npm - @fuzdev/fuz_app - Versions diffs - 0.29.0 → 0.31.0 - Mend

@fuzdev/fuz_app 0.29.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/actions/CLAUDE.md +630 -0
package/dist/actions/action_rpc.d.ts +29 -0
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +42 -6
package/dist/actions/action_types.d.ts +2 -2
package/dist/actions/cancel.d.ts +12 -13
package/dist/actions/cancel.d.ts.map +1 -1
package/dist/actions/cancel.js +10 -13
package/dist/actions/heartbeat.d.ts +8 -13
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -8
package/dist/actions/register_action_ws.d.ts +3 -3
package/dist/actions/register_action_ws.js +2 -2
package/dist/actions/register_ws_endpoint.d.ts +4 -4
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +3 -3
package/dist/actions/socket.svelte.d.ts +16 -16
package/dist/actions/socket.svelte.d.ts.map +1 -1
package/dist/actions/socket.svelte.js +15 -15
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.d.ts +15 -0
package/dist/actions/transports_ws_backend.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.js +17 -0
package/dist/auth/CLAUDE.md +923 -0
package/dist/auth/account_action_specs.d.ts +216 -0
package/dist/auth/account_action_specs.d.ts.map +1 -0
package/dist/auth/account_action_specs.js +159 -0
package/dist/auth/account_actions.d.ts +51 -0
package/dist/auth/account_actions.d.ts.map +1 -0
package/dist/auth/account_actions.js +119 -0
package/dist/auth/account_queries.d.ts +6 -2
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +40 -4
package/dist/auth/account_routes.d.ts +94 -16
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +108 -180
package/dist/auth/account_schema.d.ts +85 -30
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +40 -8
package/dist/auth/admin_action_specs.d.ts +674 -0
package/dist/auth/admin_action_specs.d.ts.map +1 -0
package/dist/auth/admin_action_specs.js +287 -0
package/dist/auth/admin_actions.d.ts +69 -0
package/dist/auth/admin_actions.d.ts.map +1 -0
package/dist/auth/admin_actions.js +256 -0
package/dist/auth/api_token.d.ts +10 -0
package/dist/auth/api_token.d.ts.map +1 -1
package/dist/auth/api_token.js +9 -0
package/dist/auth/api_token_queries.d.ts +3 -3
package/dist/auth/api_token_queries.js +3 -3
package/dist/auth/app_settings_schema.d.ts +4 -3
package/dist/auth/app_settings_schema.d.ts.map +1 -1
package/dist/auth/app_settings_schema.js +2 -1
package/dist/auth/audit_log_routes.d.ts +14 -6
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +22 -79
package/dist/auth/audit_log_schema.d.ts +100 -29
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +83 -11
package/dist/auth/bootstrap_routes.d.ts +14 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +10 -3
package/dist/auth/cleanup.d.ts +63 -0
package/dist/auth/cleanup.d.ts.map +1 -0
package/dist/auth/cleanup.js +80 -0
package/dist/auth/invite_schema.d.ts +11 -10
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +4 -3
package/dist/auth/migrations.d.ts +6 -0
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +28 -0
package/dist/auth/permit_offer_action_specs.d.ts +364 -0
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -0
package/dist/auth/permit_offer_action_specs.js +216 -0
package/dist/auth/permit_offer_actions.d.ts +96 -0
package/dist/auth/permit_offer_actions.d.ts.map +1 -0
package/dist/auth/permit_offer_actions.js +428 -0
package/dist/auth/permit_offer_notifications.d.ts +361 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -0
package/dist/auth/permit_offer_notifications.js +179 -0
package/dist/auth/permit_offer_queries.d.ts +165 -0
package/dist/auth/permit_offer_queries.d.ts.map +1 -0
package/dist/auth/permit_offer_queries.js +390 -0
package/dist/auth/permit_offer_schema.d.ts +103 -0
package/dist/auth/permit_offer_schema.d.ts.map +1 -0
package/dist/auth/permit_offer_schema.js +142 -0
package/dist/auth/permit_queries.d.ts +77 -14
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +119 -24
package/dist/auth/session_queries.d.ts +4 -2
package/dist/auth/session_queries.d.ts.map +1 -1
package/dist/auth/session_queries.js +4 -2
package/dist/auth/signup_routes.d.ts +13 -0
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +14 -7
package/dist/http/CLAUDE.md +584 -0
package/dist/http/pending_effects.d.ts +29 -0
package/dist/http/pending_effects.d.ts.map +1 -0
package/dist/http/pending_effects.js +31 -0
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +4 -3
package/dist/rate_limiter.d.ts +30 -0
package/dist/rate_limiter.d.ts.map +1 -1
package/dist/rate_limiter.js +25 -2
package/dist/realtime/sse_auth_guard.d.ts +2 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
package/dist/realtime/sse_auth_guard.js +5 -3
package/dist/testing/CLAUDE.md +668 -1
package/dist/testing/admin_integration.d.ts +10 -7
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +382 -482
package/dist/testing/app_server.d.ts +7 -6
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/attack_surface.d.ts +9 -3
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +4 -4
package/dist/testing/audit_completeness.d.ts +6 -0
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +158 -134
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +4 -33
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +2 -0
package/dist/testing/entities.d.ts +35 -13
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +17 -0
package/dist/testing/integration.d.ts +10 -0
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +352 -340
package/dist/testing/integration_helpers.d.ts +16 -5
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +24 -4
package/dist/testing/rate_limiting.d.ts +7 -0
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +41 -10
package/dist/testing/rpc_helpers.d.ts +153 -1
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +184 -8
package/dist/testing/sse_round_trip.d.ts +8 -0
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +10 -3
package/dist/testing/standard.d.ts +9 -1
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +6 -2
package/dist/testing/surface_invariants.d.ts +7 -3
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +5 -4
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +9 -38
package/dist/ui/AccountSessions.svelte +8 -4
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +61 -33
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +3 -2
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
package/dist/ui/AdminInvites.svelte +3 -2
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
package/dist/ui/AdminOverview.svelte +14 -9
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminPermitHistory.svelte +3 -2
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +29 -25
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +351 -0
package/dist/ui/OpenSignupToggle.svelte +6 -3
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/PermitOfferForm.svelte +141 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferHistory.svelte +109 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts +11 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferInbox.svelte +121 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts +12 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +53 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +39 -16
package/dist/ui/admin_accounts_state.svelte.d.ts +118 -2
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +99 -23
package/dist/ui/admin_invites_state.svelte.d.ts +47 -1
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +38 -26
package/dist/ui/admin_sessions_state.svelte.d.ts +26 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +35 -21
package/dist/ui/app_settings_state.svelte.d.ts +39 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +34 -18
package/dist/ui/audit_log_state.svelte.d.ts +40 -3
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +36 -42
package/dist/ui/auth_state.svelte.d.ts +4 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +4 -1
package/dist/ui/permit_offers_state.svelte.d.ts +125 -0
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/permit_offers_state.svelte.js +197 -0
package/package.json +3 -3
package/dist/auth/admin_routes.d.ts +0 -29
package/dist/auth/admin_routes.d.ts.map +0 -1
package/dist/auth/admin_routes.js +0 -226
package/dist/auth/app_settings_routes.d.ts +0 -27
package/dist/auth/app_settings_routes.d.ts.map +0 -1
package/dist/auth/app_settings_routes.js +0 -66
package/dist/auth/invite_routes.d.ts +0 -18
package/dist/auth/invite_routes.d.ts.map +0 -1
package/dist/auth/invite_routes.js +0 -129

package/dist/auth/bootstrap_routes.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@
  *
  * @module
  */
+import { z } from 'zod';
 import type { Context } from 'hono';
 import type { Logger } from '@fuzdev/fuz_util/log.js';
 import type { SessionOptions } from './session_cookie.js';
@@ -15,6 +16,19 @@ import { type RouteSpec } from '../http/route_spec.js';
 import { type RateLimiter } from '../rate_limiter.js';
 import type { RouteFactoryDeps } from './deps.js';
 import type { StatResult } from '../runtime/deps.js';
+/** Input for `POST /bootstrap`. `token` is the one-shot token file contents. */
+export declare const BootstrapInput: z.ZodObject<{
+    token: z.ZodString;
+    username: z.ZodString;
+    password: z.ZodString;
+}, z.core.$strict>;
+export type BootstrapInput = z.infer<typeof BootstrapInput>;
+/** Output for `POST /bootstrap`. Session cookie is the operative side effect. */
+export declare const BootstrapOutput: z.ZodObject<{
+    ok: z.ZodLiteral<true>;
+    username: z.ZodString;
+}, z.core.$strict>;
+export type BootstrapOutput = z.infer<typeof BootstrapOutput>;
 /**
  * Bootstrap status — runtime state computed once at startup.
  */

package/dist/auth/bootstrap_routes.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"bootstrap_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/bootstrap_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;~~AAGH~~,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAClC,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAoB,KAAK,uBAAuB,EAAC,MAAM,wBAAwB,CAAC;AAGvF,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AACpC,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAClF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;~~AAenD~~;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACrC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,8EAA8E;IAC9E,gBAAgB,EAAE,eAAe,CAAC;IAClC;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9E,4EAA4E;IAC5E,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACxC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,EAAE,EAAE,EAAE,CAAC;IACP,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,wBAAwB,EAC9B,SAAS;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,KAClC,OAAO,CAAC,eAAe,CAwBzB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,gBAAgB,EACtB,SAAS,qBAAqB,KAC5B,KAAK,CAAC,SAAS,CAsHjB,CAAC"}
1	+ {"version":3,"file":"bootstrap_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/bootstrap_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAClC,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAoB,KAAK,uBAAuB,EAAC,MAAM,wBAAwB,CAAC;AAGvF,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AACpC,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAClF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AAWnD,gFAAgF;AAChF,eAAO,MAAM,cAAc;;;;kBAIzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,iFAAiF;AACjF,eAAO,MAAM,eAAe;;;kBAG1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACrC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,8EAA8E;IAC9E,gBAAgB,EAAE,eAAe,CAAC;IAClC;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9E,4EAA4E;IAC5E,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACxC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,EAAE,EAAE,EAAE,CAAC;IACP,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,wBAAwB,EAC9B,SAAS;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,KAClC,OAAO,CAAC,eAAe,CAwBzB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,gBAAgB,EACtB,SAAS,qBAAqB,KAC5B,KAAK,CAAC,SAAS,CAsHjB,CAAC"}

package/dist/auth/bootstrap_routes.js CHANGED Viewed

@@ -16,11 +16,18 @@ import { get_client_ip } from '../http/proxy.js';
 import { rate_limit_exceeded_response } from '../rate_limiter.js';
 import { ERROR_BOOTSTRAP_NOT_CONFIGURED, ERROR_INVALID_TOKEN, ERROR_ALREADY_BOOTSTRAPPED, ERROR_TOKEN_FILE_MISSING, } from '../http/error_schemas.js';
 import { audit_log_fire_and_forget } from './audit_log_queries.js';
-const bootstrap_input = z.strictObject({
+// -- Input/output schemas ---------------------------------------------------
+/** Input for `POST /bootstrap`. `token` is the one-shot token file contents. */
+export const BootstrapInput = z.strictObject({
     token: z.string().min(1).meta({ sensitivity: 'secret' }),
     username: Username,
     password: Password,
 });
+/** Output for `POST /bootstrap`. Session cookie is the operative side effect. */
+export const BootstrapOutput = z.strictObject({
+    ok: z.literal(true),
+    username: z.string(),
+});
 /**
  * Check bootstrap availability at startup.
  *
@@ -70,8 +77,8 @@ export const create_bootstrap_route_specs = (deps, options) => {
             auth: { type: 'none' },
             description: 'Create initial keeper account (one-shot)',
             transaction: false, // bootstrap_account manages its own transaction
-            input: bootstrap_input,
-            output: z.strictObject({ ok: z.literal(true), username: z.string() }),
+            input: BootstrapInput,
+            output: BootstrapOutput,
             rate_limit: 'ip',
             errors: {
                 401: z.looseObject({ error: z.literal(ERROR_INVALID_TOKEN) }),

package/dist/auth/cleanup.d.ts ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Periodic auth cleanup — sweeps expired sessions and permit offers.
+ *
+ * Single entry point for consumers scheduling auth maintenance. Internally
+ * runs every known sweep and emits the corresponding audit events so
+ * consumer code only manages cadence, not per-task wiring.
+ *
+ * The per-task primitives remain exported from their home modules
+ * (`query_session_cleanup_expired`, `query_permit_offer_sweep_expired`);
+ * `cleanup_expired_permit_offers` here wraps the latter with the required
+ * `permit_offer_expire` audit emission and is the piece most likely to be
+ * reused in a consumer's bespoke scheduler.
+ *
+ * Idempotency: the audit log has no tombstone on `permit_offer_expire`, so
+ * concurrent sweep runs double-audit. The expected deployment pattern is a
+ * single scheduled invocation per instance — matching
+ * `query_session_cleanup_expired`.
+ *
+ * @module
+ */
+import type { Logger } from '@fuzdev/fuz_util/log.js';
+import type { QueryDeps } from '../db/query_deps.js';
+import type { AuditLogEvent } from './audit_log_schema.js';
+/** Dependencies for the cleanup helpers. */
+export interface AuthCleanupDeps extends QueryDeps {
+    log: Logger;
+    /**
+     * Called after each audit event INSERT succeeds. Typically the same
+     * callback wired into `AppDeps.on_audit_event` (SSE broadcast). Omit
+     * to skip broadcast — the audit rows still land in the DB.
+     */
+    on_audit_event?: ((event: AuditLogEvent) => void) | null;
+}
+/** Result of `run_auth_cleanup`. */
+export interface AuthCleanupResult {
+    /** Number of expired session rows deleted. */
+    expired_sessions: number;
+    /** Number of expired permit offer rows audit-stamped. */
+    expired_offers: number;
+}
+/**
+ * Sweep expired permit offers and emit one `permit_offer_expire` audit
+ * event per row.
+ *
+ * Returns the count of offers audit-stamped. The offer rows themselves are
+ * preserved — offers carry audit value for the history view even after
+ * expiry, and accepted rows are the provenance for the resulting permit
+ * (deleting expired rows would not threaten that, but keeping them uniform
+ * with the retention policy for terminal rows is simpler).
+ */
+export declare const cleanup_expired_permit_offers: (deps: AuthCleanupDeps) => Promise<number>;
+/**
+ * Run every auth cleanup sweep — expired sessions and expired permit
+ * offers — and return the counts.
+ *
+ * Consumers call this from a scheduled task (setInterval, cron, etc.)
+ * alongside their own domain cleanup. Errors from individual sweeps are
+ * re-thrown so the caller's scheduler can log/alert; use the per-task
+ * helpers (`query_session_cleanup_expired`, `cleanup_expired_permit_offers`)
+ * directly if you need finer error isolation.
+ */
+export declare const run_auth_cleanup: (deps: AuthCleanupDeps) => Promise<AuthCleanupResult>;
+//# sourceMappingURL=cleanup.d.ts.map

package/dist/auth/cleanup.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cleanup.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/cleanup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAInD,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzD,4CAA4C;AAC5C,MAAM,WAAW,eAAgB,SAAQ,SAAS;IACjD,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;CACzD;AAED,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IACjC,8CAA8C;IAC9C,gBAAgB,EAAE,MAAM,CAAC;IACzB,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,6BAA6B,GAAU,MAAM,eAAe,KAAG,OAAO,CAAC,MAAM,CA6BzF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,GAAU,MAAM,eAAe,KAAG,OAAO,CAAC,iBAAiB,CAIvF,CAAC"}

package/dist/auth/cleanup.js ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * Periodic auth cleanup — sweeps expired sessions and permit offers.
+ *
+ * Single entry point for consumers scheduling auth maintenance. Internally
+ * runs every known sweep and emits the corresponding audit events so
+ * consumer code only manages cadence, not per-task wiring.
+ *
+ * The per-task primitives remain exported from their home modules
+ * (`query_session_cleanup_expired`, `query_permit_offer_sweep_expired`);
+ * `cleanup_expired_permit_offers` here wraps the latter with the required
+ * `permit_offer_expire` audit emission and is the piece most likely to be
+ * reused in a consumer's bespoke scheduler.
+ *
+ * Idempotency: the audit log has no tombstone on `permit_offer_expire`, so
+ * concurrent sweep runs double-audit. The expected deployment pattern is a
+ * single scheduled invocation per instance — matching
+ * `query_session_cleanup_expired`.
+ *
+ * @module
+ */
+import { query_session_cleanup_expired } from './session_queries.js';
+import { query_permit_offer_sweep_expired } from './permit_offer_queries.js';
+import { query_audit_log } from './audit_log_queries.js';
+/**
+ * Sweep expired permit offers and emit one `permit_offer_expire` audit
+ * event per row.
+ *
+ * Returns the count of offers audit-stamped. The offer rows themselves are
+ * preserved — offers carry audit value for the history view even after
+ * expiry, and accepted rows are the provenance for the resulting permit
+ * (deleting expired rows would not threaten that, but keeping them uniform
+ * with the retention policy for terminal rows is simpler).
+ */
+export const cleanup_expired_permit_offers = async (deps) => {
+    const expired = await query_permit_offer_sweep_expired(deps);
+    const { on_audit_event } = deps;
+    for (const offer of expired) {
+        try {
+            const event = await query_audit_log(deps, {
+                event_type: 'permit_offer_expire',
+                actor_id: offer.from_actor_id,
+                target_account_id: offer.to_account_id,
+                ip: null,
+                metadata: {
+                    offer_id: offer.id,
+                    role: offer.role,
+                    scope_id: offer.scope_id,
+                },
+            });
+            if (on_audit_event) {
+                try {
+                    on_audit_event(event);
+                }
+                catch (callback_err) {
+                    deps.log.error('on_audit_event callback failed:', callback_err);
+                }
+            }
+        }
+        catch (err) {
+            // One failed audit write must not starve siblings — log and continue.
+            deps.log.error('permit_offer_expire audit write failed:', err);
+        }
+    }
+    return expired.length;
+};
+/**
+ * Run every auth cleanup sweep — expired sessions and expired permit
+ * offers — and return the counts.
+ *
+ * Consumers call this from a scheduled task (setInterval, cron, etc.)
+ * alongside their own domain cleanup. Errors from individual sweeps are
+ * re-thrown so the caller's scheduler can log/alert; use the per-task
+ * helpers (`query_session_cleanup_expired`, `cleanup_expired_permit_offers`)
+ * directly if you need finer error isolation.
+ */
+export const run_auth_cleanup = async (deps) => {
+    const expired_sessions = await query_session_cleanup_expired(deps);
+    const expired_offers = await cleanup_expired_permit_offers(deps);
+    return { expired_sessions, expired_offers };
+};

package/dist/auth/invite_schema.d.ts CHANGED Viewed

@@ -7,37 +7,38 @@
  * @module
  */
 import { z } from 'zod';
+import { Uuid } from '../uuid.js';
 import { Username, Email } from './account_schema.js';
 /** Invite row from the database. */
 export interface Invite {
-    id: string;
+    id: Uuid;
     email: Email | null;
     username: Username | null;
-    claimed_by: string | null;
+    claimed_by: Uuid | null;
     claimed_at: string | null;
     created_at: string;
-    created_by: string | null;
+    created_by: Uuid | null;
 }
 /** Zod schema for client-safe invite data. */
 export declare const InviteJson: z.ZodObject<{
-    id: z.ZodString;
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     email: z.ZodNullable<z.ZodEmail>;
     username: z.ZodNullable<z.ZodString>;
-    claimed_by: z.ZodNullable<z.ZodString>;
+    claimed_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     claimed_at: z.ZodNullable<z.ZodString>;
     created_at: z.ZodString;
-    created_by: z.ZodNullable<z.ZodString>;
+    created_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type InviteJson = z.infer<typeof InviteJson>;
 /** Zod schema for invite data with resolved creator/claimer usernames. */
 export declare const InviteWithUsernamesJson: z.ZodObject<{
-    id: z.ZodString;
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     email: z.ZodNullable<z.ZodEmail>;
     username: z.ZodNullable<z.ZodString>;
-    claimed_by: z.ZodNullable<z.ZodString>;
+    claimed_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     claimed_at: z.ZodNullable<z.ZodString>;
     created_at: z.ZodString;
-    created_by: z.ZodNullable<z.ZodString>;
+    created_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     created_by_username: z.ZodNullable<z.ZodString>;
     claimed_by_username: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>;
@@ -46,6 +47,6 @@ export type InviteWithUsernamesJson = z.infer<typeof InviteWithUsernamesJson>;
 export interface CreateInviteInput {
     email?: Email | null;
     username?: Username | null;
-    created_by: string | null;
+    created_by: Uuid | null;
 }
 //# sourceMappingURL=invite_schema.d.ts.map

package/dist/auth/invite_schema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"invite_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAC,QAAQ,EAAE,KAAK,EAAC,MAAM,qBAAqB,CAAC;AAEpD,oCAAoC;AACpC,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,~~MAAM~~,CAAC;~~IACX~~,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,~~MAAM~~,GAAG,IAAI,CAAC;~~IAC1B~~,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,~~MAAM~~,GAAG,IAAI,CAAC;~~CAC1B~~;AAED,8CAA8C;AAC9C,eAAO,MAAM,UAAU;;;;;;;;kBAQrB,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD,0EAA0E;AAC1E,eAAO,MAAM,uBAAuB;;;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IACjC,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,~~MAAM~~,GAAG,IAAI,CAAC;~~CAC1B~~"}
1	+ {"version":3,"file":"invite_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAC,IAAI,EAAC,MAAM,YAAY,CAAC;AAChC,OAAO,EAAC,QAAQ,EAAE,KAAK,EAAC,MAAM,qBAAqB,CAAC;AAEpD,oCAAoC;AACpC,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,IAAI,CAAC;IACT,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,8CAA8C;AAC9C,eAAO,MAAM,UAAU;;;;;;;;kBAQrB,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD,0EAA0E;AAC1E,eAAO,MAAM,uBAAuB;;;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IACjC,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB"}

package/dist/auth/invite_schema.js CHANGED Viewed

@@ -7,16 +7,17 @@
  * @module
  */
 import { z } from 'zod';
+import { Uuid } from '../uuid.js';
 import { Username, Email } from './account_schema.js';
 /** Zod schema for client-safe invite data. */
 export const InviteJson = z.strictObject({
-    id: z.string(),
+    id: Uuid,
     email: Email.nullable(),
     username: Username.nullable(),
-    claimed_by: z.string().nullable(),
+    claimed_by: Uuid.nullable(),
     claimed_at: z.string().nullable(),
     created_at: z.string(),
-    created_by: z.string().nullable(),
+    created_by: Uuid.nullable(),
 });
 /** Zod schema for invite data with resolved creator/claimer usernames. */
 export const InviteWithUsernamesJson = InviteJson.extend({

package/dist/auth/migrations.d.ts CHANGED Viewed

@@ -35,6 +35,12 @@ export declare const AUTH_MIGRATION_NAMESPACE = "fuz_auth";
  * - v0: Full auth schema — account (with email_verified), actor, permit,
  *   auth_session, api_token, audit_log (with seq), bootstrap_lock, invite,
  *   app_settings, plus all indexes and seeds.
+ * - v1: `permit_offer` table for consentful grants; adds `scope_id` /
+ *   `source_offer_id` / `revoked_reason` to `permit` and swaps the
+ *   `(actor_id, role)` partial unique index for a scope-aware variant using
+ *   the all-zeros sentinel UUID. The `permit_offer` table carries a
+ *   `superseded_at` terminal state; its partial unique index is scoped by
+ *   `(to_account, role, scope, from_actor)` so multiple grantors may coexist.
  */
 export declare const AUTH_MIGRATIONS: Array<Migration>;
 /** Pre-composed migration namespace for auth tables. */

package/dist/auth/migrations.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"migrations.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/migrations.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;~~AAuBH~~,OAAO,KAAK,EAAC,SAAS,EAAE,kBAAkB,EAAC,MAAM,kBAAkB,CAAC;AAEpE,wDAAwD;AACxD,eAAO,MAAM,wBAAwB,aAAa,CAAC;AAEnD~~;;;;;;GAMG~~;AACH,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,SAAS,~~CAkC5C~~,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,iBAAiB,EAAE,kBAG/B,CAAC"}
1	+ {"version":3,"file":"migrations.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/migrations.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AA6BH,OAAO,KAAK,EAAC,SAAS,EAAE,kBAAkB,EAAC,MAAM,kBAAkB,CAAC;AAEpE,wDAAwD;AACxD,eAAO,MAAM,wBAAwB,aAAa,CAAC;AAEnD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,SAAS,CA6D5C,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,iBAAiB,EAAE,kBAG/B,CAAC"}

package/dist/auth/migrations.js CHANGED Viewed

@@ -28,6 +28,7 @@
  */
 import { ACCOUNT_SCHEMA, ACCOUNT_EMAIL_INDEX, ACCOUNT_USERNAME_CI_INDEX, ACTOR_SCHEMA, ACTOR_INDEX, PERMIT_SCHEMA, PERMIT_INDEXES, AUTH_SESSION_SCHEMA, AUTH_SESSION_INDEXES, API_TOKEN_SCHEMA, API_TOKEN_INDEX, BOOTSTRAP_LOCK_SCHEMA, BOOTSTRAP_LOCK_SEED, INVITE_SCHEMA, INVITE_INDEXES, APP_SETTINGS_SCHEMA, APP_SETTINGS_SEED, } from './ddl.js';
 import { AUDIT_LOG_SCHEMA, AUDIT_LOG_INDEXES } from './audit_log_schema.js';
+import { PERMIT_OFFER_SCHEMA, PERMIT_OFFER_PENDING_UNIQUE_INDEX, PERMIT_OFFER_INBOX_INDEX, PERMIT_OFFER_SCOPE_SENTINEL_UUID, } from './permit_offer_schema.js';
 /** Namespace identifier for fuz_app auth migrations. */
 export const AUTH_MIGRATION_NAMESPACE = 'fuz_auth';
 /**
@@ -36,6 +37,12 @@ export const AUTH_MIGRATION_NAMESPACE = 'fuz_auth';
  * - v0: Full auth schema — account (with email_verified), actor, permit,
  *   auth_session, api_token, audit_log (with seq), bootstrap_lock, invite,
  *   app_settings, plus all indexes and seeds.
+ * - v1: `permit_offer` table for consentful grants; adds `scope_id` /
+ *   `source_offer_id` / `revoked_reason` to `permit` and swaps the
+ *   `(actor_id, role)` partial unique index for a scope-aware variant using
+ *   the all-zeros sentinel UUID. The `permit_offer` table carries a
+ *   `superseded_at` terminal state; its partial unique index is scoped by
+ *   `(to_account, role, scope, from_actor)` so multiple grantors may coexist.
  */
 export const AUTH_MIGRATIONS = [
     // v0: full auth schema — all IF NOT EXISTS, safe for existing databases
@@ -71,6 +78,27 @@ export const AUTH_MIGRATIONS = [
             await db.query(APP_SETTINGS_SEED);
         },
     },
+    // v1: consentful permits — permit_offer table + scoped permits
+    {
+        name: 'permit_offer_and_scoped_permits',
+        up: async (db) => {
+            await db.query(PERMIT_OFFER_SCHEMA);
+            await db.query(PERMIT_OFFER_PENDING_UNIQUE_INDEX);
+            await db.query(PERMIT_OFFER_INBOX_INDEX);
+            await db.query('ALTER TABLE permit ADD COLUMN IF NOT EXISTS scope_id UUID NULL');
+            await db.query('ALTER TABLE permit ADD COLUMN IF NOT EXISTS source_offer_id UUID NULL REFERENCES permit_offer(id) ON DELETE SET NULL');
+            await db.query('ALTER TABLE permit ADD COLUMN IF NOT EXISTS revoked_reason TEXT NULL');
+            // swap the (actor_id, role) partial unique for a scope-aware variant.
+            // Existing rows have `scope_id = NULL` and collapse to the sentinel.
+            await db.query('DROP INDEX IF EXISTS permit_actor_role_active_unique');
+            await db.query(`CREATE UNIQUE INDEX IF NOT EXISTS permit_actor_role_scope_active_unique
+				   ON permit (actor_id, role, COALESCE(scope_id, '${PERMIT_OFFER_SCOPE_SENTINEL_UUID}'::uuid))
+				   WHERE revoked_at IS NULL`);
+            await db.query(`CREATE INDEX IF NOT EXISTS permit_scope_active
+				   ON permit (actor_id, role, scope_id)
+				   WHERE revoked_at IS NULL`);
+        },
+    },
 ];
 /** Pre-composed migration namespace for auth tables. */
 export const AUTH_MIGRATION_NS = {