npm - @fuzdev/fuz_app - Versions diffs - 0.30.0 → 0.32.0 - Mend

@fuzdev/fuz_app 0.30.0 → 0.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (222) hide show

package/dist/actions/CLAUDE.md +630 -0
package/dist/actions/action_rpc.d.ts +29 -0
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +42 -6
package/dist/actions/action_types.d.ts +2 -2
package/dist/actions/cancel.d.ts +12 -13
package/dist/actions/cancel.d.ts.map +1 -1
package/dist/actions/cancel.js +10 -13
package/dist/actions/heartbeat.d.ts +8 -13
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -8
package/dist/actions/register_action_ws.d.ts +3 -3
package/dist/actions/register_action_ws.js +2 -2
package/dist/actions/register_ws_endpoint.d.ts +4 -4
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +3 -3
package/dist/actions/rpc_client.d.ts +29 -0
package/dist/actions/rpc_client.d.ts.map +1 -1
package/dist/actions/rpc_client.js +31 -0
package/dist/actions/socket.svelte.d.ts +16 -16
package/dist/actions/socket.svelte.d.ts.map +1 -1
package/dist/actions/socket.svelte.js +15 -15
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/auth/CLAUDE.md +945 -0
package/dist/auth/account_action_specs.d.ts +216 -0
package/dist/auth/account_action_specs.d.ts.map +1 -0
package/dist/auth/account_action_specs.js +159 -0
package/dist/auth/account_actions.d.ts +51 -0
package/dist/auth/account_actions.d.ts.map +1 -0
package/dist/auth/account_actions.js +119 -0
package/dist/auth/account_queries.d.ts +6 -2
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +40 -4
package/dist/auth/account_routes.d.ts +94 -16
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +108 -180
package/dist/auth/account_schema.d.ts +85 -30
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +40 -8
package/dist/auth/admin_action_specs.d.ts +674 -0
package/dist/auth/admin_action_specs.d.ts.map +1 -0
package/dist/auth/admin_action_specs.js +287 -0
package/dist/auth/admin_actions.d.ts +69 -0
package/dist/auth/admin_actions.d.ts.map +1 -0
package/dist/auth/admin_actions.js +256 -0
package/dist/auth/admin_rpc_actions.d.ts +49 -0
package/dist/auth/admin_rpc_actions.d.ts.map +1 -0
package/dist/auth/admin_rpc_actions.js +32 -0
package/dist/auth/api_token.d.ts +10 -0
package/dist/auth/api_token.d.ts.map +1 -1
package/dist/auth/api_token.js +9 -0
package/dist/auth/api_token_queries.d.ts +3 -3
package/dist/auth/api_token_queries.js +3 -3
package/dist/auth/app_settings_schema.d.ts +4 -3
package/dist/auth/app_settings_schema.d.ts.map +1 -1
package/dist/auth/app_settings_schema.js +2 -1
package/dist/auth/audit_log_routes.d.ts +14 -6
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +22 -79
package/dist/auth/audit_log_schema.d.ts +100 -29
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +83 -11
package/dist/auth/bootstrap_routes.d.ts +14 -0
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +10 -3
package/dist/auth/cleanup.d.ts +63 -0
package/dist/auth/cleanup.d.ts.map +1 -0
package/dist/auth/cleanup.js +80 -0
package/dist/auth/invite_schema.d.ts +11 -10
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +4 -3
package/dist/auth/migrations.d.ts +6 -0
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +28 -0
package/dist/auth/permit_offer_action_specs.d.ts +364 -0
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -0
package/dist/auth/permit_offer_action_specs.js +216 -0
package/dist/auth/permit_offer_actions.d.ts +96 -0
package/dist/auth/permit_offer_actions.d.ts.map +1 -0
package/dist/auth/permit_offer_actions.js +428 -0
package/dist/auth/permit_offer_notifications.d.ts +361 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -0
package/dist/auth/permit_offer_notifications.js +179 -0
package/dist/auth/permit_offer_queries.d.ts +165 -0
package/dist/auth/permit_offer_queries.d.ts.map +1 -0
package/dist/auth/permit_offer_queries.js +390 -0
package/dist/auth/permit_offer_schema.d.ts +103 -0
package/dist/auth/permit_offer_schema.d.ts.map +1 -0
package/dist/auth/permit_offer_schema.js +142 -0
package/dist/auth/permit_queries.d.ts +77 -14
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +119 -24
package/dist/auth/session_queries.d.ts +4 -2
package/dist/auth/session_queries.d.ts.map +1 -1
package/dist/auth/session_queries.js +4 -2
package/dist/auth/signup_routes.d.ts +13 -0
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +14 -7
package/dist/http/CLAUDE.md +584 -0
package/dist/http/pending_effects.d.ts +29 -0
package/dist/http/pending_effects.d.ts.map +1 -0
package/dist/http/pending_effects.js +31 -0
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +4 -3
package/dist/rate_limiter.d.ts +30 -0
package/dist/rate_limiter.d.ts.map +1 -1
package/dist/rate_limiter.js +25 -2
package/dist/realtime/sse_auth_guard.d.ts +2 -0
package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
package/dist/realtime/sse_auth_guard.js +5 -3
package/dist/server/app_server.d.ts +13 -2
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +12 -1
package/dist/testing/CLAUDE.md +668 -1
package/dist/testing/admin_integration.d.ts +10 -7
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +382 -482
package/dist/testing/app_server.d.ts +7 -6
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/attack_surface.d.ts +9 -3
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +4 -4
package/dist/testing/audit_completeness.d.ts +11 -0
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +169 -134
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +4 -33
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +2 -0
package/dist/testing/entities.d.ts +35 -13
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +17 -0
package/dist/testing/integration.d.ts +10 -0
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +352 -340
package/dist/testing/integration_helpers.d.ts +16 -5
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +24 -4
package/dist/testing/rate_limiting.d.ts +7 -0
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +41 -10
package/dist/testing/rpc_helpers.d.ts +153 -1
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +184 -8
package/dist/testing/sse_round_trip.d.ts +8 -0
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +10 -3
package/dist/testing/standard.d.ts +9 -1
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +6 -2
package/dist/testing/stubs.d.ts +10 -2
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +17 -2
package/dist/testing/surface_invariants.d.ts +7 -3
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +5 -4
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +9 -38
package/dist/ui/AccountSessions.svelte +8 -4
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +61 -33
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +3 -2
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
package/dist/ui/AdminInvites.svelte +3 -2
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
package/dist/ui/AdminOverview.svelte +14 -9
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminPermitHistory.svelte +3 -2
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +29 -25
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +363 -0
package/dist/ui/OpenSignupToggle.svelte +6 -3
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/PermitOfferForm.svelte +141 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferHistory.svelte +109 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts +11 -0
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/PermitOfferInbox.svelte +121 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts +12 -0
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/account_sessions_state.svelte.d.ts +53 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +39 -16
package/dist/ui/admin_accounts_state.svelte.d.ts +118 -2
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +99 -23
package/dist/ui/admin_invites_state.svelte.d.ts +47 -1
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +38 -26
package/dist/ui/admin_rpc_adapters.d.ts +94 -0
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -0
package/dist/ui/admin_rpc_adapters.js +100 -0
package/dist/ui/admin_sessions_state.svelte.d.ts +26 -0
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +35 -21
package/dist/ui/app_settings_state.svelte.d.ts +39 -0
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +34 -18
package/dist/ui/audit_log_state.svelte.d.ts +40 -3
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +36 -42
package/dist/ui/auth_state.svelte.d.ts +4 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +4 -1
package/dist/ui/permit_offers_state.svelte.d.ts +125 -0
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/permit_offers_state.svelte.js +197 -0
package/package.json +3 -3
package/dist/auth/admin_routes.d.ts +0 -29
package/dist/auth/admin_routes.d.ts.map +0 -1
package/dist/auth/admin_routes.js +0 -226
package/dist/auth/app_settings_routes.d.ts +0 -27
package/dist/auth/app_settings_routes.d.ts.map +0 -1
package/dist/auth/app_settings_routes.js +0 -66
package/dist/auth/invite_routes.d.ts +0 -18
package/dist/auth/invite_routes.d.ts.map +0 -1
package/dist/auth/invite_routes.js +0 -129

package/dist/ui/admin_accounts_state.svelte.js CHANGED Viewed

@@ -4,55 +4,104 @@
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
+import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
 import { Loadable } from './loadable.svelte.js';
-import { parse_response_error, ui_fetch } from './ui_fetch.js';
+/**
+ * Svelte context carrying the reactive `AdminAccountsRpc` accessor. The
+ * provisioner (typically the admin route shell) calls `set(() => rpc)`;
+ * consumers read with `const get_rpc = admin_accounts_rpc_context.get();`
+ * and either pass the accessor straight to `AdminAccountsState`/
+ * `AdminSessionsState` or wrap it with `const rpc = $derived(get_rpc());`
+ * for direct RPC calls. Unset context falls back to `() => null` so
+ * components mounted without a provisioner surface the usual "rpc adapter
+ * not wired" path.
+ */
+export const admin_accounts_rpc_context = create_context(() => () => null);
 export class AdminAccountsState extends Loadable {
+    #get_rpc;
     accounts = $state.raw([]);
     grantable_roles = $state.raw([]);
     granting_keys = new SvelteSet();
     revoking_ids = new SvelteSet();
+    retracting_ids = new SvelteSet();
     account_count = $derived(this.accounts.length);
+    constructor(options) {
+        super();
+        this.#get_rpc = options?.get_rpc ?? (() => null);
+    }
+    /**
+     * True when an RPC adapter is wired. UI uses this to gate all controls
+     * — fetch, grant, revoke, retract all flow through the same adapter.
+     */
+    get has_rpc() {
+        return this.#get_rpc() !== null;
+    }
     async fetch() {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         await this.run(async () => {
-            const response = await ui_fetch('/api/admin/accounts');
-            if (!response.ok) {
-                throw new Error(await parse_response_error(response, 'Failed to fetch accounts'));
-            }
-            const data = await response.json();
-            this.accounts = data.accounts ?? [];
-            this.grantable_roles = data.grantable_roles ?? [];
+            const { accounts, grantable_roles } = await rpc.list_accounts();
+            this.accounts = accounts;
+            this.grantable_roles = grantable_roles;
         });
     }
+    /**
+     * Offer the role to the recipient via the `permit_offer_create` RPC.
+     * Server returns the pending offer; the recipient must accept before
+     * the permit materializes. Returns the offer payload on success so
+     * callers can drive follow-up UX (e.g. seed `PermitOffersState.outgoing`).
+     *
+     * A re-offer from the same admin to the same `(account, role)`
+     * refreshes the existing pending row — the returned offer id is stable
+     * across those calls.
+     *
+     * No-op when the rpc adapter is absent; `error` is set to a descriptive
+     * message so the UI surfaces the misconfiguration.
+     */
     async grant_permit(account_id, role) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return undefined;
+        }
         const key = `${account_id}:${role}`;
         this.granting_keys.add(key);
         try {
-            const response = await ui_fetch(`/api/admin/accounts/${account_id}/permits/grant`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ role }),
-            });
-            if (!response.ok) {
-                this.error = await parse_response_error(response);
-                return;
-            }
+            const { offer } = await rpc.grant_permit({ to_account_id: account_id, role });
+            this.error = null;
             await this.fetch();
+            return offer;
         }
         catch (e) {
             this.error = e instanceof Error ? e.message : 'Failed to grant permit';
+            return undefined;
         }
         finally {
             this.granting_keys.delete(key);
         }
     }
-    async revoke_permit(account_id, permit_id) {
+    /**
+     * Revoke an active permit via the `permit_revoke` RPC.
+     *
+     * `actor_id` is the natural key — permits are actor-scoped, and the
+     * admin UI reads `row.actor.id` straight from the listing, so the state
+     * class takes it directly rather than deriving it from `account_id`.
+     * The optional `reason` is stamped on `permit.revoked_reason` and
+     * surfaced on the revokee's WS notification.
+     */
+    async revoke_permit(actor_id, permit_id, reason) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         this.revoking_ids.add(permit_id);
         try {
-            const response = await ui_fetch(`/api/admin/accounts/${account_id}/permits/${permit_id}/revoke`, { method: 'POST' });
-            if (!response.ok) {
-                this.error = await parse_response_error(response);
-                return;
-            }
+            await rpc.revoke_permit({ actor_id, permit_id, reason: reason ?? null });
+            this.error = null;
             await this.fetch();
         }
         catch (e) {
@@ -62,4 +111,31 @@ export class AdminAccountsState extends Loadable {
             this.revoking_ids.delete(permit_id);
         }
     }
+    /**
+     * Retract a pending offer the admin issued via the `permit_offer_retract`
+     * RPC. The action handles auth, audit, and the
+     * `permit_offer_retracted` WS notification.
+     *
+     * After success, refetches the listing so `pending_offers` drops the
+     * row and the "+ {role}" button un-hides.
+     */
+    async retract_offer(offer_id) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
+        this.retracting_ids.add(offer_id);
+        try {
+            await rpc.retract_offer(offer_id);
+            this.error = null;
+            await this.fetch();
+        }
+        catch (e) {
+            this.error = e instanceof Error ? e.message : 'Failed to retract offer';
+        }
+        finally {
+            this.retracting_ids.delete(offer_id);
+        }
+    }
 }

package/dist/ui/admin_invites_state.svelte.d.ts CHANGED Viewed

@@ -1,17 +1,63 @@
 /**
  * Reactive state for admin invite management.
  *
+ * Flows every operation through an injected `AdminInvitesRpc` adapter — the
+ * class stays decoupled from the concrete RPC client so tests can inject
+ * plain-function stubs. Mirrors `AdminAccountsRpc` / `AuditLogRpc`.
+ *
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
 import { Loadable } from './loadable.svelte.js';
-import type { InviteWithUsernamesJson } from '../auth/invite_schema.js';
+import type { InviteJson, InviteWithUsernamesJson } from '../auth/invite_schema.js';
+/**
+ * Narrow RPC surface consumed by `AdminInvitesState`. Consumers adapt their
+ * typed RPC client to this shape. `error.data.reason` on thrown errors
+ * carries the `ERROR_INVITE_*` constant — handled by the caller when
+ * user-friendly messages are needed.
+ */
+export interface AdminInvitesRpc {
+    list: () => Promise<{
+        invites: Array<InviteWithUsernamesJson>;
+    }>;
+    create: (params: {
+        email?: string | null;
+        username?: string | null;
+    }) => Promise<{
+        ok: true;
+        invite: InviteJson;
+    }>;
+    delete: (params: {
+        invite_id: string;
+    }) => Promise<{
+        ok: true;
+    }>;
+}
+/**
+ * Svelte context carrying the reactive `AdminInvitesRpc` accessor. Mirrors
+ * `admin_accounts_rpc_context`. Unset context falls back to `() => null`.
+ */
+export declare const admin_invites_rpc_context: {
+    get: () => () => AdminInvitesRpc | null;
+    set: (value?: (() => AdminInvitesRpc | null) | undefined) => () => AdminInvitesRpc | null;
+};
+export interface AdminInvitesStateOptions {
+    /**
+     * Reactive accessor for the RPC adapter. `null` disables all operations
+     * (the state reports a descriptive error when mutations/fetches fire).
+     */
+    get_rpc?: () => AdminInvitesRpc | null;
+}
 export declare class AdminInvitesState extends Loadable {
+    #private;
     invites: Array<InviteWithUsernamesJson>;
     creating: boolean;
     readonly deleting_ids: SvelteSet<string>;
     readonly invite_count: number;
     readonly unclaimed_count: number;
+    constructor(options?: AdminInvitesStateOptions);
+    /** True when an RPC adapter is wired. All ops require it. */
+    get has_rpc(): boolean;
     fetch(): Promise<void>;
     create_invite(email?: string, username?: string): Promise<boolean>;
     delete_invite(id: string): Promise<void>;

package/dist/ui/admin_invites_state.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"admin_invites_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_invites_state.svelte.ts"],"names":[],"mappings":"AAAA~~;;;;GAIG~~;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;~~AAE5C~~,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;~~AAE9C~~,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,0BAA0B,CAAC;~~AAEtE~~,qBAAa,iBAAkB,SAAQ,QAAQ~~;IAC9C~~,OAAO,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAkB;IACzD,QAAQ,UAAqB;IAC7B,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE3D,QAAQ,CAAC,YAAY,SAAiC;IACtD,QAAQ,CAAC,eAAe,SAA8D;~~IAEhF~~,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;~~IAWtB~~,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;~~IA2BlE~~,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;~~CAe9C~~"}
1	+ {"version":3,"file":"admin_invites_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_invites_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAG5C,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,UAAU,EAAE,uBAAuB,EAAC,MAAM,0BAA0B,CAAC;AAElF;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,OAAO,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;KAAC,CAAC,CAAC;IAC/D,MAAM,EAAE,CAAC,MAAM,EAAE;QAChB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAC,CAAC,CAAC;IAC9C,MAAM,EAAE,CAAC,MAAM,EAAE;QAAC,SAAS,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;CAC7D;AAED;;;GAGG;AACH,eAAO,MAAM,yBAAyB;qBAAwB,eAAe,GAAG,IAAI;yBAAtB,eAAe,GAAG,IAAI,wBAAtB,eAAe,GAAG,IAAI;CAEnF,CAAC;AAEF,MAAM,WAAW,wBAAwB;IACxC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,eAAe,GAAG,IAAI,CAAC;CACvC;AAED,qBAAa,iBAAkB,SAAQ,QAAQ;;IAG9C,OAAO,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAkB;IACzD,QAAQ,UAAqB;IAC7B,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE3D,QAAQ,CAAC,YAAY,SAAiC;IACtD,QAAQ,CAAC,eAAe,SAA8D;gBAE1E,OAAO,CAAC,EAAE,wBAAwB;IAK9C,6DAA6D;IAC7D,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBlE,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB9C"}

package/dist/ui/admin_invites_state.svelte.js CHANGED Viewed

@@ -1,45 +1,56 @@
 /**
  * Reactive state for admin invite management.
  *
+ * Flows every operation through an injected `AdminInvitesRpc` adapter — the
+ * class stays decoupled from the concrete RPC client so tests can inject
+ * plain-function stubs. Mirrors `AdminAccountsRpc` / `AuditLogRpc`.
+ *
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
+import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
 import { Loadable } from './loadable.svelte.js';
-import { parse_response_error, ui_fetch } from './ui_fetch.js';
+/**
+ * Svelte context carrying the reactive `AdminInvitesRpc` accessor. Mirrors
+ * `admin_accounts_rpc_context`. Unset context falls back to `() => null`.
+ */
+export const admin_invites_rpc_context = create_context(() => () => null);
 export class AdminInvitesState extends Loadable {
+    #get_rpc;
     invites = $state.raw([]);
     creating = $state.raw(false);
     deleting_ids = new SvelteSet();
     invite_count = $derived(this.invites.length);
     unclaimed_count = $derived(this.invites.filter((i) => !i.claimed_at).length);
+    constructor(options) {
+        super();
+        this.#get_rpc = options?.get_rpc ?? (() => null);
+    }
+    /** True when an RPC adapter is wired. All ops require it. */
+    get has_rpc() {
+        return this.#get_rpc() !== null;
+    }
     async fetch() {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         await this.run(async () => {
-            const response = await ui_fetch('/api/admin/invites');
-            if (!response.ok) {
-                throw new Error(await parse_response_error(response, 'Failed to fetch invites'));
-            }
-            const data = await response.json();
-            this.invites = data.invites ?? [];
+            const { invites } = await rpc.list();
+            this.invites = invites;
         });
     }
     async create_invite(email, username) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return false;
+        }
         this.creating = true;
         this.error = null;
         try {
-            const body = {};
-            if (email)
-                body.email = email;
-            if (username)
-                body.username = username;
-            const response = await ui_fetch('/api/admin/invites', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify(body),
-            });
-            if (!response.ok) {
-                this.error = await parse_response_error(response);
-                return false;
-            }
+            await rpc.create({ email: email ?? null, username: username ?? null });
             await this.fetch();
             return true;
         }
@@ -52,13 +63,14 @@ export class AdminInvitesState extends Loadable {
         }
     }
     async delete_invite(id) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         this.deleting_ids.add(id);
         try {
-            const response = await ui_fetch(`/api/admin/invites/${id}`, { method: 'DELETE' });
-            if (!response.ok) {
-                this.error = await parse_response_error(response);
-                return;
-            }
+            await rpc.delete({ invite_id: id });
             await this.fetch();
         }
         catch (e) {

package/dist/ui/admin_rpc_adapters.d.ts ADDED Viewed

@@ -0,0 +1,94 @@
+/**
+ * Admin RPC adapter helpers for consumer UIs.
+ *
+ * Bridges a typed `rpc_call`-shaped function to the four narrow admin RPC
+ * interfaces the state classes consume — `AdminAccountsRpc`,
+ * `AdminInvitesRpc`, `AuditLogRpc`, `AppSettingsRpc`. Two calls at the
+ * admin shell layout wire everything:
+ *
+ * ```ts
+ * import {create_throwing_rpc_call} from '@fuzdev/fuz_app/actions/rpc_client.js';
+ * const rpc_call = create_throwing_rpc_call(api);
+ * provide_admin_rpc_contexts(create_admin_rpc_adapters(rpc_call));
+ * ```
+ *
+ * `create_throwing_rpc_call` unwraps every `Result` to throw on error, spreading
+ * the JSON-RPC `{code, message, data?}` onto the thrown `Error` so form
+ * components (e.g. `PermitOfferForm.svelte`) can match on
+ * `error.data?.reason` via `ERROR_OFFER_*` constants — optional chaining is
+ * required because JSON-RPC `data` is spec-level optional. Consumers that
+ * need a custom unwrap strategy can supply any function matching
+ * `AdminRpcCall` directly instead.
+ *
+ * No `.svelte.ts` suffix — this module holds no reactive state, only
+ * method-name mappings.
+ *
+ * @module
+ */
+import type { ThrowingRpcCall } from '../actions/rpc_client.js';
+import { type AdminAccountsRpc } from './admin_accounts_state.svelte.js';
+import { type AdminInvitesRpc } from './admin_invites_state.svelte.js';
+import { type AuditLogRpc } from './audit_log_state.svelte.js';
+import { type AppSettingsRpc } from './app_settings_state.svelte.js';
+/**
+ * Function-shaped contract for dispatching an RPC call by method name.
+ *
+ * Alias of `ThrowingRpcCall` — kept as a domain-specific name so reads of
+ * the admin UI code stay self-contained. Receives the method string and
+ * input, returns a Promise of the output — or throws on error carrying the
+ * JSON-RPC `{code, message, data?}` shape.
+ *
+ * The generic is load-bearing: contextual typing lets the narrow
+ * `Admin*Rpc` return types flow into `TOutput` so adapter methods typecheck
+ * without explicit casts.
+ */
+export type AdminRpcCall = ThrowingRpcCall;
+/** The four admin RPC adapters assembled from a shared `rpc_call`. */
+export interface AdminRpcAdapters {
+    admin_accounts: AdminAccountsRpc;
+    admin_invites: AdminInvitesRpc;
+    audit_log: AuditLogRpc;
+    app_settings: AppSettingsRpc;
+}
+/**
+ * Build the four admin RPC adapters from a single typed `rpc_call`.
+ *
+ * Method-name mapping:
+ *
+ * | Narrow RPC method                   | Action spec method           |
+ * | ----------------------------------- | ---------------------------- |
+ * | `admin_accounts.list_accounts`      | `admin_account_list`         |
+ * | `admin_accounts.list_sessions`      | `admin_session_list`         |
+ * | `admin_accounts.grant_permit`       | `permit_offer_create`        |
+ * | `admin_accounts.revoke_permit`      | `permit_revoke`              |
+ * | `admin_accounts.retract_offer`      | `permit_offer_retract`       |
+ * | `admin_accounts.session_revoke_all` | `admin_session_revoke_all`   |
+ * | `admin_accounts.token_revoke_all`   | `admin_token_revoke_all`     |
+ * | `admin_invites.list`                | `invite_list`                |
+ * | `admin_invites.create`              | `invite_create`              |
+ * | `admin_invites.delete`              | `invite_delete`              |
+ * | `audit_log.list`                    | `audit_log_list`             |
+ * | `audit_log.permit_history`          | `audit_log_permit_history`   |
+ * | `app_settings.get`                  | `app_settings_get`           |
+ * | `app_settings.update`               | `app_settings_update`        |
+ *
+ * All four adapter factories call through the same `rpc_call` — consumers
+ * only construct one adapter closure (typically wrapping
+ * `create_rpc_client`'s Proxy + Result-unwrap) regardless of how many
+ * admin surfaces they mount.
+ */
+export declare const create_admin_rpc_adapters: (rpc_call: AdminRpcCall) => AdminRpcAdapters;
+/**
+ * Wire all four admin RPC contexts in a single call.
+ *
+ * Call once at the admin shell layout (e.g. `src/routes/admin/+layout.svelte`)
+ * with adapters built from `create_admin_rpc_adapters`. Every `Admin*.svelte`
+ * component that reads a context below this point sees the adapters.
+ *
+ * Each context accessor reads `adapters.{domain}` on every invocation, so
+ * mutating an adapter field on the same object propagates. Replacing the
+ * whole adapter set requires calling `provide_admin_rpc_contexts` again
+ * during init — in practice this is one-shot at layout mount.
+ */
+export declare const provide_admin_rpc_contexts: (adapters: AdminRpcAdapters) => void;
+//# sourceMappingURL=admin_rpc_adapters.d.ts.map

package/dist/ui/admin_rpc_adapters.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAE7F;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,YAAY,GAAG,eAAe,CAAC;AAE3C,sEAAsE;AACtE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,yBAAyB,GAAI,UAAU,YAAY,KAAG,gBAuBjE,CAAC;AAEH;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,0BAA0B,GAAI,UAAU,gBAAgB,KAAG,IAKvE,CAAC"}

package/dist/ui/admin_rpc_adapters.js ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * Admin RPC adapter helpers for consumer UIs.
+ *
+ * Bridges a typed `rpc_call`-shaped function to the four narrow admin RPC
+ * interfaces the state classes consume — `AdminAccountsRpc`,
+ * `AdminInvitesRpc`, `AuditLogRpc`, `AppSettingsRpc`. Two calls at the
+ * admin shell layout wire everything:
+ *
+ * ```ts
+ * import {create_throwing_rpc_call} from '@fuzdev/fuz_app/actions/rpc_client.js';
+ * const rpc_call = create_throwing_rpc_call(api);
+ * provide_admin_rpc_contexts(create_admin_rpc_adapters(rpc_call));
+ * ```
+ *
+ * `create_throwing_rpc_call` unwraps every `Result` to throw on error, spreading
+ * the JSON-RPC `{code, message, data?}` onto the thrown `Error` so form
+ * components (e.g. `PermitOfferForm.svelte`) can match on
+ * `error.data?.reason` via `ERROR_OFFER_*` constants — optional chaining is
+ * required because JSON-RPC `data` is spec-level optional. Consumers that
+ * need a custom unwrap strategy can supply any function matching
+ * `AdminRpcCall` directly instead.
+ *
+ * No `.svelte.ts` suffix — this module holds no reactive state, only
+ * method-name mappings.
+ *
+ * @module
+ */
+import { admin_accounts_rpc_context } from './admin_accounts_state.svelte.js';
+import { admin_invites_rpc_context } from './admin_invites_state.svelte.js';
+import { audit_log_rpc_context } from './audit_log_state.svelte.js';
+import { app_settings_rpc_context } from './app_settings_state.svelte.js';
+/**
+ * Build the four admin RPC adapters from a single typed `rpc_call`.
+ *
+ * Method-name mapping:
+ *
+ * | Narrow RPC method                   | Action spec method           |
+ * | ----------------------------------- | ---------------------------- |
+ * | `admin_accounts.list_accounts`      | `admin_account_list`         |
+ * | `admin_accounts.list_sessions`      | `admin_session_list`         |
+ * | `admin_accounts.grant_permit`       | `permit_offer_create`        |
+ * | `admin_accounts.revoke_permit`      | `permit_revoke`              |
+ * | `admin_accounts.retract_offer`      | `permit_offer_retract`       |
+ * | `admin_accounts.session_revoke_all` | `admin_session_revoke_all`   |
+ * | `admin_accounts.token_revoke_all`   | `admin_token_revoke_all`     |
+ * | `admin_invites.list`                | `invite_list`                |
+ * | `admin_invites.create`              | `invite_create`              |
+ * | `admin_invites.delete`              | `invite_delete`              |
+ * | `audit_log.list`                    | `audit_log_list`             |
+ * | `audit_log.permit_history`          | `audit_log_permit_history`   |
+ * | `app_settings.get`                  | `app_settings_get`           |
+ * | `app_settings.update`               | `app_settings_update`        |
+ *
+ * All four adapter factories call through the same `rpc_call` — consumers
+ * only construct one adapter closure (typically wrapping
+ * `create_rpc_client`'s Proxy + Result-unwrap) regardless of how many
+ * admin surfaces they mount.
+ */
+export const create_admin_rpc_adapters = (rpc_call) => ({
+    admin_accounts: {
+        list_accounts: () => rpc_call('admin_account_list', null),
+        list_sessions: () => rpc_call('admin_session_list', null),
+        grant_permit: (params) => rpc_call('permit_offer_create', params),
+        revoke_permit: (params) => rpc_call('permit_revoke', params),
+        retract_offer: (offer_id) => rpc_call('permit_offer_retract', { offer_id }),
+        session_revoke_all: (params) => rpc_call('admin_session_revoke_all', params),
+        token_revoke_all: (params) => rpc_call('admin_token_revoke_all', params),
+    },
+    admin_invites: {
+        list: () => rpc_call('invite_list', null),
+        create: (params) => rpc_call('invite_create', params),
+        delete: (params) => rpc_call('invite_delete', params),
+    },
+    audit_log: {
+        list: (options) => rpc_call('audit_log_list', options ?? {}),
+        permit_history: (params) => rpc_call('audit_log_permit_history', params ?? {}),
+    },
+    app_settings: {
+        get: () => rpc_call('app_settings_get', null),
+        update: (params) => rpc_call('app_settings_update', params),
+    },
+});
+/**
+ * Wire all four admin RPC contexts in a single call.
+ *
+ * Call once at the admin shell layout (e.g. `src/routes/admin/+layout.svelte`)
+ * with adapters built from `create_admin_rpc_adapters`. Every `Admin*.svelte`
+ * component that reads a context below this point sees the adapters.
+ *
+ * Each context accessor reads `adapters.{domain}` on every invocation, so
+ * mutating an adapter field on the same object propagates. Replacing the
+ * whole adapter set requires calling `provide_admin_rpc_contexts` again
+ * during init — in practice this is one-shot at layout mount.
+ */
+export const provide_admin_rpc_contexts = (adapters) => {
+    admin_accounts_rpc_context.set(() => adapters.admin_accounts);
+    admin_invites_rpc_context.set(() => adapters.admin_invites);
+    audit_log_rpc_context.set(() => adapters.audit_log);
+    app_settings_rpc_context.set(() => adapters.app_settings);
+};

package/dist/ui/admin_sessions_state.svelte.d.ts CHANGED Viewed

@@ -1,16 +1,42 @@
 /**
  * Reactive state for admin session overview.
  *
+ * Both the listing and the two revoke-all mutations flow through the shared
+ * `AdminAccountsRpc` adapter (`list_sessions`, `session_revoke_all`,
+ * `token_revoke_all`). The former REST `GET /api/admin/sessions` route moved
+ * to the `admin_session_list` RPC method in the 2026-04-23 migration.
+ *
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
 import { Loadable } from './loadable.svelte.js';
+import type { AdminAccountsRpc } from './admin_accounts_state.svelte.js';
 import type { AdminSessionJson } from '../auth/audit_log_schema.js';
+/**
+ * Options for `AdminSessionsState`.
+ *
+ * The RPC adapter drives every operation (listing + the two revoke-all
+ * mutations). Without it, `fetch` and the revoke controls no-op with
+ * `'rpc adapter not wired'` on `error`.
+ */
+export interface AdminSessionsStateOptions {
+    /**
+     * Reactive accessor for the RPC adapter; returns `null` when unwired.
+     * Mirrors `AdminAccountsStateOptions.get_rpc` so a single adapter
+     * instance backs both states without tripping Svelte's
+     * `state_referenced_locally` warning.
+     */
+    get_rpc?: () => AdminAccountsRpc | null;
+}
 export declare class AdminSessionsState extends Loadable {
+    #private;
     sessions: Array<AdminSessionJson>;
     readonly revoking_account_ids: SvelteSet<string>;
     readonly revoking_token_account_ids: SvelteSet<string>;
     readonly active_count: number;
+    constructor(options?: AdminSessionsStateOptions);
+    /** True when an RPC adapter is wired. `fetch` and the revoke controls no-op without it. */
+    get has_rpc(): boolean;
     fetch(): Promise<void>;
     revoke_all_for_account(account_id: string): Promise<void>;
     revoke_all_tokens_for_account(account_id: string): Promise<void>;

package/dist/ui/admin_sessions_state.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"admin_sessions_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_sessions_state.svelte.ts"],"names":[],"mappings":"AAAA~~;;;;GAIG~~;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAE5C,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;~~AAE9C~~,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,6BAA6B,CAAC;AAElE,qBAAa,kBAAmB,SAAQ,QAAQ~~;IAC~~/C,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAkB;IACnD,QAAQ,CAAC,oBAAoB,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IACnE,QAAQ,CAAC,0BAA0B,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAEzE,QAAQ,CAAC,YAAY,SAAkC;~~IAEjD~~,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;~~IAWtB~~,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBzD,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBtE"}
1	+ {"version":3,"file":"admin_sessions_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_sessions_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAE5C,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACvE,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,6BAA6B,CAAC;AAElE;;;;;;GAMG;AACH,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,gBAAgB,GAAG,IAAI,CAAC;CACxC;AAED,qBAAa,kBAAmB,SAAQ,QAAQ;;IAG/C,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAkB;IACnD,QAAQ,CAAC,oBAAoB,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IACnE,QAAQ,CAAC,0BAA0B,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAEzE,QAAQ,CAAC,YAAY,SAAkC;gBAE3C,OAAO,CAAC,EAAE,yBAAyB;IAK/C,2FAA2F;IAC3F,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBzD,6BAA6B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBtE"}

package/dist/ui/admin_sessions_state.svelte.js CHANGED Viewed

@@ -1,36 +1,50 @@
 /**
  * Reactive state for admin session overview.
  *
+ * Both the listing and the two revoke-all mutations flow through the shared
+ * `AdminAccountsRpc` adapter (`list_sessions`, `session_revoke_all`,
+ * `token_revoke_all`). The former REST `GET /api/admin/sessions` route moved
+ * to the `admin_session_list` RPC method in the 2026-04-23 migration.
+ *
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
 import { Loadable } from './loadable.svelte.js';
-import { parse_response_error, ui_fetch } from './ui_fetch.js';
 export class AdminSessionsState extends Loadable {
+    #get_rpc;
     sessions = $state.raw([]);
     revoking_account_ids = new SvelteSet();
     revoking_token_account_ids = new SvelteSet();
     active_count = $derived(this.sessions.length);
+    constructor(options) {
+        super();
+        this.#get_rpc = options?.get_rpc ?? (() => null);
+    }
+    /** True when an RPC adapter is wired. `fetch` and the revoke controls no-op without it. */
+    get has_rpc() {
+        return this.#get_rpc() !== null;
+    }
     async fetch() {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         await this.run(async () => {
-            const response = await ui_fetch('/api/admin/sessions');
-            if (!response.ok) {
-                throw new Error(await parse_response_error(response, 'Failed to fetch sessions'));
-            }
-            const data = await response.json();
-            this.sessions = data.sessions ?? [];
+            const { sessions } = await rpc.list_sessions();
+            this.sessions = sessions;
         });
     }
     async revoke_all_for_account(account_id) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         this.revoking_account_ids.add(account_id);
         try {
-            const response = await ui_fetch(`/api/admin/accounts/${account_id}/sessions/revoke-all`, {
-                method: 'POST',
-            });
-            if (!response.ok) {
-                this.error = await parse_response_error(response);
-                return;
-            }
+            await rpc.session_revoke_all({ account_id });
+            this.error = null;
             await this.fetch();
         }
         catch (e) {
@@ -41,15 +55,15 @@ export class AdminSessionsState extends Loadable {
         }
     }
     async revoke_all_tokens_for_account(account_id) {
+        const rpc = this.#get_rpc();
+        if (!rpc) {
+            this.error = 'rpc adapter not wired';
+            return;
+        }
         this.revoking_token_account_ids.add(account_id);
         try {
-            const response = await ui_fetch(`/api/admin/accounts/${account_id}/tokens/revoke-all`, {
-                method: 'POST',
-            });
-            if (!response.ok) {
-                this.error = await parse_response_error(response);
-                return;
-            }
+            await rpc.token_revoke_all({ account_id });
+            this.error = null;
             await this.fetch();
         }
         catch (e) {