npm - @fuzdev/fuz_app - Versions diffs - 0.29.0 → 0.31.0 - Mend

@fuzdev/fuz_app 0.29.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/actions/CLAUDE.md +630 -0
package/dist/actions/action_rpc.d.ts +29 -0
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +42 -6
package/dist/actions/action_types.d.ts +2 -2
package/dist/actions/cancel.d.ts +12 -13
package/dist/actions/cancel.d.ts.map +1 -1
package/dist/actions/cancel.js +10 -13
package/dist/actions/heartbeat.d.ts +8 -13
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -8
package/dist/actions/register_action_ws.d.ts +3 -3
package/dist/actions/register_action_ws.js +2 -2
package/dist/actions/register_ws_endpoint.d.ts +4 -4
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +3 -3
package/dist/actions/socket.svelte.d.ts +16 -16
package/dist/actions/socket.svelte.d.ts.map +1 -1
package/dist/actions/socket.svelte.js +15 -15
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.d.ts +15 -0
package/dist/actions/transports_ws_backend.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.js +17 -0
package/dist/auth/CLAUDE.md +923 -0
package/dist/auth/account_action_specs.d.ts +216 -0
package/dist/auth/account_action_specs.d.ts.map +1 -0
package/dist/auth/account_action_specs.js +159 -0
package/dist/auth/account_actions.d.ts +51 -0
package/dist/auth/account_actions.d.ts.map +1 -0
package/dist/auth/account_actions.js +119 -0
package/dist/auth/account_queries.d.ts +6 -2
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +40 -4
package/dist/auth/account_routes.d.ts +94 -16
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +108 -180
package/dist/auth/account_schema.d.ts +85 -30
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +40 -8
package/dist/auth/admin_action_specs.d.ts +674 -0
package/dist/auth/admin_action_specs.d.ts.map +1 -0
package/dist/auth/admin_action_specs.js +287 -0
package/dist/auth/admin_actions.d.ts +69 -0
package/dist/auth/admin_actions.d.ts.map +1 -0
package/dist/auth/admin_actions.js +256 -0
package/dist/auth/api_token.d.ts +10 -0
package/dist/auth/api_token.d.ts.map +1 -1
package/dist/auth/api_token.js +9 -0
package/dist/auth/api_token_queries.d.ts +3 -3
package/dist/auth/api_token_queries.js +3 -3
package/dist/auth/app_settings_schema.d.ts +4 -3
package/dist/auth/app_settings_schema.d.ts.map +1 -1
package/dist/auth/app_settings_schema.js +2 -1
package/dist/auth/audit_log_routes.d.ts +14 -6
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +22 -79
package/dist/auth/audit_log_schema.d.ts +100 -29
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +83 -11
package/dist/auth/bootstrap_routes.d.ts +14 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +10 -3
package/dist/auth/cleanup.d.ts +63 -0
package/dist/auth/cleanup.d.ts.map +1 -0
package/dist/auth/cleanup.js +80 -0
package/dist/auth/invite_schema.d.ts +11 -10
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +4 -3
package/dist/auth/migrations.d.ts +6 -0
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +28 -0
package/dist/auth/permit_offer_action_specs.d.ts +364 -0
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -0
package/dist/auth/permit_offer_action_specs.js +216 -0
package/dist/auth/permit_offer_actions.d.ts +96 -0
package/dist/auth/permit_offer_actions.d.ts.map +1 -0
package/dist/auth/permit_offer_actions.js +428 -0
package/dist/auth/permit_offer_notifications.d.ts +361 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -0
package/dist/auth/permit_offer_notifications.js +179 -0
package/dist/auth/permit_offer_queries.d.ts +165 -0
package/dist/auth/permit_offer_queries.d.ts.map +1 -0
package/dist/auth/permit_offer_queries.js +390 -0
package/dist/auth/permit_offer_schema.d.ts +103 -0
package/dist/auth/permit_offer_schema.d.ts.map +1 -0
package/dist/auth/permit_offer_schema.js +142 -0
package/dist/auth/permit_queries.d.ts +77 -14
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +119 -24
package/dist/auth/session_queries.d.ts +4 -2
package/dist/auth/session_queries.d.ts.map +1 -1
package/dist/auth/session_queries.js +4 -2
package/dist/auth/signup_routes.d.ts +13 -0
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +14 -7
package/dist/http/CLAUDE.md +584 -0
package/dist/http/pending_effects.d.ts +29 -0
package/dist/http/pending_effects.d.ts.map +1 -0
package/dist/http/pending_effects.js +31 -0
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +4 -3
package/dist/rate_limiter.d.ts +30 -0
package/dist/rate_limiter.d.ts.map +1 -1
package/dist/rate_limiter.js +25 -2
package/dist/realtime/sse_auth_guard.d.ts +2 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
package/dist/realtime/sse_auth_guard.js +5 -3
package/dist/testing/CLAUDE.md +668 -1
package/dist/testing/admin_integration.d.ts +10 -7
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +382 -482
package/dist/testing/app_server.d.ts +7 -6
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/attack_surface.d.ts +9 -3
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +4 -4
package/dist/testing/audit_completeness.d.ts +6 -0
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +158 -134
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +4 -33
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +2 -0
package/dist/testing/entities.d.ts +35 -13
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +17 -0
package/dist/testing/integration.d.ts +10 -0
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +352 -340
package/dist/testing/integration_helpers.d.ts +16 -5
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +24 -4
package/dist/testing/rate_limiting.d.ts +7 -0
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +41 -10
package/dist/testing/rpc_helpers.d.ts +153 -1
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +184 -8
package/dist/testing/sse_round_trip.d.ts +8 -0
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +10 -3
package/dist/testing/standard.d.ts +9 -1
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +6 -2
package/dist/testing/surface_invariants.d.ts +7 -3
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +5 -4
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +9 -38
package/dist/ui/AccountSessions.svelte +8 -4
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +61 -33
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +3 -2
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
package/dist/ui/AdminInvites.svelte +3 -2
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
package/dist/ui/AdminOverview.svelte +14 -9
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminPermitHistory.svelte +3 -2
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +29 -25
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +351 -0
package/dist/ui/OpenSignupToggle.svelte +6 -3
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/PermitOfferForm.svelte +141 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferHistory.svelte +109 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts +11 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferInbox.svelte +121 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts +12 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +53 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +39 -16
package/dist/ui/admin_accounts_state.svelte.d.ts +118 -2
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +99 -23
package/dist/ui/admin_invites_state.svelte.d.ts +47 -1
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +38 -26
package/dist/ui/admin_sessions_state.svelte.d.ts +26 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +35 -21
package/dist/ui/app_settings_state.svelte.d.ts +39 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +34 -18
package/dist/ui/audit_log_state.svelte.d.ts +40 -3
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +36 -42
package/dist/ui/auth_state.svelte.d.ts +4 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +4 -1
package/dist/ui/permit_offers_state.svelte.d.ts +125 -0
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/permit_offers_state.svelte.js +197 -0
package/package.json +3 -3
package/dist/auth/admin_routes.d.ts +0 -29
package/dist/auth/admin_routes.d.ts.map +0 -1
package/dist/auth/admin_routes.js +0 -226
package/dist/auth/app_settings_routes.d.ts +0 -27
package/dist/auth/app_settings_routes.d.ts.map +0 -1
package/dist/auth/app_settings_routes.js +0 -66
package/dist/auth/invite_routes.d.ts +0 -18
package/dist/auth/invite_routes.d.ts.map +0 -1
package/dist/auth/invite_routes.js +0 -129

package/dist/auth/app_settings_routes.js DELETED Viewed

@@ -1,66 +0,0 @@
-/**
- * Admin app settings route specs.
- *
- * GET and PATCH routes for managing global app settings (e.g. open signup toggle).
- * All routes require the `admin` role.
- *
- * @module
- */
-import { z } from 'zod';
-import { get_route_input } from '../http/route_spec.js';
-import { require_request_context } from './request_context.js';
-import { get_client_ip } from '../http/proxy.js';
-import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { query_app_settings_load_with_username, query_app_settings_update, } from './app_settings_queries.js';
-import { AppSettingsWithUsernameJson, UpdateAppSettingsInput, } from './app_settings_schema.js';
-/**
- * Create admin app settings route specs.
- *
- * @param deps - stateless capabilities (log, on_audit_event)
- * @param options - per-factory configuration
- * @returns route specs for app settings management
- */
-export const create_app_settings_route_specs = (deps, options) => {
-    const { app_settings } = options;
-    return [
-        {
-            method: 'GET',
-            path: '/settings',
-            auth: { type: 'role', role: 'admin' },
-            description: 'Get app settings',
-            input: z.null(),
-            output: z.strictObject({ settings: AppSettingsWithUsernameJson }),
-            handler: async (c, route) => {
-                const settings = await query_app_settings_load_with_username(route);
-                return c.json({ settings });
-            },
-        },
-        {
-            method: 'PATCH',
-            path: '/settings',
-            auth: { type: 'role', role: 'admin' },
-            description: 'Update app settings',
-            input: UpdateAppSettingsInput,
-            output: z.strictObject({ ok: z.literal(true), settings: AppSettingsWithUsernameJson }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const { open_signup } = get_route_input(c);
-                const old_value = app_settings.open_signup;
-                const updated = await query_app_settings_update(route, open_signup, ctx.actor.id);
-                // Mutate the in-memory ref so GET reads are consistent
-                app_settings.open_signup = updated.open_signup;
-                app_settings.updated_at = updated.updated_at;
-                app_settings.updated_by = updated.updated_by;
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'app_settings_update',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { setting: 'open_signup', old_value, new_value: open_signup },
-                }, deps.log, deps.on_audit_event);
-                const settings_with_username = await query_app_settings_load_with_username(route);
-                return c.json({ ok: true, settings: settings_with_username });
-            },
-        },
-    ];
-};

package/dist/auth/invite_routes.d.ts DELETED Viewed

@@ -1,18 +0,0 @@
-/**
- * Admin invite route specs for invite-based signup.
- *
- * All routes require the `admin` role. Provides CRUD for invites
- * that gate who can sign up.
- *
- * @module
- */
-import { type RouteSpec } from '../http/route_spec.js';
-import type { RouteFactoryDeps } from './deps.js';
-/**
- * Create admin invite route specs.
- *
- * @param deps - stateless capabilities (log)
- * @returns route specs for invite management
- */
-export declare const create_invite_route_specs: (deps: Pick<RouteFactoryDeps, "log" | "on_audit_event">) => Array<RouteSpec>;
-//# sourceMappingURL=invite_routes.d.ts.map

package/dist/auth/invite_routes.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"invite_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAoC,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAYxF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAUhD;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,gBAAgB,CAAC,KACpD,KAAK,CAAC,SAAS,CAwHjB,CAAC"}

package/dist/auth/invite_routes.js DELETED Viewed

@@ -1,129 +0,0 @@
-/**
- * Admin invite route specs for invite-based signup.
- *
- * All routes require the `admin` role. Provides CRUD for invites
- * that gate who can sign up.
- *
- * @module
- */
-import { z } from 'zod';
-import { get_route_input, get_route_params } from '../http/route_spec.js';
-import { require_request_context } from './request_context.js';
-import { get_client_ip } from '../http/proxy.js';
-import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { query_account_by_username, query_account_by_email } from './account_queries.js';
-import { query_create_invite, query_invite_list_all_with_usernames, query_invite_delete_unclaimed, } from './invite_queries.js';
-import { InviteJson, InviteWithUsernamesJson } from './invite_schema.js';
-import { Username, Email } from './account_schema.js';
-import { is_pg_unique_violation } from '../db/pg_error.js';
-import { ERROR_INVITE_NOT_FOUND, ERROR_INVITE_MISSING_IDENTIFIER, ERROR_INVITE_DUPLICATE, ERROR_INVITE_ACCOUNT_EXISTS_USERNAME, ERROR_INVITE_ACCOUNT_EXISTS_EMAIL, } from '../http/error_schemas.js';
-/**
- * Create admin invite route specs.
- *
- * @param deps - stateless capabilities (log)
- * @returns route specs for invite management
- */
-export const create_invite_route_specs = (deps) => {
-    return [
-        {
-            method: 'POST',
-            path: '/invites',
-            auth: { type: 'role', role: 'admin' },
-            description: 'Create an invite',
-            input: z.strictObject({
-                email: Email.nullish(),
-                username: Username.nullish(),
-            }),
-            output: z.strictObject({ ok: z.literal(true), invite: InviteJson }),
-            errors: {
-                400: z.looseObject({ error: z.literal(ERROR_INVITE_MISSING_IDENTIFIER) }),
-                409: z.looseObject({
-                    error: z.enum([
-                        ERROR_INVITE_DUPLICATE,
-                        ERROR_INVITE_ACCOUNT_EXISTS_USERNAME,
-                        ERROR_INVITE_ACCOUNT_EXISTS_EMAIL,
-                    ]),
-                }),
-            },
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const { email, username } = get_route_input(c);
-                if (!email && !username) {
-                    return c.json({ error: ERROR_INVITE_MISSING_IDENTIFIER }, 400);
-                }
-                if (username) {
-                    const existing = await query_account_by_username(route, username);
-                    if (existing) {
-                        return c.json({ error: ERROR_INVITE_ACCOUNT_EXISTS_USERNAME }, 409);
-                    }
-                }
-                if (email) {
-                    const existing = await query_account_by_email(route, email);
-                    if (existing) {
-                        return c.json({ error: ERROR_INVITE_ACCOUNT_EXISTS_EMAIL }, 409);
-                    }
-                }
-                let invite;
-                try {
-                    invite = await query_create_invite(route, {
-                        email: email ?? null,
-                        username: username ?? null,
-                        created_by: ctx.actor.id,
-                    });
-                }
-                catch (e) {
-                    if (is_pg_unique_violation(e)) {
-                        return c.json({ error: ERROR_INVITE_DUPLICATE }, 409);
-                    }
-                    throw e;
-                }
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'invite_create',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { invite_id: invite.id, email: email ?? null, username: username ?? null },
-                }, deps.log, deps.on_audit_event);
-                return c.json({ ok: true, invite });
-            },
-        },
-        {
-            method: 'GET',
-            path: '/invites',
-            auth: { type: 'role', role: 'admin' },
-            description: 'List all invites',
-            input: z.null(),
-            output: z.strictObject({ invites: z.array(InviteWithUsernamesJson) }),
-            handler: async (c, route) => {
-                const invites = await query_invite_list_all_with_usernames(route);
-                return c.json({ invites });
-            },
-        },
-        {
-            method: 'DELETE',
-            path: '/invites/:id',
-            auth: { type: 'role', role: 'admin' },
-            description: 'Delete an unclaimed invite',
-            params: z.strictObject({ id: z.uuid() }),
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true) }),
-            errors: { 404: z.looseObject({ error: z.literal(ERROR_INVITE_NOT_FOUND) }) },
-            handler: async (c, route) => {
-                const { id } = get_route_params(c);
-                const deleted = await query_invite_delete_unclaimed(route, id);
-                if (!deleted) {
-                    return c.json({ error: ERROR_INVITE_NOT_FOUND }, 404);
-                }
-                const ctx = require_request_context(c);
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'invite_delete',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { invite_id: id },
-                }, deps.log, deps.on_audit_event);
-                return c.json({ ok: true });
-            },
-        },
-    ];
-};