@fuzdev/fuz_app 0.31.0 → 0.32.0

package/dist/actions/rpc_client.d.ts

@@ -65,4 +65,33 @@ export declare const create_rpc_client: (options: CreateRpcClientOptions) => Rec
  */
 export interface RpcClientCallOptions extends ActionPeerSendOptions {
 }
+/**
+ * `method, input -> unwrapped output` signature for adapter wiring.
+ *
+ * The typed `create_rpc_client` Proxy returns `Result<T, JsonrpcErrorObject>`
+ * on every call. UI adapters (e.g. `admin_rpc_adapters.ts`) want a
+ * throw-on-error shape so form components can match on `error.data.reason`
+ * via catch blocks. `create_throwing_rpc_call` bridges the two.
+ */
+export type ThrowingRpcCall = <TOutput = unknown>(method: string, input?: unknown) => Promise<TOutput>;
+/**
+ * Wrap a typed RPC client so every call returns its unwrapped value or throws.
+ *
+ * On `{ok: false}`, throws an `Error` with the JSON-RPC error object's
+ * `{code, message, data}` spread onto it — so catch blocks that inspect
+ * `err.data?.reason` continue to work. On unknown method, throws a clear
+ * "rpc method not found" error instead of the cryptic `undefined is not a
+ * function` that would otherwise surface.
+ *
+ * Invariant upheld by `create_rpc_client`: every `{ok: false}` return
+ * carries a well-formed `JsonrpcErrorObject` with `code` + `message`.
+ * Callers must still use optional chaining on `err.data` because the
+ * JSON-RPC `data` field is spec-level optional — a handler that throws
+ * `jsonrpc_errors.forbidden()` without a `data` argument produces
+ * `err.data === undefined`.
+ *
+ * @param api - typed RPC client from `create_rpc_client` (or any Proxy-like
+ *   object mapping method names to `(input) => Promise<Result<T, error>>`)
+ */
+export declare const create_throwing_rpc_call: (api: Record<string, ((input?: any) => Promise<any>) | undefined>) => ThrowingRpcCall;
 //# sourceMappingURL=rpc_client.d.ts.map

package/dist/actions/rpc_client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc_client.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/rpc_client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,yBAAyB,CAAC;AAOpE,OAAO,KAAK,EAAC,UAAU,EAAE,qBAAqB,EAAC,MAAM,kBAAkB,CAAC;AACxE,OAAO,KAAK,EAAC,oBAAoB,EAAC,MAAM,wBAAwB,CAAC;AACjE,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,iBAAiB,CAAC;AAGnD;;;;;;;GAOG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,aAAa,GAAG,SAAS,CAAC;AAM/E,8EAA8E;AAC9E,MAAM,WAAW,sBAAsB;IACtC,aAAa,EAAE,CAAC,IAAI,EAAE;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,oBAAoB,CAAA;KAAC,KAC5E;QACA,sBAAsB,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,IAAI,CAAC;KAC5C,GACD,SAAS,CAAC;CACb;AAED,uCAAuC;AACvC,MAAM,WAAW,sBAAsB;IACtC,IAAI,EAAE,UAAU,CAAC;IACjB,WAAW,EAAE,sBAAsB,CAAC;IACpC,kEAAkE;IAClE,OAAO,CAAC,EAAE,sBAAsB,CAAC;IACjC;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,kBAAkB,CAAC;CAC1C;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,GAC7B,SAAS,sBAAsB,KAC7B,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,KAAK,GAAG,CAgB7C,CAAC;AA2DF;;;;;GAKG;AACH,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;CAAG"}
+{"version":3,"file":"rpc_client.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/rpc_client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,yBAAyB,CAAC;AAOpE,OAAO,KAAK,EAAC,UAAU,EAAE,qBAAqB,EAAC,MAAM,kBAAkB,CAAC;AACxE,OAAO,KAAK,EAAC,oBAAoB,EAAC,MAAM,wBAAwB,CAAC;AACjE,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,iBAAiB,CAAC;AAGnD;;;;;;;GAOG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,aAAa,GAAG,SAAS,CAAC;AAM/E,8EAA8E;AAC9E,MAAM,WAAW,sBAAsB;IACtC,aAAa,EAAE,CAAC,IAAI,EAAE;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,oBAAoB,CAAA;KAAC,KAC5E;QACA,sBAAsB,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,IAAI,CAAC;KAC5C,GACD,SAAS,CAAC;CACb;AAED,uCAAuC;AACvC,MAAM,WAAW,sBAAsB;IACtC,IAAI,EAAE,UAAU,CAAC;IACjB,WAAW,EAAE,sBAAsB,CAAC;IACpC,kEAAkE;IAClE,OAAO,CAAC,EAAE,sBAAsB,CAAC;IACjC;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,kBAAkB,CAAC;CAC1C;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,GAC7B,SAAS,sBAAsB,KAC7B,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,KAAK,GAAG,CAgB7C,CAAC;AA2DF;;;;;GAKG;AACH,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;CAAG;AAgItE;;;;;;;GAOG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,GAAG,OAAO,EAC/C,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,OAAO,KACX,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,wBAAwB,GACpC,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,KAC9D,eAUF,CAAC"}

package/dist/actions/rpc_client.js

@@ -168,3 +168,34 @@ const create_remote_notification_method = (peer, environment, spec, actions, tra
         return extract_action_result(event);
     };
 };
+/**
+ * Wrap a typed RPC client so every call returns its unwrapped value or throws.
+ *
+ * On `{ok: false}`, throws an `Error` with the JSON-RPC error object's
+ * `{code, message, data}` spread onto it — so catch blocks that inspect
+ * `err.data?.reason` continue to work. On unknown method, throws a clear
+ * "rpc method not found" error instead of the cryptic `undefined is not a
+ * function` that would otherwise surface.
+ *
+ * Invariant upheld by `create_rpc_client`: every `{ok: false}` return
+ * carries a well-formed `JsonrpcErrorObject` with `code` + `message`.
+ * Callers must still use optional chaining on `err.data` because the
+ * JSON-RPC `data` field is spec-level optional — a handler that throws
+ * `jsonrpc_errors.forbidden()` without a `data` argument produces
+ * `err.data === undefined`.
+ *
+ * @param api - typed RPC client from `create_rpc_client` (or any Proxy-like
+ *   object mapping method names to `(input) => Promise<Result<T, error>>`)
+ */
+export const create_throwing_rpc_call = (api) => {
+    return async (method, input) => {
+        const fn = api[method];
+        if (!fn)
+            throw new Error(`rpc method not found: ${method}`);
+        const result = await fn(input);
+        if (!result.ok) {
+            throw Object.assign(new Error(result.error?.message ?? 'rpc error'), result.error);
+        }
+        return result.value;
+    };
+};

package/dist/auth/CLAUDE.md

@@ -836,6 +836,28 @@ Options:
 `all_permit_offer_action_specs: Array<RequestResponseActionSpec>` —
 codegen-ready registry.
 
+### `admin_rpc_actions.ts` — combined admin + permit-offer factory
+
+`create_admin_rpc_actions(deps, options)` spreads
+`create_admin_actions` and `create_permit_offer_actions` into a single
+`Array<RpcAction>`, so consumers that mount the stock fuz_app admin
+surface don't hand-wire the two factories. `roles` is shared between
+both factories; `app_settings` flows to admin only; `default_ttl_ms`
+and `authorize` flow to permit-offer only; `notification_sender` is
+wired through to permit-offer (admin ignores it).
+
+`AdminRpcActionsOptions` composes `AdminActionOptions` +
+`PermitOfferActionOptions`. `AdminRpcActionsDeps` is the same shape as
+`PermitOfferActionDeps` — `log`, `on_audit_event`, optional
+`notification_sender`.
+
+Pair this with `create_app_server`'s `rpc_endpoints` factory form
+(`(ctx) => Array<RpcEndpointSpec>`) so the combined action list gets
+`ctx.deps` + `ctx.app_settings` — `create_app_server` auto-mounts the
+endpoint via `create_rpc_endpoint`, so consumers don't need to mount it
+again in `create_route_specs`. See `../../../docs/usage.md` §Server
+Assembly.
+
 ### `account_action_specs.ts` + `account_actions.ts` — seven self-service RPC actions
 
 Counterpart to `account_routes.ts`. Cookie-lifecycle flows (`login`,

package/dist/auth/admin_rpc_actions.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Combined admin + permit-offer RPC actions for fuz_app consumers.
+ *
+ * Consumers that want the stock fuz_app admin surface spread into their
+ * JSON-RPC endpoint import this helper instead of hand-wiring
+ * `create_admin_actions` + `create_permit_offer_actions`. The shared `roles`
+ * schema flows to both factories; `app_settings` goes to admin only;
+ * `default_ttl_ms` and `authorize` go to permit-offer only;
+ * `notification_sender` reaches permit-offer transparently (admin ignores it).
+ *
+ * Paired with `create_admin_rpc_adapters` on the UI side — same "admin RPC
+ * surface" concept expressed on each wire endpoint.
+ *
+ * @module
+ */
+import { type AdminActionOptions } from './admin_actions.js';
+import { type PermitOfferActionDeps, type PermitOfferActionOptions } from './permit_offer_actions.js';
+import type { RpcAction } from '../actions/action_rpc.js';
+/**
+ * Options for `create_admin_rpc_actions`.
+ *
+ * Composes `AdminActionOptions` (`roles`, `app_settings`) with
+ * `PermitOfferActionOptions` (`roles`, `default_ttl_ms`, `authorize`). `roles`
+ * is shared between both factories — the caller supplies it once and the
+ * helper threads the same reference to both.
+ */
+export interface AdminRpcActionsOptions extends AdminActionOptions, PermitOfferActionOptions {
+}
+/**
+ * Dependencies for `create_admin_rpc_actions`.
+ *
+ * Same shape as `PermitOfferActionDeps` — `log`, `on_audit_event`, and an
+ * optional `notification_sender` for permit-offer WS fan-out. The admin
+ * factory only reads `log` + `on_audit_event`; the extra field is harmless.
+ */
+export type AdminRpcActionsDeps = PermitOfferActionDeps;
+/**
+ * Build the combined admin + permit-offer RPC action set.
+ *
+ * Spreads `create_admin_actions(deps, {roles, app_settings})` and
+ * `create_permit_offer_actions(deps, {roles, default_ttl_ms, authorize})`.
+ * The shared `roles` option flows to both.
+ *
+ * @param deps - stateless capabilities (log, on_audit_event, optional notification_sender)
+ * @param options - role schema, optional app-settings ref, permit-offer TTL and authorize
+ * @returns RPC actions to pass as `rpc_endpoints` or spread into `create_rpc_endpoint`
+ */
+export declare const create_admin_rpc_actions: (deps: AdminRpcActionsDeps, options?: AdminRpcActionsOptions) => Array<RpcAction>;
+//# sourceMappingURL=admin_rpc_actions.d.ts.map

package/dist/auth/admin_rpc_actions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin_rpc_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_rpc_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAuB,KAAK,kBAAkB,EAAC,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAEN,KAAK,qBAAqB,EAC1B,KAAK,wBAAwB,EAC7B,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAExD;;;;;;;GAOG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB,EAAE,wBAAwB;CAAG;AAE/F;;;;;;GAMG;AACH,MAAM,MAAM,mBAAmB,GAAG,qBAAqB,CAAC;AAExD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,mBAAmB,EACzB,UAAS,sBAA2B,KAClC,KAAK,CAAC,SAAS,CAGjB,CAAC"}

package/dist/auth/admin_rpc_actions.js

@@ -0,0 +1,32 @@
+/**
+ * Combined admin + permit-offer RPC actions for fuz_app consumers.
+ *
+ * Consumers that want the stock fuz_app admin surface spread into their
+ * JSON-RPC endpoint import this helper instead of hand-wiring
+ * `create_admin_actions` + `create_permit_offer_actions`. The shared `roles`
+ * schema flows to both factories; `app_settings` goes to admin only;
+ * `default_ttl_ms` and `authorize` go to permit-offer only;
+ * `notification_sender` reaches permit-offer transparently (admin ignores it).
+ *
+ * Paired with `create_admin_rpc_adapters` on the UI side — same "admin RPC
+ * surface" concept expressed on each wire endpoint.
+ *
+ * @module
+ */
+import { create_admin_actions } from './admin_actions.js';
+import { create_permit_offer_actions, } from './permit_offer_actions.js';
+/**
+ * Build the combined admin + permit-offer RPC action set.
+ *
+ * Spreads `create_admin_actions(deps, {roles, app_settings})` and
+ * `create_permit_offer_actions(deps, {roles, default_ttl_ms, authorize})`.
+ * The shared `roles` option flows to both.
+ *
+ * @param deps - stateless capabilities (log, on_audit_event, optional notification_sender)
+ * @param options - role schema, optional app-settings ref, permit-offer TTL and authorize
+ * @returns RPC actions to pass as `rpc_endpoints` or spread into `create_rpc_endpoint`
+ */
+export const create_admin_rpc_actions = (deps, options = {}) => [
+    ...create_admin_actions(deps, options),
+    ...create_permit_offer_actions(deps, options),
+];

package/dist/server/app_server.d.ts

@@ -129,8 +129,19 @@ export interface AppServerOptions {
     };
     /** SSE event specs for surface generation. Defaults to `[]` (no SSE events). */
     event_specs?: Array<EventSpec>;
-    /** RPC endpoint specs for surface generation. */
-    rpc_endpoints?: Array<RpcEndpointSpec>;
+    /**
+     * RPC endpoint specs — single source of truth for both surface generation
+     * *and* live dispatch. Each entry is mounted via `create_rpc_endpoint`
+     * against the assembled Hono app, so consumers no longer call
+     * `create_rpc_endpoint` themselves inside `create_route_specs`.
+     *
+     * Accepts either an array (evaluated eagerly) or a factory
+     * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` (evaluated after the
+     * server context is assembled). Use the factory form when action lists
+     * depend on `ctx.deps` / `ctx.app_settings` — e.g.
+     * `create_admin_rpc_actions(ctx.deps, {app_settings: ctx.app_settings})`.
+     */
+    rpc_endpoints?: Array<RpcEndpointSpec> | ((context: AppServerContext) => Array<RpcEndpointSpec>);
     /** Env schema for surface generation. Pass `z.object({})` when there are no env vars beyond `BaseServerEnv`. */
     env_schema: z.ZodObject;
     /** Middleware applied after routes, before static serving. Included in surface. */

package/dist/server/app_server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAE/F,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAMrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAEjD;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B,iDAAiD;IACjD,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAEvC,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,uGAAuG;IACvG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA6PpF,CAAC"}
+{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAE/F,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAEjD;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,uGAAuG;IACvG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA2QpF,CAAC"}

package/dist/server/app_server.js

@@ -31,6 +31,7 @@ import { create_surface_route_spec } from '../http/common_routes.js';
 import { create_auth_middleware_specs } from '../auth/middleware.js';
 import { fuz_auth_guard_resolver } from '../auth/route_guards.js';
 import { ERROR_PAYLOAD_TOO_LARGE } from '../http/error_schemas.js';
+import { create_rpc_endpoint } from '../actions/action_rpc.js';
 /** Default maximum request body size: 1 MiB. */
 export const DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
 /**
@@ -133,6 +134,16 @@ export const create_app_server = async (options) => {
         const prefix = options.bootstrap.route_prefix ?? '/api/account';
         factory_routes.push(...prefix_route_specs(prefix, bootstrap_routes));
     }
+    // RPC endpoint auto-mount — resolve specs then append their routes so
+    // surface generation and live dispatch share one source of truth.
+    const resolved_rpc_endpoints = typeof options.rpc_endpoints === 'function'
+        ? options.rpc_endpoints(context)
+        : options.rpc_endpoints;
+    if (resolved_rpc_endpoints) {
+        for (const endpoint of resolved_rpc_endpoints) {
+            factory_routes.push(...create_rpc_endpoint({ path: endpoint.path, actions: endpoint.actions, log }));
+        }
+    }
     // Surface route (default: enabled)
     if (options.surface_route !== false) {
         factory_routes.push(create_surface_route_spec(surface_ref));
@@ -151,7 +162,7 @@ export const create_app_server = async (options) => {
         route_specs,
         env_schema: options.env_schema,
         event_specs: all_event_specs,
-        rpc_endpoints: options.rpc_endpoints,
+        rpc_endpoints: resolved_rpc_endpoints,
     });
     // Config-level diagnostics (concatenated after spec-level from generate_app_surface)
     const config_diagnostics = [];

package/dist/testing/audit_completeness.d.ts

@@ -15,8 +15,13 @@ export interface AuditCompletenessTestOptions {
     /**
      * RPC endpoint specs — the source `RpcAction` arrays. Required; the
      * admin permit flow is RPC-only and the suite hard-fails without it.
+     *
+     * Accepts either an array (eager) or a factory
+     * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — the factory form
+     * is required when action handlers must close over the per-test
+     * `ctx.app_settings` / `ctx.deps` (e.g. exercising `app_settings_update`).
      */
-    rpc_endpoints: Array<RpcEndpointSpec>;
+    rpc_endpoints: Array<RpcEndpointSpec> | ((ctx: AppServerContext) => Array<RpcEndpointSpec>);
     /** Optional overrides for `AppServerOptions`. */
     app_options?: Partial<Omit<AppServerOptions, 'backend' | 'session_options' | 'create_route_specs'>>;
     /** Database factories to run tests against. Default: pglite only. */

package/dist/testing/audit_completeness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAMrD,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AA0BjB,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;OAGG;IACH,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;GAQG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAgezF,CAAC"}
+{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAMrD,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAOjB,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAsBxD;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;OAQG;IACH,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC5F,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;GAQG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IA2ezF,CAAC"}

package/dist/testing/audit_completeness.js

@@ -22,6 +22,7 @@ import { find_auth_route } from './integration_helpers.js';
 import { run_migrations } from '../db/migrate.js';
 import { query_accept_offer } from '../auth/permit_offer_queries.js';
 import { rpc_call, require_rpc_endpoint_path } from './rpc_helpers.js';
+import { create_stub_app_server_context } from './stubs.js';
 import { permit_offer_create_action_spec, permit_revoke_action_spec, } from '../auth/permit_offer_action_specs.js';
 import { admin_session_revoke_all_action_spec, admin_token_revoke_all_action_spec, app_settings_update_action_spec, invite_create_action_spec, invite_delete_action_spec, } from '../auth/admin_action_specs.js';
 import { account_session_list_action_spec, account_session_revoke_action_spec, account_session_revoke_all_action_spec, account_token_create_action_spec, account_token_list_action_spec, account_token_revoke_action_spec, } from '../auth/account_action_specs.js';
@@ -67,8 +68,18 @@ const json_session_headers = (test_app, extra) => test_app.create_session_header
  */
 export const describe_audit_completeness_tests = (options) => {
     // Hard-fail early so consumers see a clear setup error instead of a
-    // confusing test failure when `rpc_endpoints` is missing.
-    const rpc_path = require_rpc_endpoint_path(options.rpc_endpoints);
+    // confusing test failure when `rpc_endpoints` is missing. For the
+    // factory form we invoke the factory once here with a stub ctx purely
+    // to extract the endpoint path (a stable string like `/api/rpc`); the
+    // resulting actions array is discarded. `create_app_server` invokes
+    // the factory a second time inside each test with its real ctx, and
+    // those are the handlers that actually serve requests. Safe as long
+    // as the factory is pure — the stock helpers (e.g.
+    // `create_admin_rpc_actions`) are.
+    const rpc_endpoints_for_setup = typeof options.rpc_endpoints === 'function'
+        ? options.rpc_endpoints(create_stub_app_server_context(options.session_options))
+        : options.rpc_endpoints;
+    const rpc_path = require_rpc_endpoint_path(rpc_endpoints_for_setup);
     const init_schema = async (db) => {
         await run_migrations(db, [AUTH_MIGRATION_NS]);
     };

package/dist/testing/stubs.d.ts

@@ -76,8 +76,16 @@ export interface CreateTestAppSurfaceSpecOptions {
     env_schema?: z.ZodObject;
     /** SSE event specs for surface generation. */
     event_specs?: Array<EventSpec>;
-    /** RPC endpoint specs for surface generation. */
-    rpc_endpoints?: Array<RpcEndpointSpec>;
+    /**
+     * RPC endpoint specs for surface generation.
+     *
+     * Accepts either an array (eager) or a factory
+     * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — symmetric with
+     * `create_app_server`'s `rpc_endpoints` option, so consumers can pass
+     * the same factory to both entry points. The factory runs once against
+     * the stub `AppServerContext` this helper already builds.
+     */
+    rpc_endpoints?: Array<RpcEndpointSpec> | ((ctx: AppServerContext) => Array<RpcEndpointSpec>);
     /** Transform middleware array (e.g., tx's `extend_middleware_for_tx_binary`). */
     transform_middleware?: (specs: Array<MiddlewareSpec>) => Array<MiddlewareSpec>;
     /** Bootstrap route prefix (default: `'/api/account'`). */

package/dist/testing/stubs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"stubs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/stubs.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAE/D,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAC/B,OAAO,EAAqB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEzE,OAAO,EAEN,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAKlD;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,GAAG,GAAG,EAAE,OAAO,MAAM,KAAG,CAqBtD,CAAC;AAET;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,GAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,MAAM,EAAE,YAAY,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,CAOxF,CAAC;AAET,iEAAiE;AACjE,eAAO,MAAM,IAAI,EAAE,GAAkC,CAAC;AAEtD;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,EAI/B,CAAC;AAEJ,gDAAgD;AAChD,eAAO,MAAM,YAAY,QAAO,QAAgC,CAAC;AAEjE,2CAA2C;AAC3C,eAAO,MAAM,OAAO,GAAU,IAAI,GAAG,EAAE,MAAM,GAAG,KAAG,OAAO,CAAC,IAAI,CAAW,CAAC;AAI3E,2EAA2E;AAC3E,eAAO,MAAM,aAAa,EAAE,OAS3B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,QAAO,OAStC,CAAC;AAEH,2FAA2F;AAC3F,eAAO,MAAM,0BAA0B,GAAI,UAAU;IACpD,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAC/B,KAAG,KAAK,CAAC,cAAc,CAqBvB,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,8BAA8B,GAC1C,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,gBAmBF,CAAC;AAEF,kDAAkD;AAClD,MAAM,WAAW,+BAA+B;IAC/C,6DAA6D;IAC7D,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qFAAqF;IACrF,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,oEAAoE;IACpE,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACzB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B,iDAAiD;IACjD,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACvC,iFAAiF;IACjF,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAC/E,0DAA0D;IAC1D,sBAAsB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GACxC,SAAS,+BAA+B,KACtC,cAyBF,CAAC"}
+{"version":3,"file":"stubs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/stubs.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAE/D,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAC/B,OAAO,EAAqB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAGzE,OAAO,EAEN,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAKlD;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,GAAG,GAAG,EAAE,OAAO,MAAM,KAAG,CAqBtD,CAAC;AAET;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,GAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,MAAM,EAAE,YAAY,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,CAOxF,CAAC;AAET,iEAAiE;AACjE,eAAO,MAAM,IAAI,EAAE,GAAkC,CAAC;AAEtD;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,EAI/B,CAAC;AAEJ,gDAAgD;AAChD,eAAO,MAAM,YAAY,QAAO,QAAgC,CAAC;AAEjE,2CAA2C;AAC3C,eAAO,MAAM,OAAO,GAAU,IAAI,GAAG,EAAE,MAAM,GAAG,KAAG,OAAO,CAAC,IAAI,CAAW,CAAC;AAI3E,2EAA2E;AAC3E,eAAO,MAAM,aAAa,EAAE,OAS3B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,QAAO,OAStC,CAAC;AAEH,2FAA2F;AAC3F,eAAO,MAAM,0BAA0B,GAAI,UAAU;IACpD,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAC/B,KAAG,KAAK,CAAC,cAAc,CAqBvB,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,8BAA8B,GAC1C,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,gBAmBF,CAAC;AAEF,kDAAkD;AAClD,MAAM,WAAW,+BAA+B;IAC/C,6DAA6D;IAC7D,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qFAAqF;IACrF,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,oEAAoE;IACpE,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACzB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC7F,iFAAiF;IACjF,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAC/E,0DAA0D;IAC1D,sBAAsB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GACxC,SAAS,+BAA+B,KACtC,cA2CF,CAAC"}

package/dist/testing/stubs.js

@@ -12,6 +12,7 @@ import { ApiError, RateLimitError } from '../http/error_schemas.js';
 import { Db } from '../db/db.js';
 import { prefix_route_specs } from '../http/route_spec.js';
 import { create_bootstrap_route_specs } from '../auth/bootstrap_routes.js';
+import { create_rpc_endpoint } from '../actions/action_rpc.js';
 import { create_app_surface_spec, } from '../http/surface.js';
 import { BaseServerEnv } from '../server/env.js';
 /* eslint-disable @typescript-eslint/require-await */
@@ -178,7 +179,21 @@ export const create_test_app_surface_spec = (options) => {
         ip_rate_limiter: null,
     });
     const prefix = options.bootstrap_route_prefix ?? '/api/account';
-    const route_specs = [...consumer_routes, ...prefix_route_specs(prefix, bootstrap_routes)];
+    // Auto-mount rpc endpoints (mirrors create_app_server) so consumer
+    // `create_route_specs` does not need to call `create_rpc_endpoint`.
+    const resolved_rpc_endpoints = typeof options.rpc_endpoints === 'function'
+        ? options.rpc_endpoints(ctx)
+        : options.rpc_endpoints;
+    const rpc_route_specs = resolved_rpc_endpoints?.flatMap((endpoint) => create_rpc_endpoint({
+        path: endpoint.path,
+        actions: endpoint.actions,
+        log: ctx.deps.log,
+    })) ?? [];
+    const route_specs = [
+        ...consumer_routes,
+        ...rpc_route_specs,
+        ...prefix_route_specs(prefix, bootstrap_routes),
+    ];
     let middleware_specs = create_stub_api_middleware();
     if (options.transform_middleware) {
         middleware_specs = options.transform_middleware(middleware_specs);
@@ -188,6 +203,6 @@ export const create_test_app_surface_spec = (options) => {
         route_specs,
         env_schema: options.env_schema ?? BaseServerEnv,
         event_specs: options.event_specs,
-        rpc_endpoints: options.rpc_endpoints,
+        rpc_endpoints: resolved_rpc_endpoints,
     });
 };

package/dist/ui/CLAUDE.md

@@ -266,6 +266,18 @@ destructive actions.
   `Loadable` + `app_settings_rpc_context` + narrow `AppSettingsRpc`
   (`get`, `update`). Fields: `settings`, `updating`. Single mutation
   `update_open_signup(boolean)`.
+- `admin_rpc_adapters.ts` (plain `.ts`, no reactive state) — bundled
+  wiring for the four admin RPC contexts. `create_admin_rpc_adapters(rpc_call)`
+  takes a single `AdminRpcCall` closure (alias of `ThrowingRpcCall` from
+  `../actions/rpc_client.ts`) and returns `{admin_accounts, admin_invites,
+audit_log, app_settings}` adapter objects. `provide_admin_rpc_contexts(adapters)`
+  calls `set` on all four contexts in one shot. Pair with
+  `create_throwing_rpc_call(api)` from `../actions/rpc_client.ts` to turn a
+  typed `create_rpc_client` Proxy into the throw-on-error `rpc_call`
+  signature — two lines at the admin shell layout. Method-name mapping is
+  in the module TSDoc (`grant_permit` → `permit_offer_create`,
+  `retract_offer` → `permit_offer_retract`, etc.) and the
+  `admin_rpc_adapters.test.ts` fixtures.
 
 ## RPC adapter contexts
 

package/dist/ui/admin_rpc_adapters.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Admin RPC adapter helpers for consumer UIs.
+ *
+ * Bridges a typed `rpc_call`-shaped function to the four narrow admin RPC
+ * interfaces the state classes consume — `AdminAccountsRpc`,
+ * `AdminInvitesRpc`, `AuditLogRpc`, `AppSettingsRpc`. Two calls at the
+ * admin shell layout wire everything:
+ *
+ * ```ts
+ * import {create_throwing_rpc_call} from '@fuzdev/fuz_app/actions/rpc_client.js';
+ * const rpc_call = create_throwing_rpc_call(api);
+ * provide_admin_rpc_contexts(create_admin_rpc_adapters(rpc_call));
+ * ```
+ *
+ * `create_throwing_rpc_call` unwraps every `Result` to throw on error, spreading
+ * the JSON-RPC `{code, message, data?}` onto the thrown `Error` so form
+ * components (e.g. `PermitOfferForm.svelte`) can match on
+ * `error.data?.reason` via `ERROR_OFFER_*` constants — optional chaining is
+ * required because JSON-RPC `data` is spec-level optional. Consumers that
+ * need a custom unwrap strategy can supply any function matching
+ * `AdminRpcCall` directly instead.
+ *
+ * No `.svelte.ts` suffix — this module holds no reactive state, only
+ * method-name mappings.
+ *
+ * @module
+ */
+import type { ThrowingRpcCall } from '../actions/rpc_client.js';
+import { type AdminAccountsRpc } from './admin_accounts_state.svelte.js';
+import { type AdminInvitesRpc } from './admin_invites_state.svelte.js';
+import { type AuditLogRpc } from './audit_log_state.svelte.js';
+import { type AppSettingsRpc } from './app_settings_state.svelte.js';
+/**
+ * Function-shaped contract for dispatching an RPC call by method name.
+ *
+ * Alias of `ThrowingRpcCall` — kept as a domain-specific name so reads of
+ * the admin UI code stay self-contained. Receives the method string and
+ * input, returns a Promise of the output — or throws on error carrying the
+ * JSON-RPC `{code, message, data?}` shape.
+ *
+ * The generic is load-bearing: contextual typing lets the narrow
+ * `Admin*Rpc` return types flow into `TOutput` so adapter methods typecheck
+ * without explicit casts.
+ */
+export type AdminRpcCall = ThrowingRpcCall;
+/** The four admin RPC adapters assembled from a shared `rpc_call`. */
+export interface AdminRpcAdapters {
+    admin_accounts: AdminAccountsRpc;
+    admin_invites: AdminInvitesRpc;
+    audit_log: AuditLogRpc;
+    app_settings: AppSettingsRpc;
+}
+/**
+ * Build the four admin RPC adapters from a single typed `rpc_call`.
+ *
+ * Method-name mapping:
+ *
+ * | Narrow RPC method                   | Action spec method           |
+ * | ----------------------------------- | ---------------------------- |
+ * | `admin_accounts.list_accounts`      | `admin_account_list`         |
+ * | `admin_accounts.list_sessions`      | `admin_session_list`         |
+ * | `admin_accounts.grant_permit`       | `permit_offer_create`        |
+ * | `admin_accounts.revoke_permit`      | `permit_revoke`              |
+ * | `admin_accounts.retract_offer`      | `permit_offer_retract`       |
+ * | `admin_accounts.session_revoke_all` | `admin_session_revoke_all`   |
+ * | `admin_accounts.token_revoke_all`   | `admin_token_revoke_all`     |
+ * | `admin_invites.list`                | `invite_list`                |
+ * | `admin_invites.create`              | `invite_create`              |
+ * | `admin_invites.delete`              | `invite_delete`              |
+ * | `audit_log.list`                    | `audit_log_list`             |
+ * | `audit_log.permit_history`          | `audit_log_permit_history`   |
+ * | `app_settings.get`                  | `app_settings_get`           |
+ * | `app_settings.update`               | `app_settings_update`        |
+ *
+ * All four adapter factories call through the same `rpc_call` — consumers
+ * only construct one adapter closure (typically wrapping
+ * `create_rpc_client`'s Proxy + Result-unwrap) regardless of how many
+ * admin surfaces they mount.
+ */
+export declare const create_admin_rpc_adapters: (rpc_call: AdminRpcCall) => AdminRpcAdapters;
+/**
+ * Wire all four admin RPC contexts in a single call.
+ *
+ * Call once at the admin shell layout (e.g. `src/routes/admin/+layout.svelte`)
+ * with adapters built from `create_admin_rpc_adapters`. Every `Admin*.svelte`
+ * component that reads a context below this point sees the adapters.
+ *
+ * Each context accessor reads `adapters.{domain}` on every invocation, so
+ * mutating an adapter field on the same object propagates. Replacing the
+ * whole adapter set requires calling `provide_admin_rpc_contexts` again
+ * during init — in practice this is one-shot at layout mount.
+ */
+export declare const provide_admin_rpc_contexts: (adapters: AdminRpcAdapters) => void;
+//# sourceMappingURL=admin_rpc_adapters.d.ts.map

package/dist/ui/admin_rpc_adapters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAE7F;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,YAAY,GAAG,eAAe,CAAC;AAE3C,sEAAsE;AACtE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,yBAAyB,GAAI,UAAU,YAAY,KAAG,gBAuBjE,CAAC;AAEH;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,0BAA0B,GAAI,UAAU,gBAAgB,KAAG,IAKvE,CAAC"}

package/dist/ui/admin_rpc_adapters.js

@@ -0,0 +1,100 @@
+/**
+ * Admin RPC adapter helpers for consumer UIs.
+ *
+ * Bridges a typed `rpc_call`-shaped function to the four narrow admin RPC
+ * interfaces the state classes consume — `AdminAccountsRpc`,
+ * `AdminInvitesRpc`, `AuditLogRpc`, `AppSettingsRpc`. Two calls at the
+ * admin shell layout wire everything:
+ *
+ * ```ts
+ * import {create_throwing_rpc_call} from '@fuzdev/fuz_app/actions/rpc_client.js';
+ * const rpc_call = create_throwing_rpc_call(api);
+ * provide_admin_rpc_contexts(create_admin_rpc_adapters(rpc_call));
+ * ```
+ *
+ * `create_throwing_rpc_call` unwraps every `Result` to throw on error, spreading
+ * the JSON-RPC `{code, message, data?}` onto the thrown `Error` so form
+ * components (e.g. `PermitOfferForm.svelte`) can match on
+ * `error.data?.reason` via `ERROR_OFFER_*` constants — optional chaining is
+ * required because JSON-RPC `data` is spec-level optional. Consumers that
+ * need a custom unwrap strategy can supply any function matching
+ * `AdminRpcCall` directly instead.
+ *
+ * No `.svelte.ts` suffix — this module holds no reactive state, only
+ * method-name mappings.
+ *
+ * @module
+ */
+import { admin_accounts_rpc_context } from './admin_accounts_state.svelte.js';
+import { admin_invites_rpc_context } from './admin_invites_state.svelte.js';
+import { audit_log_rpc_context } from './audit_log_state.svelte.js';
+import { app_settings_rpc_context } from './app_settings_state.svelte.js';
+/**
+ * Build the four admin RPC adapters from a single typed `rpc_call`.
+ *
+ * Method-name mapping:
+ *
+ * | Narrow RPC method                   | Action spec method           |
+ * | ----------------------------------- | ---------------------------- |
+ * | `admin_accounts.list_accounts`      | `admin_account_list`         |
+ * | `admin_accounts.list_sessions`      | `admin_session_list`         |
+ * | `admin_accounts.grant_permit`       | `permit_offer_create`        |
+ * | `admin_accounts.revoke_permit`      | `permit_revoke`              |
+ * | `admin_accounts.retract_offer`      | `permit_offer_retract`       |
+ * | `admin_accounts.session_revoke_all` | `admin_session_revoke_all`   |
+ * | `admin_accounts.token_revoke_all`   | `admin_token_revoke_all`     |
+ * | `admin_invites.list`                | `invite_list`                |
+ * | `admin_invites.create`              | `invite_create`              |
+ * | `admin_invites.delete`              | `invite_delete`              |
+ * | `audit_log.list`                    | `audit_log_list`             |
+ * | `audit_log.permit_history`          | `audit_log_permit_history`   |
+ * | `app_settings.get`                  | `app_settings_get`           |
+ * | `app_settings.update`               | `app_settings_update`        |
+ *
+ * All four adapter factories call through the same `rpc_call` — consumers
+ * only construct one adapter closure (typically wrapping
+ * `create_rpc_client`'s Proxy + Result-unwrap) regardless of how many
+ * admin surfaces they mount.
+ */
+export const create_admin_rpc_adapters = (rpc_call) => ({
+    admin_accounts: {
+        list_accounts: () => rpc_call('admin_account_list', null),
+        list_sessions: () => rpc_call('admin_session_list', null),
+        grant_permit: (params) => rpc_call('permit_offer_create', params),
+        revoke_permit: (params) => rpc_call('permit_revoke', params),
+        retract_offer: (offer_id) => rpc_call('permit_offer_retract', { offer_id }),
+        session_revoke_all: (params) => rpc_call('admin_session_revoke_all', params),
+        token_revoke_all: (params) => rpc_call('admin_token_revoke_all', params),
+    },
+    admin_invites: {
+        list: () => rpc_call('invite_list', null),
+        create: (params) => rpc_call('invite_create', params),
+        delete: (params) => rpc_call('invite_delete', params),
+    },
+    audit_log: {
+        list: (options) => rpc_call('audit_log_list', options ?? {}),
+        permit_history: (params) => rpc_call('audit_log_permit_history', params ?? {}),
+    },
+    app_settings: {
+        get: () => rpc_call('app_settings_get', null),
+        update: (params) => rpc_call('app_settings_update', params),
+    },
+});
+/**
+ * Wire all four admin RPC contexts in a single call.
+ *
+ * Call once at the admin shell layout (e.g. `src/routes/admin/+layout.svelte`)
+ * with adapters built from `create_admin_rpc_adapters`. Every `Admin*.svelte`
+ * component that reads a context below this point sees the adapters.
+ *
+ * Each context accessor reads `adapters.{domain}` on every invocation, so
+ * mutating an adapter field on the same object propagates. Replacing the
+ * whole adapter set requires calling `provide_admin_rpc_contexts` again
+ * during init — in practice this is one-shot at layout mount.
+ */
+export const provide_admin_rpc_contexts = (adapters) => {
+    admin_accounts_rpc_context.set(() => adapters.admin_accounts);
+    admin_invites_rpc_context.set(() => adapters.admin_invites);
+    audit_log_rpc_context.set(() => adapters.audit_log);
+    app_settings_rpc_context.set(() => adapters.app_settings);
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fuzdev/fuz_app",
-  "version": "0.31.0",
+  "version": "0.32.0",
   "description": "fullstack app library",
   "glyph": "🗝",
   "logo": "logo.svg",