npm - @fuzdev/fuz_app - Versions diffs - 0.29.0 → 0.31.0 - Mend

@fuzdev/fuz_app 0.29.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/actions/CLAUDE.md +630 -0
package/dist/actions/action_rpc.d.ts +29 -0
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +42 -6
package/dist/actions/action_types.d.ts +2 -2
package/dist/actions/cancel.d.ts +12 -13
package/dist/actions/cancel.d.ts.map +1 -1
package/dist/actions/cancel.js +10 -13
package/dist/actions/heartbeat.d.ts +8 -13
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -8
package/dist/actions/register_action_ws.d.ts +3 -3
package/dist/actions/register_action_ws.js +2 -2
package/dist/actions/register_ws_endpoint.d.ts +4 -4
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +3 -3
package/dist/actions/socket.svelte.d.ts +16 -16
package/dist/actions/socket.svelte.d.ts.map +1 -1
package/dist/actions/socket.svelte.js +15 -15
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.d.ts +15 -0
package/dist/actions/transports_ws_backend.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.js +17 -0
package/dist/auth/CLAUDE.md +923 -0
package/dist/auth/account_action_specs.d.ts +216 -0
package/dist/auth/account_action_specs.d.ts.map +1 -0
package/dist/auth/account_action_specs.js +159 -0
package/dist/auth/account_actions.d.ts +51 -0
package/dist/auth/account_actions.d.ts.map +1 -0
package/dist/auth/account_actions.js +119 -0
package/dist/auth/account_queries.d.ts +6 -2
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +40 -4
package/dist/auth/account_routes.d.ts +94 -16
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +108 -180
package/dist/auth/account_schema.d.ts +85 -30
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +40 -8
package/dist/auth/admin_action_specs.d.ts +674 -0
package/dist/auth/admin_action_specs.d.ts.map +1 -0
package/dist/auth/admin_action_specs.js +287 -0
package/dist/auth/admin_actions.d.ts +69 -0
package/dist/auth/admin_actions.d.ts.map +1 -0
package/dist/auth/admin_actions.js +256 -0
package/dist/auth/api_token.d.ts +10 -0
package/dist/auth/api_token.d.ts.map +1 -1
package/dist/auth/api_token.js +9 -0
package/dist/auth/api_token_queries.d.ts +3 -3
package/dist/auth/api_token_queries.js +3 -3
package/dist/auth/app_settings_schema.d.ts +4 -3
package/dist/auth/app_settings_schema.d.ts.map +1 -1
package/dist/auth/app_settings_schema.js +2 -1
package/dist/auth/audit_log_routes.d.ts +14 -6
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +22 -79
package/dist/auth/audit_log_schema.d.ts +100 -29
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +83 -11
package/dist/auth/bootstrap_routes.d.ts +14 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +10 -3
package/dist/auth/cleanup.d.ts +63 -0
package/dist/auth/cleanup.d.ts.map +1 -0
package/dist/auth/cleanup.js +80 -0
package/dist/auth/invite_schema.d.ts +11 -10
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +4 -3
package/dist/auth/migrations.d.ts +6 -0
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +28 -0
package/dist/auth/permit_offer_action_specs.d.ts +364 -0
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -0
package/dist/auth/permit_offer_action_specs.js +216 -0
package/dist/auth/permit_offer_actions.d.ts +96 -0
package/dist/auth/permit_offer_actions.d.ts.map +1 -0
package/dist/auth/permit_offer_actions.js +428 -0
package/dist/auth/permit_offer_notifications.d.ts +361 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -0
package/dist/auth/permit_offer_notifications.js +179 -0
package/dist/auth/permit_offer_queries.d.ts +165 -0
package/dist/auth/permit_offer_queries.d.ts.map +1 -0
package/dist/auth/permit_offer_queries.js +390 -0
package/dist/auth/permit_offer_schema.d.ts +103 -0
package/dist/auth/permit_offer_schema.d.ts.map +1 -0
package/dist/auth/permit_offer_schema.js +142 -0
package/dist/auth/permit_queries.d.ts +77 -14
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +119 -24
package/dist/auth/session_queries.d.ts +4 -2
package/dist/auth/session_queries.d.ts.map +1 -1
package/dist/auth/session_queries.js +4 -2
package/dist/auth/signup_routes.d.ts +13 -0
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +14 -7
package/dist/http/CLAUDE.md +584 -0
package/dist/http/pending_effects.d.ts +29 -0
package/dist/http/pending_effects.d.ts.map +1 -0
package/dist/http/pending_effects.js +31 -0
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +4 -3
package/dist/rate_limiter.d.ts +30 -0
package/dist/rate_limiter.d.ts.map +1 -1
package/dist/rate_limiter.js +25 -2
package/dist/realtime/sse_auth_guard.d.ts +2 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
package/dist/realtime/sse_auth_guard.js +5 -3
package/dist/testing/CLAUDE.md +668 -1
package/dist/testing/admin_integration.d.ts +10 -7
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +382 -482
package/dist/testing/app_server.d.ts +7 -6
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/attack_surface.d.ts +9 -3
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +4 -4
package/dist/testing/audit_completeness.d.ts +6 -0
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +158 -134
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +4 -33
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +2 -0
package/dist/testing/entities.d.ts +35 -13
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +17 -0
package/dist/testing/integration.d.ts +10 -0
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +352 -340
package/dist/testing/integration_helpers.d.ts +16 -5
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +24 -4
package/dist/testing/rate_limiting.d.ts +7 -0
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +41 -10
package/dist/testing/rpc_helpers.d.ts +153 -1
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +184 -8
package/dist/testing/sse_round_trip.d.ts +8 -0
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +10 -3
package/dist/testing/standard.d.ts +9 -1
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +6 -2
package/dist/testing/surface_invariants.d.ts +7 -3
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +5 -4
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +9 -38
package/dist/ui/AccountSessions.svelte +8 -4
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +61 -33
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +3 -2
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
package/dist/ui/AdminInvites.svelte +3 -2
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
package/dist/ui/AdminOverview.svelte +14 -9
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminPermitHistory.svelte +3 -2
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +29 -25
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +351 -0
package/dist/ui/OpenSignupToggle.svelte +6 -3
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/PermitOfferForm.svelte +141 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferHistory.svelte +109 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts +11 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferInbox.svelte +121 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts +12 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +53 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +39 -16
package/dist/ui/admin_accounts_state.svelte.d.ts +118 -2
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +99 -23
package/dist/ui/admin_invites_state.svelte.d.ts +47 -1
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +38 -26
package/dist/ui/admin_sessions_state.svelte.d.ts +26 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +35 -21
package/dist/ui/app_settings_state.svelte.d.ts +39 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +34 -18
package/dist/ui/audit_log_state.svelte.d.ts +40 -3
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +36 -42
package/dist/ui/auth_state.svelte.d.ts +4 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +4 -1
package/dist/ui/permit_offers_state.svelte.d.ts +125 -0
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/permit_offers_state.svelte.js +197 -0
package/package.json +3 -3
package/dist/auth/admin_routes.d.ts +0 -29
package/dist/auth/admin_routes.d.ts.map +0 -1
package/dist/auth/admin_routes.js +0 -226
package/dist/auth/app_settings_routes.d.ts +0 -27
package/dist/auth/app_settings_routes.d.ts.map +0 -1
package/dist/auth/app_settings_routes.js +0 -66
package/dist/auth/invite_routes.d.ts +0 -18
package/dist/auth/invite_routes.d.ts.map +0 -1
package/dist/auth/invite_routes.js +0 -129

package/dist/auth/account_routes.d.ts CHANGED Viewed

@@ -3,27 +3,72 @@
  *
  * Returns `RouteSpec[]` — caller applies them to Hono via `apply_route_specs`.
  *
- * Provides:
- * - `POST /login` — Exchange username + password for signed session cookie
- * - `POST /logout` — Clear session cookie and revoke auth session
- * - `GET /verify` — Check if current session is valid
- * - `GET /sessions` — List auth sessions for current account
- * - `POST /sessions/:id/revoke` — Revoke a single auth session (account-scoped)
- * - `POST /sessions/revoke-all` — Revoke all auth sessions for current account
- * - `POST /tokens/create` — Create an API token
- * - `GET /tokens` — List API tokens for current account
- * - `POST /tokens/:id/revoke` — Revoke an API token (account-scoped)
- * - `POST /password` — Change password (revokes all sessions and API tokens)
+ * Four REST flows remain here; each has a concrete reason to stay REST
+ * rather than moving to `account_actions.ts`:
  *
- * Signup is separate — see `signup_routes.ts` for invite-gated account creation.
- * Defaults are closed/safe: accounts are created through bootstrap, admin action, or invite.
+ * - `POST /login` — issues a signed `Set-Cookie` and pre-handler rate-limits
+ *   by IP + per-canonical-account before password hashing.
+ * - `POST /logout` — clears the session cookie.
+ * - `POST /password` — cookie clear + revoke-all cascade; rate-limit-shaped
+ *   error envelope on 429.
+ * - `GET /verify` — empty-body nginx `auth_request` probe. Programmatic
+ *   callers should use the `account_verify` RPC action for the typed payload.
+ *
+ * Session listing/revocation and API token CRUD are on the RPC endpoint —
+ * see `account_actions.ts`. Signup is in `signup_routes.ts`. Defaults are
+ * closed/safe: accounts are created through bootstrap, admin action, or
+ * invite.
  *
  * @module
  */
+import { z } from 'zod';
 import type { SessionOptions } from './session_cookie.js';
 import { type RouteSpec } from '../http/route_spec.js';
 import { type RateLimiter } from '../rate_limiter.js';
 import type { RouteFactoryDeps } from './deps.js';
+/** Input for `GET /api/account/status`. No parameters — caller is the subject. */
+export declare const AccountStatusInput: z.ZodNull;
+export type AccountStatusInput = z.infer<typeof AccountStatusInput>;
+/**
+ * Output for `GET /api/account/status` on the authenticated path.
+ *
+ * `account` and `actor` are the caller's own identity entities (v1 is 1:1
+ * account/actor, but `actor` is first-class so consumers don't have to
+ * derive `actor_id` from the permit list). Permits are already
+ * active-filtered by `build_request_context` via
+ * `query_permit_find_active_for_actor` — `revoked_at` / `revoked_by` /
+ * `revoked_reason` are never populated here, so `PermitSummaryJson`
+ * carries the fields a client actually needs (including `scope_id` for
+ * per-scope auth decisions).
+ */
+export declare const AccountStatusOutput: z.ZodObject<{
+    account: z.ZodObject<{
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        username: z.ZodString;
+        email: z.ZodNullable<z.ZodEmail>;
+        email_verified: z.ZodBoolean;
+        created_at: z.ZodString;
+    }, z.core.$strict>;
+    actor: z.ZodObject<{
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        name: z.ZodString;
+    }, z.core.$strict>;
+    permits: z.ZodArray<z.ZodObject<{
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        role: z.ZodString;
+        scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        created_at: z.ZodString;
+        expires_at: z.ZodNullable<z.ZodString>;
+        granted_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+    }, z.core.$strict>>;
+}, z.core.$strict>;
+export type AccountStatusOutput = z.infer<typeof AccountStatusOutput>;
+/** Error body for `GET /api/account/status` on the unauthenticated path. */
+export declare const AccountStatusUnauthenticatedError: z.ZodObject<{
+    error: z.ZodLiteral<"authentication_required">;
+    bootstrap_available: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$loose>;
+export type AccountStatusUnauthenticatedError = z.infer<typeof AccountStatusUnauthenticatedError>;
 /**
  * Create the account status route spec.
  *
@@ -89,8 +134,6 @@ export interface AccountRouteOptions extends AuthSessionRouteOptions {
     login_account_rate_limiter: RateLimiter | null;
     /** Max active sessions per account. Evicts oldest on login. Default 5, `null` disables. */
     max_sessions?: number | null;
-    /** Max API tokens per account. Evicts oldest on creation. Default 10, `null` disables. */
-    max_tokens?: number | null;
     /**
      * Minimum wall-clock time (ms) for login 401 responses. Set to `0` or a
      * negative number to disable (e.g., in tests). Default
@@ -103,10 +146,45 @@ export interface AccountRouteOptions extends AuthSessionRouteOptions {
      */
     login_fail_jitter_ms?: number;
 }
+/** Input for `POST /login`. Accepts a username or email in the `username` field. */
+export declare const LoginInput: z.ZodObject<{
+    username: z.ZodString;
+    password: z.ZodString;
+}, z.core.$strict>;
+export type LoginInput = z.infer<typeof LoginInput>;
+/** Output for `POST /login`. The signed session cookie is the operative side effect. */
+export declare const LoginOutput: z.ZodObject<{
+    ok: z.ZodLiteral<true>;
+}, z.core.$strict>;
+export type LoginOutput = z.infer<typeof LoginOutput>;
+/** Input for `POST /logout`. Session identity flows through the cookie. */
+export declare const LogoutInput: z.ZodNull;
+export type LogoutInput = z.infer<typeof LogoutInput>;
+/** Output for `POST /logout`. Includes the revoked account's username for UI redraw. */
+export declare const LogoutOutput: z.ZodObject<{
+    ok: z.ZodLiteral<true>;
+    username: z.ZodString;
+}, z.core.$strict>;
+export type LogoutOutput = z.infer<typeof LogoutOutput>;
+/** Input for `POST /password`. `current_password` is minimally validated; `new_password` enforces the full policy. */
+export declare const PasswordChangeInput: z.ZodObject<{
+    current_password: z.ZodString;
+    new_password: z.ZodString;
+}, z.core.$strict>;
+export type PasswordChangeInput = z.infer<typeof PasswordChangeInput>;
+/** Output for `POST /password`. Counts are returned so the UI can summarize the revoke-all cascade. */
+export declare const PasswordChangeOutput: z.ZodObject<{
+    ok: z.ZodLiteral<true>;
+    sessions_revoked: z.ZodNumber;
+    tokens_revoked: z.ZodNumber;
+}, z.core.$strict>;
+export type PasswordChangeOutput = z.infer<typeof PasswordChangeOutput>;
 /**
  * Create account route specs for session-based auth.
  *
- * All session/token revocation is account-scoped to prevent cross-account attacks.
+ * The returned specs cover the three flows that stay REST after the RPC
+ * migration (login, logout, password change). Self-service session/token
+ * management and verify are on `account_actions.ts`.
  *
  * @param deps - stateless capabilities (keyring, password, log)
  * @param options - per-factory configuration (session_options, ip_rate_limiter, login_account_rate_limiter)

package/dist/auth/account_routes.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_routes.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;;;;;GAqBG~~;~~AAKH~~,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;~~AA+BxD~~,OAAO,~~EAAoC~~,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;~~AAExF~~,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAElF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAGhD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gCAAgC,GAAI,UAAU,oBAAoB,KAAG,~~SA0BhF~~,CAAC;AAEH,iDAAiD;AACjD,MAAM,WAAW,oBAAoB;IACpC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8FAA8F;IAC9F,gBAAgB,CAAC,EAAE;QAAC,SAAS,EAAE,OAAO,CAAA;KAAC,CAAC;CACxC;AAED,4CAA4C;AAC5C,eAAO,MAAM,oBAAoB,IAAI,CAAC;AAEtC,8CAA8C;AAC9C,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAErC;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,MAAM,CAAC;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,KAAK,CAAC;AAQ/C;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kFAAkF;IAClF,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,uBAAuB;IACnE,4FAA4F;IAC5F,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,2FAA2F;IAC3F,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,~~0FAA0F~~;~~IAC1F~~,~~UAAU~~,CAAC,EAAE,MAAM,GAAG,~~IAAI~~,CAAC;~~IAC3B;;;;OAIG~~;~~IACH~~,~~mBAAmB~~,CAAC,~~EAAE~~,MAAM,CAAC;~~IAC7B~~;;;~~OAGG~~;~~IACH~~,~~oBAAoB~~,CAAC,~~EAAE~~,MAAM,CAAC;~~CAC9B~~;~~AAED;;;;;;;;GAQG~~;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,gBAAgB,EACtB,SAAS,mBAAmB,KAC1B,KAAK,CAAC,SAAS,~~CAgZjB~~,CAAC"}
1	+ {"version":3,"file":"account_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAsBxD,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAElF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAGhD,kFAAkF;AAClF,eAAO,MAAM,kBAAkB,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;kBAI9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,4EAA4E;AAC5E,eAAO,MAAM,iCAAiC;;;iBAG5C,CAAC;AACH,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAElG;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gCAAgC,GAAI,UAAU,oBAAoB,KAAG,SAmChF,CAAC;AAEH,iDAAiD;AACjD,MAAM,WAAW,oBAAoB;IACpC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8FAA8F;IAC9F,gBAAgB,CAAC,EAAE;QAAC,SAAS,EAAE,OAAO,CAAA;KAAC,CAAC;CACxC;AAED,4CAA4C;AAC5C,eAAO,MAAM,oBAAoB,IAAI,CAAC;AAEtC,8CAA8C;AAC9C,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAErC;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,MAAM,CAAC;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,KAAK,CAAC;AAQ/C;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kFAAkF;IAClF,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,uBAAuB;IACnE,4FAA4F;IAC5F,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,2FAA2F;IAC3F,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAID,oFAAoF;AACpF,eAAO,MAAM,UAAU;;;kBAGrB,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD,wFAAwF;AACxF,eAAO,MAAM,WAAW;;kBAEtB,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,2EAA2E;AAC3E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,wFAAwF;AACxF,eAAO,MAAM,YAAY;;;kBAGvB,CAAC;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD,sHAAsH;AACtH,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,uGAAuG;AACvG,eAAO,MAAM,oBAAoB;;;;kBAI/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,gBAAgB,EACtB,SAAS,mBAAmB,KAC1B,KAAK,CAAC,SAAS,CA4OjB,CAAC"}

package/dist/auth/account_routes.js CHANGED Viewed

@@ -3,39 +3,62 @@
  *
  * Returns `RouteSpec[]` — caller applies them to Hono via `apply_route_specs`.
  *
- * Provides:
- * - `POST /login` — Exchange username + password for signed session cookie
- * - `POST /logout` — Clear session cookie and revoke auth session
- * - `GET /verify` — Check if current session is valid
- * - `GET /sessions` — List auth sessions for current account
- * - `POST /sessions/:id/revoke` — Revoke a single auth session (account-scoped)
- * - `POST /sessions/revoke-all` — Revoke all auth sessions for current account
- * - `POST /tokens/create` — Create an API token
- * - `GET /tokens` — List API tokens for current account
- * - `POST /tokens/:id/revoke` — Revoke an API token (account-scoped)
- * - `POST /password` — Change password (revokes all sessions and API tokens)
+ * Four REST flows remain here; each has a concrete reason to stay REST
+ * rather than moving to `account_actions.ts`:
  *
- * Signup is separate — see `signup_routes.ts` for invite-gated account creation.
- * Defaults are closed/safe: accounts are created through bootstrap, admin action, or invite.
+ * - `POST /login` — issues a signed `Set-Cookie` and pre-handler rate-limits
+ *   by IP + per-canonical-account before password hashing.
+ * - `POST /logout` — clears the session cookie.
+ * - `POST /password` — cookie clear + revoke-all cascade; rate-limit-shaped
+ *   error envelope on 429.
+ * - `GET /verify` — empty-body nginx `auth_request` probe. Programmatic
+ *   callers should use the `account_verify` RPC action for the typed payload.
+ *
+ * Session listing/revocation and API token CRUD are on the RPC endpoint —
+ * see `account_actions.ts`. Signup is in `signup_routes.ts`. Defaults are
+ * closed/safe: accounts are created through bootstrap, admin action, or
+ * invite.
  *
  * @module
  */
 import { z } from 'zod';
-import { Blake3Hash } from '@fuzdev/fuz_util/hash_blake3.js';
 import { clear_session_cookie } from './session_middleware.js';
 import { create_session_and_set_cookie } from './session_lifecycle.js';
-import { to_session_account, SessionAccountJson, AuthSessionJson, ClientApiTokenJson, UsernameProvided, } from './account_schema.js';
-import { hash_session_token, query_session_revoke_by_hash, query_session_revoke_for_account, query_session_revoke_all_for_account, query_session_list_for_account, } from './session_queries.js';
+import { ActorSummaryJson, PermitSummaryJson, SessionAccountJson, to_session_account, UsernameProvided, } from './account_schema.js';
+import { hash_session_token, query_session_revoke_all_for_account, query_session_revoke_by_hash, } from './session_queries.js';
 import { query_account_by_username_or_email, query_update_account_password, } from './account_queries.js';
-import { query_create_api_token, query_api_token_enforce_limit, query_api_token_list_for_account, query_revoke_api_token_for_account, query_revoke_all_api_tokens_for_account, } from './api_token_queries.js';
+import { query_revoke_all_api_tokens_for_account } from './api_token_queries.js';
 import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { generate_api_token } from './api_token.js';
 import { get_request_context, require_request_context } from './request_context.js';
-import { get_route_input, get_route_params } from '../http/route_spec.js';
+import { get_route_input } from '../http/route_spec.js';
 import { get_client_ip } from '../http/proxy.js';
 import { rate_limit_exceeded_response } from '../rate_limiter.js';
 import { Password, PasswordProvided } from './password.js';
 import { ERROR_AUTHENTICATION_REQUIRED, ERROR_INVALID_CREDENTIALS } from '../http/error_schemas.js';
+/** Input for `GET /api/account/status`. No parameters — caller is the subject. */
+export const AccountStatusInput = z.null();
+/**
+ * Output for `GET /api/account/status` on the authenticated path.
+ *
+ * `account` and `actor` are the caller's own identity entities (v1 is 1:1
+ * account/actor, but `actor` is first-class so consumers don't have to
+ * derive `actor_id` from the permit list). Permits are already
+ * active-filtered by `build_request_context` via
+ * `query_permit_find_active_for_actor` — `revoked_at` / `revoked_by` /
+ * `revoked_reason` are never populated here, so `PermitSummaryJson`
+ * carries the fields a client actually needs (including `scope_id` for
+ * per-scope auth decisions).
+ */
+export const AccountStatusOutput = z.strictObject({
+    account: SessionAccountJson,
+    actor: ActorSummaryJson,
+    permits: z.array(PermitSummaryJson),
+});
+/** Error body for `GET /api/account/status` on the unauthenticated path. */
+export const AccountStatusUnauthenticatedError = z.looseObject({
+    error: z.literal(ERROR_AUTHENTICATION_REQUIRED),
+    bootstrap_available: z.boolean().optional(),
+});
 /**
  * Create the account status route spec.
  *
@@ -54,18 +77,27 @@ export const create_account_status_route_spec = (options) => ({
     path: options?.path ?? '/api/account/status',
     auth: { type: 'none' },
     description: 'Current account info (unauthenticated: 401 with bootstrap status)',
-    input: z.null(),
-    output: z.looseObject({ account: z.looseObject({}) }),
+    input: AccountStatusInput,
+    output: AccountStatusOutput,
     errors: {
-        401: z.looseObject({
-            error: z.literal(ERROR_AUTHENTICATION_REQUIRED),
-            bootstrap_available: z.boolean().optional(),
-        }),
+        401: AccountStatusUnauthenticatedError,
     },
     handler: (c) => {
         const ctx = get_request_context(c);
         if (ctx) {
-            return c.json({ account: to_session_account(ctx.account), permits: ctx.permits });
+            const permits = ctx.permits.map((p) => ({
+                id: p.id,
+                role: p.role,
+                scope_id: p.scope_id,
+                created_at: p.created_at,
+                expires_at: p.expires_at,
+                granted_by: p.granted_by,
+            }));
+            return c.json({
+                account: to_session_account(ctx.account),
+                actor: { id: ctx.actor.id, name: ctx.actor.name },
+                permits,
+            });
         }
         return c.json({
             error: ERROR_AUTHENTICATION_REQUIRED,
@@ -102,10 +134,40 @@ const login_fail_delay = (floor_ms, jitter_ms) => {
     const jitter = jitter_ms > 0 ? Math.floor(Math.random() * (jitter_ms * 2 + 1)) - jitter_ms : 0;
     return new Promise((resolve) => setTimeout(resolve, floor_ms + jitter));
 };
+// -- Input/output schemas ---------------------------------------------------
+/** Input for `POST /login`. Accepts a username or email in the `username` field. */
+export const LoginInput = z.strictObject({
+    username: UsernameProvided,
+    password: PasswordProvided,
+});
+/** Output for `POST /login`. The signed session cookie is the operative side effect. */
+export const LoginOutput = z.strictObject({
+    ok: z.literal(true),
+});
+/** Input for `POST /logout`. Session identity flows through the cookie. */
+export const LogoutInput = z.null();
+/** Output for `POST /logout`. Includes the revoked account's username for UI redraw. */
+export const LogoutOutput = z.strictObject({
+    ok: z.literal(true),
+    username: z.string(),
+});
+/** Input for `POST /password`. `current_password` is minimally validated; `new_password` enforces the full policy. */
+export const PasswordChangeInput = z.strictObject({
+    current_password: PasswordProvided,
+    new_password: Password,
+});
+/** Output for `POST /password`. Counts are returned so the UI can summarize the revoke-all cascade. */
+export const PasswordChangeOutput = z.strictObject({
+    ok: z.literal(true),
+    sessions_revoked: z.number(),
+    tokens_revoked: z.number(),
+});
 /**
  * Create account route specs for session-based auth.
  *
- * All session/token revocation is account-scoped to prevent cross-account attacks.
+ * The returned specs cover the three flows that stay REST after the RPC
+ * migration (login, logout, password change). Self-service session/token
+ * management and verify are on `account_actions.ts`.
  *
  * @param deps - stateless capabilities (keyring, password, log)
  * @param options - per-factory configuration (session_options, ip_rate_limiter, login_account_rate_limiter)
@@ -113,18 +175,27 @@ const login_fail_delay = (floor_ms, jitter_ms) => {
  */
 export const create_account_route_specs = (deps, options) => {
     const { keyring, password, on_audit_event } = deps;
-    const { session_options, ip_rate_limiter, login_account_rate_limiter, max_sessions = DEFAULT_MAX_SESSIONS, max_tokens = DEFAULT_MAX_TOKENS, login_fail_floor_ms = DEFAULT_LOGIN_FAIL_FLOOR_MS, login_fail_jitter_ms = DEFAULT_LOGIN_FAIL_JITTER_MS, } = options;
+    const { session_options, ip_rate_limiter, login_account_rate_limiter, max_sessions = DEFAULT_MAX_SESSIONS, login_fail_floor_ms = DEFAULT_LOGIN_FAIL_FLOOR_MS, login_fail_jitter_ms = DEFAULT_LOGIN_FAIL_JITTER_MS, } = options;
     return [
+        {
+            method: 'GET',
+            path: '/verify',
+            auth: { type: 'authenticated' },
+            description: 'Session-validity probe for nginx auth_request (empty body, 200 or 401)',
+            input: z.null(),
+            output: z.null(),
+            handler: (c) => {
+                require_request_context(c);
+                return c.body(null, 200);
+            },
+        },
         {
             method: 'POST',
             path: '/login',
             auth: { type: 'none' },
             description: 'Exchange credentials for session',
-            input: z.strictObject({
-                username: UsernameProvided,
-                password: PasswordProvided,
-            }),
-            output: z.strictObject({ ok: z.literal(true) }),
+            input: LoginInput,
+            output: LoginOutput,
             rate_limit: 'both',
             errors: { 401: z.looseObject({ error: z.literal(ERROR_INVALID_CREDENTIALS) }) },
             handler: async (c, route) => {
@@ -213,8 +284,8 @@ export const create_account_route_specs = (deps, options) => {
             path: '/logout',
             auth: { type: 'authenticated' },
             description: 'Revoke current session and clear cookie',
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), username: z.string() }),
+            input: LogoutInput,
+            output: LogoutOutput,
             handler: async (c, route) => {
                 const ctx = require_request_context(c);
                 const session_token = c.get(session_options.context_key) ?? null;
@@ -232,156 +303,13 @@ export const create_account_route_specs = (deps, options) => {
                 return c.json({ ok: true, username: ctx.account.username });
             },
         },
-        {
-            method: 'GET',
-            path: '/verify',
-            auth: { type: 'authenticated' },
-            description: 'Check session validity',
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), account: SessionAccountJson }),
-            handler: (c) => {
-                const ctx = require_request_context(c);
-                return c.json({ ok: true, account: to_session_account(ctx.account) });
-            },
-        },
-        {
-            method: 'GET',
-            path: '/sessions',
-            auth: { type: 'authenticated' },
-            description: 'List auth sessions for current account',
-            input: z.null(),
-            output: z.strictObject({ sessions: z.array(AuthSessionJson) }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const sessions = await query_session_list_for_account(route, ctx.account.id);
-                return c.json({ sessions });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/sessions/:id/revoke',
-            auth: { type: 'authenticated' },
-            description: 'Revoke a single auth session (account-scoped)',
-            params: z.strictObject({ id: Blake3Hash }),
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), revoked: z.boolean() }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const { id } = get_route_params(c);
-                const revoked = await query_session_revoke_for_account(route, id, ctx.account.id);
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'session_revoke',
-                    outcome: revoked ? 'success' : 'failure',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { session_id: id },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, revoked });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/sessions/revoke-all',
-            auth: { type: 'authenticated' },
-            description: 'Revoke all auth sessions for current account',
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), count: z.number() }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const count = await query_session_revoke_all_for_account(route, ctx.account.id);
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'session_revoke_all',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { count },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, count });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/tokens/create',
-            auth: { type: 'authenticated' },
-            description: 'Create API token (shown once)',
-            input: z.strictObject({
-                name: z.string().default('CLI token'),
-            }),
-            output: z.strictObject({
-                ok: z.literal(true),
-                token: z.string(),
-                id: z.string(),
-                name: z.string(),
-            }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const { name } = get_route_input(c);
-                const { token, id, token_hash } = generate_api_token();
-                await query_create_api_token(route, id, ctx.account.id, name, token_hash);
-                if (max_tokens != null) {
-                    await query_api_token_enforce_limit(route, ctx.account.id, max_tokens);
-                }
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'token_create',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { token_id: id, name },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, token, id, name });
-            },
-        },
-        {
-            method: 'GET',
-            path: '/tokens',
-            auth: { type: 'authenticated' },
-            description: 'List API tokens for current account',
-            input: z.null(),
-            output: z.strictObject({ tokens: z.array(ClientApiTokenJson) }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const tokens = await query_api_token_list_for_account(route, ctx.account.id);
-                return c.json({ tokens });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/tokens/:id/revoke',
-            auth: { type: 'authenticated' },
-            description: 'Revoke an API token (account-scoped)',
-            params: z.strictObject({ id: z.string().regex(/^tok_[A-Za-z0-9_-]{12}$/) }),
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), revoked: z.boolean() }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const { id } = get_route_params(c);
-                const revoked = await query_revoke_api_token_for_account(route, id, ctx.account.id);
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'token_revoke',
-                    outcome: revoked ? 'success' : 'failure',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { token_id: id },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, revoked });
-            },
-        },
         {
             method: 'POST',
             path: '/password',
             auth: { type: 'authenticated' },
             description: 'Change password (revokes all sessions and API tokens)',
-            input: z.strictObject({
-                current_password: PasswordProvided,
-                new_password: Password,
-            }),
-            output: z.strictObject({
-                ok: z.literal(true),
-                sessions_revoked: z.number(),
-                tokens_revoked: z.number(),
-            }),
+            input: PasswordChangeInput,
+            output: PasswordChangeOutput,
             rate_limit: login_account_rate_limiter ? 'both' : 'ip',
             handler: async (c, route) => {
                 // per-IP rate limit check (before argon2 work)