject } from './object_permission.js';
@@ -52,7 +53,7 @@ import { SharingRuleObject } from './sharing_rule.js';
  * config.objects = PermissionObjects;
  * ```
  */
-export const PermissionObjects = [
+export const PermissionObjects: readonly ServiceObject[] = [
   PermissionSetObject,
   PermissionSetAssignmentObject,
   ObjectPermissionObject,

packages/permissions/src/objects/object_permission.ts

@@ -12,13 +12,15 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#profiles
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-export const ObjectPermissionObject = ObjectSchema.create({
+export const ObjectPermissionObject: ServiceObject = ObjectSchema.create({
   name: 'object_permission',
   label: 'Object Permission',
   pluralLabel: 'Object Permissions',
   icon: 'lock',
-  description: 'Defines CRUD + lifecycle + viewAll/modifyAll permissions for an object, scoped to a permission set.',
+  description:
+    'Defines CRUD + lifecycle + viewAll/modifyAll permissions for an object, scoped to a permission set.',
   isSystem: true,
 
   fields: {

packages/permissions/src/objects/organization_default.ts

@@ -13,15 +13,9 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#sharing-rules
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-const ACCESS_LEVELS = [
-  { label: 'Private', value: 'private' },
-  { label: 'Public Read Only', value: 'public_read_only' },
-  { label: 'Public Read/Write', value: 'public_read_write' },
-  { label: 'Controlled By Parent', value: 'controlled_by_parent' },
-] as const;
-
-export const OrganizationDefaultObject = ObjectSchema.create({
+export const OrganizationDefaultObject: ServiceObject = ObjectSchema.create({
   name: 'organization_default',
   label: 'Organization-Wide Default',
   pluralLabel: 'Organization-Wide Defaults',
@@ -70,13 +64,12 @@ export const OrganizationDefaultObject = ObjectSchema.create({
     grant_access_using_hierarchy: Field.boolean({
       label: 'Grant Access Using Role Hierarchy',
       defaultValue: true,
-      description: 'When true, users higher in the role hierarchy inherit access to subordinates\' records',
+      description:
+        "When true, users higher in the role hierarchy inherit access to subordinates' records",
     }),
   },
 
-  indexes: [
-    { fields: ['object_name'], unique: true },
-  ],
+  indexes: [{ fields: ['object_name'], unique: true }],
 
   enable: {
     trackHistory: true,

packages/permissions/src/objects/permission_set.ts

@@ -18,13 +18,15 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#permission-sets
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-export const PermissionSetObject = ObjectSchema.create({
+export const PermissionSetObject: ServiceObject = ObjectSchema.create({
   name: 'permission_set',
   label: 'Permission Set',
   pluralLabel: 'Permission Sets',
   icon: 'key',
-  description: 'Unified permission container. Profiles (is_profile=true) and add-on sets (is_profile=false).',
+  description:
+    'Unified permission container. Profiles (is_profile=true) and add-on sets (is_profile=false).',
   isSystem: true,
 
   fields: {
@@ -71,14 +73,16 @@ export const PermissionSetObject = ObjectSchema.create({
     system_permissions: {
       type: 'json' as const,
       label: 'System Permissions',
-      description: 'Array of system permission keys, e.g. ["manage_users", "export_reports", "bulk_api_enabled"]',
+      description:
+        'Array of system permission keys, e.g. ["manage_users", "export_reports", "bulk_api_enabled"]',
     },
 
     // ── Row-Level Security (spec: rowLevelSecurity) ─────────────────────────
     row_level_security: {
       type: 'json' as const,
       label: 'Row-Level Security',
-      description: 'Array of RLS policies: [{ name, object, operation, using, check, roles, enabled, priority }]',
+      description:
+        'Array of RLS policies: [{ name, object, operation, using, check, roles, enabled, priority }]',
     },
 
     // ── ObjectOS extensions (not in spec) ───────────────────────────────────

packages/permissions/src/objects/permission_set_assignment.ts

@@ -6,13 +6,15 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#permission-sets
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-export const PermissionSetAssignmentObject = ObjectSchema.create({
+export const PermissionSetAssignmentObject: ServiceObject = ObjectSchema.create({
   name: 'permission_set_assignment',
   label: 'Permission Set Assignment',
   pluralLabel: 'Permission Set Assignments',
   icon: 'user-check',
-  description: 'Links permission sets to users or groups. A user can have multiple permission sets.',
+  description:
+    'Links permission sets to users or groups. A user can have multiple permission sets.',
   isSystem: true,
 
   fields: {

packages/permissions/src/objects/role.ts

@@ -10,13 +10,15 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#role-hierarchy
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-export const RoleObject = ObjectSchema.create({
+export const RoleObject: ServiceObject = ObjectSchema.create({
   name: 'role',
   label: 'Role',
   pluralLabel: 'Roles',
   icon: 'sitemap',
-  description: 'Roles control record-level access through a hierarchy. Users higher in the hierarchy can see records owned by subordinates.',
+  description:
+    'Roles control record-level access through a hierarchy. Users higher in the hierarchy can see records owned by subordinates.',
   isSystem: true,
 
   titleFormat: '{label}',
@@ -54,7 +56,8 @@ export const RoleObject = ObjectSchema.create({
     hierarchy_path: Field.text({
       label: 'Hierarchy Path',
       readonly: true,
-      description: "Auto-computed materialized path, e.g. '/executive/sales_director/sales_manager'",
+      description:
+        "Auto-computed materialized path, e.g. '/executive/sales_director/sales_manager'",
     }),
 
     hierarchy_level: Field.number({

packages/permissions/src/objects/sharing_rule.ts

@@ -16,13 +16,15 @@
  * @see https://protocol.objectstack.ai/docs/guides/security#sharing-rules
  */
 import { ObjectSchema, Field } from '@objectstack/spec/data';
+import type { ServiceObject } from '@objectstack/spec/data';
 
-export const SharingRuleObject = ObjectSchema.create({
+export const SharingRuleObject: ServiceObject = ObjectSchema.create({
   name: 'sharing_rule',
   label: 'Sharing Rule',
   pluralLabel: 'Sharing Rules',
   icon: 'share-2',
-  description: 'Sharing rules extend access beyond the role hierarchy based on ownership or criteria.',
+  description:
+    'Sharing rules extend access beyond the role hierarchy based on ownership or criteria.',
   isSystem: true,
 
   titleFormat: '{label}',
@@ -98,7 +100,8 @@ export const SharingRuleObject = ObjectSchema.create({
     // ── Criteria-Based: condition expression (spec: condition) ───────────────
     condition: Field.text({
       label: 'Condition',
-      description: "Expression for criteria-based rules, e.g. \"type = 'customer' AND is_active = true\"",
+      description:
+        'Expression for criteria-based rules, e.g. "type = \'customer\' AND is_active = true"',
     }),
 
     // ── Shared With (spec: sharedWith: { type, value }) ─────────────────────

pnpm-workspace.yaml

@@ -5,6 +5,7 @@ packages:
 
 onlyBuiltDependencies:
   - '@nestjs/core'
+  - better-sqlite3
   - esbuild
   - sqlite3
   - unrs-resolver