feat: Console Authentication System — @object-ui/auth package, route guards, system admin pages

apps/console/package.json

@@ -25,6 +25,7 @@
     "test:ui": "vitest --ui"
   },
   "dependencies": {
+    "@object-ui/auth": "workspace:*",
     "@object-ui/components": "workspace:*",
     "@object-ui/core": "workspace:*",
     "@object-ui/data-objectstack": "workspace:*",

apps/console/src/App.tsx

@@ -6,6 +6,7 @@ import { SchemaRendererProvider } from '@object-ui/react';
 import { ObjectStackAdapter } from './dataSource';
 import type { ConnectionState } from './dataSource';
 import appConfig from '../objectstack.shared';
+import { AuthProvider, AuthGuard, useAuth } from '@object-ui/auth';
 
 // Components
 import { ConsoleLayout } from './components/ConsoleLayout';
@@ -19,12 +20,25 @@ import { PageView } from './components/PageView';
 import { ReportView } from './components/ReportView';
 import { ExpressionProvider } from './context/ExpressionProvider';
 
+// Auth Pages
+import { LoginPage } from './pages/LoginPage';
+import { RegisterPage } from './pages/RegisterPage';
+import { ForgotPasswordPage } from './pages/ForgotPasswordPage';
+
+// System Admin Pages
+import { UserManagementPage } from './pages/system/UserManagementPage';
+import { OrgManagementPage } from './pages/system/OrgManagementPage';
+import { RoleManagementPage } from './pages/system/RoleManagementPage';
+import { AuditLogPage } from './pages/system/AuditLogPage';
+import { ProfilePage } from './pages/system/ProfilePage';
+
 import { useParams } from 'react-router-dom';
 import { ThemeProvider } from './components/theme-provider';
 
 export function AppContent() {
   const [dataSource, setDataSource] = useState<ObjectStackAdapter | null>(null);
   const [connectionState, setConnectionState] = useState<ConnectionState>('disconnected');
+  const { user } = useAuth();
 
   // App Selection
   const navigate = useNavigate();
@@ -132,7 +146,9 @@ export function AppContent() {
   );
 
   // Expression context for dynamic visibility/disabled/hidden expressions
-  const expressionUser = { name: 'John Doe', email: 'admin@example.com', role: 'admin' };
+  const expressionUser = user
+    ? { name: user.name, email: user.email, role: user.role ?? 'user' }
+    : { name: 'Anonymous', email: '', role: 'guest' };
 
   return (
     <ExpressionProvider user={expressionUser} app={activeApp} data={{}}>
@@ -191,6 +207,13 @@ export function AppContent() {
         <Route path="page/:pageName" element={
             <PageView />
         } />
+
+        {/* System Administration Routes */}
+        <Route path="system/users" element={<UserManagementPage />} />
+        <Route path="system/organizations" element={<OrgManagementPage />} />
+        <Route path="system/roles" element={<RoleManagementPage />} />
+        <Route path="system/audit-log" element={<AuditLogPage />} />
+        <Route path="system/profile" element={<ProfilePage />} />
       </Routes>
       </ErrorBoundary>
 
@@ -268,12 +291,21 @@ function RootRedirect() {
 export function App() {
   return (
     <ThemeProvider defaultTheme="system" storageKey="object-ui-theme">
-      <BrowserRouter basename="/">
-          <Routes>
-              <Route path="/apps/:appName/*" element={<AppContent />} />
-              <Route path="/" element={<RootRedirect />} />
-          </Routes>
-      </BrowserRouter>
+      <AuthProvider authUrl="/api/auth">
+        <BrowserRouter basename="/">
+            <Routes>
+                <Route path="/login" element={<LoginPage />} />
+                <Route path="/register" element={<RegisterPage />} />
+                <Route path="/forgot-password" element={<ForgotPasswordPage />} />
+                <Route path="/apps/:appName/*" element={
+                  <AuthGuard fallback={<Navigate to="/login" />} loadingFallback={<LoadingScreen />}>
+                    <AppContent />
+                  </AuthGuard>
+                } />
+                <Route path="/" element={<RootRedirect />} />
+            </Routes>
+        </BrowserRouter>
+      </AuthProvider>
     </ThemeProvider>
   );
 }

apps/console/src/components/AppSidebar.tsx

@@ -46,6 +46,7 @@ import {
 } from 'lucide-react';
 import appConfig from '../../objectstack.shared';
 import { useExpressionContext, evaluateVisibility } from '../context/ExpressionProvider';
+import { useAuth, getUserInitials } from '@object-ui/auth';
 
 /**
  * Resolve a Lucide icon component by name string.
@@ -75,6 +76,7 @@ function getIcon(name?: string): React.ComponentType<any> {
 
 export function AppSidebar({ activeAppName, onAppChange }: { activeAppName: string, onAppChange: (name: string) => void }) {
   const { isMobile } = useSidebar();
+  const { user, signOut } = useAuth();
 
   const apps = appConfig.apps || [];
   // Filter out inactive apps
@@ -165,12 +167,14 @@ export function AppSidebar({ activeAppName, onAppChange }: { activeAppName: stri
                   className="data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground"
                 >
                   <Avatar className="h-8 w-8 rounded-lg">
-                    <AvatarImage src="/avatars/user.jpg" alt="User" />
-                    <AvatarFallback className="rounded-lg bg-primary text-primary-foreground">JD</AvatarFallback>
+                    <AvatarImage src={user?.image ?? '/avatars/user.jpg'} alt={user?.name ?? 'User'} />
+                    <AvatarFallback className="rounded-lg bg-primary text-primary-foreground">
+                      {getUserInitials(user)}
+                    </AvatarFallback>
                   </Avatar>
                   <div className="grid flex-1 text-left text-sm leading-tight">
-                    <span className="truncate font-semibold">John Doe</span>
-                    <span className="truncate text-xs text-muted-foreground">admin@example.com</span>
+                    <span className="truncate font-semibold">{user?.name ?? 'User'}</span>
+                    <span className="truncate text-xs text-muted-foreground">{user?.email ?? ''}</span>
                   </div>
                   <ChevronsUpDown className="ml-auto size-4" />
                 </SidebarMenuButton>
@@ -184,12 +188,14 @@ export function AppSidebar({ activeAppName, onAppChange }: { activeAppName: stri
                 <DropdownMenuLabel className="p-0 font-normal">
                   <div className="flex items-center gap-2 px-1 py-1.5 text-left text-sm">
                     <Avatar className="h-8 w-8 rounded-lg">
-                      <AvatarImage src="/avatars/user.jpg" alt="User" />
-                      <AvatarFallback className="rounded-lg bg-primary text-primary-foreground">JD</AvatarFallback>
+                      <AvatarImage src={user?.image ?? '/avatars/user.jpg'} alt={user?.name ?? 'User'} />
+                      <AvatarFallback className="rounded-lg bg-primary text-primary-foreground">
+                        {getUserInitials(user)}
+                      </AvatarFallback>
                     </Avatar>
                     <div className="grid flex-1 text-left text-sm leading-tight">
-                      <span className="truncate font-semibold">John Doe</span>
-                      <span className="truncate text-xs text-muted-foreground">admin@example.com</span>
+                      <span className="truncate font-semibold">{user?.name ?? 'User'}</span>
+                      <span className="truncate text-xs text-muted-foreground">{user?.email ?? ''}</span>
                     </div>
                   </div>
                 </DropdownMenuLabel>
@@ -201,7 +207,10 @@ export function AppSidebar({ activeAppName, onAppChange }: { activeAppName: stri
                   </DropdownMenuItem>
                 </DropdownMenuGroup>
                 <DropdownMenuSeparator />
-                <DropdownMenuItem className="text-destructive focus:text-destructive">
+                <DropdownMenuItem
+                  className="text-destructive focus:text-destructive"
+                  onClick={() => signOut()}
+                >
                   <LogOut className="mr-2 h-4 w-4" />
                   Log out
                 </DropdownMenuItem>

apps/console/src/pages/ForgotPasswordPage.tsx

@@ -0,0 +1,13 @@
+/**
+ * Forgot Password Page for ObjectStack Console
+ */
+
+import { ForgotPasswordForm } from '@object-ui/auth';
+
+export function ForgotPasswordPage() {
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-background">
+      <ForgotPasswordForm loginUrl="/login" />
+    </div>
+  );
+}

apps/console/src/pages/LoginPage.tsx

@@ -0,0 +1,20 @@
+/**
+ * Login Page for ObjectStack Console
+ */
+
+import { useNavigate } from 'react-router-dom';
+import { LoginForm } from '@object-ui/auth';
+
+export function LoginPage() {
+  const navigate = useNavigate();
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-background">
+      <LoginForm
+        onSuccess={() => navigate('/')}
+        registerUrl="/register"
+        forgotPasswordUrl="/forgot-password"
+      />
+    </div>
+  );
+}

apps/console/src/pages/RegisterPage.tsx

@@ -0,0 +1,19 @@
+/**
+ * Register Page for ObjectStack Console
+ */
+
+import { useNavigate } from 'react-router-dom';
+import { RegisterForm } from '@object-ui/auth';
+
+export function RegisterPage() {
+  const navigate = useNavigate();
+
+  return (
+    <div className="flex min-h-screen items-center justify-center bg-background">
+      <RegisterForm
+        onSuccess={() => navigate('/')}
+        loginUrl="/login"
+      />
+    </div>
+  );
+}

apps/console/src/pages/system/AuditLogPage.tsx

@@ -0,0 +1,45 @@
+/**
+ * Audit Log Page
+ *
+ * Read-only grid displaying system audit logs.
+ * Shows user actions, resources, timestamps, and details.
+ */
+
+import { systemObjects } from './systemObjects';
+
+const auditObject = systemObjects.find((o) => o.name === 'sys_audit_log')!;
+
+export function AuditLogPage() {
+  return (
+    <div className="flex flex-col gap-6 p-6">
+      <div>
+        <h1 className="text-2xl font-bold tracking-tight">Audit Log</h1>
+        <p className="text-muted-foreground">View system activity and user actions</p>
+      </div>
+
+      <div className="rounded-md border">
+        <table className="w-full text-sm">
+          <thead>
+            <tr className="border-b bg-muted/50">
+              {auditObject.views[0].columns.map((col) => {
+                const field = auditObject.fields.find((f) => f.name === col);
+                return (
+                  <th key={col} className="h-10 px-4 text-left font-medium text-muted-foreground">
+                    {field?.label ?? col}
+                  </th>
+                );
+              })}
+            </tr>
+          </thead>
+          <tbody>
+            <tr className="border-b">
+              <td className="p-4 text-muted-foreground" colSpan={auditObject.views[0].columns.length}>
+                Connect to ObjectStack server to load audit logs. In production, this page uses plugin-grid in read-only mode.
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}

apps/console/src/pages/system/OrgManagementPage.tsx

@@ -0,0 +1,59 @@
+/**
+ * Organization Management Page
+ *
+ * Displays a list of organizations with member management.
+ * Reuses the plugin-grid for data display.
+ */
+
+import { useAuth } from '@object-ui/auth';
+import { systemObjects } from './systemObjects';
+
+const orgObject = systemObjects.find((o) => o.name === 'sys_org')!;
+
+export function OrgManagementPage() {
+  const { user: currentUser } = useAuth();
+  const isAdmin = currentUser?.role === 'admin';
+
+  return (
+    <div className="flex flex-col gap-6 p-6">
+      <div className="flex items-center justify-between">
+        <div>
+          <h1 className="text-2xl font-bold tracking-tight">Organization Management</h1>
+          <p className="text-muted-foreground">Manage organizations and their members</p>
+        </div>
+        {isAdmin && (
+          <button
+            type="button"
+            className="inline-flex h-9 items-center justify-center rounded-md bg-primary px-4 text-sm font-medium text-primary-foreground ring-offset-background transition-colors hover:bg-primary/90 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2"
+          >
+            Add Organization
+          </button>
+        )}
+      </div>
+
+      <div className="rounded-md border">
+        <table className="w-full text-sm">
+          <thead>
+            <tr className="border-b bg-muted/50">
+              {orgObject.views[0].columns.map((col) => {
+                const field = orgObject.fields.find((f) => f.name === col);
+                return (
+                  <th key={col} className="h-10 px-4 text-left font-medium text-muted-foreground">
+                    {field?.label ?? col}
+                  </th>
+                );
+              })}
+            </tr>
+          </thead>
+          <tbody>
+            <tr className="border-b">
+              <td className="p-4 text-muted-foreground" colSpan={orgObject.views[0].columns.length}>
+                Connect to ObjectStack server to load organizations. In production, this page uses plugin-grid for full CRUD functionality.
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}