npm - @fuzdev/fuz_app - Versions diffs - 0.1.0 - Mend

@fuzdev/fuz_app 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/LICENSE +21 -0
package/README.md +49 -0
package/dist/actions/action_bridge.d.ts +65 -0
package/dist/actions/action_bridge.d.ts.map +1 -0
package/dist/actions/action_bridge.js +76 -0
package/dist/actions/action_codegen.d.ts +97 -0
package/dist/actions/action_codegen.d.ts.map +1 -0
package/dist/actions/action_codegen.js +280 -0
package/dist/actions/action_registry.d.ts +35 -0
package/dist/actions/action_registry.d.ts.map +1 -0
package/dist/actions/action_registry.js +83 -0
package/dist/actions/action_spec.d.ts +169 -0
package/dist/actions/action_spec.d.ts.map +1 -0
package/dist/actions/action_spec.js +76 -0
package/dist/auth/account_queries.d.ts +96 -0
package/dist/auth/account_queries.d.ts.map +1 -0
package/dist/auth/account_queries.js +172 -0
package/dist/auth/account_routes.d.ts +86 -0
package/dist/auth/account_routes.d.ts.map +1 -0
package/dist/auth/account_routes.js +406 -0
package/dist/auth/account_schema.d.ts +192 -0
package/dist/auth/account_schema.d.ts.map +1 -0
package/dist/auth/account_schema.js +105 -0
package/dist/auth/admin_routes.d.ts +29 -0
package/dist/auth/admin_routes.d.ts.map +1 -0
package/dist/auth/admin_routes.js +193 -0
package/dist/auth/api_token.d.ts +33 -0
package/dist/auth/api_token.d.ts.map +1 -0
package/dist/auth/api_token.js +36 -0
package/dist/auth/api_token_queries.d.ts +80 -0
package/dist/auth/api_token_queries.d.ts.map +1 -0
package/dist/auth/api_token_queries.js +116 -0
package/dist/auth/app_settings_queries.d.ts +33 -0
package/dist/auth/app_settings_queries.d.ts.map +1 -0
package/dist/auth/app_settings_queries.js +51 -0
package/dist/auth/app_settings_routes.d.ts +27 -0
package/dist/auth/app_settings_routes.d.ts.map +1 -0
package/dist/auth/app_settings_routes.js +66 -0
package/dist/auth/app_settings_schema.d.ts +35 -0
package/dist/auth/app_settings_schema.d.ts.map +1 -0
package/dist/auth/app_settings_schema.js +22 -0
package/dist/auth/audit_log_queries.d.ts +90 -0
package/dist/auth/audit_log_queries.d.ts.map +1 -0
package/dist/auth/audit_log_queries.js +205 -0
package/dist/auth/audit_log_routes.d.ts +33 -0
package/dist/auth/audit_log_routes.d.ts.map +1 -0
package/dist/auth/audit_log_routes.js +106 -0
package/dist/auth/audit_log_schema.d.ts +259 -0
package/dist/auth/audit_log_schema.d.ts.map +1 -0
package/dist/auth/audit_log_schema.js +123 -0
package/dist/auth/bearer_auth.d.ts +32 -0
package/dist/auth/bearer_auth.d.ts.map +1 -0
package/dist/auth/bearer_auth.js +90 -0
package/dist/auth/bootstrap_account.d.ts +82 -0
package/dist/auth/bootstrap_account.d.ts.map +1 -0
package/dist/auth/bootstrap_account.js +97 -0
package/dist/auth/bootstrap_routes.d.ts +74 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -0
package/dist/auth/bootstrap_routes.js +154 -0
package/dist/auth/daemon_token.d.ts +49 -0
package/dist/auth/daemon_token.d.ts.map +1 -0
package/dist/auth/daemon_token.js +49 -0
package/dist/auth/daemon_token_middleware.d.ts +93 -0
package/dist/auth/daemon_token_middleware.d.ts.map +1 -0
package/dist/auth/daemon_token_middleware.js +167 -0
package/dist/auth/ddl.d.ts +27 -0
package/dist/auth/ddl.d.ts.map +1 -0
package/dist/auth/ddl.js +111 -0
package/dist/auth/deps.d.ts +52 -0
package/dist/auth/deps.d.ts.map +1 -0
package/dist/auth/deps.js +10 -0
package/dist/auth/invite_queries.d.ts +68 -0
package/dist/auth/invite_queries.d.ts.map +1 -0
package/dist/auth/invite_queries.js +105 -0
package/dist/auth/invite_routes.d.ts +18 -0
package/dist/auth/invite_routes.d.ts.map +1 -0
package/dist/auth/invite_routes.js +129 -0
package/dist/auth/invite_schema.d.ts +51 -0
package/dist/auth/invite_schema.d.ts.map +1 -0
package/dist/auth/invite_schema.js +25 -0
package/dist/auth/keyring.d.ts +87 -0
package/dist/auth/keyring.d.ts.map +1 -0
package/dist/auth/keyring.js +142 -0
package/dist/auth/middleware.d.ts +40 -0
package/dist/auth/middleware.d.ts.map +1 -0
package/dist/auth/middleware.js +64 -0
package/dist/auth/migrations.d.ts +42 -0
package/dist/auth/migrations.d.ts.map +1 -0
package/dist/auth/migrations.js +79 -0
package/dist/auth/password.d.ts +39 -0
package/dist/auth/password.d.ts.map +1 -0
package/dist/auth/password.js +25 -0
package/dist/auth/password_argon2.d.ts +43 -0
package/dist/auth/password_argon2.d.ts.map +1 -0
package/dist/auth/password_argon2.js +76 -0
package/dist/auth/permit_queries.d.ts +72 -0
package/dist/auth/permit_queries.d.ts.map +1 -0
package/dist/auth/permit_queries.js +116 -0
package/dist/auth/request_context.d.ts +114 -0
package/dist/auth/request_context.d.ts.map +1 -0
package/dist/auth/request_context.js +176 -0
package/dist/auth/require_keeper.d.ts +20 -0
package/dist/auth/require_keeper.d.ts.map +1 -0
package/dist/auth/require_keeper.js +35 -0
package/dist/auth/role_schema.d.ts +69 -0
package/dist/auth/role_schema.d.ts.map +1 -0
package/dist/auth/role_schema.js +70 -0
package/dist/auth/route_guards.d.ts +21 -0
package/dist/auth/route_guards.d.ts.map +1 -0
package/dist/auth/route_guards.js +32 -0
package/dist/auth/session_cookie.d.ts +158 -0
package/dist/auth/session_cookie.d.ts.map +1 -0
package/dist/auth/session_cookie.js +135 -0
package/dist/auth/session_lifecycle.d.ts +35 -0
package/dist/auth/session_lifecycle.d.ts.map +1 -0
package/dist/auth/session_lifecycle.js +27 -0
package/dist/auth/session_middleware.d.ts +33 -0
package/dist/auth/session_middleware.d.ts.map +1 -0
package/dist/auth/session_middleware.js +62 -0
package/dist/auth/session_queries.d.ts +135 -0
package/dist/auth/session_queries.d.ts.map +1 -0
package/dist/auth/session_queries.js +186 -0
package/dist/auth/signup_routes.d.ts +32 -0
package/dist/auth/signup_routes.d.ts.map +1 -0
package/dist/auth/signup_routes.js +150 -0
package/dist/cli/args.d.ts +48 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +76 -0
package/dist/cli/config.d.ts +48 -0
package/dist/cli/config.d.ts.map +1 -0
package/dist/cli/config.js +77 -0
package/dist/cli/daemon.d.ts +82 -0
package/dist/cli/daemon.d.ts.map +1 -0
package/dist/cli/daemon.js +149 -0
package/dist/cli/help.d.ts +85 -0
package/dist/cli/help.d.ts.map +1 -0
package/dist/cli/help.js +138 -0
package/dist/cli/logger.d.ts +46 -0
package/dist/cli/logger.d.ts.map +1 -0
package/dist/cli/logger.js +48 -0
package/dist/cli/util.d.ts +36 -0
package/dist/cli/util.d.ts.map +1 -0
package/dist/cli/util.js +50 -0
package/dist/crypto.d.ts +13 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +19 -0
package/dist/db/assert_row.d.ts +18 -0
package/dist/db/assert_row.d.ts.map +1 -0
package/dist/db/assert_row.js +24 -0
package/dist/db/create_db.d.ts +38 -0
package/dist/db/create_db.d.ts.map +1 -0
package/dist/db/create_db.js +57 -0
package/dist/db/db.d.ts +97 -0
package/dist/db/db.d.ts.map +1 -0
package/dist/db/db.js +76 -0
package/dist/db/db_pg.d.ts +21 -0
package/dist/db/db_pg.d.ts.map +1 -0
package/dist/db/db_pg.js +45 -0
package/dist/db/db_pglite.d.ts +21 -0
package/dist/db/db_pglite.d.ts.map +1 -0
package/dist/db/db_pglite.js +28 -0
package/dist/db/migrate.d.ts +67 -0
package/dist/db/migrate.d.ts.map +1 -0
package/dist/db/migrate.js +118 -0
package/dist/db/pg_error.d.ts +16 -0
package/dist/db/pg_error.d.ts.map +1 -0
package/dist/db/pg_error.js +15 -0
package/dist/db/query_deps.d.ts +14 -0
package/dist/db/query_deps.d.ts.map +1 -0
package/dist/db/query_deps.js +9 -0
package/dist/db/sql_identifier.d.ts +27 -0
package/dist/db/sql_identifier.d.ts.map +1 -0
package/dist/db/sql_identifier.js +31 -0
package/dist/db/status.d.ts +62 -0
package/dist/db/status.d.ts.map +1 -0
package/dist/db/status.js +116 -0
package/dist/dev/setup.d.ts +159 -0
package/dist/dev/setup.d.ts.map +1 -0
package/dist/dev/setup.js +265 -0
package/dist/env/dotenv.d.ts +25 -0
package/dist/env/dotenv.d.ts.map +1 -0
package/dist/env/dotenv.js +52 -0
package/dist/env/load.d.ts +52 -0
package/dist/env/load.d.ts.map +1 -0
package/dist/env/load.js +79 -0
package/dist/env/mask.d.ts +19 -0
package/dist/env/mask.d.ts.map +1 -0
package/dist/env/mask.js +26 -0
package/dist/env/resolve.d.ts +126 -0
package/dist/env/resolve.d.ts.map +1 -0
package/dist/env/resolve.js +200 -0
package/dist/hono_context.d.ts +48 -0
package/dist/hono_context.d.ts.map +1 -0
package/dist/hono_context.js +22 -0
package/dist/http/common_routes.d.ts +52 -0
package/dist/http/common_routes.d.ts.map +1 -0
package/dist/http/common_routes.js +65 -0
package/dist/http/db_routes.d.ts +57 -0
package/dist/http/db_routes.d.ts.map +1 -0
package/dist/http/db_routes.js +176 -0
package/dist/http/error_schemas.d.ts +169 -0
package/dist/http/error_schemas.d.ts.map +1 -0
package/dist/http/error_schemas.js +178 -0
package/dist/http/middleware_spec.d.ts +19 -0
package/dist/http/middleware_spec.d.ts.map +1 -0
package/dist/http/middleware_spec.js +9 -0
package/dist/http/origin.d.ts +57 -0
package/dist/http/origin.d.ts.map +1 -0
package/dist/http/origin.js +207 -0
package/dist/http/proxy.d.ts +112 -0
package/dist/http/proxy.d.ts.map +1 -0
package/dist/http/proxy.js +240 -0
package/dist/http/route_spec.d.ts +197 -0
package/dist/http/route_spec.d.ts.map +1 -0
package/dist/http/route_spec.js +243 -0
package/dist/http/schema_helpers.d.ts +64 -0
package/dist/http/schema_helpers.d.ts.map +1 -0
package/dist/http/schema_helpers.js +90 -0
package/dist/http/surface.d.ts +132 -0
package/dist/http/surface.d.ts.map +1 -0
package/dist/http/surface.js +156 -0
package/dist/http/surface_query.d.ts +77 -0
package/dist/http/surface_query.d.ts.map +1 -0
package/dist/http/surface_query.js +86 -0
package/dist/rate_limiter.d.ts +94 -0
package/dist/rate_limiter.d.ts.map +1 -0
package/dist/rate_limiter.js +156 -0
package/dist/realtime/sse.d.ts +80 -0
package/dist/realtime/sse.d.ts.map +1 -0
package/dist/realtime/sse.js +109 -0
package/dist/realtime/sse_auth_guard.d.ts +93 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -0
package/dist/realtime/sse_auth_guard.js +111 -0
package/dist/realtime/subscriber_registry.d.ts +85 -0
package/dist/realtime/subscriber_registry.d.ts.map +1 -0
package/dist/realtime/subscriber_registry.js +108 -0
package/dist/runtime/deno.d.ts +21 -0
package/dist/runtime/deno.d.ts.map +1 -0
package/dist/runtime/deno.js +83 -0
package/dist/runtime/deps.d.ts +113 -0
package/dist/runtime/deps.d.ts.map +1 -0
package/dist/runtime/deps.js +10 -0
package/dist/runtime/fs.d.ts +15 -0
package/dist/runtime/fs.d.ts.map +1 -0
package/dist/runtime/fs.js +17 -0
package/dist/runtime/mock.d.ts +81 -0
package/dist/runtime/mock.d.ts.map +1 -0
package/dist/runtime/mock.js +195 -0
package/dist/runtime/node.d.ts +17 -0
package/dist/runtime/node.d.ts.map +1 -0
package/dist/runtime/node.js +117 -0
package/dist/schema_meta.d.ts +16 -0
package/dist/schema_meta.d.ts.map +1 -0
package/dist/schema_meta.js +9 -0
package/dist/sensitivity.d.ts +15 -0
package/dist/sensitivity.d.ts.map +1 -0
package/dist/sensitivity.js +9 -0
package/dist/server/app_backend.d.ts +74 -0
package/dist/server/app_backend.d.ts.map +1 -0
package/dist/server/app_backend.js +39 -0
package/dist/server/app_server.d.ts +201 -0
package/dist/server/app_server.d.ts.map +1 -0
package/dist/server/app_server.js +266 -0
package/dist/server/env.d.ts +68 -0
package/dist/server/env.d.ts.map +1 -0
package/dist/server/env.js +95 -0
package/dist/server/startup.d.ts +22 -0
package/dist/server/startup.d.ts.map +1 -0
package/dist/server/startup.js +48 -0
package/dist/server/static.d.ts +39 -0
package/dist/server/static.d.ts.map +1 -0
package/dist/server/static.js +38 -0
package/dist/server/validate_nginx.d.ts +34 -0
package/dist/server/validate_nginx.d.ts.map +1 -0
package/dist/server/validate_nginx.js +118 -0
package/dist/testing/CLAUDE.md +3 -0
package/dist/testing/admin_integration.d.ts +45 -0
package/dist/testing/admin_integration.d.ts.map +1 -0
package/dist/testing/admin_integration.js +840 -0
package/dist/testing/adversarial_404.d.ts +15 -0
package/dist/testing/adversarial_404.d.ts.map +1 -0
package/dist/testing/adversarial_404.js +118 -0
package/dist/testing/adversarial_headers.d.ts +36 -0
package/dist/testing/adversarial_headers.d.ts.map +1 -0
package/dist/testing/adversarial_headers.js +128 -0
package/dist/testing/adversarial_input.d.ts +56 -0
package/dist/testing/adversarial_input.d.ts.map +1 -0
package/dist/testing/adversarial_input.js +494 -0
package/dist/testing/app_server.d.ts +169 -0
package/dist/testing/app_server.d.ts.map +1 -0
package/dist/testing/app_server.js +240 -0
package/dist/testing/assert_dev_env.d.ts +10 -0
package/dist/testing/assert_dev_env.d.ts.map +1 -0
package/dist/testing/assert_dev_env.js +13 -0
package/dist/testing/assertions.d.ts +61 -0
package/dist/testing/assertions.d.ts.map +1 -0
package/dist/testing/assertions.js +96 -0
package/dist/testing/attack_surface.d.ts +63 -0
package/dist/testing/attack_surface.d.ts.map +1 -0
package/dist/testing/attack_surface.js +224 -0
package/dist/testing/audit_completeness.d.ts +29 -0
package/dist/testing/audit_completeness.d.ts.map +1 -0
package/dist/testing/audit_completeness.js +410 -0
package/dist/testing/auth_apps.d.ts +55 -0
package/dist/testing/auth_apps.d.ts.map +1 -0
package/dist/testing/auth_apps.js +122 -0
package/dist/testing/data_exposure.d.ts +62 -0
package/dist/testing/data_exposure.d.ts.map +1 -0
package/dist/testing/data_exposure.js +297 -0
package/dist/testing/db.d.ts +111 -0
package/dist/testing/db.d.ts.map +1 -0
package/dist/testing/db.js +258 -0
package/dist/testing/entities.d.ts +21 -0
package/dist/testing/entities.d.ts.map +1 -0
package/dist/testing/entities.js +42 -0
package/dist/testing/error_coverage.d.ts +78 -0
package/dist/testing/error_coverage.d.ts.map +1 -0
package/dist/testing/error_coverage.js +135 -0
package/dist/testing/integration.d.ts +37 -0
package/dist/testing/integration.d.ts.map +1 -0
package/dist/testing/integration.js +1139 -0
package/dist/testing/integration_helpers.d.ts +107 -0
package/dist/testing/integration_helpers.d.ts.map +1 -0
package/dist/testing/integration_helpers.js +246 -0
package/dist/testing/middleware.d.ts +125 -0
package/dist/testing/middleware.d.ts.map +1 -0
package/dist/testing/middleware.js +210 -0
package/dist/testing/rate_limiting.d.ts +43 -0
package/dist/testing/rate_limiting.d.ts.map +1 -0
package/dist/testing/rate_limiting.js +216 -0
package/dist/testing/round_trip.d.ts +37 -0
package/dist/testing/round_trip.d.ts.map +1 -0
package/dist/testing/round_trip.js +128 -0
package/dist/testing/schema_generators.d.ts +33 -0
package/dist/testing/schema_generators.d.ts.map +1 -0
package/dist/testing/schema_generators.js +137 -0
package/dist/testing/standard.d.ts +49 -0
package/dist/testing/standard.d.ts.map +1 -0
package/dist/testing/standard.js +16 -0
package/dist/testing/stubs.d.ts +96 -0
package/dist/testing/stubs.d.ts.map +1 -0
package/dist/testing/stubs.js +192 -0
package/dist/testing/surface_invariants.d.ts +189 -0
package/dist/testing/surface_invariants.d.ts.map +1 -0
package/dist/testing/surface_invariants.js +450 -0
package/dist/ui/AccountSessions.svelte +75 -0
package/dist/ui/AccountSessions.svelte.d.ts +19 -0
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -0
package/dist/ui/AdminAccounts.svelte +107 -0
package/dist/ui/AdminAccounts.svelte.d.ts +19 -0
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -0
package/dist/ui/AdminAuditLog.svelte +144 -0
package/dist/ui/AdminAuditLog.svelte.d.ts +4 -0
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -0
package/dist/ui/AdminInvites.svelte +142 -0
package/dist/ui/AdminInvites.svelte.d.ts +4 -0
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -0
package/dist/ui/AdminOverview.svelte +337 -0
package/dist/ui/AdminOverview.svelte.d.ts +4 -0
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -0
package/dist/ui/AdminPermitHistory.svelte +61 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts +19 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -0
package/dist/ui/AdminSessions.svelte +85 -0
package/dist/ui/AdminSessions.svelte.d.ts +19 -0
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -0
package/dist/ui/AdminSettings.svelte +32 -0
package/dist/ui/AdminSettings.svelte.d.ts +19 -0
package/dist/ui/AdminSettings.svelte.d.ts.map +1 -0
package/dist/ui/AdminSurface.svelte +42 -0
package/dist/ui/AdminSurface.svelte.d.ts +4 -0
package/dist/ui/AdminSurface.svelte.d.ts.map +1 -0
package/dist/ui/AppShell.svelte +93 -0
package/dist/ui/AppShell.svelte.d.ts +20 -0
package/dist/ui/AppShell.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +105 -0
package/dist/ui/BootstrapForm.svelte.d.ts +4 -0
package/dist/ui/BootstrapForm.svelte.d.ts.map +1 -0
package/dist/ui/ColumnLayout.svelte +46 -0
package/dist/ui/ColumnLayout.svelte.d.ts +11 -0
package/dist/ui/ColumnLayout.svelte.d.ts.map +1 -0
package/dist/ui/ConfirmButton.svelte +125 -0
package/dist/ui/ConfirmButton.svelte.d.ts +54 -0
package/dist/ui/ConfirmButton.svelte.d.ts.map +1 -0
package/dist/ui/Datatable.svelte +185 -0
package/dist/ui/Datatable.svelte.d.ts +35 -0
package/dist/ui/Datatable.svelte.d.ts.map +1 -0
package/dist/ui/LoginForm.svelte +82 -0
package/dist/ui/LoginForm.svelte.d.ts +8 -0
package/dist/ui/LoginForm.svelte.d.ts.map +1 -0
package/dist/ui/LogoutButton.svelte +36 -0
package/dist/ui/LogoutButton.svelte.d.ts +10 -0
package/dist/ui/LogoutButton.svelte.d.ts.map +1 -0
package/dist/ui/MenuLink.svelte +35 -0
package/dist/ui/MenuLink.svelte.d.ts +12 -0
package/dist/ui/MenuLink.svelte.d.ts.map +1 -0
package/dist/ui/OpenSignupToggle.svelte +36 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts +19 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -0
package/dist/ui/PopoverButton.svelte +136 -0
package/dist/ui/PopoverButton.svelte.d.ts +63 -0
package/dist/ui/PopoverButton.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +117 -0
package/dist/ui/SignupForm.svelte.d.ts +7 -0
package/dist/ui/SignupForm.svelte.d.ts.map +1 -0
package/dist/ui/SurfaceExplorer.svelte +287 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts +8 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +15 -0
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.js +45 -0
package/dist/ui/admin_accounts_state.svelte.d.ts +19 -0
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_accounts_state.svelte.js +65 -0
package/dist/ui/admin_invites_state.svelte.d.ts +19 -0
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_invites_state.svelte.js +71 -0
package/dist/ui/admin_sessions_state.svelte.d.ts +18 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_sessions_state.svelte.js +62 -0
package/dist/ui/app_settings_state.svelte.d.ts +14 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -0
package/dist/ui/app_settings_state.svelte.js +44 -0
package/dist/ui/audit_log_state.svelte.d.ts +40 -0
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -0
package/dist/ui/audit_log_state.svelte.js +153 -0
package/dist/ui/auth_state.svelte.d.ts +85 -0
package/dist/ui/auth_state.svelte.d.ts.map +1 -0
package/dist/ui/auth_state.svelte.js +238 -0
package/dist/ui/datatable.d.ts +25 -0
package/dist/ui/datatable.d.ts.map +1 -0
package/dist/ui/datatable.js +9 -0
package/dist/ui/enter_advance.d.ts +13 -0
package/dist/ui/enter_advance.d.ts.map +1 -0
package/dist/ui/enter_advance.js +30 -0
package/dist/ui/loadable.svelte.d.ts +55 -0
package/dist/ui/loadable.svelte.d.ts.map +1 -0
package/dist/ui/loadable.svelte.js +75 -0
package/dist/ui/popover.svelte.d.ts +137 -0
package/dist/ui/popover.svelte.d.ts.map +1 -0
package/dist/ui/popover.svelte.js +288 -0
package/dist/ui/position_helpers.d.ts +27 -0
package/dist/ui/position_helpers.d.ts.map +1 -0
package/dist/ui/position_helpers.js +81 -0
package/dist/ui/sidebar_state.svelte.d.ts +30 -0
package/dist/ui/sidebar_state.svelte.d.ts.map +1 -0
package/dist/ui/sidebar_state.svelte.js +39 -0
package/dist/ui/table_state.svelte.d.ts +63 -0
package/dist/ui/table_state.svelte.d.ts.map +1 -0
package/dist/ui/table_state.svelte.js +117 -0
package/dist/ui/ui_fetch.d.ts +29 -0
package/dist/ui/ui_fetch.d.ts.map +1 -0
package/dist/ui/ui_fetch.js +37 -0
package/dist/ui/ui_format.d.ts +63 -0
package/dist/ui/ui_format.d.ts.map +1 -0
package/dist/ui/ui_format.js +196 -0
package/package.json +121 -0

package/dist/testing/adversarial_404.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import './assert_dev_env.js';
+import type { AdversarialTestOptions } from './attack_surface.js';
+/**
+ * Generate adversarial 404 response validation tests.
+ *
+ * For each route with `params` + 404 in `error_schemas`:
+ * 1. Creates a stub handler returning 404 with the declared error code
+ * 2. Fires a request with valid-format params (nil UUIDs for UUID params)
+ * 3. Validates response status is 404
+ * 4. Validates response body matches the declared 404 Zod schema
+ *
+ * @param options - the test configuration
+ */
+export declare const describe_adversarial_404: (options: AdversarialTestOptions) => void;
+//# sourceMappingURL=adversarial_404.d.ts.map

package/dist/testing/adversarial_404.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"adversarial_404.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_404.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AAyBhE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,wBAAwB,GAAI,SAAS,sBAAsB,KAAG,IA2E1E,CAAC"}

package/dist/testing/adversarial_404.js ADDED Viewed

@@ -0,0 +1,118 @@
+import './assert_dev_env.js';
+/**
+ * Adversarial 404 testing for routes with params and declared 404 error schemas.
+ *
+ * Creates stub handlers that return 404 with the declared error code,
+ * fires requests with valid-format-but-nonexistent params (nil UUIDs),
+ * and validates response bodies against the declared 404 Zod schemas.
+ *
+ * No DB needed — tests schema conformance of 404 responses, not real handlers.
+ *
+ * @module
+ */
+import { test, assert, describe } from 'vitest';
+import { z } from 'zod';
+import { is_null_schema } from '../http/schema_helpers.js';
+import { create_auth_test_apps, select_auth_app } from './auth_apps.js';
+import { resolve_valid_path, generate_valid_body } from './schema_generators.js';
+/**
+ * Extract the error code from a 404 Zod schema for use in the stub handler.
+ *
+ * Supports `z.literal()` (`{const: '...'}`) and `z.enum()` (`{enum: [...]}`, uses first value).
+ */
+const extract_404_error_code = (schema) => {
+    try {
+        const json = z.toJSONSchema(schema);
+        if (json.type !== 'object' || !json.properties || typeof json.properties !== 'object')
+            return null;
+        const props = json.properties;
+        if (!props.error || typeof props.error !== 'object')
+            return null;
+        const error_schema = props.error;
+        if (typeof error_schema.const === 'string')
+            return error_schema.const;
+        if (Array.isArray(error_schema.enum) && typeof error_schema.enum[0] === 'string')
+            return error_schema.enum[0];
+    }
+    catch {
+        // schema can't be converted
+    }
+    return null;
+};
+/**
+ * Generate adversarial 404 response validation tests.
+ *
+ * For each route with `params` + 404 in `error_schemas`:
+ * 1. Creates a stub handler returning 404 with the declared error code
+ * 2. Fires a request with valid-format params (nil UUIDs for UUID params)
+ * 3. Validates response status is 404
+ * 4. Validates response body matches the declared 404 Zod schema
+ *
+ * @param options - the test configuration
+ */
+export const describe_adversarial_404 = (options) => {
+    const { build, roles } = options;
+    const { surface, route_specs } = build();
+    // Build spec lookup for Zod schema access
+    const spec_lookup = new Map();
+    for (const spec of route_specs) {
+        spec_lookup.set(`${spec.method} ${spec.path}`, spec);
+    }
+    // Find testable routes: params + 404 + extractable error code
+    const testable = [];
+    for (const route of surface.routes) {
+        if (route.params_schema === null)
+            continue;
+        if (!route.error_schemas || !('404' in route.error_schemas))
+            continue;
+        const key = `${route.method} ${route.path}`;
+        const spec = spec_lookup.get(key);
+        if (!spec?.params || !spec.errors?.[404])
+            continue;
+        const error_code = extract_404_error_code(spec.errors[404]);
+        if (!error_code)
+            continue;
+        testable.push({ key, error_code, spec });
+    }
+    if (testable.length === 0)
+        return;
+    describe('adversarial 404 response validation', () => {
+        // Create stub specs: replace handlers for testable routes with 404 stubs
+        const error_code_by_key = new Map();
+        for (const entry of testable) {
+            error_code_by_key.set(entry.key, entry.error_code);
+        }
+        const stub_specs = route_specs.map((spec) => {
+            const error_code = error_code_by_key.get(`${spec.method} ${spec.path}`);
+            if (!error_code)
+                return spec;
+            return {
+                ...spec,
+                handler: (c) => c.json({ error: error_code }, 404),
+            };
+        });
+        const apps = create_auth_test_apps(stub_specs, roles);
+        for (const { key, error_code, spec } of testable) {
+            test(key, async () => {
+                const route = surface.routes.find((r) => `${r.method} ${r.path}` === key);
+                const app = select_auth_app(apps, route.auth);
+                const url = resolve_valid_path(route.path, spec.params);
+                const request_init = { method: route.method };
+                // Send valid body for routes with input
+                if (!is_null_schema(spec.input)) {
+                    const body = generate_valid_body(spec.input);
+                    if (body !== undefined) {
+                        request_init.headers = { 'Content-Type': 'application/json' };
+                        request_init.body = JSON.stringify(body);
+                    }
+                }
+                const res = await app.request(url, request_init);
+                assert.strictEqual(res.status, 404, `Expected 404 for ${key}, got ${res.status}`);
+                const body = await res.json();
+                assert.strictEqual(body.error, error_code, `Expected error '${error_code}' for ${key}, got: ${body.error}`);
+                // Validate against declared 404 Zod schema
+                spec.errors[404].parse(body);
+            });
+        }
+    });
+};

package/dist/testing/adversarial_headers.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import './assert_dev_env.js';
+import type { z } from 'zod';
+import { type TestMiddlewareStackOptions } from './middleware.js';
+/** A header-level attack case for middleware stack testing. */
+export interface AdversarialHeaderCase {
+    name: string;
+    headers: Record<string, string>;
+    expected_status: number;
+    expected_error?: string;
+    /** Zod schema to validate error response body against. Defaults to `ApiError` when `expected_error` is set. */
+    expected_error_schema?: z.ZodType;
+    /** Whether the request should reach token validation or be short-circuited by earlier middleware. */
+    validate_expectation: 'called' | 'not_called';
+}
+/**
+ * 7 standard adversarial header cases applicable to any middleware stack.
+ *
+ * @param allowed_origin - an origin that passes the origin check
+ * @returns the standard adversarial header cases
+ */
+export declare const create_standard_adversarial_cases: (allowed_origin: string) => Array<AdversarialHeaderCase>;
+/**
+ * Create a middleware stack app with standard adversarial header tests.
+ *
+ * Convenience wrapper combining `create_test_middleware_stack_app`
+ * and `create_standard_adversarial_cases`.
+ * Asserts body content for both error and success cases, and checks
+ * `mock_validate` call status via per-case declarative flags.
+ *
+ * @param suite_name - the describe block name
+ * @param options - middleware stack configuration
+ * @param allowed_origin - an origin that passes the origin check (used for standard cases)
+ * @param extra_cases - additional cases appended after the 7 standard ones
+ */
+export declare const describe_standard_adversarial_headers: (suite_name: string, options: TestMiddlewareStackOptions, allowed_origin: string, extra_cases?: Array<AdversarialHeaderCase>) => void;
+//# sourceMappingURL=adversarial_headers.d.ts.map

package/dist/testing/adversarial_headers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"adversarial_headers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_headers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAY7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAS3B,OAAO,EAGN,KAAK,0BAA0B,EAC/B,MAAM,iBAAiB,CAAC;AAIzB,+DAA+D;AAC/D,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAClC,qGAAqG;IACrG,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;CAC9C;AAID;;;;;GAKG;AACH,eAAO,MAAM,iCAAiC,GAC7C,gBAAgB,MAAM,KACpB,KAAK,CAAC,qBAAqB,CAkE7B,CAAC;AAIF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,qCAAqC,GACjD,YAAY,MAAM,EAClB,SAAS,0BAA0B,EACnC,gBAAgB,MAAM,EACtB,cAAc,KAAK,CAAC,qBAAqB,CAAC,KACxC,IAkCF,CAAC"}

package/dist/testing/adversarial_headers.js ADDED Viewed

@@ -0,0 +1,128 @@
+import './assert_dev_env.js';
+/**
+ * Adversarial header attack test suite.
+ *
+ * Provides standard header injection test cases and a convenience wrapper
+ * for exercising middleware stacks with adversarial headers.
+ *
+ * @module
+ */
+import { test, assert, describe } from 'vitest';
+import { ApiError, ERROR_FORBIDDEN_ORIGIN, ERROR_FORBIDDEN_REFERER, ERROR_BEARER_REJECTED_BROWSER, ERROR_INVALID_TOKEN, } from '../http/error_schemas.js';
+import { create_test_middleware_stack_app, TEST_MIDDLEWARE_PATH, } from './middleware.js';
+// --- Standard adversarial header cases ---
+/**
+ * 7 standard adversarial header cases applicable to any middleware stack.
+ *
+ * @param allowed_origin - an origin that passes the origin check
+ * @returns the standard adversarial header cases
+ */
+export const create_standard_adversarial_cases = (allowed_origin) => [
+    {
+        name: 'bearer token with Origin header is rejected before token validation',
+        headers: {
+            Authorization: 'Bearer secret_fuz_token_test',
+            Origin: 'https://attacker.com',
+        },
+        expected_status: 403,
+        expected_error: ERROR_FORBIDDEN_ORIGIN,
+        validate_expectation: 'not_called',
+    },
+    {
+        name: 'bearer token with allowed Origin is rejected as browser context',
+        headers: {
+            Authorization: 'Bearer secret_fuz_token_test',
+            Origin: allowed_origin,
+        },
+        expected_status: 403,
+        expected_error: ERROR_BEARER_REJECTED_BROWSER,
+        validate_expectation: 'not_called',
+    },
+    {
+        name: 'request with no auth headers passes through all middleware',
+        headers: {},
+        expected_status: 200,
+        validate_expectation: 'not_called',
+    },
+    {
+        name: 'empty Origin header is rejected by origin middleware before bearer auth (defense-in-depth)',
+        headers: {
+            Authorization: 'Bearer secret_fuz_token_test',
+            Origin: '',
+        },
+        expected_status: 403,
+        expected_error: ERROR_FORBIDDEN_ORIGIN,
+        validate_expectation: 'not_called',
+    },
+    {
+        name: 'lowercase bearer scheme is recognized (case-insensitive per RFC 7235)',
+        headers: {
+            Authorization: 'bearer secret_fuz_token_test',
+        },
+        expected_status: 401,
+        expected_error: ERROR_INVALID_TOKEN,
+        validate_expectation: 'called',
+    },
+    {
+        name: 'bearer token with Referer from untrusted source is rejected',
+        headers: {
+            Authorization: 'Bearer secret_fuz_token_test',
+            Referer: 'https://attacker.com/page',
+        },
+        expected_status: 403,
+        expected_error: ERROR_FORBIDDEN_REFERER,
+        validate_expectation: 'not_called',
+    },
+    {
+        name: 'bearer token with Referer from allowed origin is rejected as browser context (defense-in-depth)',
+        headers: {
+            Authorization: 'Bearer secret_fuz_token_test',
+            Referer: `${allowed_origin}/page`,
+        },
+        expected_status: 403,
+        expected_error: ERROR_BEARER_REJECTED_BROWSER,
+        validate_expectation: 'not_called',
+    },
+];
+// --- Convenience wrapper ---
+/**
+ * Create a middleware stack app with standard adversarial header tests.
+ *
+ * Convenience wrapper combining `create_test_middleware_stack_app`
+ * and `create_standard_adversarial_cases`.
+ * Asserts body content for both error and success cases, and checks
+ * `mock_validate` call status via per-case declarative flags.
+ *
+ * @param suite_name - the describe block name
+ * @param options - middleware stack configuration
+ * @param allowed_origin - an origin that passes the origin check (used for standard cases)
+ * @param extra_cases - additional cases appended after the 7 standard ones
+ */
+export const describe_standard_adversarial_headers = (suite_name, options, allowed_origin, extra_cases) => {
+    const cases = [...create_standard_adversarial_cases(allowed_origin), ...(extra_cases ?? [])];
+    describe(suite_name, () => {
+        for (const tc of cases) {
+            test(tc.name, async () => {
+                const { app, mock_validate } = create_test_middleware_stack_app(options);
+                const res = await app.request(TEST_MIDDLEWARE_PATH, { headers: tc.headers });
+                assert.strictEqual(res.status, tc.expected_status);
+                const body = await res.json();
+                if (tc.expected_error) {
+                    assert.strictEqual(body.error, tc.expected_error);
+                    const error_schema = tc.expected_error_schema ?? ApiError;
+                    error_schema.parse(body);
+                }
+                if (tc.expected_status === 200) {
+                    assert.strictEqual(body.ok, true, 'expected ok to be true for 200 response');
+                    assert.strictEqual(body.has_context, false, 'expected has_context to be false (no auth)');
+                }
+                if (tc.validate_expectation === 'not_called') {
+                    assert.strictEqual(mock_validate.mock.calls.length, 0, 'validate should not have been called — middleware should short-circuit');
+                }
+                else {
+                    assert.ok(mock_validate.mock.calls.length > 0, 'validate should have been called — request reached token validation');
+                }
+            });
+        }
+    });
+};

package/dist/testing/adversarial_input.d.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import './assert_dev_env.js';
+import { z } from 'zod';
+import { ERROR_INVALID_REQUEST_BODY, ERROR_INVALID_JSON_BODY } from '../http/error_schemas.js';
+import type { AdversarialTestOptions } from './attack_surface.js';
+interface InputTestCase {
+    label: string;
+    body: unknown;
+    expected_error: typeof ERROR_INVALID_REQUEST_BODY | typeof ERROR_INVALID_JSON_BODY;
+}
+interface ParamsTestCase {
+    label: string;
+    params: Record<string, string>;
+}
+interface QueryTestCase {
+    label: string;
+    query: Record<string, string>;
+}
+/**
+ * Generate adversarial test cases for a route's input schema.
+ *
+ * Produces focused, non-redundant cases:
+ * - Whole-body: send array instead of object, extra unknown key
+ * - Missing required fields (without defaults)
+ * - One wrong-type value per field
+ * - Null for required non-nullable fields
+ * - One format violation per constrained field
+ */
+export declare const generate_input_test_cases: (input_schema: z.ZodType) => Array<InputTestCase>;
+/**
+ * Generate adversarial test cases for a route's params schema.
+ *
+ * Params are always strings from URL segments. Only generates cases for
+ * format-constrained fields (uuid, pattern) since unconstrained string
+ * params accept any string value.
+ */
+export declare const generate_params_test_cases: (params_schema: z.ZodObject) => Array<ParamsTestCase>;
+/**
+ * Generate adversarial test cases for a route's query schema.
+ *
+ * Query params are always strings from the URL. Generates cases for:
+ * - Missing required fields
+ * - Format violations on constrained fields (uuid, pattern)
+ */
+export declare const generate_query_test_cases: (query_schema: z.ZodObject) => Array<QueryTestCase>;
+/**
+ * Generate adversarial input validation test suites.
+ *
+ * Tests input body validation and params validation for all routes.
+ * Uses correct auth credentials so auth guards pass and validation
+ * middleware is actually exercised.
+ *
+ * @param options - the test configuration
+ */
+export declare const describe_adversarial_input: (options: AdversarialTestOptions) => void;
+export {};
+//# sourceMappingURL=adversarial_input.d.ts.map

package/dist/testing/adversarial_input.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"adversarial_input.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_input.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAUtB,OAAO,EAEN,0BAA0B,EAC1B,uBAAuB,EAGvB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AA8ChE,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,OAAO,0BAA0B,GAAG,OAAO,uBAAuB,CAAC;CACnF;AAED,UAAU,cAAc;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAID;;;;;;;;;GASG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,aAAa,CAyLtF,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GAAI,eAAe,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,cAAc,CA+B3F,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,aAAa,CA4CxF,CAAC;AAqBF;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,GAAI,SAAS,sBAAsB,KAAG,IA6L5E,CAAC"}