npm - @fuzdev/fuz_app - Versions diffs - 0.1.0 - Mend

@fuzdev/fuz_app 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/LICENSE +21 -0
package/README.md +49 -0
package/dist/actions/action_bridge.d.ts +65 -0
package/dist/actions/action_bridge.d.ts.map +1 -0
package/dist/actions/action_bridge.js +76 -0
package/dist/actions/action_codegen.d.ts +97 -0
package/dist/actions/action_codegen.d.ts.map +1 -0
package/dist/actions/action_codegen.js +280 -0
package/dist/actions/action_registry.d.ts +35 -0
package/dist/actions/action_registry.d.ts.map +1 -0
package/dist/actions/action_registry.js +83 -0
package/dist/actions/action_spec.d.ts +169 -0
package/dist/actions/action_spec.d.ts.map +1 -0
package/dist/actions/action_spec.js +76 -0
package/dist/auth/account_queries.d.ts +96 -0
package/dist/auth/account_queries.d.ts.map +1 -0
package/dist/auth/account_queries.js +172 -0
package/dist/auth/account_routes.d.ts +86 -0
package/dist/auth/account_routes.d.ts.map +1 -0
package/dist/auth/account_routes.js +406 -0
package/dist/auth/account_schema.d.ts +192 -0
package/dist/auth/account_schema.d.ts.map +1 -0
package/dist/auth/account_schema.js +105 -0
package/dist/auth/admin_routes.d.ts +29 -0
package/dist/auth/admin_routes.d.ts.map +1 -0
package/dist/auth/admin_routes.js +193 -0
package/dist/auth/api_token.d.ts +33 -0
package/dist/auth/api_token.d.ts.map +1 -0
package/dist/auth/api_token.js +36 -0
package/dist/auth/api_token_queries.d.ts +80 -0
package/dist/auth/api_token_queries.d.ts.map +1 -0
package/dist/auth/api_token_queries.js +116 -0
package/dist/auth/app_settings_queries.d.ts +33 -0
package/dist/auth/app_settings_queries.d.ts.map +1 -0
package/dist/auth/app_settings_queries.js +51 -0
package/dist/auth/app_settings_routes.d.ts +27 -0
package/dist/auth/app_settings_routes.d.ts.map +1 -0
package/dist/auth/app_settings_routes.js +66 -0
package/dist/auth/app_settings_schema.d.ts +35 -0
package/dist/auth/app_settings_schema.d.ts.map +1 -0
package/dist/auth/app_settings_schema.js +22 -0
package/dist/auth/audit_log_queries.d.ts +90 -0
package/dist/auth/audit_log_queries.d.ts.map +1 -0
package/dist/auth/audit_log_queries.js +205 -0
package/dist/auth/audit_log_routes.d.ts +33 -0
package/dist/auth/audit_log_routes.d.ts.map +1 -0
package/dist/auth/audit_log_routes.js +106 -0
package/dist/auth/audit_log_schema.d.ts +259 -0
package/dist/auth/audit_log_schema.d.ts.map +1 -0
package/dist/auth/audit_log_schema.js +123 -0
package/dist/auth/bearer_auth.d.ts +32 -0
package/dist/auth/bearer_auth.d.ts.map +1 -0
package/dist/auth/bearer_auth.js +90 -0
package/dist/auth/bootstrap_account.d.ts +82 -0
package/dist/auth/bootstrap_account.d.ts.map +1 -0
package/dist/auth/bootstrap_account.js +97 -0
package/dist/auth/bootstrap_routes.d.ts +74 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -0
package/dist/auth/bootstrap_routes.js +154 -0
package/dist/auth/daemon_token.d.ts +49 -0
package/dist/auth/daemon_token.d.ts.map +1 -0
package/dist/auth/daemon_token.js +49 -0
package/dist/auth/daemon_token_middleware.d.ts +93 -0
package/dist/auth/daemon_token_middleware.d.ts.map +1 -0
package/dist/auth/daemon_token_middleware.js +167 -0
package/dist/auth/ddl.d.ts +27 -0
package/dist/auth/ddl.d.ts.map +1 -0
package/dist/auth/ddl.js +111 -0
package/dist/auth/deps.d.ts +52 -0
package/dist/auth/deps.d.ts.map +1 -0
package/dist/auth/deps.js +10 -0
package/dist/auth/invite_queries.d.ts +68 -0
package/dist/auth/invite_queries.d.ts.map +1 -0
package/dist/auth/invite_queries.js +105 -0
package/dist/auth/invite_routes.d.ts +18 -0
package/dist/auth/invite_routes.d.ts.map +1 -0
package/dist/auth/invite_routes.js +129 -0
package/dist/auth/invite_schema.d.ts +51 -0
package/dist/auth/invite_schema.d.ts.map +1 -0
package/dist/auth/invite_schema.js +25 -0
package/dist/auth/keyring.d.ts +87 -0
package/dist/auth/keyring.d.ts.map +1 -0
package/dist/auth/keyring.js +142 -0
package/dist/auth/middleware.d.ts +40 -0
package/dist/auth/middleware.d.ts.map +1 -0
package/dist/auth/middleware.js +64 -0
package/dist/auth/migrations.d.ts +42 -0
package/dist/auth/migrations.d.ts.map +1 -0
package/dist/auth/migrations.js +79 -0
package/dist/auth/password.d.ts +39 -0
package/dist/auth/password.d.ts.map +1 -0
package/dist/auth/password.js +25 -0
package/dist/auth/password_argon2.d.ts +43 -0
package/dist/auth/password_argon2.d.ts.map +1 -0
package/dist/auth/password_argon2.js +76 -0
package/dist/auth/permit_queries.d.ts +72 -0
package/dist/auth/permit_queries.d.ts.map +1 -0
package/dist/auth/permit_queries.js +116 -0
package/dist/auth/request_context.d.ts +114 -0
package/dist/auth/request_context.d.ts.map +1 -0
package/dist/auth/request_context.js +176 -0
package/dist/auth/require_keeper.d.ts +20 -0
package/dist/auth/require_keeper.d.ts.map +1 -0
package/dist/auth/require_keeper.js +35 -0
package/dist/auth/role_schema.d.ts +69 -0
package/dist/auth/role_schema.d.ts.map +1 -0
package/dist/auth/role_schema.js +70 -0
package/dist/auth/route_guards.d.ts +21 -0
package/dist/auth/route_guards.d.ts.map +1 -0
package/dist/auth/route_guards.js +32 -0
package/dist/auth/session_cookie.d.ts +158 -0
package/dist/auth/session_cookie.d.ts.map +1 -0
package/dist/auth/session_cookie.js +135 -0
package/dist/auth/session_lifecycle.d.ts +35 -0
package/dist/auth/session_lifecycle.d.ts.map +1 -0
package/dist/auth/session_lifecycle.js +27 -0
package/dist/auth/session_middleware.d.ts +33 -0
package/dist/auth/session_middleware.d.ts.map +1 -0
package/dist/auth/session_middleware.js +62 -0
package/dist/auth/session_queries.d.ts +135 -0
package/dist/auth/session_queries.d.ts.map +1 -0
package/dist/auth/session_queries.js +186 -0
package/dist/auth/signup_routes.d.ts +32 -0
package/dist/auth/signup_routes.d.ts.map +1 -0
package/dist/auth/signup_routes.js +150 -0
package/dist/cli/args.d.ts +48 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +76 -0
package/dist/cli/config.d.ts +48 -0
package/dist/cli/config.d.ts.map +1 -0
package/dist/cli/config.js +77 -0
package/dist/cli/daemon.d.ts +82 -0
package/dist/cli/daemon.d.ts.map +1 -0
package/dist/cli/daemon.js +149 -0
package/dist/cli/help.d.ts +85 -0
package/dist/cli/help.d.ts.map +1 -0
package/dist/cli/help.js +138 -0
package/dist/cli/logger.d.ts +46 -0
package/dist/cli/logger.d.ts.map +1 -0
package/dist/cli/logger.js +48 -0
package/dist/cli/util.d.ts +36 -0
package/dist/cli/util.d.ts.map +1 -0
package/dist/cli/util.js +50 -0
package/dist/crypto.d.ts +13 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +19 -0
package/dist/db/assert_row.d.ts +18 -0
package/dist/db/assert_row.d.ts.map +1 -0
package/dist/db/assert_row.js +24 -0
package/dist/db/create_db.d.ts +38 -0
package/dist/db/create_db.d.ts.map +1 -0
package/dist/db/create_db.js +57 -0
package/dist/db/db.d.ts +97 -0
package/dist/db/db.d.ts.map +1 -0
package/dist/db/db.js +76 -0
package/dist/db/db_pg.d.ts +21 -0
package/dist/db/db_pg.d.ts.map +1 -0
package/dist/db/db_pg.js +45 -0
package/dist/db/db_pglite.d.ts +21 -0
package/dist/db/db_pglite.d.ts.map +1 -0
package/dist/db/db_pglite.js +28 -0
package/dist/db/migrate.d.ts +67 -0
package/dist/db/migrate.d.ts.map +1 -0
package/dist/db/migrate.js +118 -0
package/dist/db/pg_error.d.ts +16 -0
package/dist/db/pg_error.d.ts.map +1 -0
package/dist/db/pg_error.js +15 -0
package/dist/db/query_deps.d.ts +14 -0
package/dist/db/query_deps.d.ts.map +1 -0
package/dist/db/query_deps.js +9 -0
package/dist/db/sql_identifier.d.ts +27 -0
package/dist/db/sql_identifier.d.ts.map +1 -0
package/dist/db/sql_identifier.js +31 -0
package/dist/db/status.d.ts +62 -0
package/dist/db/status.d.ts.map +1 -0
package/dist/db/status.js +116 -0
package/dist/dev/setup.d.ts +159 -0
package/dist/dev/setup.d.ts.map +1 -0
package/dist/dev/setup.js +265 -0
package/dist/env/dotenv.d.ts +25 -0
package/dist/env/dotenv.d.ts.map +1 -0
package/dist/env/dotenv.js +52 -0
package/dist/env/load.d.ts +52 -0
package/dist/env/load.d.ts.map +1 -0
package/dist/env/load.js +79 -0
package/dist/env/mask.d.ts +19 -0
package/dist/env/mask.d.ts.map +1 -0
package/dist/env/mask.js +26 -0
package/dist/env/resolve.d.ts +126 -0
package/dist/env/resolve.d.ts.map +1 -0
package/dist/env/resolve.js +200 -0
package/dist/hono_context.d.ts +48 -0
package/dist/hono_context.d.ts.map +1 -0
package/dist/hono_context.js +22 -0
package/dist/http/common_routes.d.ts +52 -0
package/dist/http/common_routes.d.ts.map +1 -0
package/dist/http/common_routes.js +65 -0
package/dist/http/db_routes.d.ts +57 -0
package/dist/http/db_routes.d.ts.map +1 -0
package/dist/http/db_routes.js +176 -0
package/dist/http/error_schemas.d.ts +169 -0
package/dist/http/error_schemas.d.ts.map +1 -0
package/dist/http/error_schemas.js +178 -0
package/dist/http/middleware_spec.d.ts +19 -0
package/dist/http/middleware_spec.d.ts.map +1 -0
package/dist/http/middleware_spec.js +9 -0
package/dist/http/origin.d.ts +57 -0
package/dist/http/origin.d.ts.map +1 -0
package/dist/http/origin.js +207 -0
package/dist/http/proxy.d.ts +112 -0
package/dist/http/proxy.d.ts.map +1 -0
package/dist/http/proxy.js +240 -0
package/dist/http/route_spec.d.ts +197 -0
package/dist/http/route_spec.d.ts.map +1 -0
package/dist/http/route_spec.js +243 -0
package/dist/http/schema_helpers.d.ts +64 -0
package/dist/http/schema_helpers.d.ts.map +1 -0
package/dist/http/schema_helpers.js +90 -0
package/dist/http/surface.d.ts +132 -0
package/dist/http/surface.d.ts.map +1 -0
package/dist/http/surface.js +156 -0
package/dist/http/surface_query.d.ts +77 -0
package/dist/http/surface_query.d.ts.map +1 -0
package/dist/http/surface_query.js +86 -0
package/dist/rate_limiter.d.ts +94 -0
package/dist/rate_limiter.d.ts.map +1 -0
package/dist/rate_limiter.js +156 -0
package/dist/realtime/sse.d.ts +80 -0
package/dist/realtime/sse.d.ts.map +1 -0
package/dist/realtime/sse.js +109 -0
package/dist/realtime/sse_auth_guard.d.ts +93 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -0
package/dist/realtime/sse_auth_guard.js +111 -0
package/dist/realtime/subscriber_registry.d.ts +85 -0
package/dist/realtime/subscriber_registry.d.ts.map +1 -0
package/dist/realtime/subscriber_registry.js +108 -0
package/dist/runtime/deno.d.ts +21 -0
package/dist/runtime/deno.d.ts.map +1 -0
package/dist/runtime/deno.js +83 -0
package/dist/runtime/deps.d.ts +113 -0
package/dist/runtime/deps.d.ts.map +1 -0
package/dist/runtime/deps.js +10 -0
package/dist/runtime/fs.d.ts +15 -0
package/dist/runtime/fs.d.ts.map +1 -0
package/dist/runtime/fs.js +17 -0
package/dist/runtime/mock.d.ts +81 -0
package/dist/runtime/mock.d.ts.map +1 -0
package/dist/runtime/mock.js +195 -0
package/dist/runtime/node.d.ts +17 -0
package/dist/runtime/node.d.ts.map +1 -0
package/dist/runtime/node.js +117 -0
package/dist/schema_meta.d.ts +16 -0
package/dist/schema_meta.d.ts.map +1 -0
package/dist/schema_meta.js +9 -0
package/dist/sensitivity.d.ts +15 -0
package/dist/sensitivity.d.ts.map +1 -0
package/dist/sensitivity.js +9 -0
package/dist/server/app_backend.d.ts +74 -0
package/dist/server/app_backend.d.ts.map +1 -0
package/dist/server/app_backend.js +39 -0
package/dist/server/app_server.d.ts +201 -0
package/dist/server/app_server.d.ts.map +1 -0
package/dist/server/app_server.js +266 -0
package/dist/server/env.d.ts +68 -0
package/dist/server/env.d.ts.map +1 -0
package/dist/server/env.js +95 -0
package/dist/server/startup.d.ts +22 -0
package/dist/server/startup.d.ts.map +1 -0
package/dist/server/startup.js +48 -0
package/dist/server/static.d.ts +39 -0
package/dist/server/static.d.ts.map +1 -0
package/dist/server/static.js +38 -0
package/dist/server/validate_nginx.d.ts +34 -0
package/dist/server/validate_nginx.d.ts.map +1 -0
package/dist/server/validate_nginx.js +118 -0
package/dist/testing/CLAUDE.md +3 -0
package/dist/testing/admin_integration.d.ts +45 -0
package/dist/testing/admin_integration.d.ts.map +1 -0
package/dist/testing/admin_integration.js +840 -0
package/dist/testing/adversarial_404.d.ts +15 -0
package/dist/testing/adversarial_404.d.ts.map +1 -0
package/dist/testing/adversarial_404.js +118 -0
package/dist/testing/adversarial_headers.d.ts +36 -0
package/dist/testing/adversarial_headers.d.ts.map +1 -0
package/dist/testing/adversarial_headers.js +128 -0
package/dist/testing/adversarial_input.d.ts +56 -0
package/dist/testing/adversarial_input.d.ts.map +1 -0
package/dist/testing/adversarial_input.js +494 -0
package/dist/testing/app_server.d.ts +169 -0
package/dist/testing/app_server.d.ts.map +1 -0
package/dist/testing/app_server.js +240 -0
package/dist/testing/assert_dev_env.d.ts +10 -0
package/dist/testing/assert_dev_env.d.ts.map +1 -0
package/dist/testing/assert_dev_env.js +13 -0
package/dist/testing/assertions.d.ts +61 -0
package/dist/testing/assertions.d.ts.map +1 -0
package/dist/testing/assertions.js +96 -0
package/dist/testing/attack_surface.d.ts +63 -0
package/dist/testing/attack_surface.d.ts.map +1 -0
package/dist/testing/attack_surface.js +224 -0
package/dist/testing/audit_completeness.d.ts +29 -0
package/dist/testing/audit_completeness.d.ts.map +1 -0
package/dist/testing/audit_completeness.js +410 -0
package/dist/testing/auth_apps.d.ts +55 -0
package/dist/testing/auth_apps.d.ts.map +1 -0
package/dist/testing/auth_apps.js +122 -0
package/dist/testing/data_exposure.d.ts +62 -0
package/dist/testing/data_exposure.d.ts.map +1 -0
package/dist/testing/data_exposure.js +297 -0
package/dist/testing/db.d.ts +111 -0
package/dist/testing/db.d.ts.map +1 -0
package/dist/testing/db.js +258 -0
package/dist/testing/entities.d.ts +21 -0
package/dist/testing/entities.d.ts.map +1 -0
package/dist/testing/entities.js +42 -0
package/dist/testing/error_coverage.d.ts +78 -0
package/dist/testing/error_coverage.d.ts.map +1 -0
package/dist/testing/error_coverage.js +135 -0
package/dist/testing/integration.d.ts +37 -0
package/dist/testing/integration.d.ts.map +1 -0
package/dist/testing/integration.js +1139 -0
package/dist/testing/integration_helpers.d.ts +107 -0
package/dist/testing/integration_helpers.d.ts.map +1 -0
package/dist/testing/integration_helpers.js +246 -0
package/dist/testing/middleware.d.ts +125 -0
package/dist/testing/middleware.d.ts.map +1 -0
package/dist/testing/middleware.js +210 -0
package/dist/testing/rate_limiting.d.ts +43 -0
package/dist/testing/rate_limiting.d.ts.map +1 -0
package/dist/testing/rate_limiting.js +216 -0
package/dist/testing/round_trip.d.ts +37 -0
package/dist/testing/round_trip.d.ts.map +1 -0
package/dist/testing/round_trip.js +128 -0
package/dist/testing/schema_generators.d.ts +33 -0
package/dist/testing/schema_generators.d.ts.map +1 -0
package/dist/testing/schema_generators.js +137 -0
package/dist/testing/standard.d.ts +49 -0
package/dist/testing/standard.d.ts.map +1 -0
package/dist/testing/standard.js +16 -0
package/dist/testing/stubs.d.ts +96 -0
package/dist/testing/stubs.d.ts.map +1 -0
package/dist/testing/stubs.js +192 -0
package/dist/testing/surface_invariants.d.ts +189 -0
package/dist/testing/surface_invariants.d.ts.map +1 -0
package/dist/testing/surface_invariants.js +450 -0
package/dist/ui/AccountSessions.svelte +75 -0
package/dist/ui/AccountSessions.svelte.d.ts +19 -0
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -0
package/dist/ui/AdminAccounts.svelte +107 -0
package/dist/ui/AdminAccounts.svelte.d.ts +19 -0
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -0
package/dist/ui/AdminAuditLog.svelte +144 -0
package/dist/ui/AdminAuditLog.svelte.d.ts +4 -0
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -0
package/dist/ui/AdminInvites.svelte +142 -0
package/dist/ui/AdminInvites.svelte.d.ts +4 -0
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -0
package/dist/ui/AdminOverview.svelte +337 -0
package/dist/ui/AdminOverview.svelte.d.ts +4 -0
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -0
package/dist/ui/AdminPermitHistory.svelte +61 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts +19 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -0
package/dist/ui/AdminSessions.svelte +85 -0
package/dist/ui/AdminSessions.svelte.d.ts +19 -0
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -0
package/dist/ui/AdminSettings.svelte +32 -0
package/dist/ui/AdminSettings.svelte.d.ts +19 -0
package/dist/ui/AdminSettings.svelte.d.ts.map +1 -0
package/dist/ui/AdminSurface.svelte +42 -0
package/dist/ui/AdminSurface.svelte.d.ts +4 -0
package/dist/ui/AdminSurface.svelte.d.ts.map +1 -0
package/dist/ui/AppShell.svelte +93 -0
package/dist/ui/AppShell.svelte.d.ts +20 -0
package/dist/ui/AppShell.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +105 -0
package/dist/ui/BootstrapForm.svelte.d.ts +4 -0
package/dist/ui/BootstrapForm.svelte.d.ts.map +1 -0
package/dist/ui/ColumnLayout.svelte +46 -0
package/dist/ui/ColumnLayout.svelte.d.ts +11 -0
package/dist/ui/ColumnLayout.svelte.d.ts.map +1 -0
package/dist/ui/ConfirmButton.svelte +125 -0
package/dist/ui/ConfirmButton.svelte.d.ts +54 -0
package/dist/ui/ConfirmButton.svelte.d.ts.map +1 -0
package/dist/ui/Datatable.svelte +185 -0
package/dist/ui/Datatable.svelte.d.ts +35 -0
package/dist/ui/Datatable.svelte.d.ts.map +1 -0
package/dist/ui/LoginForm.svelte +82 -0
package/dist/ui/LoginForm.svelte.d.ts +8 -0
package/dist/ui/LoginForm.svelte.d.ts.map +1 -0
package/dist/ui/LogoutButton.svelte +36 -0
package/dist/ui/LogoutButton.svelte.d.ts +10 -0
package/dist/ui/LogoutButton.svelte.d.ts.map +1 -0
package/dist/ui/MenuLink.svelte +35 -0
package/dist/ui/MenuLink.svelte.d.ts +12 -0
package/dist/ui/MenuLink.svelte.d.ts.map +1 -0
package/dist/ui/OpenSignupToggle.svelte +36 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts +19 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -0
package/dist/ui/PopoverButton.svelte +136 -0
package/dist/ui/PopoverButton.svelte.d.ts +63 -0
package/dist/ui/PopoverButton.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +117 -0
package/dist/ui/SignupForm.svelte.d.ts +7 -0
package/dist/ui/SignupForm.svelte.d.ts.map +1 -0
package/dist/ui/SurfaceExplorer.svelte +287 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts +8 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +15 -0
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.js +45 -0
package/dist/ui/admin_accounts_state.svelte.d.ts +19 -0
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_accounts_state.svelte.js +65 -0
package/dist/ui/admin_invites_state.svelte.d.ts +19 -0
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_invites_state.svelte.js +71 -0
package/dist/ui/admin_sessions_state.svelte.d.ts +18 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -0
package/dist/ui/admin_sessions_state.svelte.js +62 -0
package/dist/ui/app_settings_state.svelte.d.ts +14 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -0
package/dist/ui/app_settings_state.svelte.js +44 -0
package/dist/ui/audit_log_state.svelte.d.ts +40 -0
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -0
package/dist/ui/audit_log_state.svelte.js +153 -0
package/dist/ui/auth_state.svelte.d.ts +85 -0
package/dist/ui/auth_state.svelte.d.ts.map +1 -0
package/dist/ui/auth_state.svelte.js +238 -0
package/dist/ui/datatable.d.ts +25 -0
package/dist/ui/datatable.d.ts.map +1 -0
package/dist/ui/datatable.js +9 -0
package/dist/ui/enter_advance.d.ts +13 -0
package/dist/ui/enter_advance.d.ts.map +1 -0
package/dist/ui/enter_advance.js +30 -0
package/dist/ui/loadable.svelte.d.ts +55 -0
package/dist/ui/loadable.svelte.d.ts.map +1 -0
package/dist/ui/loadable.svelte.js +75 -0
package/dist/ui/popover.svelte.d.ts +137 -0
package/dist/ui/popover.svelte.d.ts.map +1 -0
package/dist/ui/popover.svelte.js +288 -0
package/dist/ui/position_helpers.d.ts +27 -0
package/dist/ui/position_helpers.d.ts.map +1 -0
package/dist/ui/position_helpers.js +81 -0
package/dist/ui/sidebar_state.svelte.d.ts +30 -0
package/dist/ui/sidebar_state.svelte.d.ts.map +1 -0
package/dist/ui/sidebar_state.svelte.js +39 -0
package/dist/ui/table_state.svelte.d.ts +63 -0
package/dist/ui/table_state.svelte.d.ts.map +1 -0
package/dist/ui/table_state.svelte.js +117 -0
package/dist/ui/ui_fetch.d.ts +29 -0
package/dist/ui/ui_fetch.d.ts.map +1 -0
package/dist/ui/ui_fetch.js +37 -0
package/dist/ui/ui_format.d.ts +63 -0
package/dist/ui/ui_format.d.ts.map +1 -0
package/dist/ui/ui_format.js +196 -0
package/package.json +121 -0

package/dist/auth/api_token_queries.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * API token query functions for token CRUD and validation.
+ *
+ * @module
+ */
+import type { Logger } from '@fuzdev/fuz_util/log.js';
+import type { QueryDeps } from '../db/query_deps.js';
+import type { ApiToken } from './account_schema.js';
+/** Extended deps for `query_validate_api_token` which needs a logger. */
+export interface ApiTokenQueryDeps extends QueryDeps {
+    log: Logger;
+}
+/**
+ * Store a new API token (the hash, not the raw token).
+ *
+ * @param deps - query dependencies
+ * @param id - the public token id (e.g. `tok_abc123`)
+ * @param account_id - the owning account
+ * @param name - human-readable name
+ * @param token_hash - blake3 hash of the raw token
+ * @param expires_at - optional expiration
+ * @returns the stored token record
+ */
+export declare const query_create_api_token: (deps: QueryDeps, id: string, account_id: string, name: string, token_hash: string, expires_at?: Date | null) => Promise<ApiToken>;
+/**
+ * Validate a raw API token and return the token record.
+ *
+ * Hashes the token with blake3, looks up the hash, and checks
+ * expiration. Updates `last_used_at` and `last_used_ip` on success
+ * (fire-and-forget — errors logged, never thrown).
+ *
+ * @param deps - query dependencies with logger
+ * @param raw_token - the raw API token from the Authorization header
+ * @param ip - the client IP address (for audit)
+ * @param pending_effects - optional array to register the usage-tracking effect for later awaiting
+ * @returns the token record if valid, or `undefined`
+ */
+export declare const query_validate_api_token: (deps: ApiTokenQueryDeps, raw_token: string, ip: string | undefined, pending_effects: Array<Promise<void>> | undefined) => Promise<ApiToken | undefined>;
+/**
+ * Revoke all tokens for an account.
+ *
+ * @param deps - query dependencies
+ * @param account_id - the account whose tokens to revoke
+ * @returns the number of tokens revoked
+ */
+export declare const query_revoke_all_api_tokens_for_account: (deps: QueryDeps, account_id: string) => Promise<number>;
+/**
+ * Revoke a token only if it belongs to the specified account.
+ *
+ * Prevents cross-account token revocation.
+ *
+ * @param deps - query dependencies
+ * @param id - the public token id
+ * @param account_id - the account that must own the token
+ * @returns `true` if a token was revoked, `false` if not found or wrong account
+ */
+export declare const query_revoke_api_token_for_account: (deps: QueryDeps, id: string, account_id: string) => Promise<boolean>;
+/**
+ * List all tokens for an account (does not include hashes).
+ *
+ * Columns are enumerated explicitly to exclude `token_hash`.
+ * Must be updated if the `api_token` table gains new columns.
+ */
+export declare const query_api_token_list_for_account: (deps: QueryDeps, account_id: string) => Promise<Array<Omit<ApiToken, "token_hash">>>;
+/**
+ * Enforce a per-account token limit by evicting the oldest tokens.
+ *
+ * Race safety: this function must run inside a transaction alongside the
+ * INSERT that created the new token. The caller (`POST /tokens/create`)
+ * uses the default `transaction: true` (framework-managed transaction
+ * wrapping in `apply_route_specs`), ensuring the INSERT + enforce_limit
+ * pair is atomic — concurrent token creation cannot interleave.
+ *
+ * @param deps - query dependencies (must be transaction-scoped)
+ * @param account_id - the account to enforce the limit for
+ * @param max_tokens - maximum number of tokens to keep
+ * @returns the number of tokens evicted
+ */
+export declare const query_api_token_enforce_limit: (deps: QueryDeps, account_id: string, max_tokens: number) => Promise<number>;
+//# sourceMappingURL=api_token_queries.d.ts.map

package/dist/auth/api_token_queries.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"api_token_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/api_token_queries.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,qBAAqB,CAAC;AAGlD,yEAAyE;AACzE,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IACnD,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,YAAY,MAAM,EAClB,MAAM,MAAM,EACZ,YAAY,MAAM,EAClB,aAAa,IAAI,GAAG,IAAI,KACtB,OAAO,CAAC,QAAQ,CAQlB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,iBAAiB,EACvB,WAAW,MAAM,EACjB,IAAI,MAAM,GAAG,SAAS,EACtB,iBAAiB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,SAAS,KAC/C,OAAO,CAAC,QAAQ,GAAG,SAAS,CAuB9B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,IAAI,MAAM,EACV,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAMjB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAM7C,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,YAAY,MAAM,KAChB,OAAO,CAAC,MAAM,CAYhB,CAAC"}

package/dist/auth/api_token_queries.js ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * API token query functions for token CRUD and validation.
+ *
+ * @module
+ */
+import { assert_row } from '../db/assert_row.js';
+import { hash_api_token } from './api_token.js';
+/**
+ * Store a new API token (the hash, not the raw token).
+ *
+ * @param deps - query dependencies
+ * @param id - the public token id (e.g. `tok_abc123`)
+ * @param account_id - the owning account
+ * @param name - human-readable name
+ * @param token_hash - blake3 hash of the raw token
+ * @param expires_at - optional expiration
+ * @returns the stored token record
+ */
+export const query_create_api_token = async (deps, id, account_id, name, token_hash, expires_at) => {
+    const row = await deps.db.query_one(`INSERT INTO api_token (id, account_id, name, token_hash, expires_at)
+		 VALUES ($1, $2, $3, $4, $5)
+		 RETURNING *`, [id, account_id, name, token_hash, expires_at?.toISOString() ?? null]);
+    return assert_row(row, 'INSERT INTO api_token');
+};
+/**
+ * Validate a raw API token and return the token record.
+ *
+ * Hashes the token with blake3, looks up the hash, and checks
+ * expiration. Updates `last_used_at` and `last_used_ip` on success
+ * (fire-and-forget — errors logged, never thrown).
+ *
+ * @param deps - query dependencies with logger
+ * @param raw_token - the raw API token from the Authorization header
+ * @param ip - the client IP address (for audit)
+ * @param pending_effects - optional array to register the usage-tracking effect for later awaiting
+ * @returns the token record if valid, or `undefined`
+ */
+export const query_validate_api_token = async (deps, raw_token, ip, pending_effects) => {
+    const token_hash = hash_api_token(raw_token);
+    const row = await deps.db.query_one(`SELECT * FROM api_token
+		 WHERE token_hash = $1
+		   AND (expires_at IS NULL OR expires_at > NOW())`, [token_hash]);
+    if (!row)
+        return undefined;
+    // Fire-and-forget usage tracking
+    const p = deps.db
+        .query(`UPDATE api_token SET last_used_at = NOW(), last_used_ip = $1 WHERE id = $2`, [
+        ip ?? null,
+        row.id,
+    ])
+        .then(() => { }) // eslint-disable-line @typescript-eslint/no-empty-function
+        .catch((err) => {
+        deps.log.error('Failed to update last_used_at:', err);
+    });
+    pending_effects?.push(p);
+    return row;
+};
+/**
+ * Revoke all tokens for an account.
+ *
+ * @param deps - query dependencies
+ * @param account_id - the account whose tokens to revoke
+ * @returns the number of tokens revoked
+ */
+export const query_revoke_all_api_tokens_for_account = async (deps, account_id) => {
+    const rows = await deps.db.query(`DELETE FROM api_token WHERE account_id = $1 RETURNING id`, [account_id]);
+    return rows.length;
+};
+/**
+ * Revoke a token only if it belongs to the specified account.
+ *
+ * Prevents cross-account token revocation.
+ *
+ * @param deps - query dependencies
+ * @param id - the public token id
+ * @param account_id - the account that must own the token
+ * @returns `true` if a token was revoked, `false` if not found or wrong account
+ */
+export const query_revoke_api_token_for_account = async (deps, id, account_id) => {
+    const rows = await deps.db.query(`DELETE FROM api_token WHERE id = $1 AND account_id = $2 RETURNING id`, [id, account_id]);
+    return rows.length > 0;
+};
+/**
+ * List all tokens for an account (does not include hashes).
+ *
+ * Columns are enumerated explicitly to exclude `token_hash`.
+ * Must be updated if the `api_token` table gains new columns.
+ */
+export const query_api_token_list_for_account = async (deps, account_id) => {
+    return deps.db.query(`SELECT id, account_id, name, expires_at, last_used_at, last_used_ip, created_at
+		 FROM api_token WHERE account_id = $1 ORDER BY created_at DESC`, [account_id]);
+};
+/**
+ * Enforce a per-account token limit by evicting the oldest tokens.
+ *
+ * Race safety: this function must run inside a transaction alongside the
+ * INSERT that created the new token. The caller (`POST /tokens/create`)
+ * uses the default `transaction: true` (framework-managed transaction
+ * wrapping in `apply_route_specs`), ensuring the INSERT + enforce_limit
+ * pair is atomic — concurrent token creation cannot interleave.
+ *
+ * @param deps - query dependencies (must be transaction-scoped)
+ * @param account_id - the account to enforce the limit for
+ * @param max_tokens - maximum number of tokens to keep
+ * @returns the number of tokens evicted
+ */
+export const query_api_token_enforce_limit = async (deps, account_id, max_tokens) => {
+    const rows = await deps.db.query(`DELETE FROM api_token
+		 WHERE id IN (
+		   SELECT id FROM api_token
+		   WHERE account_id = $1
+		   ORDER BY created_at DESC
+		   OFFSET $2
+		 ) RETURNING id`, [account_id, max_tokens]);
+    return rows.length;
+};

package/dist/auth/app_settings_queries.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * App settings database queries.
+ *
+ * Single-row table queries for global app configuration.
+ *
+ * @module
+ */
+import type { QueryDeps } from '../db/query_deps.js';
+import type { AppSettings, AppSettingsWithUsernameJson } from './app_settings_schema.js';
+/**
+ * Load the current app settings.
+ *
+ * @param deps - query dependencies
+ * @returns the app settings row
+ */
+export declare const query_app_settings_load: (deps: QueryDeps) => Promise<AppSettings>;
+/**
+ * Load the current app settings with resolved updater username.
+ *
+ * @param deps - query dependencies
+ * @returns the app settings with `updated_by_username`
+ */
+export declare const query_app_settings_load_with_username: (deps: QueryDeps) => Promise<AppSettingsWithUsernameJson>;
+/**
+ * Update app settings and return the updated row.
+ *
+ * @param deps - query dependencies
+ * @param open_signup - new value for the open_signup toggle
+ * @param actor_id - the actor making the change
+ * @returns the updated app settings row
+ */
+export declare const query_app_settings_update: (deps: QueryDeps, open_signup: boolean, actor_id: string) => Promise<AppSettings>;
+//# sourceMappingURL=app_settings_queries.d.ts.map

package/dist/auth/app_settings_queries.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app_settings_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/app_settings_queries.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,WAAW,EAAE,2BAA2B,EAAC,MAAM,0BAA0B,CAAC;AAEvF;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,WAAW,CAQlF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,qCAAqC,GACjD,MAAM,SAAS,KACb,OAAO,CAAC,2BAA2B,CAWrC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,aAAa,OAAO,EACpB,UAAU,MAAM,KACd,OAAO,CAAC,WAAW,CASrB,CAAC"}

package/dist/auth/app_settings_queries.js ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * App settings database queries.
+ *
+ * Single-row table queries for global app configuration.
+ *
+ * @module
+ */
+/**
+ * Load the current app settings.
+ *
+ * @param deps - query dependencies
+ * @returns the app settings row
+ */
+export const query_app_settings_load = async (deps) => {
+    const row = await deps.db.query_one(`SELECT open_signup, updated_at, updated_by FROM app_settings WHERE id = 1`);
+    if (!row) {
+        throw new Error('app_settings row not found — migration may not have run');
+    }
+    return row;
+};
+/**
+ * Load the current app settings with resolved updater username.
+ *
+ * @param deps - query dependencies
+ * @returns the app settings with `updated_by_username`
+ */
+export const query_app_settings_load_with_username = async (deps) => {
+    const row = await deps.db.query_one(`SELECT s.open_signup, s.updated_at, s.updated_by, act.name AS updated_by_username
+		 FROM app_settings s
+		 LEFT JOIN actor act ON act.id = s.updated_by
+		 WHERE s.id = 1`);
+    if (!row) {
+        throw new Error('app_settings row not found — migration may not have run');
+    }
+    return row;
+};
+/**
+ * Update app settings and return the updated row.
+ *
+ * @param deps - query dependencies
+ * @param open_signup - new value for the open_signup toggle
+ * @param actor_id - the actor making the change
+ * @returns the updated app settings row
+ */
+export const query_app_settings_update = async (deps, open_signup, actor_id) => {
+    const row = await deps.db.query_one(`UPDATE app_settings SET open_signup = $1, updated_at = NOW(), updated_by = $2 WHERE id = 1 RETURNING open_signup, updated_at, updated_by`, [open_signup, actor_id]);
+    if (!row) {
+        throw new Error('app_settings row not found — migration may not have run');
+    }
+    return row;
+};

package/dist/auth/app_settings_routes.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Admin app settings route specs.
+ *
+ * GET and PATCH routes for managing global app settings (e.g. open signup toggle).
+ * All routes require the `admin` role.
+ *
+ * @module
+ */
+import { type RouteSpec } from '../http/route_spec.js';
+import { type AppSettings } from './app_settings_schema.js';
+import type { RouteFactoryDeps } from './deps.js';
+/**
+ * Per-factory configuration for app settings route specs.
+ */
+export interface AppSettingsRouteOptions {
+    /** Mutable ref to the in-memory app settings — mutated on PATCH. */
+    app_settings: AppSettings;
+}
+/**
+ * Create admin app settings route specs.
+ *
+ * @param deps - stateless capabilities (log, on_audit_event)
+ * @param options - per-factory configuration
+ * @returns route specs for app settings management
+ */
+export declare const create_app_settings_route_specs: (deps: Pick<RouteFactoryDeps, "log" | "on_audit_event">, options: AppSettingsRouteOptions) => Array<RouteSpec>;
+//# sourceMappingURL=app_settings_routes.d.ts.map

package/dist/auth/app_settings_routes.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app_settings_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/app_settings_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAQtE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,0BAA0B,CAAC;AAClC,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,oEAAoE;IACpE,YAAY,EAAE,WAAW,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,gBAAgB,CAAC,EACtD,SAAS,uBAAuB,KAC9B,KAAK,CAAC,SAAS,CAoDjB,CAAC"}

package/dist/auth/app_settings_routes.js ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Admin app settings route specs.
+ *
+ * GET and PATCH routes for managing global app settings (e.g. open signup toggle).
+ * All routes require the `admin` role.
+ *
+ * @module
+ */
+import { z } from 'zod';
+import { get_route_input } from '../http/route_spec.js';
+import { require_request_context } from './request_context.js';
+import { get_client_ip } from '../http/proxy.js';
+import { audit_log_fire_and_forget } from './audit_log_queries.js';
+import { query_app_settings_load_with_username, query_app_settings_update, } from './app_settings_queries.js';
+import { AppSettingsWithUsernameJson, UpdateAppSettingsInput, } from './app_settings_schema.js';
+/**
+ * Create admin app settings route specs.
+ *
+ * @param deps - stateless capabilities (log, on_audit_event)
+ * @param options - per-factory configuration
+ * @returns route specs for app settings management
+ */
+export const create_app_settings_route_specs = (deps, options) => {
+    const { app_settings } = options;
+    return [
+        {
+            method: 'GET',
+            path: '/settings',
+            auth: { type: 'role', role: 'admin' },
+            description: 'Get app settings',
+            input: z.null(),
+            output: z.strictObject({ settings: AppSettingsWithUsernameJson }),
+            handler: async (c, route) => {
+                const settings = await query_app_settings_load_with_username(route);
+                return c.json({ settings });
+            },
+        },
+        {
+            method: 'PATCH',
+            path: '/settings',
+            auth: { type: 'role', role: 'admin' },
+            description: 'Update app settings',
+            input: UpdateAppSettingsInput,
+            output: z.strictObject({ ok: z.literal(true), settings: AppSettingsWithUsernameJson }),
+            handler: async (c, route) => {
+                const ctx = require_request_context(c);
+                const { open_signup } = get_route_input(c);
+                const old_value = app_settings.open_signup;
+                const updated = await query_app_settings_update(route, open_signup, ctx.actor.id);
+                // Mutate the in-memory ref so GET reads are consistent
+                app_settings.open_signup = updated.open_signup;
+                app_settings.updated_at = updated.updated_at;
+                app_settings.updated_by = updated.updated_by;
+                void audit_log_fire_and_forget(route, {
+                    event_type: 'app_settings_update',
+                    actor_id: ctx.actor.id,
+                    account_id: ctx.account.id,
+                    ip: get_client_ip(c),
+                    metadata: { setting: 'open_signup', old_value, new_value: open_signup },
+                }, deps.log, deps.on_audit_event);
+                const settings_with_username = await query_app_settings_load_with_username(route);
+                return c.json({ ok: true, settings: settings_with_username });
+            },
+        },
+    ];
+};

package/dist/auth/app_settings_schema.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * App settings types and client-safe schemas.
+ *
+ * Single-row table for global app configuration (e.g. open signup toggle).
+ *
+ * @module
+ */
+import { z } from 'zod';
+/** App settings row from the database. */
+export interface AppSettings {
+    open_signup: boolean;
+    updated_at: string | null;
+    updated_by: string | null;
+}
+/** Zod schema for client-safe app settings data. */
+export declare const AppSettingsJson: z.ZodObject<{
+    open_signup: z.ZodBoolean;
+    updated_at: z.ZodNullable<z.ZodString>;
+    updated_by: z.ZodNullable<z.ZodString>;
+}, z.core.$strict>;
+export type AppSettingsJson = z.infer<typeof AppSettingsJson>;
+/** Zod schema for admin app settings with resolved updater username. */
+export declare const AppSettingsWithUsernameJson: z.ZodObject<{
+    open_signup: z.ZodBoolean;
+    updated_at: z.ZodNullable<z.ZodString>;
+    updated_by: z.ZodNullable<z.ZodString>;
+    updated_by_username: z.ZodNullable<z.ZodString>;
+}, z.core.$strict>;
+export type AppSettingsWithUsernameJson = z.infer<typeof AppSettingsWithUsernameJson>;
+/** Zod schema for updating app settings. */
+export declare const UpdateAppSettingsInput: z.ZodObject<{
+    open_signup: z.ZodBoolean;
+}, z.core.$strict>;
+export type UpdateAppSettingsInput = z.infer<typeof UpdateAppSettingsInput>;
+//# sourceMappingURL=app_settings_schema.d.ts.map

package/dist/auth/app_settings_schema.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app_settings_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/app_settings_schema.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,0CAA0C;AAC1C,MAAM,WAAW,WAAW;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,oDAAoD;AACpD,eAAO,MAAM,eAAe;;;;kBAI1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,wEAAwE;AACxE,eAAO,MAAM,2BAA2B;;;;;kBAEtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,4CAA4C;AAC5C,eAAO,MAAM,sBAAsB;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC"}

package/dist/auth/app_settings_schema.js ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * App settings types and client-safe schemas.
+ *
+ * Single-row table for global app configuration (e.g. open signup toggle).
+ *
+ * @module
+ */
+import { z } from 'zod';
+/** Zod schema for client-safe app settings data. */
+export const AppSettingsJson = z.strictObject({
+    open_signup: z.boolean(),
+    updated_at: z.string().nullable(),
+    updated_by: z.string().nullable(),
+});
+/** Zod schema for admin app settings with resolved updater username. */
+export const AppSettingsWithUsernameJson = AppSettingsJson.extend({
+    updated_by_username: z.string().nullable(),
+});
+/** Zod schema for updating app settings. */
+export const UpdateAppSettingsInput = z.strictObject({
+    open_signup: z.boolean(),
+});

package/dist/auth/audit_log_queries.d.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * Audit log database queries.
+ *
+ * Records and retrieves auth mutation events for security monitoring.
+ * All write operations should use `audit_log_fire_and_forget` to
+ * ensure audit logging never blocks or breaks auth flows.
+ *
+ * Rollback resilience: `audit_log_fire_and_forget` writes to `background_db`
+ * (pool-level), not the handler's transaction-scoped `db`, so audit entries
+ * persist even when the request transaction rolls back.
+ *
+ * @module
+ */
+import type { Logger } from '@fuzdev/fuz_util/log.js';
+import type { QueryDeps } from '../db/query_deps.js';
+import type { RouteContext } from '../http/route_spec.js';
+import { type AuditEventType, type AuditLogEvent, type AuditLogInput, type AuditLogListOptions, type AuditLogEventWithUsernamesJson, type PermitHistoryEventJson } from './audit_log_schema.js';
+/** Default limit for audit log listings. */
+export declare const AUDIT_LOG_DEFAULT_LIMIT = 50;
+/**
+ * Insert an audit log entry.
+ *
+ * Uses `RETURNING *` to return the full inserted row including
+ * DB-assigned fields (`id`, `seq`, `created_at`).
+ *
+ * In DEV mode, validates metadata against the per-event-type schema
+ * before writing (warns on mismatch, never throws).
+ *
+ * @param deps - query dependencies
+ * @param input - the audit event to record
+ * @returns the inserted audit log row
+ */
+export declare const query_audit_log: <T extends AuditEventType>(deps: QueryDeps, input: AuditLogInput<T>) => Promise<AuditLogEvent>;
+/**
+ * List audit log entries, newest first.
+ *
+ * @param deps - query dependencies
+ * @param options - filters and pagination
+ * @returns matching audit log entries
+ */
+export declare const query_audit_log_list: (deps: QueryDeps, options?: AuditLogListOptions) => Promise<Array<AuditLogEvent>>;
+/**
+ * List audit log entries with resolved usernames, newest first.
+ *
+ * @param deps - query dependencies
+ * @param options - filters and pagination
+ * @returns matching audit log entries with `username` and `target_username`
+ */
+export declare const query_audit_log_list_with_usernames: (deps: QueryDeps, options?: AuditLogListOptions) => Promise<Array<AuditLogEventWithUsernamesJson>>;
+/**
+ * List audit log entries related to an account (as actor or target).
+ *
+ * @param deps - query dependencies
+ * @param account_id - the account to query for
+ * @param limit - maximum entries to return
+ */
+export declare const query_audit_log_list_for_account: (deps: QueryDeps, account_id: string, limit?: number) => Promise<Array<AuditLogEvent>>;
+/**
+ * List permit grant/revoke events with resolved usernames.
+ *
+ * @param deps - query dependencies
+ * @param limit - maximum entries to return
+ * @param offset - number of entries to skip
+ * @returns permit history events with `username` and `target_username`
+ */
+export declare const query_audit_log_list_permit_history: (deps: QueryDeps, limit?: number, offset?: number) => Promise<Array<PermitHistoryEventJson>>;
+/**
+ * Delete audit log entries older than the given date.
+ *
+ * @param deps - query dependencies
+ * @param before - delete entries created before this date
+ * @returns the number of entries deleted
+ */
+export declare const query_audit_log_cleanup_before: (deps: QueryDeps, before: Date) => Promise<number>;
+/**
+ * Log an audit event without blocking the caller.
+ *
+ * Errors are logged to console — audit logging never breaks auth flows.
+ * Uses `background_db` so audit entries persist even if the request transaction rolls back.
+ * Write failures and `on_event` callback failures are logged separately
+ * so the error message indicates which phase failed.
+ *
+ * @param route - `background_db` and `pending_effects` from the route context
+ * @param input - the audit event to record
+ * @param log - the logger instance
+ * @param on_event - callback invoked with the inserted row after a successful write
+ * @returns the settled promise (callers may ignore it — fire-and-forget semantics preserved)
+ */
+export declare const audit_log_fire_and_forget: <T extends AuditEventType>(route: Pick<RouteContext, "background_db" | "pending_effects">, input: AuditLogInput<T>, log: Logger, on_event: (event: AuditLogEvent) => void) => Promise<void>;
+//# sourceMappingURL=audit_log_queries.d.ts.map

package/dist/auth/audit_log_queries.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit_log_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,YAAY,EAAC,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAEN,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,8BAA8B,EACnC,KAAK,sBAAsB,EAC3B,MAAM,uBAAuB,CAAC;AAE/B,4CAA4C;AAC5C,eAAO,MAAM,uBAAuB,KAAK,CAAC;AAE1C;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,GAAU,CAAC,SAAS,cAAc,EAC7D,MAAM,SAAS,EACf,OAAO,aAAa,CAAC,CAAC,CAAC,KACrB,OAAO,CAAC,aAAa,CAuBvB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAwC9B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mCAAmC,GAC/C,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CA8C/C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAA+B,KAC7B,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAO9B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,mCAAmC,GAC/C,MAAM,SAAS,EACf,cAA+B,EAC/B,eAAU,KACR,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAYvC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,8BAA8B,GAC1C,MAAM,SAAS,EACf,QAAQ,IAAI,KACV,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GAAI,CAAC,SAAS,cAAc,EACjE,OAAO,IAAI,CAAC,YAAY,EAAE,eAAe,GAAG,iBAAiB,CAAC,EAC9D,OAAO,aAAa,CAAC,CAAC,CAAC,EACvB,KAAK,MAAM,EACX,UAAU,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,KACtC,OAAO,CAAC,IAAI,CAcd,CAAC"}