npm - @fuzdev/fuz_app - Versions diffs - 0.1.0 - Mend

@fuzdev/fuz_app 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/LICENSE +21 -0
package/README.md +49 -0
package/dist/actions/action_bridge.d.ts +65 -0
package/dist/actions/action_bridge.d.ts.map +1 -0
package/dist/actions/action_bridge.js +76 -0
package/dist/actions/action_codegen.d.ts +97 -0
package/dist/actions/action_codegen.d.ts.map +1 -0
package/dist/actions/action_codegen.js +280 -0
package/dist/actions/action_registry.d.ts +35 -0
package/dist/actions/action_registry.d.ts.map +1 -0
package/dist/actions/action_registry.js +83 -0
package/dist/actions/action_spec.d.ts +169 -0
package/dist/actions/action_spec.d.ts.map +1 -0
package/dist/actions/action_spec.js +76 -0
package/dist/auth/account_queries.d.ts +96 -0
package/dist/auth/account_queries.d.ts.map +1 -0
package/dist/auth/account_queries.js +172 -0
package/dist/auth/account_routes.d.ts +86 -0
package/dist/auth/account_routes.d.ts.map +1 -0
package/dist/auth/account_routes.js +406 -0
package/dist/auth/account_schema.d.ts +192 -0
package/dist/auth/account_schema.d.ts.map +1 -0
package/dist/auth/account_schema.js +105 -0
package/dist/auth/admin_routes.d.ts +29 -0
package/dist/auth/admin_routes.d.ts.map +1 -0
package/dist/auth/admin_routes.js +193 -0
package/dist/auth/api_token.d.ts +33 -0
package/dist/auth/api_token.d.ts.map +1 -0
package/dist/auth/api_token.js +36 -0
package/dist/auth/api_token_queries.d.ts +80 -0
package/dist/auth/api_token_queries.d.ts.map +1 -0
package/dist/auth/api_token_queries.js +116 -0
package/dist/auth/app_settings_queries.d.ts +33 -0
package/dist/auth/app_settings_queries.d.ts.map +1 -0
package/dist/auth/app_settings_queries.js +51 -0
package/dist/auth/app_settings_routes.d.ts +27 -0
package/dist/auth/app_settings_routes.d.ts.map +1 -0
package/dist/auth/app_settings_routes.js +66 -0
package/dist/auth/app_settings_schema.d.ts +35 -0
package/dist/auth/app_settings_schema.d.ts.map +1 -0
package/dist/auth/app_settings_schema.js +22 -0
package/dist/auth/audit_log_queries.d.ts +90 -0
package/dist/auth/audit_log_queries.d.ts.map +1 -0
package/dist/auth/audit_log_queries.js +205 -0
package/dist/auth/audit_log_routes.d.ts +33 -0
package/dist/auth/audit_log_routes.d.ts.map +1 -0
package/dist/auth/audit_log_routes.js +106 -0
package/dist/auth/audit_log_schema.d.ts +259 -0
package/dist/auth/audit_log_schema.d.ts.map +1 -0
package/dist/auth/audit_log_schema.js +123 -0
package/dist/auth/bearer_auth.d.ts +32 -0
package/dist/auth/bearer_auth.d.ts.map +1 -0
package/dist/auth/bearer_auth.js +90 -0
package/dist/auth/bootstrap_account.d.ts +82 -0
package/dist/auth/bootstrap_account.d.ts.map +1 -0
package/dist/auth/bootstrap_account.js +97 -0
package/dist/auth/bootstrap_routes.d.ts +74 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -0
package/dist/auth/bootstrap_routes.js +154 -0
package/dist/auth/daemon_token.d.ts +49 -0
package/dist/auth/daemon_token.d.ts.map +1 -0
package/dist/auth/daemon_token.js +49 -0
package/dist/auth/daemon_token_middleware.d.ts +93 -0
package/dist/auth/daemon_token_middleware.d.ts.map +1 -0
package/dist/auth/daemon_token_middleware.js +167 -0
package/dist/auth/ddl.d.ts +27 -0
package/dist/auth/ddl.d.ts.map +1 -0
package/dist/auth/ddl.js +111 -0
package/dist/auth/deps.d.ts +52 -0
package/dist/auth/deps.d.ts.map +1 -0
package/dist/auth/deps.js +10 -0
package/dist/auth/invite_queries.d.ts +68 -0
package/dist/auth/invite_queries.d.ts.map +1 -0
package/dist/auth/invite_queries.js +105 -0
package/dist/auth/invite_routes.d.ts +18 -0
package/dist/auth/invite_routes.d.ts.map +1 -0
package/dist/auth/invite_routes.js +129 -0
package/dist/auth/invite_schema.d.ts +51 -0
package/dist/auth/invite_schema.d.ts.map +1 -0
package/dist/auth/invite_schema.js +25 -0
package/dist/auth/keyring.d.ts +87 -0
package/dist/auth/keyring.d.ts.map +1 -0
package/dist/auth/keyring.js +142 -0
package/dist/auth/middleware.d.ts +40 -0
package/dist/auth/middleware.d.ts.map +1 -0
package/dist/auth/middleware.js +64 -0
package/dist/auth/migrations.d.ts +42 -0
package/dist/auth/migrations.d.ts.map +1 -0
package/dist/auth/migrations.js +79 -0
package/dist/auth/password.d.ts +39 -0
package/dist/auth/password.d.ts.map +1 -0
package/dist/auth/password.js +25 -0
package/dist/auth/password_argon2.d.ts +43 -0
package/dist/auth/password_argon2.d.ts.map +1 -0
package/dist/auth/password_argon2.js +76 -0
package/dist/auth/permit_queries.d.ts +72 -0
package/dist/auth/permit_queries.d.ts.map +1 -0
package/dist/auth/permit_queries.js +116 -0
package/dist/auth/request_context.d.ts +114 -0
package/dist/auth/request_context.d.ts.map +1 -0
package/dist/auth/request_context.js +176 -0
package/dist/auth/require_keeper.d.ts +20 -0
package/dist/auth/require_keeper.d.ts.map +1 -0
package/dist/auth/require_keeper.js +35 -0
package/dist/auth/role_schema.d.ts +69 -0
package/dist/auth/role_schema.d.ts.map +1 -0
package/dist/auth/role_schema.js +70 -0
package/dist/auth/route_guards.d.ts +21 -0
package/dist/auth/route_guards.d.ts.map +1 -0
package/dist/auth/route_guards.js +32 -0
package/dist/auth/session_cookie.d.ts +158 -0
package/dist/auth/session_cookie.d.ts.map +1 -0
package/dist/auth/session_cookie.js +135 -0
package/dist/auth/session_lifecycle.d.ts +35 -0
package/dist/auth/session_lifecycle.d.ts.map +1 -0
package/dist/auth/session_lifecycle.js +27 -0
package/dist/auth/session_middleware.d.ts +33 -0
package/dist/auth/session_middleware.d.ts.map +1 -0
package/dist/auth/session_middleware.js +62 -0
package/dist/auth/session_queries.d.ts +135 -0
package/dist/auth/session_queries.d.ts.map +1 -0
package/dist/auth/session_queries.js +186 -0
package/dist/auth/signup_routes.d.ts +32 -0
package/dist/auth/signup_routes.d.ts.map +1 -0
package/dist/auth/signup_routes.js +150 -0
package/dist/cli/args.d.ts +48 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +76 -0
package/dist/cli/config.d.ts +48 -0
package/dist/cli/config.d.ts.map +1 -0
package/dist/cli/config.js +77 -0
package/dist/cli/daemon.d.ts +82 -0
package/dist/cli/daemon.d.ts.map +1 -0
package/dist/cli/daemon.js +149 -0
package/dist/cli/help.d.ts +85 -0
package/dist/cli/help.d.ts.map +1 -0
package/dist/cli/help.js +138 -0
package/dist/cli/logger.d.ts +46 -0
package/dist/cli/logger.d.ts.map +1 -0
package/dist/cli/logger.js +48 -0
package/dist/cli/util.d.ts +36 -0
package/dist/cli/util.d.ts.map +1 -0
package/dist/cli/util.js +50 -0
package/dist/crypto.d.ts +13 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +19 -0
package/dist/db/assert_row.d.ts +18 -0
package/dist/db/assert_row.d.ts.map +1 -0
package/dist/db/assert_row.js +24 -0
package/dist/db/create_db.d.ts +38 -0
package/dist/db/create_db.d.ts.map +1 -0
package/dist/db/create_db.js +57 -0
package/dist/db/db.d.ts +97 -0
package/dist/db/db.d.ts.map +1 -0
package/dist/db/db.js +76 -0
package/dist/db/db_pg.d.ts +21 -0
package/dist/db/db_pg.d.ts.map +1 -0
package/dist/db/db_pg.js +45 -0
package/dist/db/db_pglite.d.ts +21 -0
package/dist/db/db_pglite.d.ts.map +1 -0
package/dist/db/db_pglite.js +28 -0
package/dist/db/migrate.d.ts +67 -0
package/dist/db/migrate.d.ts.map +1 -0
package/dist/db/migrate.js +118 -0
package/dist/db/pg_error.d.ts +16 -0
package/dist/db/pg_error.d.ts.map +1 -0
package/dist/db/pg_error.js +15 -0
package/dist/db/query_deps.d.ts +14 -0
package/dist/db/query_deps.d.ts.map +1 -0
package/dist/db/query_deps.js +9 -0
package/dist/db/sql_identifier.d.ts +27 -0
package/dist/db/sql_identifier.d.ts.map +1 -0
package/dist/db/sql_identifier.js +31 -0
package/dist/db/status.d.ts +62 -0
package/dist/db/status.d.ts.map +1 -0
package/dist/db/status.js +116 -0
package/dist/dev/setup.d.ts +159 -0
package/dist/dev/setup.d.ts.map +1 -0
package/dist/dev/setup.js +265 -0
package/dist/env/dotenv.d.ts +25 -0
package/dist/env/dotenv.d.ts.map +1 -0
package/dist/env/dotenv.js +52 -0
package/dist/env/load.d.ts +52 -0
package/dist/env/load.d.ts.map +1 -0
package/dist/env/load.js +79 -0
package/dist/env/mask.d.ts +19 -0
package/dist/env/mask.d.ts.map +1 -0
package/dist/env/mask.js +26 -0
package/dist/env/resolve.d.ts +126 -0
package/dist/env/resolve.d.ts.map +1 -0
package/dist/env/resolve.js +200 -0
package/dist/hono_context.d.ts +48 -0
package/dist/hono_context.d.ts.map +1 -0
package/dist/hono_context.js +22 -0
package/dist/http/common_routes.d.ts +52 -0
package/dist/http/common_routes.d.ts.map +1 -0
package/dist/http/common_routes.js +65 -0
package/dist/http/db_routes.d.ts +57 -0
package/dist/http/db_routes.d.ts.map +1 -0
package/dist/http/db_routes.js +176 -0
package/dist/http/error_schemas.d.ts +169 -0
package/dist/http/error_schemas.d.ts.map +1 -0
package/dist/http/error_schemas.js +178 -0
package/dist/http/middleware_spec.d.ts +19 -0
package/dist/http/middleware_spec.d.ts.map +1 -0
package/dist/http/middleware_spec.js +9 -0
package/dist/http/origin.d.ts +57 -0
package/dist/http/origin.d.ts.map +1 -0
package/dist/http/origin.js +207 -0
package/dist/http/proxy.d.ts +112 -0
package/dist/http/proxy.d.ts.map +1 -0
package/dist/http/proxy.js +240 -0
package/dist/http/route_spec.d.ts +197 -0
package/dist/http/route_spec.d.ts.map +1 -0
package/dist/http/route_spec.js +243 -0
package/dist/http/schema_helpers.d.ts +64 -0
package/dist/http/schema_helpers.d.ts.map +1 -0
package/dist/http/schema_helpers.js +90 -0
package/dist/http/surface.d.ts +132 -0
package/dist/http/surface.d.ts.map +1 -0
package/dist/http/surface.js +156 -0
package/dist/http/surface_query.d.ts +77 -0
package/dist/http/surface_query.d.ts.map +1 -0
package/dist/http/surface_query.js +86 -0
package/dist/rate_limiter.d.ts +94 -0
package/dist/rate_limiter.d.ts.map +1 -0
package/dist/rate_limiter.js +156 -0
package/dist/realtime/sse.d.ts +80 -0
package/dist/realtime/sse.d.ts.map +1 -0
package/dist/realtime/sse.js +109 -0
package/dist/realtime/sse_auth_guard.d.ts +93 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -0
package/dist/realtime/sse_auth_guard.js +111 -0
package/dist/realtime/subscriber_registry.d.ts +85 -0
package/dist/realtime/subscriber_registry.d.ts.map +1 -0
package/dist/realtime/subscriber_registry.js +108 -0
package/dist/runtime/deno.d.ts +21 -0
package/dist/runtime/deno.d.ts.map +1 -0
package/dist/runtime/deno.js +83 -0
package/dist/runtime/deps.d.ts +113 -0
package/dist/runtime/deps.d.ts.map +1 -0
package/dist/runtime/deps.js +10 -0
package/dist/runtime/fs.d.ts +15 -0
package/dist/runtime/fs.d.ts.map +1 -0
package/dist/runtime/fs.js +17 -0
package/dist/runtime/mock.d.ts +81 -0
package/dist/runtime/mock.d.ts.map +1 -0
package/dist/runtime/mock.js +195 -0
package/dist/runtime/node.d.ts +17 -0
package/dist/runtime/node.d.ts.map +1 -0
package/dist/runtime/node.js +117 -0
package/dist/schema_meta.d.ts +16 -0
package/dist/schema_meta.d.ts.map +1 -0
package/dist/schema_meta.js +9 -0
package/dist/sensitivity.d.ts +15 -0
package/dist/sensitivity.d.ts.map +1 -0
package/dist/sensitivity.js +9 -0
package/dist/server/app_backend.d.ts +74 -0
package/dist/server/app_backend.d.ts.map +1 -0
package/dist/server/app_backend.js +39 -0
package/dist/server/app_server.d.ts +201 -0
package/dist/server/app_server.d.ts.map +1 -0
package/dist/server/app_server.js +266 -0
package/dist/server/env.d.ts +68 -0
package/dist/server/env.d.ts.map +1 -0
package/dist/server/env.js +95 -0
package/dist/server/startup.d.ts +22 -0
package/dist/server/startup.d.ts.map +1 -0
package/dist/server/startup.js +48 -0
package/dist/server/static.d.ts +39 -0
package/dist/server/static.d.ts.map +1 -0
package/dist/server/static.js +38 -0
package/dist/server/validate_nginx.d.ts +34 -0
package/dist/server/validate_nginx.d.ts.map +1 -0
package/dist/server/validate_nginx.js +118 -0
package/dist/testing/CLAUDE.md +3 -0
package/dist/testing/admin_integration.d.ts +45 -0
package/dist/testing/admin_integration.d.ts.map +1 -0
package/dist/testing/admin_integration.js +840 -0
package/dist/testing/adversarial_404.d.ts +15 -0
package/dist/testing/adversarial_404.d.ts.map +1 -0
package/dist/testing/adversarial_404.js +118 -0
package/dist/testing/adversarial_headers.d.ts +36 -0
package/dist/testing/adversarial_headers.d.ts.map +1 -0
package/dist/testing/adversarial_headers.js +128 -0
package/dist/testing/adversarial_input.d.ts +56 -0
package/dist/testing/adversarial_input.d.ts.map +1 -0
package/dist/testing/adversarial_input.js +494 -0
package/dist/testing/app_server.d.ts +169 -0
package/dist/testing/app_server.d.ts.map +1 -0
package/dist/testing/app_server.js +240 -0
package/dist/testing/assert_dev_env.d.ts +10 -0
package/dist/testing/assert_dev_env.d.ts.map +1 -0
package/dist/testing/assert_dev_env.js +13 -0
package/dist/testing/assertions.d.ts +61 -0
package/dist/testing/assertions.d.ts.map +1 -0
package/dist/testing/assertions.js +96 -0
package/dist/testing/attack_surface.d.ts +63 -0
package/dist/testing/attack_surface.d.ts.map +1 -0
package/dist/testing/attack_surface.js +224 -0
package/dist/testing/audit_completeness.d.ts +29 -0
package/dist/testing/audit_completeness.d.ts.map +1 -0
package/dist/testing/audit_completeness.js +410 -0
package/dist/testing/auth_apps.d.ts +55 -0
package/dist/testing/auth_apps.d.ts.map +1 -0
package/dist/testing/auth_apps.js +122 -0
package/dist/testing/data_exposure.d.ts +62 -0
package/dist/testing/data_exposure.d.ts.map +1 -0
package/dist/testing/data_exposure.js +297 -0
package/dist/testing/db.d.ts +111 -0
package/dist/testing/db.d.ts.map +1 -0
package/dist/testing/db.js +258 -0
package/dist/testing/entities.d.ts +21 -0
package/dist/testing/entities.d.ts.map +1 -0
package/dist/testing/entities.js +42 -0
package/dist/testing/error_coverage.d.ts +78 -0
package/dist/testing/error_coverage.d.ts.map +1 -0
package/dist/testing/error_coverage.js +135 -0
package/dist/testing/integration.d.ts +37 -0
package/dist/testing/integration.d.ts.map +1 -0
package/dist/testing/integration.js +1139 -0
package/dist/testing/integration_helpers.d.ts +107 -0
package/dist/testing/integration_helpers.d.ts.map +1 -0
package/dist/testing/integration_helpers.js +246 -0
package/dist/testing/middleware.d.ts +125 -0
package/dist/testing/middleware.d.ts.map +1 -0
package/dist/testing/middleware.js +210 -0
package/dist/testing/rate_limiting.d.ts +43 -0
package/dist/testing/rate_limiting.d.ts.map +1 -0
package/dist/testing/rate_limiting.js +216 -0
package/dist/testing/round_trip.d.ts +37 -0
package/dist/testing/round_trip.d.ts.map +1 -0
package/dist/testing/round_trip.js +128 -0
package/dist/testing/schema_generators.d.ts +33 -0
package/dist/testing/schema_generators.d.ts.map +1 -0
package/dist/testing/schema_generators.js +137 -0
package/dist/testing/standard.d.ts +49 -0
package/dist/testing/standard.d.ts.map +1 -0
package/dist/testing/standard.js +16 -0
package/dist/testing/stubs.d.ts +96 -0
package/dist/testing/stubs.d.ts.map +1 -0
package/dist/testing/stubs.js +192 -0
package/dist/testing/surface_invariants.d.ts +189 -0
package/dist/testing/surface_invariants.d.ts.map +1 -0
package/dist/testing/surface_invariants.js +450 -0
package/dist/ui/AccountSessions.svelte +75 -0
package/dist/ui/AccountSessions.svelte.d.ts +19 -0
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -0
package/dist/ui/AdminAccounts.svelte +107 -0
package/dist/ui/AdminAccounts.svelte.d.ts +19 -0
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -0
package/dist/ui/AdminAuditLog.svelte +144 -0
package/dist/ui/AdminAuditLog.svelte.d.ts +4 -0
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -0
package/dist/ui/AdminInvites.svelte +142 -0
package/dist/ui/AdminInvites.svelte.d.ts +4 -0
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -0
package/dist/ui/AdminOverview.svelte +337 -0
package/dist/ui/AdminOverview.svelte.d.ts +4 -0
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -0
package/dist/ui/AdminPermitHistory.svelte +61 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts +19 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -0
package/dist/ui/AdminSessions.svelte +85 -0
package/dist/ui/AdminSessions.svelte.d.ts +19 -0
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -0
package/dist/ui/AdminSettings.svelte +32 -0
package/dist/ui/AdminSettings.svelte.d.ts +19 -0
package/dist/ui/AdminSettings.svelte.d.ts.map +1 -0
package/dist/ui/AdminSurface.svelte +42 -0
package/dist/ui/AdminSurface.svelte.d.ts +4 -0
package/dist/ui/AdminSurface.svelte.d.ts.map +1 -0
package/dist/ui/AppShell.svelte +93 -0
package/dist/ui/AppShell.svelte.d.ts +20 -0
package/dist/ui/AppShell.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +105 -0
package/dist/ui/BootstrapForm.svelte.d.ts +4 -0
package/dist/ui/BootstrapForm.svelte.d.ts.map +1 -0
package/dist/ui/ColumnLayout.svelte +46 -0
package/dist/ui/ColumnLayout.svelte.d.ts +11 -0
package/dist/ui/ColumnLayout.svelte.d.ts.map +1 -0
package/dist/ui/ConfirmButton.svelte +125 -0
package/dist/ui/ConfirmButton.svelte.d.ts +54 -0
package/dist/ui/ConfirmButton.svelte.d.ts.map +1 -0
package/dist/ui/Datatable.svelte +185 -0
package/dist/ui/Datatable.svelte.d.ts +35 -0
package/dist/ui/Datatable.svelte.d.ts.map +1 -0
package/dist/ui/LoginForm.svelte +82 -0
package/dist/ui/LoginForm.svelte.d.ts +8 -0
package/dist/ui/LoginForm.svelte.d.ts.map +1 -0
package/dist/ui/LogoutButton.svelte +36 -0
package/dist/ui/LogoutButton.svelte.d.ts +10 -0
package/dist/ui/LogoutButton.svelte.d.ts.map +1 -0
package/dist/ui/MenuLink.svelte +35 -0
package/dist/ui/MenuLink.svelte.d.ts +12 -0
package/dist/ui/MenuLink.svelte.d.ts.map +1 -0
package/dist/ui/OpenSignupToggle.svelte +36 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts +19 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -0
package/dist/ui/PopoverButton.svelte +136 -0
package/dist/ui/PopoverButton.svelte.d.ts +63 -0
package/dist/ui/PopoverButton.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +117 -0
package/dist/ui/SignupForm.svelte.d.ts +7 -0
package/dist/ui/SignupForm.svelte.d.ts.map +1 -0
package/dist/ui/SurfaceExplorer.svelte +287 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts +8 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +15 -0
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.js +45 -0
package/dist/ui/admin_accounts_state.svelte.d.ts +19 -0
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_accounts_state.svelte.js +65 -0
package/dist/ui/admin_invites_state.svelte.d.ts +19 -0
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_invites_state.svelte.js +71 -0
package/dist/ui/admin_sessions_state.svelte.d.ts +18 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_sessions_state.svelte.js +62 -0
package/dist/ui/app_settings_state.svelte.d.ts +14 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -0
package/dist/ui/app_settings_state.svelte.js +44 -0
package/dist/ui/audit_log_state.svelte.d.ts +40 -0
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -0
package/dist/ui/audit_log_state.svelte.js +153 -0
package/dist/ui/auth_state.svelte.d.ts +85 -0
package/dist/ui/auth_state.svelte.d.ts.map +1 -0
package/dist/ui/auth_state.svelte.js +238 -0
package/dist/ui/datatable.d.ts +25 -0
package/dist/ui/datatable.d.ts.map +1 -0
package/dist/ui/datatable.js +9 -0
package/dist/ui/enter_advance.d.ts +13 -0
package/dist/ui/enter_advance.d.ts.map +1 -0
package/dist/ui/enter_advance.js +30 -0
package/dist/ui/loadable.svelte.d.ts +55 -0
package/dist/ui/loadable.svelte.d.ts.map +1 -0
package/dist/ui/loadable.svelte.js +75 -0
package/dist/ui/popover.svelte.d.ts +137 -0
package/dist/ui/popover.svelte.d.ts.map +1 -0
package/dist/ui/popover.svelte.js +288 -0
package/dist/ui/position_helpers.d.ts +27 -0
package/dist/ui/position_helpers.d.ts.map +1 -0
package/dist/ui/position_helpers.js +81 -0
package/dist/ui/sidebar_state.svelte.d.ts +30 -0
package/dist/ui/sidebar_state.svelte.d.ts.map +1 -0
package/dist/ui/sidebar_state.svelte.js +39 -0
package/dist/ui/table_state.svelte.d.ts +63 -0
package/dist/ui/table_state.svelte.d.ts.map +1 -0
package/dist/ui/table_state.svelte.js +117 -0
package/dist/ui/ui_fetch.d.ts +29 -0
package/dist/ui/ui_fetch.d.ts.map +1 -0
package/dist/ui/ui_fetch.js +37 -0
package/dist/ui/ui_format.d.ts +63 -0
package/dist/ui/ui_format.d.ts.map +1 -0
package/dist/ui/ui_format.js +196 -0
package/package.json +121 -0

package/dist/auth/session_cookie.d.ts ADDED Viewed

@@ -0,0 +1,158 @@
+/**
+ * Generic session management for cookie-based auth.
+ *
+ * Parameterized on identity type via `SessionOptions<TIdentity>`.
+ * Handles signing, expiration, and key rotation. Apps provide
+ * encode/decode for their specific identity format.
+ *
+ * Cookie value format: `${encode(identity)}:${expires_at}` (signed with HMAC-SHA256).
+ *
+ * @module
+ */
+import type { Keyring } from './keyring.js';
+/** Cookie max age in seconds (30 days — aligned with AUTH_SESSION_LIFETIME_MS). */
+export declare const SESSION_AGE_MAX: number;
+/**
+ * Cookie options for session cookies.
+ */
+export interface SessionCookieOptions {
+    path: string;
+    httpOnly: boolean;
+    secure: boolean;
+    sameSite: 'strict' | 'lax' | 'none';
+    maxAge: number;
+}
+/**
+ * Default cookie options for session cookies.
+ *
+ * Uses strict security settings:
+ * - `secure: true` - Works on localhost in Chrome/Firefox (treated as secure context)
+ * - `sameSite: 'strict'` - Prevents CSRF
+ * - `httpOnly: true` - Prevents XSS access to cookie
+ */
+export declare const SESSION_COOKIE_OPTIONS: SessionCookieOptions;
+/**
+ * Configuration for a session cookie format.
+ *
+ * Apps provide encode/decode to control the identity portion
+ * of the cookie payload.
+ *
+ * The `TIdentity` type parameter determines the trust model:
+ * - `string` (e.g. a session_id) — the cookie references a server-side session record,
+ *   enabling per-session revocation and metadata. Use when you need admin controls
+ *   like "revoke all sessions" or per-session audit trails.
+ * - `number` (e.g. an account_id) — the cookie directly encodes the user identity,
+ *   requiring no server-side session state. Simpler, but individual sessions
+ *   can only be invalidated by rotating the signing key (which invalidates all sessions).
+ *
+ * @example
+ * ```ts
+ * // tx: 3-part format (admin:session_id)
+ * const tx_config: SessionOptions<string> = {
+ *   cookie_name: 'tx_session',
+ *   context_key: 'auth_session_id',
+ *   encode_identity: (session_id) => `admin:${session_id}`,
+ *   decode_identity: (payload) => {
+ *     const parts = payload.split(':');
+ *     if (parts.length !== 2 || parts[0] !== 'admin') return null;
+ *     return parts[1] || null;
+ *   },
+ * };
+ *
+ * // visiones: 1-part format (account_id)
+ * const visiones_config: SessionOptions<number> = {
+ *   cookie_name: 'session_id',
+ *   context_key: 'auth_session_id',
+ *   encode_identity: (id) => String(id),
+ *   decode_identity: (payload) => {
+ *     const n = parseInt(payload, 10);
+ *     return Number.isFinite(n) && n > 0 ? n : null;
+ *   },
+ * };
+ * ```
+ */
+export interface SessionOptions<TIdentity> {
+    cookie_name: string;
+    /** Hono context variable name for the identity. */
+    context_key: string;
+    max_age?: number;
+    cookie_options?: Partial<SessionCookieOptions>;
+    /** Encode identity into the cookie payload (before the `:expires_at` suffix). */
+    encode_identity: (identity: TIdentity) => string;
+    /** Decode identity from cookie payload. Return null if invalid. */
+    decode_identity: (payload: string) => TIdentity | null;
+}
+/**
+ * Result of parsing a signed session cookie.
+ */
+export interface ParsedSession<TIdentity> {
+    /** The decoded identity. */
+    identity: TIdentity;
+    /** True if verified with a non-primary key (needs re-signing). */
+    should_refresh_signature: boolean;
+    /** Index of the key that verified the signature. */
+    key_index: number;
+}
+/**
+ * Parse a signed session cookie value.
+ *
+ * The signed value format is `${encode(identity)}:${expires_at}`.
+ * Tries all keys in order to support key rotation.
+ *
+ * @param signed_value - the raw cookie value (signed)
+ * @param keyring - key ring for verification
+ * @param options - session configuration with decode logic
+ * @param now_seconds - current time in seconds (for testing)
+ * @returns `ParsedSession` if valid, null if invalid/expired, undefined if empty/missing
+ */
+export declare const parse_session: <TIdentity>(signed_value: string | undefined, keyring: Keyring, options: SessionOptions<TIdentity>, now_seconds?: number) => Promise<ParsedSession<TIdentity> | null | undefined>;
+/**
+ * Create a signed session cookie value.
+ *
+ * Format: `${encode(identity)}:${expires_at}` signed with HMAC-SHA256.
+ * Embeds expiration in the signed value itself for defense-in-depth.
+ *
+ * @param keyring - key ring for signing
+ * @param identity - the identity to encode
+ * @param options - session configuration with encode logic
+ * @param now_seconds - current time in seconds (for testing)
+ * @returns signed cookie value string
+ */
+export declare const create_session_cookie_value: <TIdentity>(keyring: Keyring, identity: TIdentity, options: SessionOptions<TIdentity>, now_seconds?: number) => Promise<string>;
+/**
+ * Result of processing a session cookie.
+ */
+export interface ProcessSessionResult<TIdentity> {
+    /** Whether the session is valid. */
+    valid: boolean;
+    /** Action the adapter should take. */
+    action: 'none' | 'clear' | 'refresh';
+    /** New signed value when action is 'refresh'. */
+    new_signed_value?: string;
+    /** The decoded identity if the cookie was valid. */
+    identity?: TIdentity;
+}
+/**
+ * Create a session config for raw session token identity.
+ *
+ * The standard pattern: cookie stores the raw session token,
+ * server hashes it (blake3) to look up the `auth_session` row.
+ * Only the `cookie_name` varies per app.
+ *
+ * @param cookie_name - cookie name (e.g. `'tx_session'`, `'visiones_session'`)
+ * @returns a `SessionOptions<string>` ready for use with session middleware
+ */
+export declare const create_session_config: (cookie_name: string) => SessionOptions<string>;
+/** Canonical session config for fuz_app auth. */
+export declare const fuz_session_config: SessionOptions<string>;
+/**
+ * Process a session cookie and determine what action to take.
+ *
+ * @param signed_value - the raw cookie value (may be undefined)
+ * @param keyring - key ring for verification and signing
+ * @param options - session configuration
+ * @param now_seconds - current time in seconds (for testing)
+ * @returns result with validity and action to take
+ */
+export declare const process_session_cookie: <TIdentity>(signed_value: string | undefined, keyring: Keyring, options: SessionOptions<TIdentity>, now_seconds?: number) => Promise<ProcessSessionResult<TIdentity>>;
+//# sourceMappingURL=session_cookie.d.ts.map

package/dist/auth/session_cookie.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session_cookie.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_cookie.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAE1C,mFAAmF;AACnF,eAAO,MAAM,eAAe,QAAoB,CAAC;AAKjD;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACpC,MAAM,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,sBAAsB,EAAE,oBAMpC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAM,WAAW,cAAc,CAAC,SAAS;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC/C,iFAAiF;IACjF,eAAe,EAAE,CAAC,QAAQ,EAAE,SAAS,KAAK,MAAM,CAAC;IACjD,mEAAmE;IACnE,eAAe,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,SAAS,GAAG,IAAI,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,aAAa,CAAC,SAAS;IACvC,4BAA4B;IAC5B,QAAQ,EAAE,SAAS,CAAC;IACpB,kEAAkE;IAClE,wBAAwB,EAAE,OAAO,CAAC;IAClC,oDAAoD;IACpD,SAAS,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,aAAa,GAAU,SAAS,EAC5C,cAAc,MAAM,GAAG,SAAS,EAChC,SAAS,OAAO,EAChB,SAAS,cAAc,CAAC,SAAS,CAAC,EAClC,cAAc,MAAM,KAClB,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,IAAI,GAAG,SAAS,CA4BrD,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,2BAA2B,GAAU,SAAS,EAC1D,SAAS,OAAO,EAChB,UAAU,SAAS,EACnB,SAAS,cAAc,CAAC,SAAS,CAAC,EAClC,cAAc,MAAM,KAClB,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAoB,CAAC,SAAS;IAC9C,oCAAoC;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,sCAAsC;IACtC,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IACrC,iDAAiD;IACjD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oDAAoD;IACpD,QAAQ,CAAC,EAAE,SAAS,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,GAAI,aAAa,MAAM,KAAG,cAAc,CAAC,MAAM,CAK/E,CAAC;AAEH,iDAAiD;AACjD,eAAO,MAAM,kBAAkB,EAAE,cAAc,CAAC,MAAM,CAAwC,CAAC;AAE/F;;;;;;;;GAQG;AAEH,eAAO,MAAM,sBAAsB,GAAU,SAAS,EACrD,cAAc,MAAM,GAAG,SAAS,EAChC,SAAS,OAAO,EAChB,SAAS,cAAc,CAAC,SAAS,CAAC,EAClC,cAAc,MAAM,KAClB,OAAO,CAAC,oBAAoB,CAAC,SAAS,CAAC,CA4BzC,CAAC"}

package/dist/auth/session_cookie.js ADDED Viewed

@@ -0,0 +1,135 @@
+/**
+ * Generic session management for cookie-based auth.
+ *
+ * Parameterized on identity type via `SessionOptions<TIdentity>`.
+ * Handles signing, expiration, and key rotation. Apps provide
+ * encode/decode for their specific identity format.
+ *
+ * Cookie value format: `${encode(identity)}:${expires_at}` (signed with HMAC-SHA256).
+ *
+ * @module
+ */
+/** Cookie max age in seconds (30 days — aligned with AUTH_SESSION_LIFETIME_MS). */
+export const SESSION_AGE_MAX = 60 * 60 * 24 * 30;
+/** Separator between identity payload and expires_at in signed value. */
+const VALUE_SEPARATOR = ':';
+/**
+ * Default cookie options for session cookies.
+ *
+ * Uses strict security settings:
+ * - `secure: true` - Works on localhost in Chrome/Firefox (treated as secure context)
+ * - `sameSite: 'strict'` - Prevents CSRF
+ * - `httpOnly: true` - Prevents XSS access to cookie
+ */
+export const SESSION_COOKIE_OPTIONS = {
+    path: '/',
+    httpOnly: true,
+    secure: true,
+    sameSite: 'strict',
+    maxAge: SESSION_AGE_MAX,
+};
+/**
+ * Parse a signed session cookie value.
+ *
+ * The signed value format is `${encode(identity)}:${expires_at}`.
+ * Tries all keys in order to support key rotation.
+ *
+ * @param signed_value - the raw cookie value (signed)
+ * @param keyring - key ring for verification
+ * @param options - session configuration with decode logic
+ * @param now_seconds - current time in seconds (for testing)
+ * @returns `ParsedSession` if valid, null if invalid/expired, undefined if empty/missing
+ */
+export const parse_session = async (signed_value, keyring, options, now_seconds) => {
+    if (!signed_value)
+        return undefined;
+    const result = await keyring.verify(signed_value);
+    if (!result)
+        return null;
+    // Split on the last VALUE_SEPARATOR to get identity_payload and expires_at
+    const last_sep = result.value.lastIndexOf(VALUE_SEPARATOR);
+    if (last_sep === -1)
+        return null;
+    const identity_payload = result.value.slice(0, last_sep);
+    const expires_at_str = result.value.slice(last_sep + 1);
+    const identity = options.decode_identity(identity_payload);
+    if (identity === null)
+        return null;
+    const expires_at = parseInt(expires_at_str, 10);
+    if (!Number.isFinite(expires_at))
+        return null;
+    // Check expiration
+    const now = now_seconds ?? Math.floor(Date.now() / 1000);
+    if (expires_at <= now)
+        return null;
+    return {
+        identity,
+        should_refresh_signature: result.key_index > 0,
+        key_index: result.key_index,
+    };
+};
+/**
+ * Create a signed session cookie value.
+ *
+ * Format: `${encode(identity)}:${expires_at}` signed with HMAC-SHA256.
+ * Embeds expiration in the signed value itself for defense-in-depth.
+ *
+ * @param keyring - key ring for signing
+ * @param identity - the identity to encode
+ * @param options - session configuration with encode logic
+ * @param now_seconds - current time in seconds (for testing)
+ * @returns signed cookie value string
+ */
+export const create_session_cookie_value = async (keyring, identity, options, now_seconds) => {
+    const max_age = options.max_age ?? SESSION_AGE_MAX;
+    const now = now_seconds ?? Math.floor(Date.now() / 1000);
+    const expires_at = now + max_age;
+    const value = `${options.encode_identity(identity)}${VALUE_SEPARATOR}${expires_at}`;
+    return keyring.sign(value);
+};
+/**
+ * Create a session config for raw session token identity.
+ *
+ * The standard pattern: cookie stores the raw session token,
+ * server hashes it (blake3) to look up the `auth_session` row.
+ * Only the `cookie_name` varies per app.
+ *
+ * @param cookie_name - cookie name (e.g. `'tx_session'`, `'visiones_session'`)
+ * @returns a `SessionOptions<string>` ready for use with session middleware
+ */
+export const create_session_config = (cookie_name) => ({
+    cookie_name,
+    context_key: 'auth_session_id',
+    encode_identity: (session_id) => session_id,
+    decode_identity: (payload) => payload || null,
+});
+/** Canonical session config for fuz_app auth. */
+export const fuz_session_config = create_session_config('fuz_session');
+/**
+ * Process a session cookie and determine what action to take.
+ *
+ * @param signed_value - the raw cookie value (may be undefined)
+ * @param keyring - key ring for verification and signing
+ * @param options - session configuration
+ * @param now_seconds - current time in seconds (for testing)
+ * @returns result with validity and action to take
+ */
+export const process_session_cookie = async (signed_value, keyring, options, now_seconds) => {
+    const now = now_seconds ?? Math.floor(Date.now() / 1000);
+    const parsed = await parse_session(signed_value, keyring, options, now);
+    if (parsed === undefined) {
+        // No cookie present
+        return { valid: false, action: 'none' };
+    }
+    if (parsed === null) {
+        // Invalid cookie - should be cleared
+        return { valid: false, action: 'clear' };
+    }
+    // Valid session
+    if (parsed.should_refresh_signature) {
+        // Re-sign with current key (extends expiration)
+        const new_signed_value = await create_session_cookie_value(keyring, parsed.identity, options, now);
+        return { valid: true, action: 'refresh', new_signed_value, identity: parsed.identity };
+    }
+    return { valid: true, action: 'none', identity: parsed.identity };
+};

package/dist/auth/session_lifecycle.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Session lifecycle — creation and cookie management shared across login and bootstrap flows.
+ *
+ * @module
+ */
+import type { Context } from 'hono';
+import type { Keyring } from './keyring.js';
+import { type SessionOptions } from './session_cookie.js';
+import type { QueryDeps } from '../db/query_deps.js';
+/**
+ * Options for `create_session_and_set_cookie`.
+ */
+export interface CreateSessionAndSetCookieOptions {
+    /** Keyring for cookie signing. */
+    keyring: Keyring;
+    /** Query deps (needs db for session creation). */
+    deps: QueryDeps;
+    /** Hono context for setting the cookie. */
+    c: Context;
+    /** The account to create a session for. */
+    account_id: string;
+    /** Session cookie configuration. */
+    session_options: SessionOptions<string>;
+    /** Per-account session cap (`null` to skip enforcement). */
+    max_sessions?: number | null;
+}
+/**
+ * Create an auth session and set the session cookie on the response.
+ *
+ * Shared by login and bootstrap — generates a token, hashes it, persists
+ * the session row, optionally enforces a per-account session limit, and
+ * sets the signed cookie.
+ */
+export declare const create_session_and_set_cookie: (options: CreateSessionAndSetCookieOptions) => Promise<void>;
+//# sourceMappingURL=session_lifecycle.d.ts.map

package/dist/auth/session_lifecycle.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,6BAA6B,GACzC,SAAS,gCAAgC,KACvC,OAAO,CAAC,IAAI,CAad,CAAC"}

package/dist/auth/session_lifecycle.js ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Session lifecycle — creation and cookie management shared across login and bootstrap flows.
+ *
+ * @module
+ */
+import { create_session_cookie_value } from './session_cookie.js';
+import { set_session_cookie } from './session_middleware.js';
+import { generate_session_token, hash_session_token, AUTH_SESSION_LIFETIME_MS, query_create_session, query_session_enforce_limit, } from './session_queries.js';
+/**
+ * Create an auth session and set the session cookie on the response.
+ *
+ * Shared by login and bootstrap — generates a token, hashes it, persists
+ * the session row, optionally enforces a per-account session limit, and
+ * sets the signed cookie.
+ */
+export const create_session_and_set_cookie = async (options) => {
+    const { keyring, deps, c, account_id, session_options, max_sessions } = options;
+    const session_token = generate_session_token();
+    const token_hash = hash_session_token(session_token);
+    const expires_at = new Date(Date.now() + AUTH_SESSION_LIFETIME_MS);
+    await query_create_session(deps, token_hash, account_id, expires_at);
+    if (max_sessions != null) {
+        await query_session_enforce_limit(deps, account_id, max_sessions);
+    }
+    const cookie_value = await create_session_cookie_value(keyring, session_token, session_options);
+    set_session_cookie(c, cookie_value, session_options);
+};

package/dist/auth/session_middleware.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Hono session middleware using generic session management.
+ *
+ * Thin wrapper that gets/sets cookies and delegates to session processing.
+ *
+ * @module
+ */
+import type { Context, MiddlewareHandler } from 'hono';
+import type { Keyring } from './keyring.js';
+import { type SessionOptions } from './session_cookie.js';
+/**
+ * Read the session cookie value from a request.
+ */
+export declare const get_session_cookie: <T>(c: Context, options: SessionOptions<T>) => string | undefined;
+/**
+ * Set the session cookie on a response.
+ */
+export declare const set_session_cookie: <T>(c: Context, value: string, options: SessionOptions<T>) => void;
+/**
+ * Clear the session cookie on a response.
+ */
+export declare const clear_session_cookie: <T>(c: Context, options: SessionOptions<T>) => void;
+/**
+ * Create session middleware that parses cookies and sets identity on context.
+ *
+ * Always sets the identity on context (null when invalid/missing) for type-safe reads.
+ * Uses `options.context_key` as the Hono context variable name.
+ *
+ * @param keyring - key ring for cookie verification
+ * @param options - session configuration
+ */
+export declare const create_session_middleware: <TIdentity>(keyring: Keyring, options: SessionOptions<TIdentity>) => MiddlewareHandler;
+//# sourceMappingURL=session_middleware.d.ts.map

package/dist/auth/session_middleware.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAGrD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EACN,KAAK,cAAc,EAInB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,MAAM,GAAG,SAEX,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,OAAO,MAAM,EACb,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,IASF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,cAAc,CAAC,CAAC,CAAC,KAAG,IAMhF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,EAClD,SAAS,OAAO,EAChB,SAAS,cAAc,CAAC,SAAS,CAAC,KAChC,iBAgBF,CAAC"}

package/dist/auth/session_middleware.js ADDED Viewed

@@ -0,0 +1,62 @@
+/**
+ * Hono session middleware using generic session management.
+ *
+ * Thin wrapper that gets/sets cookies and delegates to session processing.
+ *
+ * @module
+ */
+import { getCookie, setCookie, deleteCookie } from 'hono/cookie';
+import { SESSION_COOKIE_OPTIONS, process_session_cookie, } from './session_cookie.js';
+/**
+ * Read the session cookie value from a request.
+ */
+export const get_session_cookie = (c, options) => {
+    return getCookie(c, options.cookie_name);
+};
+/**
+ * Set the session cookie on a response.
+ */
+export const set_session_cookie = (c, value, options) => {
+    const cookie_options = {
+        ...SESSION_COOKIE_OPTIONS,
+        ...options.cookie_options,
+    };
+    if (options.max_age !== undefined) {
+        cookie_options.maxAge = options.max_age;
+    }
+    setCookie(c, options.cookie_name, value, cookie_options);
+};
+/**
+ * Clear the session cookie on a response.
+ */
+export const clear_session_cookie = (c, options) => {
+    const cookie_options = {
+        ...SESSION_COOKIE_OPTIONS,
+        ...options.cookie_options,
+    };
+    deleteCookie(c, options.cookie_name, cookie_options);
+};
+/**
+ * Create session middleware that parses cookies and sets identity on context.
+ *
+ * Always sets the identity on context (null when invalid/missing) for type-safe reads.
+ * Uses `options.context_key` as the Hono context variable name.
+ *
+ * @param keyring - key ring for cookie verification
+ * @param options - session configuration
+ */
+export const create_session_middleware = (keyring, options) => {
+    return async (c, next) => {
+        const signed_value = get_session_cookie(c, options);
+        const result = await process_session_cookie(signed_value, keyring, options);
+        // Always set identity (null when invalid/missing) for type-safe reads
+        c.set(options.context_key, result.identity ?? null);
+        if (result.action === 'clear') {
+            clear_session_cookie(c, options);
+        }
+        else if (result.action === 'refresh' && result.new_signed_value) {
+            set_session_cookie(c, result.new_signed_value, options);
+        }
+        await next();
+    };
+};

package/dist/auth/session_queries.d.ts ADDED Viewed

@@ -0,0 +1,135 @@
+/**
+ * Auth session database queries.
+ *
+ * Server-side sessions keyed by blake3 hash of the session token.
+ * The cookie contains the raw token; the database stores only the hash.
+ *
+ * @module
+ */
+import type { Logger } from '@fuzdev/fuz_util/log.js';
+import type { QueryDeps } from '../db/query_deps.js';
+import type { AuthSession } from './account_schema.js';
+/** Session lifetime in milliseconds (30 days). */
+export declare const AUTH_SESSION_LIFETIME_MS: number;
+/** Extend session when it has less than this remaining (1 day in ms). */
+export declare const AUTH_SESSION_EXTEND_THRESHOLD_MS: number;
+/**
+ * Hash a session token to its storage key using blake3.
+ *
+ * @param token - the raw session token
+ * @returns hex-encoded blake3 hash
+ */
+export declare const hash_session_token: (token: string) => string;
+/**
+ * Generate a cryptographically random session token.
+ *
+ * @returns a 32-byte base64url-encoded token
+ */
+export declare const generate_session_token: () => string;
+/**
+ * Create a new auth session.
+ *
+ * @param deps - query dependencies
+ * @param token_hash - blake3 hash of the session token (use `hash_session_token`)
+ * @param account_id - the account this session belongs to
+ * @param expires_at - when the session expires
+ */
+export declare const query_create_session: (deps: QueryDeps, token_hash: string, account_id: string, expires_at: Date) => Promise<void>;
+/**
+ * Get a session if it exists, is not expired, and has not been revoked.
+ *
+ * @param deps - query dependencies
+ * @param token_hash - blake3 hash of the session token
+ */
+export declare const query_session_get_valid: (deps: QueryDeps, token_hash: string) => Promise<AuthSession | undefined>;
+/**
+ * Update `last_seen_at` and optionally extend expiry for a session.
+ *
+ * Extends if less than `AUTH_SESSION_EXTEND_THRESHOLD_MS` remaining.
+ *
+ * @param deps - query dependencies
+ * @param token_hash - blake3 hash of the session token
+ */
+export declare const query_session_touch: (deps: QueryDeps, token_hash: string) => Promise<void>;
+/**
+ * Revoke (delete) a session by its token hash.
+ *
+ * No account_id constraint — caller must ensure the hash comes from a
+ * trusted source (e.g. the authenticated session cookie). For user-facing
+ * revocation of a specific session by ID, prefer `query_session_revoke_for_account`
+ * which includes an IDOR guard.
+ */
+export declare const query_session_revoke_by_hash: (deps: QueryDeps, token_hash: string) => Promise<void>;
+/**
+ * Revoke a session only if it belongs to the specified account.
+ *
+ * Prevents cross-account session revocation.
+ *
+ * @param deps - query dependencies
+ * @param token_hash - blake3 hash of the session token
+ * @param account_id - the account that must own the session
+ * @returns `true` if a session was revoked, `false` if not found or wrong account
+ */
+export declare const query_session_revoke_for_account: (deps: QueryDeps, token_hash: string, account_id: string) => Promise<boolean>;
+/**
+ * Revoke all sessions for an account.
+ *
+ * @returns the number of sessions revoked
+ */
+export declare const query_session_revoke_all_for_account: (deps: QueryDeps, account_id: string) => Promise<number>;
+/**
+ * List sessions for an account, newest first.
+ */
+export declare const query_session_list_for_account: (deps: QueryDeps, account_id: string, limit?: number) => Promise<Array<AuthSession>>;
+/**
+ * Enforce a per-account session limit by evicting the oldest sessions.
+ *
+ * Keeps the newest `max_sessions` sessions and deletes the rest.
+ *
+ * Race safety: this function must run inside a transaction alongside the
+ * INSERT that created the new session. All callers satisfy this requirement:
+ * - `POST /login` and `POST /tokens/create` use the default `transaction: true`
+ *   (framework-managed transaction wrapping in `apply_route_specs`)
+ * - `POST /bootstrap` and `POST /signup` manage their own transactions
+ *   and pass the transaction-scoped `deps` to `create_session_and_set_cookie`
+ *
+ * The transaction ensures the INSERT + enforce_limit pair is atomic —
+ * concurrent session creation cannot interleave between the two statements.
+ *
+ * @param deps - query dependencies (must be transaction-scoped)
+ * @param account_id - the account to enforce the limit for
+ * @param max_sessions - maximum number of sessions to keep
+ * @returns the number of sessions evicted
+ */
+export declare const query_session_enforce_limit: (deps: QueryDeps, account_id: string, max_sessions: number) => Promise<number>;
+/**
+ * List all active sessions across all accounts with usernames.
+ *
+ * @param deps - query dependencies
+ * @param limit - maximum entries to return
+ * @returns active sessions joined with account usernames, newest activity first
+ */
+export declare const query_session_list_all_active: (deps: QueryDeps, limit?: number) => Promise<Array<AuthSession & {
+    username: string;
+}>>;
+/**
+ * Delete expired sessions.
+ *
+ * @returns the number of sessions cleaned up
+ */
+export declare const query_session_cleanup_expired: (deps: QueryDeps) => Promise<number>;
+/**
+ * Touch a session without blocking the caller.
+ *
+ * Errors are logged to console — session touching never breaks request flows.
+ * Pass `pending_effects` (from `c.var.pending_effects`) to register
+ * the promise for test flushing.
+ *
+ * @param deps - query dependencies
+ * @param token_hash - blake3 hash of the session token
+ * @param pending_effects - optional array to register the effect for later awaiting
+ * @param log - the logger instance
+ * @returns the settled promise (callers may ignore it — fire-and-forget semantics preserved)
+ */
+export declare const session_touch_fire_and_forget: (deps: QueryDeps, token_hash: string, pending_effects: Array<Promise<void>> | undefined, log: Logger) => Promise<void>;
+//# sourceMappingURL=session_queries.d.ts.map

package/dist/auth/session_queries.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,qBAAqB,CAAC;AAErD,kDAAkD;AAClD,eAAO,MAAM,wBAAwB,QAA2B,CAAC;AAEjE,yEAAyE;AACzE,eAAO,MAAM,gCAAgC,QAAsB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,KAAG,MAElD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAEzC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,YAAY,MAAM,EAClB,YAAY,IAAI,KACd,OAAO,CAAC,IAAI,CAMd,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,WAAW,GAAG,SAAS,CAKjC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,GAAU,MAAM,SAAS,EAAE,YAAY,MAAM,KAAG,OAAO,CAAC,IAAI,CAY3F,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,IAAI,CAEd,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAMjB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,8BAA8B,GAC1C,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAAU,KACR,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAK5B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAAc,MAAM,KAClB,OAAO,CAAC,MAAM,CAYhB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,cAAW,KACT,OAAO,CAAC,KAAK,CAAC,WAAW,GAAG;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAC,CAAC,CASjD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,MAAM,CAKnF,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,iBAAiB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,SAAS,EACjD,KAAK,MAAM,KACT,OAAO,CAAC,IAAI,CAMd,CAAC"}