chore(deps): bump @objectstack/spec from 0.8.2 to 4.0.3

[dependabot]

Bumps @objectstack/spec from 0.8.2 to 4.0.3.

Release notes

Sourced from @​objectstack/spec's releases.

@​objectstack/spec@​4.0.3

No release notes provided.

@​objectstack/spec@​4.0.2

Patch Changes

• 5f659e9: fix ai

@​objectstack/spec@​4.0.1

@​objectstack/spec

4.0.0

Minor Changes

• f08ffc3: Fix discovery API endpoint routing and protocol consistency.

  Discovery route standardization:

  • All adapters (Express, Fastify, Hono, NestJS, Next.js, Nuxt, SvelteKit) now mount the discovery endpoint at {prefix}/discovery instead of {prefix} root.
  • .well-known/objectstack redirects now point to {prefix}/discovery.
  • Client connect() fallback URL changed from /api/v1 to /api/v1/discovery.
  • Runtime dispatcher handles both /discovery (standard) and / (legacy) for backward compatibility.

  Schema & route alignment:

  • Added storage (service: file-storage) and feed (service: data) routes to DEFAULT_DISPATCHER_ROUTES.
  • Added feed and discovery fields to ApiRoutesSchema.
  • Unified GetDiscoveryResponseSchema with DiscoverySchema as single source of truth.
  • Client getRoute('feed') fallback updated from /api/v1/data to /api/v1/feed.

  Type safety:

  • Extracted ApiRouteType from ApiRoutes keys for type-safe client route resolution.
  • Removed as any type casting in client route access.

• e0b0a78: Deprecate DataEngineQueryOptions in favor of QueryAST-aligned EngineQueryOptions.

  Engine, Protocol, and Client now use standard QueryAST parameter names:

  • filter → where
  • select → fields
  • sort → orderBy
  • skip → offset
  • populate → expand
  • top → limit

  The old DataEngine* schemas and types are preserved with @deprecated markers for backward compatibility.

3.3.1

... (truncated)

Changelog

Sourced from @​objectstack/spec's changelog.

Changelog

All notable changes to the ObjectStack Protocol will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Fixed

• CI: Replace pnpm/action-setup@v6 with corepack — Switched all GitHub Actions workflows (ci.yml, lint.yml, release.yml, validate-deps.yml, pr-automation.yml) from pnpm/action-setup@v6 to corepack enable to fix persistent ERR_PNPM_BROKEN_LOCKFILE errors. Corepack reads the exact packageManager field from package.json (including SHA verification), ensuring the correct pnpm version is used in CI. Also bumped pnpm store cache keys to v3 and added a pnpm version verification step.
• Broken pnpm lockfile — Regenerated pnpm-lock.yaml from scratch to fix ERR_PNPM_BROKEN_LOCKFILE ("expected a single document in the stream, but found more") that was causing all CI jobs to fail. The previous merge of PR #1117 only included workflow cache key changes but did not carry over the regenerated lockfile.

Added

• MCP Runtime Server Plugin (plugin-mcp-server) — New kernel plugin that exposes ObjectStack as a Model Context Protocol (MCP) server for external AI clients (Claude Desktop, Cursor, VS Code Copilot, etc.). Features include:
  • Tool Bridge: All registered AI tools from ToolRegistry (9 built-in tools: list_objects, describe_object, query_records, get_record, aggregate_data, create_object, add_field, modify_field, delete_field) are automatically exposed as MCP tools with correct annotations (readOnlyHint, destructiveHint).
  • Resource Bridge: Object schemas (objectstack://objects/{objectName}), object list (objectstack://objects), record access (objectstack://objects/{objectName}/records/{recordId}), and metadata types (objectstack://metadata/types) exposed as MCP resources.
  • Prompt Bridge: Registered agents (data_chat, metadata_assistant, etc.) exposed as MCP prompts with context arguments (objectName, recordId, viewName).
  • Transport: stdio transport via @modelcontextprotocol/sdk for local AI client integration.
  • Environment Configuration: MCP_SERVER_ENABLED=true to auto-start, MCP_SERVER_NAME and MCP_SERVER_TRANSPORT for customization.
  • Extensibility: mcp:ready kernel hook allows other plugins to extend the MCP server.
  • Studio frontend AI interface remains unchanged — it continues to use REST/SSE via Vercel Data Stream Protocol.

Changed

• Unified list_objects / describe_object tools (service-ai) — Merged the duplicate list_metadata_objects → list_objects and describe_metadata_object → describe_object tool pairs. Both data_chat and metadata_assistant agents now share the same unified tools with full filter, includeFields, snake_case validation, and enableFeatures support. DATA_TOOL_DEFINITIONS is reduced from 5 to 3 (query-only tools), while METADATA_TOOL_DEFINITIONS retains all 6 tools under the unified names. The duplicate ObjectDef/FieldDef type definitions in data-tools.ts are removed.

Fixed

• MetadataPlugin: Driver bridging for database-backed persistence — MetadataPlugin.start() now discovers registered driver services (driver.*) from the kernel service registry and calls manager.setDatabaseDriver() to enable DatabaseLoader. Previously, no code bridged the kernel's database driver to the MetadataManager, leaving DatabaseLoader unconfigured and metadata persistence limited to the filesystem only.
• MetadataManager: register() no longer writes to FilesystemLoader — register() now persists metadata only to datasource: protocol loaders (i.e. DatabaseLoader), skipping

... (truncated)

Commits

• c3ff128 Merge pull request #1123 from objectstack-ai/changeset-release/main
• 22818f7 chore: version packages
• 3ffc893 Merge pull request #1122 from objectstack-ai/copilot/fix-issue-with-recent-ch...
• 75c5fdf fix: replace pnpm/action-setup@v6 with corepack in all CI workflows to fix ER...
• ef5eb70 initial plan for fixing CI lockfile issue
• 7472801 Merge pull request #1121 from objectstack-ai/copilot/update-framework-actions
• e6ca964 fix: regenerate pnpm-lock.yaml to fix ERR_PNPM_BROKEN_LOCKFILE in CI
• 22f0be4 Merge pull request #1117 from objectstack-ai/claude/fix-broken-lockfile
• 244e624 Merge pull request #1119 from objectstack-ai/claude/create-skill-guide-hooks
• 657500f feat: add objectstack-hooks skill for third-party developers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.