@fuzdev/fuz_app 0.29.0 → 0.31.0

package/dist/auth/account_schema.d.ts

@@ -10,6 +10,7 @@
  * @module
  */
 import { z } from 'zod';
+import { Uuid } from '../uuid.js';
 /** Minimum username length (must have start + middle + end characters). */
 export declare const USERNAME_LENGTH_MIN = 3;
 /** Maximum username length (matches GitHub's limit). */
@@ -27,19 +28,19 @@ export declare const Email: z.ZodEmail;
 export type Email = z.infer<typeof Email>;
 /** Account — authentication identity. You log in as an account. */
 export interface Account {
-    id: string;
+    id: Uuid;
     username: Username;
     email: Email | null;
     email_verified: boolean;
     password_hash: string;
     created_at: string;
-    created_by: string | null;
+    created_by: Uuid | null;
     updated_at: string;
-    updated_by: string | null;
+    updated_by: Uuid | null;
 }
 /** Account without sensitive fields, scoped to the authenticated user's own session. */
 export interface SessionAccount {
-    id: string;
+    id: Uuid;
     username: Username;
     email: Email | null;
     email_verified: boolean;
@@ -47,29 +48,45 @@ export interface SessionAccount {
 }
 /** Actor — the entity that acts. Owns cells, holds permits, appears in audit trails. */
 export interface Actor {
-    id: string;
-    account_id: string;
+    id: Uuid;
+    account_id: Uuid;
     name: string;
     created_at: string;
     updated_at: string | null;
-    updated_by: string | null;
+    updated_by: Uuid | null;
 }
+/**
+ * Maximum length of the optional free-form `revoked_reason` attached to a
+ * revoked permit. Bounds the value at the schema layer so both the admin
+ * input (when the route surfaces a reason field) and the revokee-facing
+ * `permit_revoke` WS notification validate against the same ceiling.
+ */
+export declare const PERMIT_REVOKED_REASON_LENGTH_MAX = 500;
 /** Permit — time-bounded, revocable grant of a role to an actor. */
 export interface Permit {
-    id: string;
-    actor_id: string;
+    id: Uuid;
+    actor_id: Uuid;
     role: string;
+    /** Resource scope this grant applies to (e.g. a classroom id). `null` for global permits. */
+    scope_id: Uuid | null;
     created_at: string;
     expires_at: string | null;
     revoked_at: string | null;
-    revoked_by: string | null;
-    granted_by: string | null;
+    revoked_by: Uuid | null;
+    /** Optional free-form reason attached on revoke (surfaced in the revokee WS notification once it lands). */
+    revoked_reason: string | null;
+    granted_by: Uuid | null;
+    /** Offer that produced this permit (set by `query_accept_offer`). `null` for direct grants. */
+    source_offer_id: Uuid | null;
 }
-export declare const is_permit_active: (p: Permit, now?: Date) => boolean;
+export declare const is_permit_active: (p: {
+    revoked_at?: string | null;
+    expires_at: string | null;
+}, now?: Date) => boolean;
 /** Server-side auth session, keyed by blake3 hash of session token. */
 export interface AuthSession {
     id: string;
-    account_id: string;
+    account_id: Uuid;
     created_at: string;
     expires_at: string;
     last_seen_at: string;
@@ -77,7 +94,7 @@ export interface AuthSession {
 /** API token for CLI/programmatic access. */
 export interface ApiToken {
     id: string;
-    account_id: string;
+    account_id: Uuid;
     name: string;
     token_hash: string;
     expires_at: string | null;
@@ -87,7 +104,7 @@ export interface ApiToken {
 }
 /** Zod schema for `SessionAccount` — account without sensitive fields. */
 export declare const SessionAccountJson: z.ZodObject<{
-    id: z.ZodString;
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     username: z.ZodString;
     email: z.ZodNullable<z.ZodEmail>;
     email_verified: z.ZodBoolean;
@@ -97,7 +114,7 @@ export type SessionAccountJson = z.infer<typeof SessionAccountJson>;
 /** Zod schema for `AuthSession` — id is the blake3 hash, safe for client. */
 export declare const AuthSessionJson: z.ZodObject<{
     id: z.ZodString;
-    account_id: z.ZodString;
+    account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     created_at: z.ZodString;
     expires_at: z.ZodString;
     last_seen_at: z.ZodString;
@@ -106,7 +123,7 @@ export type AuthSessionJson = z.infer<typeof AuthSessionJson>;
 /** Zod schema for client-safe API token listing (excludes `token_hash`). */
 export declare const ClientApiTokenJson: z.ZodObject<{
     id: z.ZodString;
-    account_id: z.ZodString;
+    account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     name: z.ZodString;
     expires_at: z.ZodNullable<z.ZodString>;
     last_used_at: z.ZodNullable<z.ZodString>;
@@ -116,51 +133,85 @@ export declare const ClientApiTokenJson: z.ZodObject<{
 export type ClientApiTokenJson = z.infer<typeof ClientApiTokenJson>;
 /** Zod schema for the permit summary returned in admin account listings. */
 export declare const PermitSummaryJson: z.ZodObject<{
-    id: z.ZodString;
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     role: z.ZodString;
+    scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     created_at: z.ZodString;
     expires_at: z.ZodNullable<z.ZodString>;
-    granted_by: z.ZodNullable<z.ZodString>;
+    granted_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitSummaryJson = z.infer<typeof PermitSummaryJson>;
 /** Zod schema for the actor summary returned in admin account listings. */
 export declare const ActorSummaryJson: z.ZodObject<{
-    id: z.ZodString;
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     name: z.ZodString;
 }, z.core.$strict>;
 export type ActorSummaryJson = z.infer<typeof ActorSummaryJson>;
 /** Zod schema for admin-facing account data — extends `SessionAccountJson` with audit fields. */
 export declare const AdminAccountJson: z.ZodObject<{
-    id: z.ZodString;
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     username: z.ZodString;
     email: z.ZodNullable<z.ZodEmail>;
     email_verified: z.ZodBoolean;
     created_at: z.ZodString;
     updated_at: z.ZodString;
-    updated_by: z.ZodNullable<z.ZodString>;
+    updated_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type AdminAccountJson = z.infer<typeof AdminAccountJson>;
-/** Zod schema for an admin account listing entry (account + actor + permits). */
+/**
+ * Zod schema for a pending permit offer surfaced in admin account listings.
+ *
+ * Deliberately narrower than `PermitOfferJson`: omits `message` and
+ * `decline_reason` so cross-admin visibility of the listing does not expose
+ * grantor-authored text that the audit log also withholds. Full offer
+ * payloads remain available through the offer-specific RPC surface and the
+ * audit log when admins need them.
+ *
+ * `from_username` is resolved server-side so multi-admin deployments can see
+ * at a glance whose pending offer is blocking a "+ {role}" button; the
+ * resolution runs inside the listing query's parallel batch.
+ */
+export declare const PendingOfferSummaryJson: z.ZodObject<{
+    id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+    role: z.ZodString;
+    scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+    from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+    from_username: z.ZodString;
+    created_at: z.ZodString;
+    expires_at: z.ZodString;
+}, z.core.$strict>;
+export type PendingOfferSummaryJson = z.infer<typeof PendingOfferSummaryJson>;
+/** Zod schema for an admin account listing entry (account + actor + permits + pending offers). */
 export declare const AdminAccountEntryJson: z.ZodObject<{
     account: z.ZodObject<{
-        id: z.ZodString;
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         username: z.ZodString;
         email: z.ZodNullable<z.ZodEmail>;
         email_verified: z.ZodBoolean;
         created_at: z.ZodString;
         updated_at: z.ZodString;
-        updated_by: z.ZodNullable<z.ZodString>;
+        updated_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     actor: z.ZodNullable<z.ZodObject<{
-        id: z.ZodString;
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         name: z.ZodString;
     }, z.core.$strict>>;
     permits: z.ZodArray<z.ZodObject<{
-        id: z.ZodString;
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         role: z.ZodString;
+        scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         created_at: z.ZodString;
         expires_at: z.ZodNullable<z.ZodString>;
-        granted_by: z.ZodNullable<z.ZodString>;
+        granted_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+    }, z.core.$strict>>;
+    pending_offers: z.ZodArray<z.ZodObject<{
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        role: z.ZodString;
+        scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        from_username: z.ZodString;
+        created_at: z.ZodString;
+        expires_at: z.ZodString;
     }, z.core.$strict>>;
 }, z.core.$strict>;
 export type AdminAccountEntryJson = z.infer<typeof AdminAccountEntryJson>;
@@ -170,10 +221,14 @@ export interface CreateAccountInput {
     email?: Email | null;
 }
 export interface GrantPermitInput {
-    actor_id: string;
+    actor_id: Uuid;
     role: string;
+    /** Scope the grant applies to. `null` / omitted grants a global permit. */
+    scope_id?: Uuid | null;
     expires_at?: Date | null;
-    granted_by: string | null;
+    granted_by: Uuid | null;
+    /** Offer id that produced this permit. Set by `query_accept_offer`; leave unset for direct grants. */
+    source_offer_id?: Uuid | null;
 }
 /**
  * Convert an `Account` to a `SessionAccount` by stripping sensitive fields.

package/dist/auth/account_schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"account_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAItB,2EAA2E;AAC3E,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC,wDAAwD;AACxD,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC,gKAAgK;AAChK,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAEhD,0IAA0I;AAC1I,eAAO,MAAM,QAAQ,aAIyB,CAAC;AAC/C,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAEhD,oHAAoH;AACpH,eAAO,MAAM,gBAAgB,aAAsD,CAAC;AACpF,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,wBAAwB;AACxB,eAAO,MAAM,KAAK,YAAY,CAAC;AAC/B,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC;AAI1C,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wFAAwF;AACxF,MAAM,WAAW,cAAc;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,wFAAwF;AACxF,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,oEAAoE;AACpE,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,eAAO,MAAM,gBAAgB,GAAI,GAAG,MAAM,EAAE,MAAK,IAAiB,KAAG,OACJ,CAAC;AAElE,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACrB;AAED,6CAA6C;AAC7C,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,0EAA0E;AAC1E,eAAO,MAAM,kBAAkB;;;;;;kBAM7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,6EAA6E;AAC7E,eAAO,MAAM,eAAe;;;;;;kBAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4EAA4E;AAC5E,eAAO,MAAM,kBAAkB;;;;;;;;kBAQ7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,4EAA4E;AAC5E,eAAO,MAAM,iBAAiB;;;;;;kBAM5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iGAAiG;AACjG,eAAO,MAAM,gBAAgB;;;;;;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iFAAiF;AACjF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;kBAIhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,cAMpD,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,gBAIlD,CAAC"}
+{"version":3,"file":"account_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAC,IAAI,EAAC,MAAM,YAAY,CAAC;AAIhC,2EAA2E;AAC3E,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC,wDAAwD;AACxD,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC,gKAAgK;AAChK,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAEhD,0IAA0I;AAC1I,eAAO,MAAM,QAAQ,aAIyB,CAAC;AAC/C,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAEhD,oHAAoH;AACpH,eAAO,MAAM,gBAAgB,aAAsD,CAAC;AACpF,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,wBAAwB;AACxB,eAAO,MAAM,KAAK,YAAY,CAAC;AAC/B,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC;AAI1C,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,wFAAwF;AACxF,MAAM,WAAW,cAAc;IAC9B,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,wFAAwF;AACxF,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,MAAM,CAAC;AAEpD,oEAAoE;AACpE,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,6FAA6F;IAC7F,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,4GAA4G;IAC5G,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,+FAA+F;IAC/F,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,eAAO,MAAM,gBAAgB,GAC5B,GAAG;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EAC1D,MAAK,IAAiB,KACpB,OAA2E,CAAC;AAE/E,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACrB;AAED,6CAA6C;AAC7C,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,0EAA0E;AAC1E,eAAO,MAAM,kBAAkB;;;;;;kBAM7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,6EAA6E;AAC7E,eAAO,MAAM,eAAe;;;;;;kBAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4EAA4E;AAC5E,eAAO,MAAM,kBAAkB;;;;;;;;kBAQ7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,4EAA4E;AAC5E,eAAO,MAAM,iBAAiB;;;;;;;kBAO5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iGAAiG;AACjG,eAAO,MAAM,gBAAgB;;;;;;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;kBAQlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,kGAAkG;AAClG,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAKhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAChC,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,sGAAsG;IACtG,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,cAMpD,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,gBAIlD,CAAC"}

package/dist/auth/account_schema.js

@@ -10,6 +10,7 @@
  * @module
  */
 import { z } from 'zod';
+import { Uuid } from '../uuid.js';
 // TODO consider `.brand()` on Username and Email for compile-time safety
 /** Minimum username length (must have start + middle + end characters). */
 export const USERNAME_LENGTH_MIN = 3;
@@ -27,11 +28,18 @@ export const Username = z
 export const UsernameProvided = z.string().min(1).max(USERNAME_PROVIDED_LENGTH_MAX);
 /** Email validation. */
 export const Email = z.email();
+/**
+ * Maximum length of the optional free-form `revoked_reason` attached to a
+ * revoked permit. Bounds the value at the schema layer so both the admin
+ * input (when the route surfaces a reason field) and the revokee-facing
+ * `permit_revoke` WS notification validate against the same ceiling.
+ */
+export const PERMIT_REVOKED_REASON_LENGTH_MAX = 500;
 export const is_permit_active = (p, now = new Date()) => !p.revoked_at && (!p.expires_at || new Date(p.expires_at) > now);
 // Client-safe Zod schemas — for route output validation and ActionSpec outputs.
 /** Zod schema for `SessionAccount` — account without sensitive fields. */
 export const SessionAccountJson = z.strictObject({
-    id: z.string(),
+    id: Uuid,
     username: Username,
     email: Email.nullable(),
     email_verified: z.boolean(),
@@ -40,7 +48,7 @@ export const SessionAccountJson = z.strictObject({
 /** Zod schema for `AuthSession` — id is the blake3 hash, safe for client. */
 export const AuthSessionJson = z.strictObject({
     id: z.string(),
-    account_id: z.string(),
+    account_id: Uuid,
     created_at: z.string(),
     expires_at: z.string(),
     last_seen_at: z.string(),
@@ -48,7 +56,7 @@ export const AuthSessionJson = z.strictObject({
 /** Zod schema for client-safe API token listing (excludes `token_hash`). */
 export const ClientApiTokenJson = z.strictObject({
     id: z.string(),
-    account_id: z.string(),
+    account_id: Uuid,
     name: z.string(),
     expires_at: z.string().nullable(),
     last_used_at: z.string().nullable(),
@@ -57,27 +65,51 @@ export const ClientApiTokenJson = z.strictObject({
 });
 /** Zod schema for the permit summary returned in admin account listings. */
 export const PermitSummaryJson = z.strictObject({
-    id: z.string(),
+    id: Uuid,
     role: z.string(),
+    scope_id: Uuid.nullable(),
     created_at: z.string(),
     expires_at: z.string().nullable(),
-    granted_by: z.string().nullable(),
+    granted_by: Uuid.nullable(),
 });
 /** Zod schema for the actor summary returned in admin account listings. */
 export const ActorSummaryJson = z.strictObject({
-    id: z.string(),
+    id: Uuid,
     name: z.string(),
 });
 /** Zod schema for admin-facing account data — extends `SessionAccountJson` with audit fields. */
 export const AdminAccountJson = SessionAccountJson.extend({
     updated_at: z.string(),
-    updated_by: z.string().nullable(),
+    updated_by: Uuid.nullable(),
+});
+/**
+ * Zod schema for a pending permit offer surfaced in admin account listings.
+ *
+ * Deliberately narrower than `PermitOfferJson`: omits `message` and
+ * `decline_reason` so cross-admin visibility of the listing does not expose
+ * grantor-authored text that the audit log also withholds. Full offer
+ * payloads remain available through the offer-specific RPC surface and the
+ * audit log when admins need them.
+ *
+ * `from_username` is resolved server-side so multi-admin deployments can see
+ * at a glance whose pending offer is blocking a "+ {role}" button; the
+ * resolution runs inside the listing query's parallel batch.
+ */
+export const PendingOfferSummaryJson = z.strictObject({
+    id: Uuid,
+    role: z.string(),
+    scope_id: Uuid.nullable(),
+    from_actor_id: Uuid,
+    from_username: z.string(),
+    created_at: z.string(),
+    expires_at: z.string(),
 });
-/** Zod schema for an admin account listing entry (account + actor + permits). */
+/** Zod schema for an admin account listing entry (account + actor + permits + pending offers). */
 export const AdminAccountEntryJson = z.strictObject({
     account: AdminAccountJson,
     actor: ActorSummaryJson.nullable(),
     permits: z.array(PermitSummaryJson),
+    pending_offers: z.array(PendingOfferSummaryJson),
 });
 /**
  * Convert an `Account` to a `SessionAccount` by stripping sensitive fields.