npm - @fuzdev/fuz_app - Versions diffs - 0.30.0 → 0.32.0 - Mend

@fuzdev/fuz_app 0.30.0 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (222) hide show

package/dist/actions/CLAUDE.md +630 -0
package/dist/actions/action_rpc.d.ts +29 -0
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +42 -6
package/dist/actions/action_types.d.ts +2 -2
package/dist/actions/cancel.d.ts +12 -13
package/dist/actions/cancel.d.ts.map +1 -1
package/dist/actions/cancel.js +10 -13
package/dist/actions/heartbeat.d.ts +8 -13
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -8
package/dist/actions/register_action_ws.d.ts +3 -3
package/dist/actions/register_action_ws.js +2 -2
package/dist/actions/register_ws_endpoint.d.ts +4 -4
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +3 -3
package/dist/actions/rpc_client.d.ts +29 -0
package/dist/actions/rpc_client.d.ts.map +1 -1
package/dist/actions/rpc_client.js +31 -0
package/dist/actions/socket.svelte.d.ts +16 -16
package/dist/actions/socket.svelte.d.ts.map +1 -1
package/dist/actions/socket.svelte.js +15 -15
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/auth/CLAUDE.md +945 -0
package/dist/auth/account_action_specs.d.ts +216 -0
package/dist/auth/account_action_specs.d.ts.map +1 -0
package/dist/auth/account_action_specs.js +159 -0
package/dist/auth/account_actions.d.ts +51 -0
package/dist/auth/account_actions.d.ts.map +1 -0
package/dist/auth/account_actions.js +119 -0
package/dist/auth/account_queries.d.ts +6 -2
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +40 -4
package/dist/auth/account_routes.d.ts +94 -16
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +108 -180
package/dist/auth/account_schema.d.ts +85 -30
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +40 -8
package/dist/auth/admin_action_specs.d.ts +674 -0
package/dist/auth/admin_action_specs.d.ts.map +1 -0
package/dist/auth/admin_action_specs.js +287 -0
package/dist/auth/admin_actions.d.ts +69 -0
package/dist/auth/admin_actions.d.ts.map +1 -0
package/dist/auth/admin_actions.js +256 -0
package/dist/auth/admin_rpc_actions.d.ts +49 -0
package/dist/auth/admin_rpc_actions.d.ts.map +1 -0
package/dist/auth/admin_rpc_actions.js +32 -0
package/dist/auth/api_token.d.ts +10 -0
package/dist/auth/api_token.d.ts.map +1 -1
package/dist/auth/api_token.js +9 -0
package/dist/auth/api_token_queries.d.ts +3 -3
package/dist/auth/api_token_queries.js +3 -3
package/dist/auth/app_settings_schema.d.ts +4 -3
package/dist/auth/app_settings_schema.d.ts.map +1 -1
package/dist/auth/app_settings_schema.js +2 -1
package/dist/auth/audit_log_routes.d.ts +14 -6
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +22 -79
package/dist/auth/audit_log_schema.d.ts +100 -29
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +83 -11
package/dist/auth/bootstrap_routes.d.ts +14 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +10 -3
package/dist/auth/cleanup.d.ts +63 -0
package/dist/auth/cleanup.d.ts.map +1 -0
package/dist/auth/cleanup.js +80 -0
package/dist/auth/invite_schema.d.ts +11 -10
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +4 -3
package/dist/auth/migrations.d.ts +6 -0
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +28 -0
package/dist/auth/permit_offer_action_specs.d.ts +364 -0
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -0
package/dist/auth/permit_offer_action_specs.js +216 -0
package/dist/auth/permit_offer_actions.d.ts +96 -0
package/dist/auth/permit_offer_actions.d.ts.map +1 -0
package/dist/auth/permit_offer_actions.js +428 -0
package/dist/auth/permit_offer_notifications.d.ts +361 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -0
package/dist/auth/permit_offer_notifications.js +179 -0
package/dist/auth/permit_offer_queries.d.ts +165 -0
package/dist/auth/permit_offer_queries.d.ts.map +1 -0
package/dist/auth/permit_offer_queries.js +390 -0
package/dist/auth/permit_offer_schema.d.ts +103 -0
package/dist/auth/permit_offer_schema.d.ts.map +1 -0
package/dist/auth/permit_offer_schema.js +142 -0
package/dist/auth/permit_queries.d.ts +77 -14
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +119 -24
package/dist/auth/session_queries.d.ts +4 -2
package/dist/auth/session_queries.d.ts.map +1 -1
package/dist/auth/session_queries.js +4 -2
package/dist/auth/signup_routes.d.ts +13 -0
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +14 -7
package/dist/http/CLAUDE.md +584 -0
package/dist/http/pending_effects.d.ts +29 -0
package/dist/http/pending_effects.d.ts.map +1 -0
package/dist/http/pending_effects.js +31 -0
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +4 -3
package/dist/rate_limiter.d.ts +30 -0
package/dist/rate_limiter.d.ts.map +1 -1
package/dist/rate_limiter.js +25 -2
package/dist/realtime/sse_auth_guard.d.ts +2 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
package/dist/realtime/sse_auth_guard.js +5 -3
package/dist/server/app_server.d.ts +13 -2
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +12 -1
package/dist/testing/CLAUDE.md +668 -1
package/dist/testing/admin_integration.d.ts +10 -7
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +382 -482
package/dist/testing/app_server.d.ts +7 -6
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/attack_surface.d.ts +9 -3
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +4 -4
package/dist/testing/audit_completeness.d.ts +11 -0
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +169 -134
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +4 -33
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +2 -0
package/dist/testing/entities.d.ts +35 -13
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +17 -0
package/dist/testing/integration.d.ts +10 -0
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +352 -340
package/dist/testing/integration_helpers.d.ts +16 -5
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +24 -4
package/dist/testing/rate_limiting.d.ts +7 -0
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +41 -10
package/dist/testing/rpc_helpers.d.ts +153 -1
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +184 -8
package/dist/testing/sse_round_trip.d.ts +8 -0
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +10 -3
package/dist/testing/standard.d.ts +9 -1
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +6 -2
package/dist/testing/stubs.d.ts +10 -2
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +17 -2
package/dist/testing/surface_invariants.d.ts +7 -3
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +5 -4
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +9 -38
package/dist/ui/AccountSessions.svelte +8 -4
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +61 -33
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +3 -2
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
package/dist/ui/AdminInvites.svelte +3 -2
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
package/dist/ui/AdminOverview.svelte +14 -9
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminPermitHistory.svelte +3 -2
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +29 -25
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +363 -0
package/dist/ui/OpenSignupToggle.svelte +6 -3
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/PermitOfferForm.svelte +141 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferHistory.svelte +109 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts +11 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferInbox.svelte +121 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts +12 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +53 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +39 -16
package/dist/ui/admin_accounts_state.svelte.d.ts +118 -2
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +99 -23
package/dist/ui/admin_invites_state.svelte.d.ts +47 -1
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +38 -26
package/dist/ui/admin_rpc_adapters.d.ts +94 -0
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -0
package/dist/ui/admin_rpc_adapters.js +100 -0
package/dist/ui/admin_sessions_state.svelte.d.ts +26 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +35 -21
package/dist/ui/app_settings_state.svelte.d.ts +39 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +34 -18
package/dist/ui/audit_log_state.svelte.d.ts +40 -3
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +36 -42
package/dist/ui/auth_state.svelte.d.ts +4 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +4 -1
package/dist/ui/permit_offers_state.svelte.d.ts +125 -0
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/permit_offers_state.svelte.js +197 -0
package/package.json +3 -3
package/dist/auth/admin_routes.d.ts +0 -29
package/dist/auth/admin_routes.d.ts.map +0 -1
package/dist/auth/admin_routes.js +0 -226
package/dist/auth/app_settings_routes.d.ts +0 -27
package/dist/auth/app_settings_routes.d.ts.map +0 -1
package/dist/auth/app_settings_routes.js +0 -66
package/dist/auth/invite_routes.d.ts +0 -18
package/dist/auth/invite_routes.d.ts.map +0 -1
package/dist/auth/invite_routes.js +0 -129

package/dist/ui/PermitOfferHistory.svelte ADDED Viewed

@@ -0,0 +1,109 @@
+<script lang="ts">
+	/**
+	 * Both-directions permit offer history table.
+	 *
+	 * Shows every offer involving the current account — recipient or grantor
+	 * — including terminal rows (accepted, declined, retracted, superseded,
+	 * expired). Backed by `permit_offer_history` (new RPC action); seeded
+	 * via `PermitOffersState.fetch_history()`.
+	 *
+	 * Consumers plug in optional `format_actor` / `format_scope` callbacks
+	 * for display names.
+	 */
+	import {permit_offers_state_context} from './permit_offers_state.svelte.js';
+	import Datatable from './Datatable.svelte';
+	import type {DatatableColumn} from './datatable.js';
+	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
+	import type {PermitOfferJson} from '../auth/permit_offer_schema.js';
+	const {
+		current_actor_id,
+		format_actor = truncate_uuid,
+		format_scope,
+		format_role = (role: string) => role,
+	}: {
+		/** Used to label a row as sent vs received. When `null`, direction shows as `-`. */
+		current_actor_id: string | null;
+		format_actor?: (from_actor_id: string) => string;
+		format_scope?: (scope_id: string | null, role: string) => string;
+		format_role?: (role: string) => string;
+	} = $props();
+	const permit_offers = permit_offers_state_context.get();
+	const now = $state.raw(Date.now());
+	const status_of = (offer: PermitOfferJson): string => {
+		if (offer.accepted_at) return 'accepted';
+		if (offer.declined_at) return 'declined';
+		if (offer.retracted_at) return 'retracted';
+		if (offer.superseded_at) return 'superseded';
+		if (Date.parse(offer.expires_at) <= now) return 'expired';
+		return 'pending';
+	};
+	const status_chip_class = (status: string): string => {
+		switch (status) {
+			case 'accepted':
+				return 'chip color_b';
+			case 'pending':
+				return 'chip color_a';
+			case 'declined':
+			case 'retracted':
+			case 'superseded':
+			case 'expired':
+				return 'chip color_c';
+			default:
+				return 'chip';
+		}
+	};
+	const scope_label = (scope_id: string | null, role: string): string => {
+		if (format_scope) return format_scope(scope_id, role);
+		return scope_id === null ? 'global' : truncate_uuid(scope_id);
+	};
+	const columns: Array<DatatableColumn<PermitOfferJson>> = [
+		{key: 'from_actor_id', label: 'direction', width: 110},
+		{key: 'role', label: 'role', width: 140},
+		{key: 'scope_id', label: 'scope', width: 160},
+		{key: 'created_at', label: 'status', width: 120},
+		{key: 'expires_at', label: 'time', width: 110},
+	];
+</script>
+<section>
+	<h2>offer history</h2>
+	{#if permit_offers.loading}
+		<p class="text_50">loading history...</p>
+	{:else if permit_offers.error}
+		<p class="color_c_50">{permit_offers.error}</p>
+	{:else}
+		<Datatable {columns} rows={permit_offers.history} height="400px" row_key="id">
+			{#snippet cell(column, row)}
+				{#if column.key === 'from_actor_id'}
+					{#if current_actor_id && row.from_actor_id === current_actor_id}
+						<span class="chip">sent</span>
+						<span class="text_50 font_size_sm">to {truncate_uuid(row.to_account_id)}</span>
+					{:else}
+						<span class="chip">received</span>
+						<span class="text_50 font_size_sm">from {format_actor(row.from_actor_id)}</span>
+					{/if}
+				{:else if column.key === 'role'}
+					{format_role(row.role)}
+				{:else if column.key === 'scope_id'}
+					<span class="text_50">{scope_label(row.scope_id, row.role)}</span>
+				{:else if column.key === 'created_at'}
+					{@const status = status_of(row)}
+					<span class={status_chip_class(status)}>{status}</span>
+				{:else if column.key === 'expires_at'}
+					<span title={format_datetime_local(row.created_at)}>
+						{format_relative_time(row.created_at)}
+					</span>
+				{/if}
+			{/snippet}
+		</Datatable>
+	{/if}
+</section>

package/dist/ui/PermitOfferHistory.svelte.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+type $$ComponentProps = {
+    /** Used to label a row as sent vs received. When `null`, direction shows as `-`. */
+    current_actor_id: string | null;
+    format_actor?: (from_actor_id: string) => string;
+    format_scope?: (scope_id: string | null, role: string) => string;
+    format_role?: (role: string) => string;
+};
+declare const PermitOfferHistory: import("svelte").Component<$$ComponentProps, {}, "">;
+type PermitOfferHistory = ReturnType<typeof PermitOfferHistory>;
+export default PermitOfferHistory;
+//# sourceMappingURL=PermitOfferHistory.svelte.d.ts.map

package/dist/ui/PermitOfferHistory.svelte.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"PermitOfferHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferHistory.svelte"],"names":[],"mappings":"AAoBC,KAAK,gBAAgB,GAAI;IACxB,oFAAoF;IACpF,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IACjE,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAiGH,QAAA,MAAM,kBAAkB,sDAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/PermitOfferInbox.svelte ADDED Viewed

@@ -0,0 +1,121 @@
+<script lang="ts">
+	/**
+	 * Recipient-side pending offer inbox.
+	 *
+	 * Renders `PermitOffersState.incoming` (pending, soonest-expiry first)
+	 * with accept + decline-with-reason controls. Grantor and scope rendering
+	 * are delegated via optional callback props — consumers plug in display
+	 * names once they know what a `from_actor_id` / `scope_id` represents
+	 * in their domain (usernames, classroom names, etc.).
+	 */
+	import PendingButton from '@fuzdev/fuz_ui/PendingButton.svelte';
+	import {SvelteMap} from 'svelte/reactivity';
+	import {permit_offers_state_context} from './permit_offers_state.svelte.js';
+	import ConfirmButton from './ConfirmButton.svelte';
+	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
+	import {PERMIT_OFFER_MESSAGE_LENGTH_MAX} from '../auth/permit_offer_schema.js';
+	const {
+		format_actor = truncate_uuid,
+		format_scope,
+		format_role = (role: string) => role,
+	}: {
+		/** Display label for `from_actor_id`. Defaults to a truncated uuid. */
+		format_actor?: (from_actor_id: string) => string;
+		/** Display label for an offer's scope. Defaults to truncated uuid or "global" when `null`. */
+		format_scope?: (scope_id: string | null, role: string) => string;
+		/** Display label for a role constant. Defaults to identity (role name as stored). */
+		format_role?: (role: string) => string;
+	} = $props();
+	const permit_offers = permit_offers_state_context.get();
+	const scope_label = (scope_id: string | null, role: string): string => {
+		if (format_scope) return format_scope(scope_id, role);
+		return scope_id === null ? 'global' : truncate_uuid(scope_id);
+	};
+	const decline_reasons: SvelteMap<string, string> = new SvelteMap();
+</script>
+<section class="permit-offer-inbox">
+	<h2>pending offers</h2>
+	{#if permit_offers.error}
+		<p class="color_c_50">{permit_offers.error}</p>
+	{/if}
+	{#if permit_offers.incoming.length === 0}
+		<p class="text_50">No pending offers.</p>
+	{:else}
+		<ul class="column gap_md">
+			{#each permit_offers.incoming as offer (offer.id)}
+				<li class="box p_md column gap_sm">
+					<div class="row gap_sm align_center">
+						<span class="chip color_a">{format_role(offer.role)}</span>
+						<span class="text_50 font_size_sm">{scope_label(offer.scope_id, offer.role)}</span>
+						<span class="text_50 font_size_sm">from {format_actor(offer.from_actor_id)}</span>
+						<span
+							class="text_50 font_size_sm ml_auto"
+							title={format_datetime_local(offer.expires_at)}
+						>
+							expires {format_relative_time(offer.expires_at)}
+						</span>
+					</div>
+					{#if offer.message}
+						<p class="mb_0">{offer.message}</p>
+					{/if}
+					<div class="row gap_sm">
+						<PendingButton
+							pending={permit_offers.loading}
+							disabled={permit_offers.loading}
+							onclick={() => permit_offers.accept(offer.id)}
+							class="color_b"
+						>
+							accept
+						</PendingButton>
+						<ConfirmButton
+							title="decline offer"
+							position="bottom"
+							onconfirm={() => {
+								const reason = decline_reasons.get(offer.id) ?? '';
+								void permit_offers.decline(offer.id, reason || null);
+								decline_reasons.delete(offer.id);
+							}}
+						>
+							{#snippet children(_popover, _confirm)}
+								decline
+							{/snippet}
+							{#snippet popover_content(popover, confirm)}
+								<div class="column gap_sm p_sm">
+									<label>
+										<div class="title">reason (optional)</div>
+										<textarea
+											name="decline-reason"
+											maxlength={PERMIT_OFFER_MESSAGE_LENGTH_MAX}
+											placeholder="optional reason"
+											value={decline_reasons.get(offer.id) ?? ''}
+											oninput={(e) =>
+												decline_reasons.set(offer.id, (e.target as HTMLTextAreaElement).value)}
+										></textarea>
+									</label>
+									<div class="row gap_sm">
+										<button type="button" class="color_c bg_100" onclick={confirm}>
+											confirm decline
+										</button>
+										<button type="button" onclick={() => popover.hide()}>cancel</button>
+									</div>
+								</div>
+							{/snippet}
+						</ConfirmButton>
+					</div>
+				</li>
+			{/each}
+		</ul>
+	{/if}
+</section>

package/dist/ui/PermitOfferInbox.svelte.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+type $$ComponentProps = {
+    /** Display label for `from_actor_id`. Defaults to a truncated uuid. */
+    format_actor?: (from_actor_id: string) => string;
+    /** Display label for an offer's scope. Defaults to truncated uuid or "global" when `null`. */
+    format_scope?: (scope_id: string | null, role: string) => string;
+    /** Display label for a role constant. Defaults to identity (role name as stored). */
+    format_role?: (role: string) => string;
+};
+declare const PermitOfferInbox: import("svelte").Component<$$ComponentProps, {}, "">;
+type PermitOfferInbox = ReturnType<typeof PermitOfferInbox>;
+export default PermitOfferInbox;
+//# sourceMappingURL=PermitOfferInbox.svelte.d.ts.map

package/dist/ui/PermitOfferInbox.svelte.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"PermitOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferInbox.svelte"],"names":[],"mappings":"AAoBC,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD,8FAA8F;IAC9F,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IACjE,qFAAqF;IACrF,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA0FH,QAAA,MAAM,gBAAgB,sDAAwC,CAAC;AAC/D,KAAK,gBAAgB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC5D,eAAe,gBAAgB,CAAC"}

package/dist/ui/account_sessions_state.svelte.d.ts CHANGED Viewed

@@ -1,13 +1,63 @@
 /**
- * Reactive state for managing auth sessions on a settings page.
+ * Reactive state for managing the authenticated account's auth sessions on a
+ * settings page. Reads and mutations flow through a narrow RPC adapter; the
+ * REST routes that backed this class moved to `account_actions.ts` in the
+ * 2026-04-23 RPC migration.
  *
  * @module
  */
 import { Loadable } from './loadable.svelte.js';
-import type { AuthSession } from '../auth/account_schema.js';
+import type { AuthSessionJson } from '../auth/account_schema.js';
+/**
+ * Narrow RPC surface consumed by `AccountSessionsState`. Consumers adapt their
+ * typed RPC client to this shape. Mirrors the other per-domain `*Rpc`
+ * interfaces (`AdminAccountsRpc`, `AuditLogRpc`, `AdminInvitesRpc`).
+ *
+ * The three methods wrap the corresponding action specs on
+ * `account_actions.ts`:
+ *
+ * - `list` → `account_session_list`
+ * - `revoke` → `account_session_revoke` (IDOR-guarded by `account_id` server-side)
+ * - `revoke_all` → `account_session_revoke_all`
+ */
+export interface AccountSessionsRpc {
+    list: () => Promise<{
+        sessions: Array<AuthSessionJson>;
+    }>;
+    revoke: (params: {
+        session_id: string;
+    }) => Promise<{
+        ok: true;
+        revoked: boolean;
+    }>;
+    revoke_all: () => Promise<{
+        ok: true;
+        count: number;
+    }>;
+}
+/**
+ * Svelte context carrying the reactive `AccountSessionsRpc` accessor. Mirrors
+ * the admin-side RPC contexts. Unset context falls back to `() => null` so
+ * components render the usual "rpc adapter not wired" state.
+ */
+export declare const account_sessions_rpc_context: {
+    get: () => () => AccountSessionsRpc | null;
+    set: (value?: (() => AccountSessionsRpc | null) | undefined) => () => AccountSessionsRpc | null;
+};
+export interface AccountSessionsStateOptions {
+    /**
+     * Reactive accessor for the RPC adapter; returns `null` when unwired.
+     * Matches the `get_rpc` pattern on the admin state classes.
+     */
+    get_rpc?: () => AccountSessionsRpc | null;
+}
 export declare class AccountSessionsState extends Loadable {
-    sessions: Array<AuthSession>;
+    #private;
+    sessions: Array<AuthSessionJson>;
     readonly active_count: number;
+    constructor(options?: AccountSessionsStateOptions);
+    /** True when an RPC adapter is wired. `fetch` / `revoke` / `revoke_all` no-op without it. */
+    get has_rpc(): boolean;
     fetch(): Promise<void>;
     revoke(id: string): Promise<void>;
     revoke_all(): Promise<void>;

package/dist/ui/account_sessions_state.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account_sessions_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/account_sessions_state.svelte.ts"],"names":[],"mappings":"AAAA~~;;;;GAIG~~;~~AAEH~~,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;~~AAE9C~~,OAAO,KAAK,EAAC,~~WAAW~~,EAAC,MAAM,2BAA2B,CAAC;~~AAE3D~~,qBAAa,oBAAqB,SAAQ,QAAQ~~;IACjD~~,QAAQ,EAAE,KAAK,CAAC,~~WAAW~~,CAAC,CAAkB;~~IAE9C~~,QAAQ,CAAC,YAAY,SAAkC;~~IAEjD~~,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;~~IAWtB~~,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;~~IAYjC~~,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;~~CAajC~~"}
1	+ {"version":3,"file":"account_sessions_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/account_sessions_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IACxD,MAAM,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAC,CAAC,CAAC;IAChF,UAAU,EAAE,MAAM,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CACrD;AAED;;;;GAIG;AACH,eAAO,MAAM,4BAA4B;qBAAwB,kBAAkB,GAAG,IAAI;yBAAzB,kBAAkB,GAAG,IAAI,wBAAzB,kBAAkB,GAAG,IAAI;CAEzF,CAAC;AAEF,MAAM,WAAW,2BAA2B;IAC3C;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,qBAAa,oBAAqB,SAAQ,QAAQ;;IAGjD,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAkB;IAElD,QAAQ,CAAC,YAAY,SAAkC;gBAE3C,OAAO,CAAC,EAAE,2BAA2B;IAKjD,6FAA6F;IAC7F,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAejC"}

package/dist/ui/account_sessions_state.svelte.js CHANGED Viewed

@@ -1,40 +1,63 @@
 /**
- * Reactive state for managing auth sessions on a settings page.
+ * Reactive state for managing the authenticated account's auth sessions on a
+ * settings page. Reads and mutations flow through a narrow RPC adapter; the
+ * REST routes that backed this class moved to `account_actions.ts` in the
+ * 2026-04-23 RPC migration.
  *
  * @module
  */
+import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
 import { Loadable } from './loadable.svelte.js';
-import { parse_response_error, ui_fetch } from './ui_fetch.js';
+/**
+ * Svelte context carrying the reactive `AccountSessionsRpc` accessor. Mirrors
+ * the admin-side RPC contexts. Unset context falls back to `() => null` so
+ * components render the usual "rpc adapter not wired" state.
+ */
+export const account_sessions_rpc_context = create_context(() => () => null);
 export class AccountSessionsState extends Loadable {
+    #get_rpc;
     sessions = $state.raw([]);
     active_count = $derived(this.sessions.length);
+    constructor(options) {
+        super();
+        this.#get_rpc = options?.get_rpc ?? (() => null);
+    }
+    /** True when an RPC adapter is wired. `fetch` / `revoke` / `revoke_all` no-op without it. */
+    get has_rpc() {
+        return this.#get_rpc() !== null;
+    }
     async fetch() {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         await this.run(async () => {
-            const response = await ui_fetch('/api/account/sessions');
-            if (!response.ok) {
-                throw new Error(await parse_response_error(response, 'Failed to fetch sessions'));
-            }
-            const data = await response.json();
-            this.sessions = data.sessions ?? [];
+            const { sessions } = await rpc.list();
+            this.sessions = sessions;
         });
     }
     async revoke(id) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         await this.run(async () => {
-            const response = await ui_fetch(`/api/account/sessions/${id}/revoke`, { method: 'POST' });
-            if (!response.ok) {
-                throw new Error(await parse_response_error(response, 'Failed to revoke session'));
-            }
+            await rpc.revoke({ session_id: id });
         });
         if (!this.error) {
             await this.fetch();
         }
     }
     async revoke_all() {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         await this.run(async () => {
-            const response = await ui_fetch('/api/account/sessions/revoke-all', { method: 'POST' });
-            if (!response.ok) {
-                throw new Error(await parse_response_error(response, 'Failed to revoke sessions'));
-            }
+            await rpc.revoke_all();
         });
         if (!this.error) {
             // Current session is now revoked — next API call will 401.

package/dist/ui/admin_accounts_state.svelte.d.ts CHANGED Viewed

@@ -6,14 +6,130 @@
 import { SvelteSet } from 'svelte/reactivity';
 import { Loadable } from './loadable.svelte.js';
 import type { AdminAccountEntryJson } from '../auth/account_schema.js';
+import type { AdminSessionJson } from '../auth/audit_log_schema.js';
+import type { PermitOfferJson } from '../auth/permit_offer_schema.js';
+/**
+ * Narrow RPC surface consumed by `AdminAccountsState`. Consumers adapt their
+ * typed RPC client (e.g. a `create_rpc_client` Proxy) to this shape — the
+ * state class stays decoupled from the client's `Result` return type so
+ * tests can inject plain-function stubs. Mirrors the `PermitOffersRpc`
+ * pattern.
+ *
+ * Every operation flows through RPC: the listing reuses `admin_account_list`,
+ * grant reuses `permit_offer_create`, revoke and retract have dedicated
+ * actions, and the session / token revoke-all mutations reuse
+ * `admin_session_revoke_all` and `admin_token_revoke_all`. Without the
+ * adapter the state class cannot fetch, grant, revoke, retract, or
+ * revoke-all sessions/tokens.
+ */
+export interface AdminAccountsRpc {
+    list_accounts: () => Promise<{
+        accounts: Array<AdminAccountEntryJson>;
+        grantable_roles: Array<string>;
+    }>;
+    list_sessions: () => Promise<{
+        sessions: Array<AdminSessionJson>;
+    }>;
+    grant_permit: (params: {
+        to_account_id: string;
+        role: string;
+    }) => Promise<{
+        offer: PermitOfferJson;
+    }>;
+    revoke_permit: (params: {
+        actor_id: string;
+        permit_id: string;
+        reason?: string | null;
+    }) => Promise<{
+        ok: true;
+        revoked: true;
+    }>;
+    retract_offer: (offer_id: string) => Promise<{
+        ok: true;
+    }>;
+    session_revoke_all: (params: {
+        account_id: string;
+    }) => Promise<{
+        ok: true;
+        count: number;
+    }>;
+    token_revoke_all: (params: {
+        account_id: string;
+    }) => Promise<{
+        ok: true;
+        count: number;
+    }>;
+}
+/**
+ * Svelte context carrying the reactive `AdminAccountsRpc` accessor. The
+ * provisioner (typically the admin route shell) calls `set(() => rpc)`;
+ * consumers read with `const get_rpc = admin_accounts_rpc_context.get();`
+ * and either pass the accessor straight to `AdminAccountsState`/
+ * `AdminSessionsState` or wrap it with `const rpc = $derived(get_rpc());`
+ * for direct RPC calls. Unset context falls back to `() => null` so
+ * components mounted without a provisioner surface the usual "rpc adapter
+ * not wired" path.
+ */
+export declare const admin_accounts_rpc_context: {
+    get: () => () => AdminAccountsRpc | null;
+    set: (value?: (() => AdminAccountsRpc | null) | undefined) => () => AdminAccountsRpc | null;
+};
+export interface AdminAccountsStateOptions {
+    /**
+     * Reactive accessor for the RPC adapter; returns `null` when unwired.
+     * Matches `PermitOffersStateOptions.account_id` / `actor_id` pattern —
+     * lets the component pass a `$props()`-sourced rpc without tripping
+     * Svelte's `state_referenced_locally` warning.
+     */
+    get_rpc?: () => AdminAccountsRpc | null;
+}
 export declare class AdminAccountsState extends Loadable {
+    #private;
     accounts: Array<AdminAccountEntryJson>;
     grantable_roles: Array<string>;
     readonly granting_keys: SvelteSet<string>;
     readonly revoking_ids: SvelteSet<string>;
+    readonly retracting_ids: SvelteSet<string>;
     readonly account_count: number;
+    constructor(options?: AdminAccountsStateOptions);
+    /**
+     * True when an RPC adapter is wired. UI uses this to gate all controls
+     * — fetch, grant, revoke, retract all flow through the same adapter.
+     */
+    get has_rpc(): boolean;
     fetch(): Promise<void>;
-    grant_permit(account_id: string, role: string): Promise<void>;
-    revoke_permit(account_id: string, permit_id: string): Promise<void>;
+    /**
+     * Offer the role to the recipient via the `permit_offer_create` RPC.
+     * Server returns the pending offer; the recipient must accept before
+     * the permit materializes. Returns the offer payload on success so
+     * callers can drive follow-up UX (e.g. seed `PermitOffersState.outgoing`).
+     *
+     * A re-offer from the same admin to the same `(account, role)`
+     * refreshes the existing pending row — the returned offer id is stable
+     * across those calls.
+     *
+     * No-op when the rpc adapter is absent; `error` is set to a descriptive
+     * message so the UI surfaces the misconfiguration.
+     */
+    grant_permit(account_id: string, role: string): Promise<PermitOfferJson | undefined>;
+    /**
+     * Revoke an active permit via the `permit_revoke` RPC.
+     *
+     * `actor_id` is the natural key — permits are actor-scoped, and the
+     * admin UI reads `row.actor.id` straight from the listing, so the state
+     * class takes it directly rather than deriving it from `account_id`.
+     * The optional `reason` is stamped on `permit.revoked_reason` and
+     * surfaced on the revokee's WS notification.
+     */
+    revoke_permit(actor_id: string, permit_id: string, reason?: string | null): Promise<void>;
+    /**
+     * Retract a pending offer the admin issued via the `permit_offer_retract`
+     * RPC. The action handles auth, audit, and the
+     * `permit_offer_retracted` WS notification.
+     *
+     * After success, refetches the listing so `pending_offers` drops the
+     * row and the "+ {role}" button un-hides.
+     */
+    retract_offer(offer_id: string): Promise<void>;
 }
 //# sourceMappingURL=admin_accounts_state.svelte.d.ts.map

package/dist/ui/admin_accounts_state.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"admin_accounts_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_accounts_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;~~AAE5C~~,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;~~AAE9C~~,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,2BAA2B,CAAC;~~AAErE~~,qBAAa,kBAAmB,SAAQ,QAAQ~~;IAC~~/C,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAkB;IACxD,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAkB;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC5D,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;~~IAE3D~~,QAAQ,CAAC,aAAa,SAAkC;~~IAElD~~,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;~~IAYtB~~,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,~~IAAI~~,CAAC;~~IAqB7D~~,aAAa,CAAC,~~UAAU~~,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;~~CAkBzE~~"}
1	+ {"version":3,"file":"admin_accounts_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_accounts_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAG5C,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,gCAAgC,CAAC;AAEpE;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,gBAAgB;IAChC,aAAa,EAAE,MAAM,OAAO,CAAC;QAC5B,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACvC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KAC/B,CAAC,CAAC;IACH,aAAa,EAAE,MAAM,OAAO,CAAC;QAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAA;KAAC,CAAC,CAAC;IAClE,YAAY,EAAE,CAAC,MAAM,EAAE;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;KACb,KAAK,OAAO,CAAC;QAAC,KAAK,EAAE,eAAe,CAAA;KAAC,CAAC,CAAC;IACxC,aAAa,EAAE,CAAC,MAAM,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACvB,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IACzC,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IACzD,kBAAkB,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;IACzF,gBAAgB,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CACvF;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,0BAA0B;qBAAwB,gBAAgB,GAAG,IAAI;yBAAvB,gBAAgB,GAAG,IAAI,wBAAvB,gBAAgB,GAAG,IAAI;CAErF,CAAC;AAEF,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,gBAAgB,GAAG,IAAI,CAAC;CACxC;AAED,qBAAa,kBAAmB,SAAQ,QAAQ;;IAG/C,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAkB;IACxD,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAkB;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC5D,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC3D,QAAQ,CAAC,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE7D,QAAQ,CAAC,aAAa,SAAkC;gBAE5C,OAAO,CAAC,EAAE,yBAAyB;IAK/C;;;OAGG;IACH,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAa5B;;;;;;;;;;;;OAYG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAqB1F;;;;;;;;OAQG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB/F;;;;;;;OAOG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBpD"}