@fuzdev/fuz_app 0.38.1 → 0.40.0

package/dist/server/app_server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAE/F,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB,6EAA6E;IAC7E,oBAAoB,CAAC,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAEjD;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,uGAAuG;IACvG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA2QpF,CAAC"}
+{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA4PpF,CAAC"}

package/dist/server/app_server.js

@@ -16,8 +16,6 @@ import { SESSION_COOKIE_OPTIONS, } from '../auth/session_cookie.js';
 import { create_audit_log_sse, AUDIT_LOG_EVENT_SPECS, } from '../realtime/sse_auth_guard.js';
 import { query_app_settings_load } from '../auth/app_settings_queries.js';
 import { create_rate_limiter, DEFAULT_LOGIN_ACCOUNT_RATE_LIMIT, } from '../rate_limiter.js';
-import { run_migrations } from '../db/migrate.js';
-import { AUTH_MIGRATION_NAMESPACE } from '../auth/migrations.js';
 // Side-effect import: augments Hono's ContextVariableMap so consumers
 // that import app_server get type-safe c.get('auth_session_id') etc.
 import '../hono_context.js';
@@ -37,9 +35,10 @@ export const DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
 /**
  * Create a fully assembled Hono app with auth, middleware, and routes.
  *
- * Handles the full lifecycle: consumer migrations → proxy middleware →
- * auth middleware → bootstrap status → route specs → surface generation →
- * Hono app assembly → static serving.
+ * Handles the assembly lifecycle: proxy middleware → auth middleware →
+ * bootstrap status → route specs → surface generation → Hono app assembly →
+ * static serving. Database migrations belong to the backend lifecycle —
+ * pass `migration_namespaces` to `create_app_backend`.
  *
  * @param options - server configuration
  * @returns assembled Hono app, backend, surface build, and bootstrap status
@@ -47,19 +46,7 @@ export const DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
 export const create_app_server = async (options) => {
     const { backend } = options;
     const { log } = backend.deps;
-    // 1. Consumer migrations
-    let all_migration_results = backend.migration_results;
-    if (options.migration_namespaces?.length) {
-        // guard against namespace collision with fuz_app's internal migrations
-        for (const ns of options.migration_namespaces) {
-            if (ns.namespace === AUTH_MIGRATION_NAMESPACE) {
-                throw new Error(`Migration namespace "${AUTH_MIGRATION_NAMESPACE}" is reserved by fuz_app — choose a different namespace`);
-            }
-        }
-        const consumer_results = await run_migrations(backend.deps.db, options.migration_namespaces);
-        all_migration_results = [...backend.migration_results, ...consumer_results];
-    }
-    // 2. Rate limiter defaults (undefined = default, null = disable)
+    // Rate limiter defaults (undefined = default, null = disable)
     const ip_rate_limiter = options.ip_rate_limiter === undefined ? create_rate_limiter() : options.ip_rate_limiter;
     const login_account_rate_limiter = options.login_account_rate_limiter === undefined
         ? create_rate_limiter(DEFAULT_LOGIN_ACCOUNT_RATE_LIMIT)
@@ -70,7 +57,7 @@ export const create_app_server = async (options) => {
     const bearer_ip_rate_limiter = options.bearer_ip_rate_limiter === undefined
         ? create_rate_limiter()
         : options.bearer_ip_rate_limiter;
-    // 3. Factory-managed audit SSE (shallow copy deps, no mutation of backend.deps)
+    // Factory-managed audit SSE (shallow copy deps, no mutation of backend.deps)
     const audit_sse = options.audit_log_sse
         ? create_audit_log_sse({
             log,
@@ -86,9 +73,9 @@ export const create_app_server = async (options) => {
             },
         }
         : backend.deps;
-    // 4. Proxy middleware
+    // Proxy middleware
     const proxy_spec = create_proxy_middleware_spec({ ...options.proxy, log });
-    // 5. Auth middleware
+    // Auth middleware
     const auth_middleware = await create_auth_middleware_specs(deps, {
         allowed_origins: options.allowed_origins,
         session_options: options.session_options,
@@ -99,16 +86,16 @@ export const create_app_server = async (options) => {
     if (options.transform_middleware) {
         middleware_specs = options.transform_middleware(middleware_specs);
     }
-    // 6. Bootstrap status + app settings
+    // Bootstrap status + app settings
     const bootstrap_status = options.bootstrap
         ? await check_bootstrap_status(deps, { token_path: options.bootstrap.token_path })
         : { available: false, token_path: null };
     const app_settings = await query_app_settings_load({ db: deps.db });
-    // 7. Surface route ref — factory manages the circular ref
+    // Surface route ref — factory manages the circular ref
     const surface_ref = {
         surface: { middleware: [], routes: [], rpc_endpoints: [], env: [], events: [], diagnostics: [] },
     };
-    // 8. Route specs (consumer routes + factory-managed routes)
+    // Route specs (consumer routes + factory-managed routes)
     const context = {
         deps,
         backend,
@@ -149,7 +136,7 @@ export const create_app_server = async (options) => {
         factory_routes.push(create_surface_route_spec(surface_ref));
     }
     const route_specs = [...consumer_routes, ...factory_routes];
-    // 9. Surface + logging
+    // Surface + logging
     const surface_middleware = options.post_route_middleware
         ? [...middleware_specs, ...options.post_route_middleware]
         : middleware_specs;
@@ -210,7 +197,7 @@ export const create_app_server = async (options) => {
     // Backfill the surface ref — factory owns this lifecycle
     surface_ref.surface = surface_spec.surface;
     log_startup_summary(surface_spec.surface, log, options.env_values);
-    // 10. Hono app assembly
+    // Hono app assembly
     const app = new Hono();
     // Pending effects — collects fire-and-forget promises (audit logs, usage tracking).
     // In test mode, effects are awaited before the response returns.
@@ -255,11 +242,11 @@ export const create_app_server = async (options) => {
     }
     apply_middleware_specs(app, middleware_specs);
     apply_route_specs(app, route_specs, fuz_auth_guard_resolver, log, deps.db);
-    // 11. Post-route middleware (before static serving)
+    // Post-route middleware (before static serving)
     if (options.post_route_middleware) {
         apply_middleware_specs(app, options.post_route_middleware);
     }
-    // 12. Static file serving
+    // Static file serving
     if (options.static_serving) {
         const { serve_static, spa_fallback } = options.static_serving;
         for (const mw of create_static_middleware(serve_static, { spa_fallback })) {
@@ -271,7 +258,7 @@ export const create_app_server = async (options) => {
         surface_spec,
         bootstrap_status,
         app_settings,
-        migration_results: all_migration_results,
+        migration_results: backend.migration_results,
         audit_sse,
         close: backend.close,
     };

package/dist/ui/AdminAccounts.svelte

@@ -5,9 +5,16 @@
 	import type {DatatableColumn} from './datatable.js';
 	import type {AdminAccountEntryJson} from '../auth/account_schema.js';
 	import {format_relative_time, format_datetime_local} from './ui_format.js';
+	import {format_scope_context, resolve_scope_label} from './format_scope.js';
 
 	const get_rpc = admin_accounts_rpc_context.get();
 	const admin_accounts = new AdminAccountsState({get_rpc});
+	const get_format_scope = format_scope_context.get();
+	const format_scope = $derived(get_format_scope());
+
+	// `null` global label: global permits render no scope chip — the implicit default in admin tables.
+	const scope_label = (scope_id: string | null, role: string): string | null =>
+		resolve_scope_label(scope_id, role, format_scope, null);
 
 	void admin_accounts.fetch();
 
@@ -57,8 +64,14 @@
 					{/if}
 				{:else if column.key === 'permits'}
 					{#each row.permits as permit (permit.id)}
+						{@const scope = scope_label(permit.scope_id, permit.role)}
 						<div class="row">
 							<span class="chip color_b">{permit.role}</span>
+							{#if scope !== null}
+								<span class="text_50 font_size_sm" title={permit.scope_id ?? undefined}>
+									{scope}
+								</span>
+							{/if}
 							{#if permit.expires_at}
 								<span class="text_50 font_size_sm" title={format_datetime_local(permit.expires_at)}>
 									expires {format_relative_time(permit.expires_at)}
@@ -80,6 +93,7 @@
 						</div>
 					{/each}
 					{#each row.pending_offers as offer (offer.id)}
+						{@const offer_scope = scope_label(offer.scope_id, offer.role)}
 						<div class="row">
 							<span
 								class="chip"
@@ -87,6 +101,11 @@
 							>
 								{offer.role} (pending from @{offer.from_username})
 							</span>
+							{#if offer_scope !== null}
+								<span class="text_50 font_size_sm" title={offer.scope_id ?? undefined}>
+									{offer_scope}
+								</span>
+							{/if}
 							{#if admin_accounts.has_rpc}
 								<ConfirmButton
 									onconfirm={() => admin_accounts.retract_offer(offer.id)}

package/dist/ui/AdminAccounts.svelte.d.ts

@@ -1,19 +1,4 @@
-interface $$__sveltets_2_IsomorphicComponent<Props extends Record<string, any> = any, Events extends Record<string, any> = any, Slots extends Record<string, any> = any, Exports = {}, Bindings = string> {
-    new (options: import('svelte').ComponentConstructorOptions<Props>): import('svelte').SvelteComponent<Props, Events, Slots> & {
-        $$bindings?: Bindings;
-    } & Exports;
-    (internal: unknown, props: {
-        $$events?: Events;
-        $$slots?: Slots;
-    }): Exports & {
-        $set?: any;
-        $on?: any;
-    };
-    z_$$bindings?: Bindings;
-}
-declare const AdminAccounts: $$__sveltets_2_IsomorphicComponent<Record<string, never>, {
-    [evt: string]: CustomEvent<any>;
-}, {}, {}, string>;
-type AdminAccounts = InstanceType<typeof AdminAccounts>;
+declare const AdminAccounts: import("svelte").Component<Record<string, never>, {}, "">;
+type AdminAccounts = ReturnType<typeof AdminAccounts>;
 export default AdminAccounts;
 //# sourceMappingURL=AdminAccounts.svelte.d.ts.map

package/dist/ui/AdminAccounts.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminAccounts.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAccounts.svelte"],"names":[],"mappings":"AAgIA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}
+{"version":3,"file":"AdminAccounts.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAccounts.svelte"],"names":[],"mappings":"AAoJA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}

package/dist/ui/AdminPermitHistory.svelte

@@ -4,19 +4,28 @@
 	import Datatable from './Datatable.svelte';
 	import type {DatatableColumn} from './datatable.js';
 	import type {PermitHistoryEventJson} from '../auth/audit_log_schema.js';
+	import {format_scope_context, resolve_scope_label} from './format_scope.js';
 
 	const get_rpc = audit_log_rpc_context.get();
 	const audit_log = new AuditLogState({get_rpc});
+	const get_format_scope = format_scope_context.get();
+	const format_scope = $derived(get_format_scope());
 
 	void audit_log.fetch_permit_history();
 
 	const columns: Array<DatatableColumn<PermitHistoryEventJson>> = [
 		{key: 'event_type', label: 'action', width: 100},
-		{key: 'metadata', label: 'role', width: 100},
+		{key: 'metadata', label: 'role', width: 160},
 		{key: 'username', label: 'by', width: 140},
 		{key: 'target_username', label: 'target', width: 140},
 		{key: 'created_at', label: 'time', width: 100},
 	];
+
+	// Metadata is `Record<string, unknown>`; narrow before reusing `resolve_scope_label`.
+	const scope_label_from_metadata = (scope_id: unknown, role: string): string | null => {
+		if (typeof scope_id !== 'string' || scope_id === '') return null;
+		return resolve_scope_label(scope_id, role, format_scope, null);
+	};
 </script>
 
 <section>
@@ -39,7 +48,19 @@
 					</span>
 				{:else if column.key === 'metadata'}
 					{#if row.metadata}
-						<code>{row.metadata.role ?? ''}</code>
+						{@const role = typeof row.metadata.role === 'string' ? row.metadata.role : ''}
+						<code>{role}</code>
+						{@const scope = scope_label_from_metadata(row.metadata.scope_id, role)}
+						{#if scope !== null}
+							<span
+								class="text_50 font_size_sm"
+								title={typeof row.metadata.scope_id === 'string'
+									? row.metadata.scope_id
+									: undefined}
+							>
+								{scope}
+							</span>
+						{/if}
 					{/if}
 				{:else if column.key === 'username'}
 					<span class="text_50">{row.username ?? truncate_uuid(row.account_id ?? '?')}</span>

package/dist/ui/AdminPermitHistory.svelte.d.ts

@@ -1,19 +1,4 @@
-interface $$__sveltets_2_IsomorphicComponent<Props extends Record<string, any> = any, Events extends Record<string, any> = any, Slots extends Record<string, any> = any, Exports = {}, Bindings = string> {
-    new (options: import('svelte').ComponentConstructorOptions<Props>): import('svelte').SvelteComponent<Props, Events, Slots> & {
-        $$bindings?: Bindings;
-    } & Exports;
-    (internal: unknown, props: {
-        $$events?: Events;
-        $$slots?: Slots;
-    }): Exports & {
-        $set?: any;
-        $on?: any;
-    };
-    z_$$bindings?: Bindings;
-}
-declare const AdminPermitHistory: $$__sveltets_2_IsomorphicComponent<Record<string, never>, {
-    [evt: string]: CustomEvent<any>;
-}, {}, {}, string>;
-type AdminPermitHistory = InstanceType<typeof AdminPermitHistory>;
+declare const AdminPermitHistory: import("svelte").Component<Record<string, never>, {}, "">;
+type AdminPermitHistory = ReturnType<typeof AdminPermitHistory>;
 export default AdminPermitHistory;
 //# sourceMappingURL=AdminPermitHistory.svelte.d.ts.map

package/dist/ui/AdminPermitHistory.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminPermitHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminPermitHistory.svelte"],"names":[],"mappings":"AAoEA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,kBAAkB;;kBAA+E,CAAC;AACtF,KAAK,kBAAkB,GAAG,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,eAAe,kBAAkB,CAAC"}
+{"version":3,"file":"AdminPermitHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminPermitHistory.svelte"],"names":[],"mappings":"AAuFA,QAAA,MAAM,kBAAkB,2DAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/CLAUDE.md

@@ -303,6 +303,17 @@ provisioner pattern.
   directly. Consumed by `PermitOfferInbox`, `PermitOfferForm`,
   `PermitOfferHistory`. Wiring is ctor-bound (RPC + account/actor
   getters), so there's no separate `permit_offers_rpc_context`.
+- `format_scope_context` — `() => FormatScope` (getter shape, matching
+  the RPC contexts above). `FormatScope = ({scope_id, role}) => string |
+null`; default returns `null` so callers fall back to the raw uuid.
+  Provisioned by `provide_admin_rpc_contexts(adapters, {format_scope})`.
+  Consumed by `AdminAccounts`, `AdminPermitHistory`, `PermitOfferInbox`,
+  `PermitOfferHistory` via the `resolve_scope_label(scope_id, role,
+format_scope, global_label)` helper — `global_label = null` renders no
+  chip (admin tables); `'global'` renders an explicit label (offer
+  surfaces). `PermitOfferInbox` / `PermitOfferHistory` accept a
+  `format_scope?: FormatScope` prop — same shape as the context, prop
+  wins when supplied.
 - `sidebar_state_context` — `() => SidebarState`. Provisioned by
   `AppShell`.
 

package/dist/ui/PermitOfferHistory.svelte

@@ -16,6 +16,7 @@
 	import type {DatatableColumn} from './datatable.js';
 	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
 	import type {PermitOfferJson} from '../auth/permit_offer_schema.js';
+	import {format_scope_context, resolve_scope_label, type FormatScope} from './format_scope.js';
 
 	const {
 		current_actor_id,
@@ -26,11 +27,18 @@
 		/** Used to label a row as sent vs received. When `null`, direction shows as `-`. */
 		current_actor_id: string | null;
 		format_actor?: (from_actor_id: string) => string;
-		format_scope?: (scope_id: string | null, role: string) => string;
+		/**
+		 * Display label for an offer's scope. Bypasses `format_scope_context`
+		 * when supplied — return `null` to fall back to a truncated uuid (or
+		 * `'global'` for null scope_id). Omit to use the context value directly.
+		 */
+		format_scope?: FormatScope;
 		format_role?: (role: string) => string;
 	} = $props();
 
 	const permit_offers = permit_offers_state_context.get();
+	const get_format_scope = format_scope_context.get();
+	const format_scope_from_context = $derived(get_format_scope());
 
 	const now = $state.raw(Date.now());
 
@@ -59,10 +67,8 @@
 		}
 	};
 
-	const scope_label = (scope_id: string | null, role: string): string => {
-		if (format_scope) return format_scope(scope_id, role);
-		return scope_id === null ? 'global' : truncate_uuid(scope_id);
-	};
+	const scope_label = (scope_id: string | null, role: string): string =>
+		resolve_scope_label(scope_id, role, format_scope ?? format_scope_from_context, 'global');
 
 	const columns: Array<DatatableColumn<PermitOfferJson>> = [
 		{key: 'from_actor_id', label: 'direction', width: 110},

package/dist/ui/PermitOfferHistory.svelte.d.ts

@@ -1,8 +1,14 @@
+import { type FormatScope } from './format_scope.js';
 type $$ComponentProps = {
     /** Used to label a row as sent vs received. When `null`, direction shows as `-`. */
     current_actor_id: string | null;
     format_actor?: (from_actor_id: string) => string;
-    format_scope?: (scope_id: string | null, role: string) => string;
+    /**
+     * Display label for an offer's scope. Bypasses `format_scope_context`
+     * when supplied — return `null` to fall back to a truncated uuid (or
+     * `'global'` for null scope_id). Omit to use the context value directly.
+     */
+    format_scope?: FormatScope;
     format_role?: (role: string) => string;
 };
 declare const PermitOfferHistory: import("svelte").Component<$$ComponentProps, {}, "">;

package/dist/ui/PermitOfferHistory.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"PermitOfferHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferHistory.svelte"],"names":[],"mappings":"AAoBC,KAAK,gBAAgB,GAAI;IACxB,oFAAoF;IACpF,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IACjE,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAiGH,QAAA,MAAM,kBAAkB,sDAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}
+{"version":3,"file":"PermitOfferHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferHistory.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,oFAAoF;IACpF,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAkGH,QAAA,MAAM,kBAAkB,sDAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/PermitOfferInbox.svelte

@@ -16,6 +16,7 @@
 	import ConfirmButton from './ConfirmButton.svelte';
 	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
 	import {PERMIT_OFFER_MESSAGE_LENGTH_MAX} from '../auth/permit_offer_schema.js';
+	import {format_scope_context, resolve_scope_label, type FormatScope} from './format_scope.js';
 
 	const {
 		format_actor = truncate_uuid,
@@ -24,18 +25,22 @@
 	}: {
 		/** Display label for `from_actor_id`. Defaults to a truncated uuid. */
 		format_actor?: (from_actor_id: string) => string;
-		/** Display label for an offer's scope. Defaults to truncated uuid or "global" when `null`. */
-		format_scope?: (scope_id: string | null, role: string) => string;
-		/** Display label for a role constant. Defaults to identity (role name as stored). */
+		/**
+		 * Display label for an offer's scope. Bypasses `format_scope_context`
+		 * when supplied — return `null` to fall back to a truncated uuid (or
+		 * `'global'` for null scope_id). Omit to use the context value directly.
+		 */
+		format_scope?: FormatScope;
+		/** Display label for a role constant. Defaults to identity. */
 		format_role?: (role: string) => string;
 	} = $props();
 
 	const permit_offers = permit_offers_state_context.get();
+	const get_format_scope = format_scope_context.get();
+	const format_scope_from_context = $derived(get_format_scope());
 
-	const scope_label = (scope_id: string | null, role: string): string => {
-		if (format_scope) return format_scope(scope_id, role);
-		return scope_id === null ? 'global' : truncate_uuid(scope_id);
-	};
+	const scope_label = (scope_id: string | null, role: string): string =>
+		resolve_scope_label(scope_id, role, format_scope ?? format_scope_from_context, 'global');
 
 	const decline_reasons: SvelteMap<string, string> = new SvelteMap();
 </script>

package/dist/ui/PermitOfferInbox.svelte.d.ts

@@ -1,9 +1,14 @@
+import { type FormatScope } from './format_scope.js';
 type $$ComponentProps = {
     /** Display label for `from_actor_id`. Defaults to a truncated uuid. */
     format_actor?: (from_actor_id: string) => string;
-    /** Display label for an offer's scope. Defaults to truncated uuid or "global" when `null`. */
-    format_scope?: (scope_id: string | null, role: string) => string;
-    /** Display label for a role constant. Defaults to identity (role name as stored). */
+    /**
+     * Display label for an offer's scope. Bypasses `format_scope_context`
+     * when supplied — return `null` to fall back to a truncated uuid (or
+     * `'global'` for null scope_id). Omit to use the context value directly.
+     */
+    format_scope?: FormatScope;
+    /** Display label for a role constant. Defaults to identity. */
     format_role?: (role: string) => string;
 };
 declare const PermitOfferInbox: import("svelte").Component<$$ComponentProps, {}, "">;

package/dist/ui/PermitOfferInbox.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"PermitOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferInbox.svelte"],"names":[],"mappings":"AAoBC,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD,8FAA8F;IAC9F,YAAY,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IACjE,qFAAqF;IACrF,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA0FH,QAAA,MAAM,gBAAgB,sDAAwC,CAAC;AAC/D,KAAK,gBAAgB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC5D,eAAe,gBAAgB,CAAC"}
+{"version":3,"file":"PermitOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferInbox.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA2FH,QAAA,MAAM,gBAAgB,sDAAwC,CAAC;AAC/D,KAAK,gBAAgB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC5D,eAAe,gBAAgB,CAAC"}

package/dist/ui/admin_rpc_adapters.d.ts

@@ -39,6 +39,7 @@ import { type AdminAccountsRpc } from './admin_accounts_state.svelte.js';
 import { type AdminInvitesRpc } from './admin_invites_state.svelte.js';
 import { type AuditLogRpc } from './audit_log_state.svelte.js';
 import { type AppSettingsRpc } from './app_settings_state.svelte.js';
+import { type FormatScope } from './format_scope.js';
 /**
  * Function-shaped contract for dispatching an RPC call by method name.
  *
@@ -87,6 +88,14 @@ export interface AdminRpcAdapters {
  * admin surfaces they mount.
  */
 export declare const create_admin_rpc_adapters: (rpc_call: AdminRpcCall) => AdminRpcAdapters;
+/** Optional knobs alongside the adapters when wiring admin contexts. */
+export interface ProvideAdminRpcContextsOptions {
+    /**
+     * Render `{scope_id, role}` as a human label across permit-display
+     * components. Omit (or return `null`) to fall back to the raw uuid.
+     */
+    format_scope?: FormatScope;
+}
 /**
  * Wire all four admin RPC contexts in a single call.
  *
@@ -98,6 +107,12 @@ export declare const create_admin_rpc_adapters: (rpc_call: AdminRpcCall) => Admi
  * mutating an adapter field on the same object propagates. Replacing the
  * whole adapter set requires calling `provide_admin_rpc_contexts` again
  * during init — in practice this is one-shot at layout mount.
+ *
+ * Pass `options.format_scope` to render permit/offer `scope_id` values as
+ * human labels across `AdminAccounts`, `AdminPermitHistory`,
+ * `PermitOfferInbox`, `PermitOfferForm`, and `PermitOfferHistory`.
+ * Components that accept a `format_scope` prop honor the prop first; the
+ * context is the fallback.
  */
-export declare const provide_admin_rpc_contexts: (adapters: AdminRpcAdapters) => void;
+export declare const provide_admin_rpc_contexts: (adapters: AdminRpcAdapters, options?: ProvideAdminRpcContextsOptions) => void;
 //# sourceMappingURL=admin_rpc_adapters.d.ts.map

package/dist/ui/admin_rpc_adapters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAE7F;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,YAAY,GAAG,eAAe,CAAC;AAE3C,sEAAsE;AACtE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,yBAAyB,GAAI,UAAU,YAAY,KAAG,gBAuBjE,CAAC;AAEH;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,0BAA0B,GAAI,UAAU,gBAAgB,KAAG,IAKvE,CAAC"}
+{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAC7F,OAAO,EAAuB,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAEzE;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,YAAY,GAAG,eAAe,CAAC;AAE3C,sEAAsE;AACtE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,yBAAyB,GAAI,UAAU,YAAY,KAAG,gBAuBjE,CAAC;AAEH,wEAAwE;AACxE,MAAM,WAAW,8BAA8B;IAC9C;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,0BAA0B,GACtC,UAAU,gBAAgB,EAC1B,UAAU,8BAA8B,KACtC,IASF,CAAC"}

package/dist/ui/admin_rpc_adapters.js

@@ -38,6 +38,7 @@ import { admin_accounts_rpc_context } from './admin_accounts_state.svelte.js';
 import { admin_invites_rpc_context } from './admin_invites_state.svelte.js';
 import { audit_log_rpc_context } from './audit_log_state.svelte.js';
 import { app_settings_rpc_context } from './app_settings_state.svelte.js';
+import { format_scope_context } from './format_scope.js';
 /**
  * Build the four admin RPC adapters from a single typed `rpc_call`.
  *
@@ -100,10 +101,20 @@ export const create_admin_rpc_adapters = (rpc_call) => ({
  * mutating an adapter field on the same object propagates. Replacing the
  * whole adapter set requires calling `provide_admin_rpc_contexts` again
  * during init — in practice this is one-shot at layout mount.
+ *
+ * Pass `options.format_scope` to render permit/offer `scope_id` values as
+ * human labels across `AdminAccounts`, `AdminPermitHistory`,
+ * `PermitOfferInbox`, `PermitOfferForm`, and `PermitOfferHistory`.
+ * Components that accept a `format_scope` prop honor the prop first; the
+ * context is the fallback.
  */
-export const provide_admin_rpc_contexts = (adapters) => {
+export const provide_admin_rpc_contexts = (adapters, options) => {
     admin_accounts_rpc_context.set(() => adapters.admin_accounts);
     admin_invites_rpc_context.set(() => adapters.admin_invites);
     audit_log_rpc_context.set(() => adapters.audit_log);
     app_settings_rpc_context.set(() => adapters.app_settings);
+    if (options?.format_scope) {
+        const { format_scope } = options;
+        format_scope_context.set(() => format_scope);
+    }
 };

package/dist/ui/format_scope.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Shared `format_scope` callback contract for permit-display components.
+ *
+ * Permits and offers carry a `scope_id` that names a consumer-owned resource
+ * (e.g. a classroom uuid). The default render is the raw uuid. Consumers wire
+ * a `FormatScope` via context to render a human label without per-page
+ * lookup or forking the components.
+ *
+ * @module
+ */
+/**
+ * Render a `{scope_id, role}` pair as a human label. Return `null` to fall
+ * back to the raw scope uuid (or a caller-chosen `global_label` when
+ * `scope_id` is `null`).
+ *
+ * Returning `null` for unknown scope ids (stale cache, revoked resource) is
+ * the recommended pattern — components show the raw uuid rather than a
+ * misleading blank.
+ */
+export type FormatScope = (args: {
+    scope_id: string | null;
+    role: string;
+}) => string | null;
+/** Default `FormatScope` — always returns `null` so callers fall back to the raw uuid. */
+export declare const default_format_scope: FormatScope;
+/**
+ * Svelte context carrying a getter for the consumer's `FormatScope`.
+ * Provisioned by `provide_admin_rpc_contexts` from its `format_scope` option.
+ * Default getter returns `default_format_scope` so unprovisioned trees render
+ * the raw uuid.
+ */
+export declare const format_scope_context: {
+    get: () => () => FormatScope;
+    set: (value?: (() => FormatScope) | undefined) => () => FormatScope;
+};
+/**
+ * Resolve a scope label across the context → raw-uuid fallback chain.
+ *
+ * `global_label` is returned for `scope_id === null`. Callers pass `null`
+ * to render no chip (admin tables — global is the implicit default) or
+ * `'global'` for explicit labels (offer surfaces). The return type
+ * propagates `null` only when `global_label` is `null`.
+ */
+export declare const resolve_scope_label: <G extends string | null>(scope_id: string | null, role: string, format_scope: FormatScope, global_label: G) => string | G;
+//# sourceMappingURL=format_scope.d.ts.map

package/dist/ui/format_scope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"format_scope.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/format_scope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH;;;;;;;;GAQG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE;IAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAC,KAAK,MAAM,GAAG,IAAI,CAAC;AAE3F,0FAA0F;AAC1F,eAAO,MAAM,oBAAoB,EAAE,WAAwB,CAAC;AAE5D;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;qBAAwB,WAAW;yBAAX,WAAW,wBAAX,WAAW;CAEnE,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,GAAI,CAAC,SAAS,MAAM,GAAG,IAAI,EAC1D,UAAU,MAAM,GAAG,IAAI,EACvB,MAAM,MAAM,EACZ,cAAc,WAAW,EACzB,cAAc,CAAC,KACb,MAAM,GAAG,CAGX,CAAC"}

package/dist/ui/format_scope.js

@@ -0,0 +1,34 @@
+/**
+ * Shared `format_scope` callback contract for permit-display components.
+ *
+ * Permits and offers carry a `scope_id` that names a consumer-owned resource
+ * (e.g. a classroom uuid). The default render is the raw uuid. Consumers wire
+ * a `FormatScope` via context to render a human label without per-page
+ * lookup or forking the components.
+ *
+ * @module
+ */
+import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
+import { truncate_uuid } from './ui_format.js';
+/** Default `FormatScope` — always returns `null` so callers fall back to the raw uuid. */
+export const default_format_scope = () => null;
+/**
+ * Svelte context carrying a getter for the consumer's `FormatScope`.
+ * Provisioned by `provide_admin_rpc_contexts` from its `format_scope` option.
+ * Default getter returns `default_format_scope` so unprovisioned trees render
+ * the raw uuid.
+ */
+export const format_scope_context = create_context(() => () => default_format_scope);
+/**
+ * Resolve a scope label across the context → raw-uuid fallback chain.
+ *
+ * `global_label` is returned for `scope_id === null`. Callers pass `null`
+ * to render no chip (admin tables — global is the implicit default) or
+ * `'global'` for explicit labels (offer surfaces). The return type
+ * propagates `null` only when `global_label` is `null`.
+ */
+export const resolve_scope_label = (scope_id, role, format_scope, global_label) => {
+    if (scope_id === null)
+        return global_label;
+    return format_scope({ scope_id, role }) ?? truncate_uuid(scope_id);
+};

package/dist/ui/ui_format.d.ts

@@ -6,7 +6,6 @@
  *
  * @module
  */
-import type { AuditEventType } from '../auth/audit_log_schema.js';
 /**
  * Format a timestamp as a relative time string.
  *
@@ -55,9 +54,9 @@ export declare const format_datetime_local: (timestamp: string | number | Date)
 /**
  * Format audit event metadata for display based on event type.
  *
- * @param event_type - the audit event type
+ * @param event_type - the audit event type (builtin or consumer-registered)
  * @param metadata - the metadata object (may be null)
  * @returns human-readable summary string
  */
-export declare const format_audit_metadata: (event_type: AuditEventType, metadata: Record<string, unknown> | null) => string;
+export declare const format_audit_metadata: (event_type: string, metadata: Record<string, unknown> | null) => string;
 //# sourceMappingURL=ui_format.d.ts.map