@fuzdev/fuz_app 0.30.0 → 0.32.0

package/dist/ui/permit_offers_state.svelte.js

@@ -0,0 +1,197 @@
+/**
+ * Reactive state for the consentful-permits offer flow.
+ *
+ * Maintains one offer cache keyed by id, seeded by the RPC list/history
+ * actions and kept live by the six permit-offer WebSocket notifications.
+ * `incoming` (recipient-side pending) and `outgoing` (grantor-side pending)
+ * are derived views; `history` is the full cache ordered newest-first for
+ * the grantor/admin history view.
+ *
+ * Wiring is transport-agnostic: the ctor accepts a narrow RPC interface
+ * the consumer adapts from their typed client, plus an `account_id` /
+ * `actor_id` getter pair (typically bound to `auth_state`). Notification
+ * delivery is pull-only via `subscribe()` — the consumer plumbs their
+ * `FrontendWebsocketClient` / `ActionPeer` receiver to `apply_notification`.
+ *
+ * @module
+ */
+import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
+import { Loadable } from './loadable.svelte.js';
+import { PERMIT_OFFER_ACCEPTED_NOTIFICATION_METHOD, PERMIT_OFFER_DECLINED_NOTIFICATION_METHOD, PERMIT_OFFER_RECEIVED_NOTIFICATION_METHOD, PERMIT_OFFER_RETRACTED_NOTIFICATION_METHOD, PERMIT_OFFER_SUPERSEDE_NOTIFICATION_METHOD, PERMIT_REVOKE_NOTIFICATION_METHOD, } from '../auth/permit_offer_notifications.js';
+/**
+ * Svelte context for `PermitOffersState`.
+ * Use `permit_offers_state_context.set(state)` in the provider and
+ * `permit_offers_state_context.get()` to access.
+ */
+export const permit_offers_state_context = create_context();
+const is_terminal = (o) => o.accepted_at !== null ||
+    o.declined_at !== null ||
+    o.retracted_at !== null ||
+    o.superseded_at !== null;
+export class PermitOffersState extends Loadable {
+    #rpc;
+    #get_account_id;
+    #get_actor_id;
+    #offers = $state.raw(new Map());
+    /** Pending offers for the current account, soonest-expiring first. */
+    incoming = $derived.by(() => {
+        const account_id = this.#get_account_id();
+        if (!account_id)
+            return [];
+        const now = Date.now();
+        const rows = [];
+        for (const o of this.#offers.values()) {
+            if (o.to_account_id !== account_id)
+                continue;
+            if (is_terminal(o))
+                continue;
+            if (Date.parse(o.expires_at) <= now)
+                continue;
+            rows.push(o);
+        }
+        rows.sort((a, b) => Date.parse(a.expires_at) - Date.parse(b.expires_at));
+        return rows;
+    });
+    /** Pending offers from the current actor, newest-created first. */
+    outgoing = $derived.by(() => {
+        const actor_id = this.#get_actor_id();
+        if (!actor_id)
+            return [];
+        const now = Date.now();
+        const rows = [];
+        for (const o of this.#offers.values()) {
+            if (o.from_actor_id !== actor_id)
+                continue;
+            if (is_terminal(o))
+                continue;
+            if (Date.parse(o.expires_at) <= now)
+                continue;
+            rows.push(o);
+        }
+        rows.sort((a, b) => Date.parse(b.created_at) - Date.parse(a.created_at));
+        return rows;
+    });
+    /** Every offer known to this state, newest-created first. Feeds the history view. */
+    history = $derived.by(() => {
+        const rows = Array.from(this.#offers.values());
+        rows.sort((a, b) => Date.parse(b.created_at) - Date.parse(a.created_at));
+        return rows;
+    });
+    incoming_count = $derived(this.incoming.length);
+    constructor(options) {
+        super();
+        this.#rpc = options.rpc;
+        this.#get_account_id = options.account_id;
+        this.#get_actor_id = options.actor_id;
+    }
+    /** Seed the cache with the recipient-side pending inbox. */
+    async fetch() {
+        await this.run(async () => {
+            const { offers } = await this.#rpc.list();
+            this.#merge_offers(offers);
+        });
+    }
+    /** Seed both-directions history (includes terminal rows). */
+    async fetch_history(options) {
+        await this.run(async () => {
+            const { offers } = await this.#rpc.history(options);
+            this.#merge_offers(offers);
+        });
+    }
+    /** Issue a new offer; merges the returned offer into the cache on success. */
+    async create(params) {
+        return this.run(async () => {
+            const { offer } = await this.#rpc.create(params);
+            this.#merge_offers([offer]);
+            return offer;
+        });
+    }
+    /** Accept an offer; stamps it terminal in the cache and drops any siblings the server superseded. */
+    async accept(offer_id) {
+        await this.run(async () => {
+            const result = await this.#rpc.accept(offer_id);
+            this.#merge_offers([result.offer]);
+            // siblings are authoritatively superseded server-side; the
+            // corresponding WS notifications will also arrive, but dropping
+            // them eagerly keeps the inbox accurate in the gap.
+            for (const sibling_id of result.superseded_offer_ids) {
+                this.#remove_offer(sibling_id);
+            }
+        });
+    }
+    async decline(offer_id, reason) {
+        await this.run(async () => {
+            await this.#rpc.decline(offer_id, reason);
+            this.#remove_offer(offer_id);
+        });
+    }
+    async retract(offer_id) {
+        await this.run(async () => {
+            await this.#rpc.retract(offer_id);
+            this.#remove_offer(offer_id);
+        });
+    }
+    /**
+     * Wire a notification subscription. The handler dispatches each matching
+     * notification into `apply_notification`; the returned disposer unwires.
+     */
+    subscribe(subscribe_fn) {
+        return subscribe_fn((notification) => {
+            this.apply_notification(notification);
+        });
+    }
+    /**
+     * Reduce a single WS notification into the cache. Exposed so consumers
+     * wiring their WS receiver directly (without `subscribe`) and tests can
+     * drive the reducer without allocating a subscription.
+     */
+    apply_notification(notification) {
+        switch (notification.method) {
+            case PERMIT_OFFER_RECEIVED_NOTIFICATION_METHOD:
+            case PERMIT_OFFER_RETRACTED_NOTIFICATION_METHOD:
+            case PERMIT_OFFER_ACCEPTED_NOTIFICATION_METHOD:
+            case PERMIT_OFFER_DECLINED_NOTIFICATION_METHOD:
+            case PERMIT_OFFER_SUPERSEDE_NOTIFICATION_METHOD: {
+                const params = notification.params;
+                if (!params || typeof params !== 'object' || !('offer' in params))
+                    return;
+                const offer = params.offer;
+                if (!is_permit_offer_like(offer))
+                    return;
+                this.#merge_offers([offer]);
+                return;
+            }
+            case PERMIT_REVOKE_NOTIFICATION_METHOD:
+                // permit_revoke is a permit-lifecycle event — the offer cache
+                // is unaffected. Consumers handle it in an auth/permits state.
+                return;
+            default:
+                // unrelated notifications — ignore silently.
+                return;
+        }
+    }
+    /** Clear the cache and reset loading/error state. */
+    reset() {
+        super.reset();
+        this.#offers = new Map();
+    }
+    #merge_offers(offers) {
+        const next = new Map(this.#offers);
+        for (const offer of offers) {
+            next.set(offer.id, offer);
+        }
+        this.#offers = next;
+    }
+    #remove_offer(offer_id) {
+        if (!this.#offers.has(offer_id))
+            return;
+        const next = new Map(this.#offers);
+        next.delete(offer_id);
+        this.#offers = next;
+    }
+}
+const is_permit_offer_like = (value) => !!value &&
+    typeof value === 'object' &&
+    typeof value.id === 'string' &&
+    typeof value.to_account_id === 'string' &&
+    typeof value.from_actor_id === 'string';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fuzdev/fuz_app",
-  "version": "0.30.0",
+  "version": "0.32.0",
   "description": "fullstack app library",
   "glyph": "🗝",
   "logo": "logo.svg",
@@ -19,7 +19,7 @@
   },
   "type": "module",
   "engines": {
-    "node": ">=22.15"
+    "node": ">=24.14"
   },
   "peerDependencies": {
     "@electric-sql/pglite": ">=0.3",
@@ -46,7 +46,7 @@
     "@fuzdev/fuz_code": "^0.45.1",
     "@fuzdev/fuz_css": "^0.58.0",
     "@fuzdev/fuz_ui": "^0.191.4",
-    "@fuzdev/fuz_util": "^0.57.0",
+    "@fuzdev/fuz_util": "^0.58.0",
     "@fuzdev/gro": "^0.198.0",
     "@jridgewell/trace-mapping": "^0.3.31",
     "@node-rs/argon2": "^2.0.2",

package/dist/auth/admin_routes.d.ts

@@ -1,29 +0,0 @@
-/**
- * Generic admin route specs — account listing, permit management, session and token revocation.
- *
- * All routes require the `admin` role.
- *
- * @module
- */
-import { type RoleSchemaResult } from './role_schema.js';
-import { type RouteSpec } from '../http/route_spec.js';
-import type { RouteFactoryDeps } from './deps.js';
-/** Options for admin route specs. */
-export interface AdminRouteOptions {
-    /**
-     * Role schema result from `create_role_schema()`. Defaults to builtin roles only.
-     * Pass the full result to enable extended app-defined roles in the admin UI.
-     * Both `Role` and `role_options` come from the same call — passing them together
-     * via this field ensures they stay in sync.
-     */
-    roles?: RoleSchemaResult;
-}
-/**
- * Create admin route specs for account listing and permit management.
- *
- * @param deps - stateless capabilities (log)
- * @param options - optional options with role schema for validation
- * @returns route specs for admin account management
- */
-export declare const create_admin_account_route_specs: (deps: Pick<RouteFactoryDeps, "log" | "on_audit_event">, options?: AdminRouteOptions) => Array<RouteSpec>;
-//# sourceMappingURL=admin_routes.d.ts.map

package/dist/auth/admin_routes.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"admin_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_routes.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAA8C,KAAK,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;AAGpG,OAAO,EAAoC,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAcxF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAShD,qCAAqC;AACrC,MAAM,WAAW,iBAAiB;IACjC;;;;;OAKG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;CACzB;AAED;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,gBAAgB,CAAC,EACtD,UAAU,iBAAiB,KACzB,KAAK,CAAC,SAAS,CAoPjB,CAAC"}

package/dist/auth/admin_routes.js

@@ -1,226 +0,0 @@
-/**
- * Generic admin route specs — account listing, permit management, session and token revocation.
- *
- * All routes require the `admin` role.
- *
- * @module
- */
-import { z } from 'zod';
-import { BUILTIN_ROLE_OPTIONS, BuiltinRole, RoleName } from './role_schema.js';
-import { AdminAccountEntryJson } from './account_schema.js';
-import { require_request_context } from './request_context.js';
-import { get_route_input, get_route_params } from '../http/route_spec.js';
-import { query_account_by_id, query_actor_by_account, query_admin_account_list, } from './account_queries.js';
-import { query_grant_permit, query_permit_find_active_role_for_actor, query_revoke_permit, } from './permit_queries.js';
-import { query_session_revoke_all_for_account } from './session_queries.js';
-import { query_revoke_all_api_tokens_for_account } from './api_token_queries.js';
-import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { ERROR_ACCOUNT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE, ERROR_PERMIT_NOT_FOUND, ERROR_INSUFFICIENT_PERMISSIONS, } from '../http/error_schemas.js';
-import { get_client_ip } from '../http/proxy.js';
-/**
- * Create admin route specs for account listing and permit management.
- *
- * @param deps - stateless capabilities (log)
- * @param options - optional options with role schema for validation
- * @returns route specs for admin account management
- */
-export const create_admin_account_route_specs = (deps, options) => {
-    const role = 'admin';
-    const { on_audit_event } = deps;
-    const role_schema = options?.roles?.Role ?? BuiltinRole;
-    const role_options = options?.roles?.role_options ?? BUILTIN_ROLE_OPTIONS;
-    const grantable_roles = [];
-    for (const [name, rc] of role_options) {
-        if (rc.web_grantable)
-            grantable_roles.push(name);
-    }
-    return [
-        {
-            method: 'GET',
-            path: '/accounts',
-            auth: { type: 'role', role },
-            description: 'List all accounts with their permits',
-            input: z.null(),
-            output: z.strictObject({
-                accounts: z.array(AdminAccountEntryJson),
-                grantable_roles: z.array(RoleName),
-            }),
-            handler: async (c, route) => {
-                const accounts = await query_admin_account_list(route);
-                return c.json({ accounts, grantable_roles });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/accounts/:account_id/permits/grant',
-            auth: { type: 'role', role },
-            description: 'Grant a role permit to an account',
-            params: z.strictObject({ account_id: z.uuid() }),
-            input: z.strictObject({ role: role_schema }),
-            output: z.strictObject({
-                ok: z.literal(true),
-                permit: z.strictObject({ id: z.string(), role: z.string() }),
-            }),
-            errors: {
-                403: z.looseObject({
-                    error: z.enum([ERROR_INSUFFICIENT_PERMISSIONS, ERROR_ROLE_NOT_WEB_GRANTABLE]),
-                }),
-                404: z.looseObject({ error: z.literal(ERROR_ACCOUNT_NOT_FOUND) }),
-            },
-            handler: async (c, route) => {
-                const { account_id } = get_route_params(c);
-                const { role: role_name } = get_route_input(c);
-                const ctx = require_request_context(c);
-                // Enforce web_grantable — direct API calls must respect the same
-                // restrictions as the UI. Keeper role can only be granted via daemon token.
-                const rc = role_options.get(role_name);
-                if (!rc?.web_grantable) {
-                    void audit_log_fire_and_forget(route, {
-                        event_type: 'permit_grant',
-                        outcome: 'failure',
-                        actor_id: ctx.actor.id,
-                        account_id: ctx.account.id,
-                        target_account_id: account_id,
-                        ip: get_client_ip(c),
-                        metadata: { role: role_name },
-                    }, deps.log, on_audit_event);
-                    return c.json({ error: ERROR_ROLE_NOT_WEB_GRANTABLE }, 403);
-                }
-                const actor = await query_actor_by_account(route, account_id);
-                if (!actor) {
-                    return c.json({ error: ERROR_ACCOUNT_NOT_FOUND }, 404);
-                }
-                const permit = await query_grant_permit(route, {
-                    actor_id: actor.id,
-                    role: role_name,
-                    granted_by: ctx.actor.id,
-                });
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'permit_grant',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    target_account_id: account_id,
-                    ip: get_client_ip(c),
-                    metadata: { role: role_name, permit_id: permit.id },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, permit: { id: permit.id, role: permit.role } });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/accounts/:account_id/sessions/revoke-all',
-            auth: { type: 'role', role },
-            description: 'Revoke all sessions for an account',
-            params: z.strictObject({ account_id: z.uuid() }),
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), count: z.number() }),
-            errors: { 404: z.looseObject({ error: z.literal(ERROR_ACCOUNT_NOT_FOUND) }) },
-            handler: async (c, route) => {
-                const { account_id } = get_route_params(c);
-                const account = await query_account_by_id(route, account_id);
-                if (!account) {
-                    return c.json({ error: ERROR_ACCOUNT_NOT_FOUND }, 404);
-                }
-                const ctx = require_request_context(c);
-                const count = await query_session_revoke_all_for_account(route, account_id);
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'session_revoke_all',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    target_account_id: account_id,
-                    ip: get_client_ip(c),
-                    metadata: { count },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, count });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/accounts/:account_id/tokens/revoke-all',
-            auth: { type: 'role', role },
-            description: 'Revoke all API tokens for an account',
-            params: z.strictObject({ account_id: z.uuid() }),
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), count: z.number() }),
-            errors: { 404: z.looseObject({ error: z.literal(ERROR_ACCOUNT_NOT_FOUND) }) },
-            handler: async (c, route) => {
-                const { account_id } = get_route_params(c);
-                const account = await query_account_by_id(route, account_id);
-                if (!account) {
-                    return c.json({ error: ERROR_ACCOUNT_NOT_FOUND }, 404);
-                }
-                const ctx = require_request_context(c);
-                const count = await query_revoke_all_api_tokens_for_account(route, account_id);
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'token_revoke_all',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    target_account_id: account_id,
-                    ip: get_client_ip(c),
-                    metadata: { count },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, count });
-            },
-        },
-        {
-            method: 'POST',
-            path: '/accounts/:account_id/permits/:permit_id/revoke',
-            auth: { type: 'role', role },
-            description: 'Revoke a permit',
-            params: z.strictObject({ account_id: z.uuid(), permit_id: z.uuid() }),
-            input: z.null(),
-            output: z.strictObject({ ok: z.literal(true), revoked: z.literal(true) }),
-            errors: {
-                403: z.looseObject({
-                    error: z.enum([ERROR_INSUFFICIENT_PERMISSIONS, ERROR_ROLE_NOT_WEB_GRANTABLE]),
-                }),
-                404: z.looseObject({
-                    error: z.enum([ERROR_ACCOUNT_NOT_FOUND, ERROR_PERMIT_NOT_FOUND]),
-                }),
-            },
-            handler: async (c, route) => {
-                const { account_id, permit_id } = get_route_params(c);
-                const ctx = require_request_context(c);
-                // resolve the target actor from the URL account_id to prevent IDOR
-                const target_actor = await query_actor_by_account(route, account_id);
-                if (!target_actor) {
-                    return c.json({ error: ERROR_ACCOUNT_NOT_FOUND }, 404);
-                }
-                // Look up the permit's role so we can enforce web_grantable symmetrically
-                // with the grant route. Without this, an admin could revoke the keeper
-                // permit via the web, breaking the "only daemon token manages keeper" invariant.
-                // Route wraps POST handlers in a transaction, so SELECT-then-UPDATE is atomic.
-                const permit_row = await query_permit_find_active_role_for_actor(route, permit_id, target_actor.id);
-                if (!permit_row) {
-                    return c.json({ error: ERROR_PERMIT_NOT_FOUND }, 404);
-                }
-                const rc = role_options.get(permit_row.role);
-                if (!rc?.web_grantable) {
-                    void audit_log_fire_and_forget(route, {
-                        event_type: 'permit_revoke',
-                        outcome: 'failure',
-                        actor_id: ctx.actor.id,
-                        account_id: ctx.account.id,
-                        target_account_id: account_id,
-                        ip: get_client_ip(c),
-                        metadata: { role: permit_row.role, permit_id },
-                    }, deps.log, on_audit_event);
-                    return c.json({ error: ERROR_ROLE_NOT_WEB_GRANTABLE }, 403);
-                }
-                const result = await query_revoke_permit(route, permit_id, target_actor.id, ctx.actor.id);
-                if (!result) {
-                    return c.json({ error: ERROR_PERMIT_NOT_FOUND }, 404);
-                }
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'permit_revoke',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    target_account_id: account_id,
-                    ip: get_client_ip(c),
-                    metadata: { role: result.role, permit_id },
-                }, deps.log, on_audit_event);
-                return c.json({ ok: true, revoked: true });
-            },
-        },
-    ];
-};

package/dist/auth/app_settings_routes.d.ts

@@ -1,27 +0,0 @@
-/**
- * Admin app settings route specs.
- *
- * GET and PATCH routes for managing global app settings (e.g. open signup toggle).
- * All routes require the `admin` role.
- *
- * @module
- */
-import { type RouteSpec } from '../http/route_spec.js';
-import { type AppSettings } from './app_settings_schema.js';
-import type { RouteFactoryDeps } from './deps.js';
-/**
- * Per-factory configuration for app settings route specs.
- */
-export interface AppSettingsRouteOptions {
-    /** Mutable ref to the in-memory app settings — mutated on PATCH. */
-    app_settings: AppSettings;
-}
-/**
- * Create admin app settings route specs.
- *
- * @param deps - stateless capabilities (log, on_audit_event)
- * @param options - per-factory configuration
- * @returns route specs for app settings management
- */
-export declare const create_app_settings_route_specs: (deps: Pick<RouteFactoryDeps, "log" | "on_audit_event">, options: AppSettingsRouteOptions) => Array<RouteSpec>;
-//# sourceMappingURL=app_settings_routes.d.ts.map

package/dist/auth/app_settings_routes.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"app_settings_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/app_settings_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAQtE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,0BAA0B,CAAC;AAClC,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,oEAAoE;IACpE,YAAY,EAAE,WAAW,CAAC;CAC1B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,gBAAgB,CAAC,EACtD,SAAS,uBAAuB,KAC9B,KAAK,CAAC,SAAS,CAoDjB,CAAC"}

package/dist/auth/app_settings_routes.js

@@ -1,66 +0,0 @@
-/**
- * Admin app settings route specs.
- *
- * GET and PATCH routes for managing global app settings (e.g. open signup toggle).
- * All routes require the `admin` role.
- *
- * @module
- */
-import { z } from 'zod';
-import { get_route_input } from '../http/route_spec.js';
-import { require_request_context } from './request_context.js';
-import { get_client_ip } from '../http/proxy.js';
-import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { query_app_settings_load_with_username, query_app_settings_update, } from './app_settings_queries.js';
-import { AppSettingsWithUsernameJson, UpdateAppSettingsInput, } from './app_settings_schema.js';
-/**
- * Create admin app settings route specs.
- *
- * @param deps - stateless capabilities (log, on_audit_event)
- * @param options - per-factory configuration
- * @returns route specs for app settings management
- */
-export const create_app_settings_route_specs = (deps, options) => {
-    const { app_settings } = options;
-    return [
-        {
-            method: 'GET',
-            path: '/settings',
-            auth: { type: 'role', role: 'admin' },
-            description: 'Get app settings',
-            input: z.null(),
-            output: z.strictObject({ settings: AppSettingsWithUsernameJson }),
-            handler: async (c, route) => {
-                const settings = await query_app_settings_load_with_username(route);
-                return c.json({ settings });
-            },
-        },
-        {
-            method: 'PATCH',
-            path: '/settings',
-            auth: { type: 'role', role: 'admin' },
-            description: 'Update app settings',
-            input: UpdateAppSettingsInput,
-            output: z.strictObject({ ok: z.literal(true), settings: AppSettingsWithUsernameJson }),
-            handler: async (c, route) => {
-                const ctx = require_request_context(c);
-                const { open_signup } = get_route_input(c);
-                const old_value = app_settings.open_signup;
-                const updated = await query_app_settings_update(route, open_signup, ctx.actor.id);
-                // Mutate the in-memory ref so GET reads are consistent
-                app_settings.open_signup = updated.open_signup;
-                app_settings.updated_at = updated.updated_at;
-                app_settings.updated_by = updated.updated_by;
-                void audit_log_fire_and_forget(route, {
-                    event_type: 'app_settings_update',
-                    actor_id: ctx.actor.id,
-                    account_id: ctx.account.id,
-                    ip: get_client_ip(c),
-                    metadata: { setting: 'open_signup', old_value, new_value: open_signup },
-                }, deps.log, deps.on_audit_event);
-                const settings_with_username = await query_app_settings_load_with_username(route);
-                return c.json({ ok: true, settings: settings_with_username });
-            },
-        },
-    ];
-};

package/dist/auth/invite_routes.d.ts

@@ -1,18 +0,0 @@
-/**
- * Admin invite route specs for invite-based signup.
- *
- * All routes require the `admin` role. Provides CRUD for invites
- * that gate who can sign up.
- *
- * @module
- */
-import { type RouteSpec } from '../http/route_spec.js';
-import type { RouteFactoryDeps } from './deps.js';
-/**
- * Create admin invite route specs.
- *
- * @param deps - stateless capabilities (log)
- * @returns route specs for invite management
- */
-export declare const create_invite_route_specs: (deps: Pick<RouteFactoryDeps, "log" | "on_audit_event">) => Array<RouteSpec>;
-//# sourceMappingURL=invite_routes.d.ts.map

package/dist/auth/invite_routes.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"invite_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAoC,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAYxF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAUhD;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,gBAAgB,CAAC,KACpD,KAAK,CAAC,SAAS,CAwHjB,CAAC"}