chore(plan 64-A): remove dormant Plan-45 system-feature types + resolver

The account-level app-system-out / app-system-in stream pair was
superseded by the CMC per-collector channel
(:_cmc:apps:<app-code>:[<path>:]collectors:<counterparty-slug>
carrying notification/alert-cmc, notification/ack-cmc,
consent/scope-request-cmc, consent/scope-update-cmc).

Removed: systemFeatureTypes.ts, HDSSystemAlertDef, HDSSystemAckDef,
HDSSystemFeature, SystemMessageType, SystemFeatureResolution,
resolveStreamSystemFeature, resolveStreamSystemFeatureDetailed, and
the matching test block in tests/resolveStream.test.js.

Kept: the mode-3 existingStreamRefs[] mechanism on CollectorRequest
(generic, can reference any pre-existing stream). Test fixtures
renamed from app-system-out/-in to external-stream-a/b.

CUSTOM-FIELDS-AND-SYSTEM.md restructured to cover custom-fields only
with a historical note pointing at CMC. README features-list bullet
updated.

Data-model layer (message/system-alert + message/system-ack
eventType registrations) left intact so legacy data on existing
accounts stays valid for read.

Author: perki

CHANGELOG.md

@@ -27,6 +27,10 @@ For the doctor-side form-storage migration, see `doctor-dashboard/app/formSpecAd
 
 ## [Unreleased]
 
+### Removed
+
+- **Plan-45 system-feature types + resolver (dormant).** Deleted `ts/appTemplates/systemFeatureTypes.ts` along with `HDSSystemAlertDef`, `HDSSystemAckDef`, `HDSSystemFeature`, `SystemMessageType`, `SystemFeatureResolution` and the `resolveStreamSystemFeature` / `resolveStreamSystemFeatureDetailed` helpers. The account-level `app-system-out` / `app-system-in` stream pair was superseded by the **CMC per-collector channel** (`:_cmc:apps:<app-code>:[<path>:]collectors:<counterparty-slug>`) carrying `notification/alert-cmc`, `notification/ack-cmc`, `consent/scope-request-cmc`, `consent/scope-update-cmc`. The mode-3 `existingStreamRefs[]` mechanism on `CollectorRequest` stays — generic, can reference any pre-existing stream. Data-model layer (`message/system-alert` + `message/system-ack` eventType registrations) left intact so legacy data stays valid. See `_macro/_plans/64-on-the-go-app-testing-atwork/PLAN.md` Phase A.
+
 ## [0.11.0] - 2026-05-14
 
 ### Plan 58 — `pryv@3.1.0` + `accesses.update` rollout

README.md

@@ -10,7 +10,7 @@ Generic toolkit for server and web applications — [Health Data Safe](https://g
 ## Features
 
 1. **HDS Data Model** — Load and query the [HDS data model](https://github.com/healthdatasafe/data-model): items, streams, authorizations, event types, datasources
-2. **App Templates** — Consent-based data collection and sharing (Manager, Collector, Invite, Client flows). Includes the **AppTemplate JSON loader**, **custom-field declarations** (template-private streams via `clientData.hdsCustomField`), and **system-stream messaging** (`message/system-{alert,ack}`). See [`ts/appTemplates/CUSTOM-FIELDS-AND-SYSTEM.md`](./ts/appTemplates/CUSTOM-FIELDS-AND-SYSTEM.md) for the design reference.
+2. **App Templates** — Consent-based data collection and sharing (Manager, Collector, Invite, Client flows). Includes the **AppTemplate JSON loader** and **custom-field declarations** (template-private streams via `clientData.hdsCustomField`). See [`ts/appTemplates/CUSTOM-FIELDS-AND-SYSTEM.md`](./ts/appTemplates/CUSTOM-FIELDS-AND-SYSTEM.md) for the design reference. (System messaging now flows through the CMC per-collector channel — see `open-pryv.io/components/cmc/IMPLEMENTERS-GUIDE.md`.)
 3. **HDSSettings** — Per-app user settings (locale, theme, timezone, date format, unit system)
 4. **HDSProfile** — Account-level profile (display name, avatar, date of birth, sex, country)
 5. **Pryv extensions** — Extends [Pryv JS lib](https://github.com/pryv/lib-js) with Socket.io and Monitor support

tests/apptemplatesRequest.test.js

@@ -165,22 +165,22 @@ describe('[APRX] appTemplates Requests', function () {
     it('[ARES1] should parse existingStreamRefs from content', () => {
       const request = new CollectorRequest({
         existingStreamRefs: [
-          { streamId: 'app-system-out', permissions: ['manage'], purpose: 'system-out' },
-          { streamId: 'app-system-in', permissions: ['read'], purpose: 'system-in' }
+          { streamId: 'external-stream-a', permissions: ['manage'], purpose: 'example-out' },
+          { streamId: 'external-stream-b', permissions: ['read'], purpose: 'example-in' }
         ]
       });
       assert.equal(request.existingStreamRefs.length, 2);
-      assert.equal(request.existingStreamRefs[0].streamId, 'app-system-out');
+      assert.equal(request.existingStreamRefs[0].streamId, 'external-stream-a');
       assert.deepEqual(request.existingStreamRefs[0].permissions, ['manage']);
-      assert.equal(request.existingStreamRefs[1].streamId, 'app-system-in');
+      assert.equal(request.existingStreamRefs[1].streamId, 'external-stream-b');
     });
 
     it('[ARES2] should serialize existingStreamRefs in content', () => {
       const request = new CollectorRequest({});
-      request.addExistingStreamRef({ streamId: 'app-system-out', permissions: ['manage'] });
+      request.addExistingStreamRef({ streamId: 'external-stream-a', permissions: ['manage'] });
       assert.ok(request.content.existingStreamRefs);
       assert.equal(request.content.existingStreamRefs.length, 1);
-      assert.equal(request.content.existingStreamRefs[0].streamId, 'app-system-out');
+      assert.equal(request.content.existingStreamRefs[0].streamId, 'external-stream-a');
     });
 
     it('[ARES3] should not serialize existingStreamRefs when empty', () => {
@@ -201,7 +201,7 @@ describe('[APRX] appTemplates Requests', function () {
     it('[ARES5] should reject empty permissions array', () => {
       const request = new CollectorRequest({});
       try {
-        request.addExistingStreamRef({ streamId: 'app-system-out', permissions: [] });
+        request.addExistingStreamRef({ streamId: 'external-stream-a', permissions: [] });
         throw new Error('Should throw error');
       } catch (e) {
         assert.match(e.message, /permissions must be a non-empty array/);
@@ -211,7 +211,7 @@ describe('[APRX] appTemplates Requests', function () {
     it('[ARES6] should reject invalid permission level', () => {
       const request = new CollectorRequest({});
       try {
-        request.addExistingStreamRef({ streamId: 'app-system-out', permissions: ['admin'] });
+        request.addExistingStreamRef({ streamId: 'external-stream-a', permissions: ['admin'] });
         throw new Error('Should throw error');
       } catch (e) {
         assert.match(e.message, /Invalid permission level "admin"/);
@@ -228,7 +228,7 @@ describe('[APRX] appTemplates Requests', function () {
 
     it('[ARES8] should round-trip through setContent', () => {
       const r1 = new CollectorRequest({});
-      r1.addExistingStreamRef({ streamId: 'app-system-out', permissions: ['manage'], purpose: 'system' });
+      r1.addExistingStreamRef({ streamId: 'external-stream-a', permissions: ['manage'], purpose: 'example' });
       const content1 = r1.content;
       const r2 = new CollectorRequest(content1);
       assert.deepEqual(r2.existingStreamRefs, r1.existingStreamRefs);

tests/loader.test.js

@@ -25,8 +25,8 @@ function validTemplate () {
       }
     ],
     existingStreamRefs: [
-      { streamId: 'app-system-out', permissions: ['manage'], purpose: 'system-out' },
-      { streamId: 'app-system-in', permissions: ['read'], purpose: 'system-in' }
+      { streamId: 'external-stream-a', permissions: ['manage'], purpose: 'example-out' },
+      { streamId: 'external-stream-b', permissions: ['read'], purpose: 'example-in' }
     ]
   };
 }

tests/resolveStream.test.js

@@ -3,8 +3,6 @@ import {
   buildStreamMap,
   resolveStreamCustomField,
   resolveStreamCustomFieldDetailed,
-  resolveStreamSystemFeature,
-  resolveStreamSystemFeatureDetailed,
   streamCustomFieldToVirtualItem
 } from '../ts/appTemplates/resolveStream.ts';
 
@@ -62,28 +60,6 @@ function tree () {
           ]
         }
       ]
-    },
-    {
-      id: 'app-system',
-      parentId: null,
-      children: [
-        {
-          id: 'app-system-out',
-          parentId: 'app-system',
-          clientData: {
-            hdsSystemFeature: {
-              'message/system-alert': { version: 'v1', levels: ['info', 'warning', 'critical'] }
-            }
-          }
-        },
-        {
-          id: 'app-system-in',
-          parentId: 'app-system',
-          clientData: {
-            hdsSystemFeature: { 'message/system-ack': { version: 'v1' } }
-          }
-        }
-      ]
     }
   ];
 }
@@ -92,9 +68,8 @@ describe('[CFRS] resolveStream', function () {
   describe('[CFRS-MAP] buildStreamMap', function () {
     it('[CFRS-MAP-1] flattens a nested tree by id', function () {
       const map = buildStreamMap(tree());
-      assert.equal(map.size, 8); // 5 stormm + 3 app-system
+      assert.equal(map.size, 5);
       assert.ok(map.has('stormm-woman-custom-flow'));
-      assert.ok(map.has('app-system-out'));
     });
   });
 
@@ -144,34 +119,6 @@ describe('[CFRS] resolveStream', function () {
     });
   });
 
-  describe('[CFRS-SF] resolveStreamSystemFeature', function () {
-    it('[CFRS-SF-1] resolves system-alert on app-system-out', function () {
-      const def = resolveStreamSystemFeature(tree(), 'app-system-out', 'message/system-alert');
-      assert.ok(def);
-      assert.equal(def.version, 'v1');
-      assert.deepEqual(def.levels, ['info', 'warning', 'critical']);
-    });
-
-    it('[CFRS-SF-2] resolves system-ack on app-system-in', function () {
-      const def = resolveStreamSystemFeature(tree(), 'app-system-in', 'message/system-ack');
-      assert.ok(def);
-      assert.equal(def.version, 'v1');
-    });
-
-    it('[CFRS-SF-3] returns null for cross-pair (alert on -in / ack on -out)', function () {
-      const a = resolveStreamSystemFeature(tree(), 'app-system-in', 'message/system-alert');
-      const b = resolveStreamSystemFeature(tree(), 'app-system-out', 'message/system-ack');
-      assert.equal(a, null);
-      assert.equal(b, null);
-    });
-
-    it('[CFRS-SF-4] detailed variant returns def kind', function () {
-      const r = resolveStreamSystemFeatureDetailed(tree(), 'app-system-out', 'message/system-alert');
-      assert.equal(r.kind, 'def');
-      assert.equal(r.def.version, 'v1');
-    });
-  });
-
   describe('[CFRS-VI] streamCustomFieldToVirtualItem', function () {
     it('[CFRS-VI-1] converts a note/txt with options to a select-type virtual item', function () {
       const item = streamCustomFieldToVirtualItem(tree(), 'stormm-woman-custom-flow', 'note/txt');

ts/appTemplates/CUSTOM-FIELDS-AND-SYSTEM.md

@@ -1,14 +1,16 @@
-# Custom fields & system stream — design reference
+# Custom fields — design reference
 
-This is the canonical developer/agent reference for two `appTemplates` extensions
-that share the same infrastructure:
+This is the canonical developer/agent reference for the `appTemplates` custom-field
+extension: **template-private fields stored on namespaced streams**, declared in
+`clientData.hdsCustomField` rather than baked into the canonical data model so
+templates extend the model without polluting it.
 
-1. **Custom fields** — template-private fields stored on namespaced streams
-2. **System stream** — operator → user alerts and user → operator acks on the
-   account-level `app-system/*` stream pair
-
-Both are **declared in `clientData`** rather than baked into the canonical data
-model, so templates extend the model without polluting it.
+> The companion **system-stream** design (Plan 45 account-level `app-system-out` /
+> `app-system-in` with `clientData.hdsSystemFeature`) was removed in plan 64
+> Phase A — superseded by the **CMC per-collector system channel**
+> (`:_cmc:apps:<app-code>:[<path>:]collectors:<counterparty-slug>`) carrying
+> `notification/alert-cmc`, `notification/ack-cmc`, `consent/scope-request-cmc`,
+> `consent/scope-update-cmc`. See `open-pryv.io/components/cmc/IMPLEMENTERS-GUIDE.md`.
 
 > Companion reading:
 > - `data-model/documentation/CUSTOM-FIELDS-AND-SYSTEM.md` — validator side
@@ -30,23 +32,11 @@ Custom fields let a template **provision its own template-private streams** at
 acceptance time, declared with everything the form engine and validator need to
 treat them as first-class fields *without* a canonical itemDef.
 
-### Why the system stream exists
-
-Operators (e.g. study coordinators, doctors) need a back-channel to push
-notifications to participants ("please complete today's questionnaire") and to
-receive structured acknowledgements. Chat is correspondent-scoped (per
-collector ↔ user pair); system messages are account-scoped (one inbox per user)
-because users want a single "alerts" pane.
-
-Plan 25 already shipped the `{app-id}-app/` convention (e.g. `bridge-mira-app-notes`).
-The system stream extends that to **per-account** fixtures `app-system-out` /
-`app-system-in` carrying `clientData.hdsSystemFeature` declarations.
-
 ### The "no canonical model branding" principle
 
-Neither feature mutates `data-model`'s `pack.json`. The data-model only ships:
+Custom fields do not mutate `data-model`'s `pack.json`. The data-model only ships:
 
-- Storage-shape `eventTypes` (`note/txt`, `count/generic`, `message/system-alert`, …)
+- Storage-shape `eventTypes` (`note/txt`, `count/generic`, …)
 - Semantic itemDefs that map onto those eventTypes
 
 Templates carry their own typing inline on the streams they provision. The
@@ -57,14 +47,12 @@ no naming convention check, no regex on stream ids, no central registry.
 
 Plan 25 generalised the bridge-side stream layout (`bridge-mira-app-notes`,
 `bridge-mira-app-chat`, …). Plan 45 reuses the same idea for **templates**
-(`stormm-woman-custom-flow`) and adds **account-level** fixtures
-(`app-system-out`, `app-system-in`) for system messaging.
+(`stormm-woman-custom-flow`).
 
 | Layer       | Convention                          | Example                          |
 | ----------- | ----------------------------------- | -------------------------------- |
 | Bridge      | `{bridge-id}-app-{suffix}`          | `bridge-mira-app-notes`          |
 | Template    | `{template-id}-custom-{key}`        | `stormm-woman-custom-flow`       |
-| Account     | `app-{feature}-{out\|in}`           | `app-system-out`, `app-system-in`|
 
 Naming is **soft / non-load-bearing** — the hyphenated prefixes are conventions
 for human readability. The validator and resolver consume `clientData`, never
@@ -153,43 +141,11 @@ The requester's access gains `contribute` on each.
 
 ---
 
-## 3. `clientData.hdsSystemFeature` schema
-
-Same shape, different key — keyed by `message/*` impl rather than storage eventType:
-
-```jsonc
-// stream { id: 'app-system-out', parentId: 'app-system', clientData: ↓ }
-{
-  "hdsSystemFeature": {
-    "message/system-alert": {
-      "version": "v1",
-      "levels":  ["info", "warning", "critical"]
-    }
-  }
-}
-
-// stream { id: 'app-system-in', parentId: 'app-system', clientData: ↓ }
-{
-  "hdsSystemFeature": {
-    "message/system-ack": { "version": "v1" }
-  }
-}
-```
-
-A descendant stream can override (declare its own def) or opt-out (declare `{}`)
-exactly like custom fields.
-
-Future extension types (`message/system-reminder`, `message/access-update-request`)
-can be added without breaking existing readers — unknown keys are skipped by the
-resolver.
-
----
-
 ## 4. Inheritance semantics (parent-chain walk)
 
 A field-def is resolved by walking from a stream up its parent chain. For each
 stream visited, the resolver inspects `clientData.hdsCustomField[eventType]`
-(or `hdsSystemFeature[messageType]`) and applies one of three rules:
+and applies one of three rules:
 
 | Value on stream         | Outcome                                |
 | ----------------------- | -------------------------------------- |
@@ -250,9 +206,8 @@ the form engine's responsibility (per spec §4 / Plan 45 Q6).
 
 ## 6. Stream-naming convention is soft / non-load-bearing
 
-The `*-custom-*` infix on template-private streams and the `app-system-*` /
-`app-system-in` names on account fixtures are **human-readability conventions**.
-The validator and resolver:
+The `*-custom-*` infix on template-private streams is a **human-readability
+convention**. The validator and resolver:
 
 - Never regex on streamIds.
 - Never assume a parent's id from a child's id.
@@ -273,8 +228,6 @@ Located in `ts/appTemplates/resolveStream.ts`:
 import {
   resolveStreamCustomField,
   resolveStreamCustomFieldDetailed,
-  resolveStreamSystemFeature,
-  resolveStreamSystemFeatureDetailed,
   streamCustomFieldToVirtualItem,
   buildStreamMap
 } from 'hds-lib';
@@ -289,10 +242,6 @@ explicit opt-out).
 
 Use when you need to distinguish opt-out from missing.
 
-### `resolveStreamSystemFeature(...) / resolveStreamSystemFeatureDetailed(...)`
-
-Same semantics for `clientData.hdsSystemFeature[messageType]`.
-
 ### `streamCustomFieldToVirtualItem(streamTreeOrMap, streamId, eventType): VirtualItemDef | null`
 
 Convenience for the form engine. Returns a virtual `ItemDef`-shaped object the
@@ -316,7 +265,7 @@ A `CollectorRequest` references streams via three orthogonal mechanisms:
 | ---- | ------------------------------------- | ------------------------------------------------------ |
 | 1    | `sections[].itemKeys[]`               | Canonical items resolved via `data-model/pack.json`.   |
 | 2    | `customFields[]` *(provision-new)*    | Template-private streams created at acceptance.        |
-| 3    | `existingStreamRefs[]`                | Access asks on pre-existing streams (e.g. `app-system-*`). |
+| 3    | `existingStreamRefs[]`                | Access asks on pre-existing streams.                   |
 
 ### Mode 2 — sandbox prefix rule
 
@@ -345,35 +294,18 @@ consent prompt before granting; refusing one ref blocks the entire acceptance
 Each ref:
 ```jsonc
 {
-  "streamId":    "app-system-out",
+  "streamId":    "some-account-level-stream",
   "permissions": ["manage"],
-  "purpose":     "system-out"
+  "purpose":     "human-readable-purpose"
 }
 ```
 
-The `purpose` field is informational — surfaces in the UI (e.g. "system messaging
-to you"). Permissions are Pryv's standard `read | manage | contribute` levels.
+The `purpose` field is informational — surfaces in the UI as the consent prompt's
+explanation. Permissions are Pryv's standard `read | manage | contribute` levels.
 
 The CollectorClient append-permissions block applies the requested permissions
 without `streams.create` calls (the streams already exist).
 
-### How a template declares system support
-
-Templates declare system support **via Mode 3** referencing the canonical
-account-level `app-system-out` / `app-system-in` streams. There is no
-`features.system` block on the request — the system feature is a Mode-3 ask
-like any other cross-app access:
-
-```jsonc
-"existingStreamRefs": [
-  { "streamId": "app-system-out", "permissions": ["manage"], "purpose": "system-out" },
-  { "streamId": "app-system-in",  "permissions": ["read"],   "purpose": "system-in" }
-]
-```
-
-This keeps the request shape uniform (`features` is for in-place chat extensions
-to a permission, not for cross-app references).
-
 ### How the loader enforces the rules
 
 `loader.ts` runs:
@@ -413,9 +345,8 @@ function listTemplatePrivateStreams (streamTree: Pryv.Stream[]) {
 }
 ```
 
-Same approach for `hdsSystemFeature[messageType]`. Result: bridges that wire
-custom-field events into external systems (e.g. STORMM data export to REDCap)
-work without knowing a template's id ahead of time.
+Bridges that wire custom-field events into external systems (e.g. STORMM data
+export to REDCap) work without knowing a template's id ahead of time.
 
 ---
 
@@ -475,7 +406,5 @@ through the form engine.
   `_plans/47-STORMM-forms-paused/PLAN.md`
 - **`data-model/documentation/CUSTOM-FIELDS-AND-SYSTEM.md`** — validator side
   (storage-shape eventTypes, parent-chain walk in `data-model/src/items.js`).
-- **`data-model/documentation/DESIGN-NOTES.md`** — eventType
-  `<class>/<implementation>` convention used by the new `message/system-*` types.
 - **`hds-lib-js/AGENTS.md`** — agent primer; this file is its detailed
   reference for everything `appTemplates`-shaped.

ts/appTemplates/CollectorRequest.ts

@@ -319,9 +319,9 @@ export class CollectorRequest {
   get existingStreamRefs (): Array<ExistingStreamRef> { return this.#existingStreamRefs; }
 
   /**
-   * Request access on a pre-existing stream (e.g. account-level `app-system-out` /
-   * `app-system-in`). Typing of inner events is owned by the stream's existing
-   * `clientData`; this CollectorRequest only patches access permissions at acceptance.
+   * Request access on a pre-existing stream (Plan 45 mode-3). Typing of inner
+   * events is owned by the stream's existing `clientData`; this CollectorRequest
+   * only patches access permissions at acceptance.
    */
   addExistingStreamRef (ref: ExistingStreamRef) {
     if (ref == null || typeof ref !== 'object') throw new HDSLibError('Invalid existingStreamRef', ref);