@fuzdev/fuz_app 0.43.0 → 0.45.0

package/dist/auth/self_service_role_actions.js

@@ -1,11 +1,11 @@
 /**
- * Self-service role grant/revoke RPC actions.
+ * Unified self-service role toggle RPC action.
  *
- * Two static `request_response` actions — `self_service_role_grant` and
- * `self_service_role_revoke` — that take `{role}` as input and toggle a
- * permit on the caller for an allowlisted role. Idempotent in both
- * directions: re-granting an already-held role returns `granted: false`;
- * revoking a role the caller doesn't hold returns `revoked: false`.
+ * One static `request_response` action — `self_service_role_set` — that
+ * takes `{role, enabled}` and toggles a global permit on the caller for an
+ * allowlisted role. Idempotent in both directions: re-enabling an
+ * already-held role returns `changed: false`; disabling a role the caller
+ * doesn't hold returns `changed: false`.
  *
  * The factory takes an `eligible_roles` allowlist (validated against the
  * supplied `roles.role_options` at factory time so typos surface at startup
@@ -19,8 +19,8 @@
  * part of the documented schema surface and is round-trip-validated by
  * `query_audit_log`.
  *
- * Static method names — `role` lives in the input, not the method name —
- * so specs are codegen-compatible (`satisfies RequestResponseActionSpec`)
+ * Static method name — `role` lives in the input, not the method name —
+ * so the spec is codegen-compatible (`satisfies RequestResponseActionSpec`)
  * and the surface stays constant as consumers add eligible roles. Mirrors
  * the existing `permit_offer_create({role})` precedent rather than
  * generating per-role methods.
@@ -35,14 +35,14 @@ import { rpc_action } from '../actions/action_rpc.js';
 import { jsonrpc_errors } from '../http/jsonrpc_errors.js';
 import { query_grant_permit, query_permit_find_active_for_actor, query_permit_has_role, query_revoke_permit, } from './permit_queries.js';
 import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { ERROR_ROLE_NOT_SELF_SERVICE_ELIGIBLE, self_service_role_grant_action_spec, self_service_role_revoke_action_spec, } from './self_service_role_action_specs.js';
+import { ERROR_ROLE_NOT_SELF_SERVICE_ELIGIBLE, self_service_role_set_action_spec, } from './self_service_role_action_specs.js';
 const require_request_auth = (auth) => {
     if (!auth)
         throw new Error('unreachable: action auth guard did not enforce authentication');
     return auth;
 };
 /**
- * Build the self-service role grant/revoke RPC actions.
+ * Build the unified self-service role toggle RPC action.
  *
  * @param deps - `SelfServiceRoleActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
  * @param options - eligible-role allowlist plus optional role schema for typo-checking
@@ -65,45 +65,43 @@ export const create_self_service_role_actions = (deps, options) => {
             });
         }
     };
-    const grant_handler = async (input, ctx) => {
+    const handler = async (input, ctx) => {
         const auth = require_request_auth(ctx.auth);
         reject_if_ineligible(input.role);
-        // Pre-check for idempotent re-grant. `query_grant_permit` is itself
-        // idempotent (returns the existing permit instead of inserting), but
-        // it doesn't signal "already existed" vs "newly inserted" — so we
-        // peek first. The TOCTOU window is benign for self-service: two
-        // concurrent grants both observe "no permit", both call
-        // `query_grant_permit`, and one collapses onto the other inside the
-        // query's `ON CONFLICT DO NOTHING`. Worst case both responses report
-        // `granted: true`; the DB still ends up with exactly one permit.
-        const already = await query_permit_has_role(ctx, auth.actor.id, input.role);
-        if (already) {
-            return { ok: true, granted: false };
+        if (input.enabled) {
+            // Pre-check for idempotent re-grant. `query_grant_permit` is itself
+            // idempotent (returns the existing permit instead of inserting), but
+            // it doesn't signal "already existed" vs "newly inserted" — so we
+            // peek first. The TOCTOU window is benign for self-service: two
+            // concurrent grants both observe "no permit", both call
+            // `query_grant_permit`, and one collapses onto the other inside the
+            // query's `ON CONFLICT DO NOTHING`. Worst case both responses report
+            // `changed: true`; the DB still ends up with exactly one permit.
+            const already = await query_permit_has_role(ctx, auth.actor.id, input.role);
+            if (already) {
+                return { ok: true, enabled: true, changed: false };
+            }
+            const permit = await query_grant_permit(ctx, {
+                actor_id: auth.actor.id,
+                role: input.role,
+                scope_id: null,
+                expires_at: null,
+                granted_by: auth.actor.id,
+            });
+            void audit_log_fire_and_forget(ctx, {
+                event_type: 'permit_grant',
+                actor_id: auth.actor.id,
+                account_id: auth.account.id,
+                ip: ctx.client_ip,
+                metadata: {
+                    role: permit.role,
+                    permit_id: permit.id,
+                    scope_id: permit.scope_id,
+                    self_service: true,
+                },
+            }, deps);
+            return { ok: true, enabled: true, changed: true };
         }
-        const permit = await query_grant_permit(ctx, {
-            actor_id: auth.actor.id,
-            role: input.role,
-            scope_id: null,
-            expires_at: null,
-            granted_by: auth.actor.id,
-        });
-        void audit_log_fire_and_forget(ctx, {
-            event_type: 'permit_grant',
-            actor_id: auth.actor.id,
-            account_id: auth.account.id,
-            ip: ctx.client_ip,
-            metadata: {
-                role: permit.role,
-                permit_id: permit.id,
-                scope_id: permit.scope_id,
-                self_service: true,
-            },
-        }, deps);
-        return { ok: true, granted: true, permit_id: permit.id };
-    };
-    const revoke_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
-        reject_if_ineligible(input.role);
         // Find an active global permit for this (actor, role). No dedicated
         // query exists, but `query_permit_find_active_for_actor` returns the
         // short list of every active permit and we filter in JS — fewer
@@ -111,12 +109,12 @@ export const create_self_service_role_actions = (deps, options) => {
         const active = await query_permit_find_active_for_actor(ctx, auth.actor.id);
         const target = active.find((p) => p.role === input.role && p.scope_id === null);
         if (!target) {
-            return { ok: true, revoked: false };
+            return { ok: true, enabled: false, changed: false };
         }
         const result = await query_revoke_permit(ctx, target.id, auth.actor.id, auth.actor.id);
         if (!result) {
             // Raced with another revoker — treat as already revoked.
-            return { ok: true, revoked: false };
+            return { ok: true, enabled: false, changed: false };
         }
         void audit_log_fire_and_forget(ctx, {
             event_type: 'permit_revoke',
@@ -130,10 +128,7 @@ export const create_self_service_role_actions = (deps, options) => {
                 self_service: true,
             },
         }, deps);
-        return { ok: true, revoked: true };
+        return { ok: true, enabled: false, changed: true };
     };
-    return [
-        rpc_action(self_service_role_grant_action_spec, grant_handler),
-        rpc_action(self_service_role_revoke_action_spec, revoke_handler),
-    ];
+    return [rpc_action(self_service_role_set_action_spec, handler)];
 };

package/dist/auth/standard_action_specs.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Aggregate spec list mirroring `create_standard_rpc_actions` on the backend.
+ *
+ * `create_standard_rpc_actions` (in `./standard_rpc_actions.js`) bundles three
+ * action registries into one mounted RPC surface: admin + permit_offer +
+ * account. Frontends mounting that surface need the matching spec list to
+ * feed `create_rpc_client` so the typed Proxy knows about every standard
+ * method.
+ *
+ * Without this aggregate, every consumer spreads three (or four with
+ * self-service roles) `all_*_action_specs` imports at the typed-client
+ * site, the codegen-sources table, and any other registry construction —
+ * a triplicate that drifts silently on either side.
+ *
+ * Self-service role specs are **not** included — they're opt-in (require
+ * `eligible_roles` configuration) and not bundled into
+ * `create_standard_rpc_actions`. Consumers that mount them spread
+ * `all_self_service_role_action_specs` separately.
+ *
+ * @module
+ */
+import type { RequestResponseActionSpec } from '../actions/action_spec.js';
+/**
+ * Combined spec registry for the standard RPC surface (admin +
+ * permit_offer + account). Symmetric with `create_standard_rpc_actions`.
+ *
+ * Spec count is the sum of the three sub-registries. Adding a method to
+ * any sub-registry surfaces here automatically.
+ */
+export declare const all_standard_action_specs: ReadonlyArray<RequestResponseActionSpec>;
+//# sourceMappingURL=standard_action_specs.d.ts.map

package/dist/auth/standard_action_specs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"standard_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/standard_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAKzE;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,yBAAyB,CAI9E,CAAC"}

package/dist/auth/standard_action_specs.js

@@ -0,0 +1,36 @@
+/**
+ * Aggregate spec list mirroring `create_standard_rpc_actions` on the backend.
+ *
+ * `create_standard_rpc_actions` (in `./standard_rpc_actions.js`) bundles three
+ * action registries into one mounted RPC surface: admin + permit_offer +
+ * account. Frontends mounting that surface need the matching spec list to
+ * feed `create_rpc_client` so the typed Proxy knows about every standard
+ * method.
+ *
+ * Without this aggregate, every consumer spreads three (or four with
+ * self-service roles) `all_*_action_specs` imports at the typed-client
+ * site, the codegen-sources table, and any other registry construction —
+ * a triplicate that drifts silently on either side.
+ *
+ * Self-service role specs are **not** included — they're opt-in (require
+ * `eligible_roles` configuration) and not bundled into
+ * `create_standard_rpc_actions`. Consumers that mount them spread
+ * `all_self_service_role_action_specs` separately.
+ *
+ * @module
+ */
+import { all_admin_action_specs } from './admin_action_specs.js';
+import { all_permit_offer_action_specs } from './permit_offer_action_specs.js';
+import { all_account_action_specs } from './account_action_specs.js';
+/**
+ * Combined spec registry for the standard RPC surface (admin +
+ * permit_offer + account). Symmetric with `create_standard_rpc_actions`.
+ *
+ * Spec count is the sum of the three sub-registries. Adding a method to
+ * any sub-registry surfaces here automatically.
+ */
+export const all_standard_action_specs = [
+    ...all_admin_action_specs,
+    ...all_permit_offer_action_specs,
+    ...all_account_action_specs,
+];

package/dist/testing/ws_round_trip.d.ts

@@ -267,7 +267,7 @@ export declare const keeper_identity: () => WsConnectIdentity;
  * await client.wait_for(is_notification('tx_run_created'));
  * ```
  */
-export declare const build_broadcast_api: <TApi>(options: {
+export declare const build_broadcast_api: <TApi extends object>(options: {
     harness: WsTestHarness;
     specs: ReadonlyArray<ActionSpecUnion>;
 }) => TApi;

package/dist/testing/ws_round_trip.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ws_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/ws_round_trip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAO,MAAM,MAAM,CAAC;AACxC,OAAO,EACN,SAAS,EAET,KAAK,gBAAgB,EAErB,KAAK,QAAQ,EACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAc,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,4BAA4B,CAAC;AAEvD,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,kCAAkC,CAAC;AAE7E,OAAO,EAEN,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAC,yBAAyB,EAAC,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAEpF,OAAO,EAA6C,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnG,OAAO,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAanD;;;GAGG;AACH,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,SAAS,CAAC;IACd,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,MAAM,EAAE,KAAK,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAAO,MAajC,CAAC;AAEF,8CAA8C;AAC9C,MAAM,WAAW,sBAAsB;IACtC,eAAe,EAAE,cAAc,CAAC;IAChC,gEAAgE;IAChE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;OAGG;IACH,eAAe,CAAC,EAAE,cAAc,CAAC;CACjC;AAED;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GAAI,MAAM,sBAAsB,KAAG,OAWvE,CAAC;AAEF,uFAAuF;AACvF,MAAM,WAAW,WAAW;IAC3B,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtE;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAAO,WAatC,CAAC;AAEF;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,sBAAsB;;IACtE,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAa;gBAEjC,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC;IAGjD,qBAAqB,IAAI,SAAS;IAGlC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;CAG/D;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAC/B,YAAY,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAC9C,OAAO,YAAY,EACnB,IAAI,SAAS,KACX,OAAO,CAAC,IAAI,CAId,CAAC;AAMF,2CAA2C;AAC3C,MAAM,WAAW,iBAAiB;IACjC,wEAAwE;IACxE,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,yFAAyF;IACzF,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,kFAAkF;IAClF,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED,wEAAwE;AACxE,MAAM,WAAW,YAAY;IAC5B,uEAAuE;IACvE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C;;;;;;;;OAQG;IACH,OAAO,EAAE,CAAC,CAAC,GAAG,OAAO,EACpB,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,EACf,UAAU,CAAC,EAAE,MAAM,KACf,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,2DAA2D;IAC3D,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C;;;;;;;;OAQG;IACH,QAAQ,EAAE;QACT,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,GAAG,IAAI,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE5E,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;KACrF,CAAC;CACF;AAkBD,MAAM,WAAW,wBAAwB,CAAC,CAAC,GAAG,OAAO;IACpD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,2BAA2B,CAAC,CAAC,GAAG,OAAO;IACvD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,yBAAyB,CAAC,CAAC,GAAG,OAAO;IACrD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAAC,CAAC;CACjD;AAED,6EAA6E;AAC7E,eAAO,MAAM,eAAe,GAC1B,QAAQ,MAAM,MACd,KAAK,OAAO,KAAG,OACsC,CAAC;AAExD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAC/B,CAAC,EAAE,QAAQ,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,OAAO,MAChD,KAAK,OAAO,KAAG,GAAG,IAAI,wBAAwB,CAAC,CAAC,CAGE,CAAC;AAErD,gGAAgG;AAChG,eAAO,MAAM,eAAe,GAC1B,IAAI,MAAM,GAAG,MAAM,MACnB,KAAK,OAAO,KAAG,OAC8D,CAAC;AAEhF,4CAA4C;AAC5C,MAAM,WAAW,0BAA0B,CAAC,IAAI,SAAS,kBAAkB;IAC1E;;;;;OAKG;IACH,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,cAAc,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC;IACjE,kEAAkE;IAClE,SAAS,CAAC,EAAE,yBAAyB,CAAC;IACtC;;;;OAIG;IACH,SAAS,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,CAAC;IACvD,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,cAAc,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC;IACjE,yDAAyD;IACzD,eAAe,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,iBAAiB,CAAC,CAAC;CACnE;AAED,kEAAkE;AAClE,MAAM,WAAW,aAAa;IAC7B,SAAS,EAAE,yBAAyB,CAAC;IACrC;;;;;;OAMG;IACH,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;CACjE;AA8DD;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GAAI,IAAI,SAAS,kBAAkB,EACrE,SAAS,0BAA0B,CAAC,IAAI,CAAC,KACvC,aA6KF,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,eAAe,QAAO,iBAGjC,CAAC;AAYH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mBAAmB,GAAI,IAAI,EAAE,SAAS;IAClD,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;CACtC,KAAG,IAIH,CAAC"}
+{"version":3,"file":"ws_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/ws_round_trip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAO,MAAM,MAAM,CAAC;AACxC,OAAO,EACN,SAAS,EAET,KAAK,gBAAgB,EAErB,KAAK,QAAQ,EACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAc,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,4BAA4B,CAAC;AAEvD,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,kCAAkC,CAAC;AAE7E,OAAO,EAEN,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAC,yBAAyB,EAAC,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAEpF,OAAO,EAA6C,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnG,OAAO,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAanD;;;GAGG;AACH,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,SAAS,CAAC;IACd,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,MAAM,EAAE,KAAK,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAAO,MAajC,CAAC;AAEF,8CAA8C;AAC9C,MAAM,WAAW,sBAAsB;IACtC,eAAe,EAAE,cAAc,CAAC;IAChC,gEAAgE;IAChE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;OAGG;IACH,eAAe,CAAC,EAAE,cAAc,CAAC;CACjC;AAED;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GAAI,MAAM,sBAAsB,KAAG,OAWvE,CAAC;AAEF,uFAAuF;AACvF,MAAM,WAAW,WAAW;IAC3B,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtE;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAAO,WAatC,CAAC;AAEF;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,sBAAsB;;IACtE,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAa;gBAEjC,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC;IAGjD,qBAAqB,IAAI,SAAS;IAGlC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;CAG/D;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAC/B,YAAY,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAC9C,OAAO,YAAY,EACnB,IAAI,SAAS,KACX,OAAO,CAAC,IAAI,CAId,CAAC;AAMF,2CAA2C;AAC3C,MAAM,WAAW,iBAAiB;IACjC,wEAAwE;IACxE,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,yFAAyF;IACzF,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,kFAAkF;IAClF,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED,wEAAwE;AACxE,MAAM,WAAW,YAAY;IAC5B,uEAAuE;IACvE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C;;;;;;;;OAQG;IACH,OAAO,EAAE,CAAC,CAAC,GAAG,OAAO,EACpB,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,EACf,UAAU,CAAC,EAAE,MAAM,KACf,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,2DAA2D;IAC3D,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C;;;;;;;;OAQG;IACH,QAAQ,EAAE;QACT,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,GAAG,IAAI,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE5E,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;KACrF,CAAC;CACF;AAkBD,MAAM,WAAW,wBAAwB,CAAC,CAAC,GAAG,OAAO;IACpD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,2BAA2B,CAAC,CAAC,GAAG,OAAO;IACvD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,yBAAyB,CAAC,CAAC,GAAG,OAAO;IACrD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAAC,CAAC;CACjD;AAED,6EAA6E;AAC7E,eAAO,MAAM,eAAe,GAC1B,QAAQ,MAAM,MACd,KAAK,OAAO,KAAG,OACsC,CAAC;AAExD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAC/B,CAAC,EAAE,QAAQ,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,OAAO,MAChD,KAAK,OAAO,KAAG,GAAG,IAAI,wBAAwB,CAAC,CAAC,CAGE,CAAC;AAErD,gGAAgG;AAChG,eAAO,MAAM,eAAe,GAC1B,IAAI,MAAM,GAAG,MAAM,MACnB,KAAK,OAAO,KAAG,OAC8D,CAAC;AAEhF,4CAA4C;AAC5C,MAAM,WAAW,0BAA0B,CAAC,IAAI,SAAS,kBAAkB;IAC1E;;;;;OAKG;IACH,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,cAAc,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC;IACjE,kEAAkE;IAClE,SAAS,CAAC,EAAE,yBAAyB,CAAC;IACtC;;;;OAIG;IACH,SAAS,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,CAAC;IACvD,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,cAAc,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC;IACjE,yDAAyD;IACzD,eAAe,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,iBAAiB,CAAC,CAAC;CACnE;AAED,kEAAkE;AAClE,MAAM,WAAW,aAAa;IAC7B,SAAS,EAAE,yBAAyB,CAAC;IACrC;;;;;;OAMG;IACH,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;CACjE;AA8DD;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GAAI,IAAI,SAAS,kBAAkB,EACrE,SAAS,0BAA0B,CAAC,IAAI,CAAC,KACvC,aA6KF,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,eAAe,QAAO,iBAGjC,CAAC;AAYH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mBAAmB,GAAI,IAAI,SAAS,MAAM,EAAE,SAAS;IACjE,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;CACtC,KAAG,IAIH,CAAC"}

package/dist/ui/CLAUDE.md

@@ -267,17 +267,16 @@ destructive actions.
   (`get`, `update`). Fields: `settings`, `updating`. Single mutation
   `update_open_signup(boolean)`.
 - `admin_rpc_adapters.ts` (plain `.ts`, no reactive state) — bundled
-  wiring for the four admin RPC contexts. `create_admin_rpc_adapters(rpc_call)`
-  takes a single `AdminRpcCall` closure (alias of `ThrowingRpcCall` from
-  `../actions/rpc_client.ts`) and returns `{admin_accounts, admin_invites,
-audit_log, app_settings}` adapter objects. `provide_admin_rpc_contexts(adapters)`
-  calls `set` on all four contexts in one shot. Pair with
-  `create_throwing_rpc_call(api)` from `../actions/rpc_client.ts` to turn a
-  typed `create_rpc_client` Proxy into the throw-on-error `rpc_call`
-  signature — two lines at the admin shell layout. Method-name mapping is
-  in the module TSDoc (`grant_permit` → `permit_offer_create`,
-  `retract_offer` → `permit_offer_retract`, etc.) and the
-  `admin_rpc_adapters.test.ts` fixtures.
+  wiring for the four admin RPC contexts. `create_admin_rpc_adapters(api)`
+  takes the typed throwing Proxy from `create_frontend_rpc_client` (or
+  any object satisfying the `AdminRpcApi` interface) and returns
+  `{admin_accounts, admin_invites, audit_log, app_settings}` adapter
+  objects. `provide_admin_rpc_contexts(adapters)` calls `set` on all
+  four contexts in one shot. One line at the admin shell layout:
+  `provide_admin_rpc_contexts(create_admin_rpc_adapters(api))`.
+  Method-name mapping is in the module TSDoc (`grant_permit` →
+  `permit_offer_create`, `retract_offer` → `permit_offer_retract`, etc.)
+  and the `admin_rpc_adapters.test.ts` fixtures.
 
 ## RPC adapter contexts
 

package/dist/ui/admin_accounts_state.svelte.d.ts

@@ -4,10 +4,13 @@
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
+import type { Uuid } from '@fuzdev/fuz_util/id.js';
 import { Loadable } from './loadable.svelte.js';
 import type { AdminAccountEntryJson } from '../auth/account_schema.js';
-import type { AdminSessionJson } from '../auth/audit_log_schema.js';
+import type { RoleName } from '../auth/role_schema.js';
 import type { PermitOfferJson } from '../auth/permit_offer_schema.js';
+import type { AdminAccountListOutput, AdminSessionListOutput, AdminSessionRevokeAllInput, AdminSessionRevokeAllOutput, AdminTokenRevokeAllInput, AdminTokenRevokeAllOutput } from '../auth/admin_action_specs.js';
+import type { PermitOfferCreateInput, PermitOfferCreateOutput, PermitOfferOkOutput, PermitRevokeInput, PermitRevokeOutput } from '../auth/permit_offer_action_specs.js';
 /**
  * Narrow RPC surface consumed by `AdminAccountsState`. Consumers adapt their
  * typed RPC client (e.g. a `create_rpc_client` Proxy) to this shape — the
@@ -21,44 +24,20 @@ import type { PermitOfferJson } from '../auth/permit_offer_schema.js';
  * `admin_session_revoke_all` and `admin_token_revoke_all`. Without the
  * adapter the state class cannot fetch, grant, revoke, retract, or
  * revoke-all sessions/tokens.
+ *
+ * Method signatures track the underlying action specs — `Uuid`-branded ids
+ * propagate from the wire through the state class to the components. The
+ * adapter built by `create_admin_rpc_adapters` therefore needs zero casts
+ * to bridge to the typed throwing Proxy.
  */
 export interface AdminAccountsRpc {
-    list_accounts: () => Promise<{
-        accounts: Array<AdminAccountEntryJson>;
-        grantable_roles: Array<string>;
-    }>;
-    list_sessions: () => Promise<{
-        sessions: Array<AdminSessionJson>;
-    }>;
-    grant_permit: (params: {
-        to_account_id: string;
-        role: string;
-    }) => Promise<{
-        offer: PermitOfferJson;
-    }>;
-    revoke_permit: (params: {
-        actor_id: string;
-        permit_id: string;
-        reason?: string | null;
-    }) => Promise<{
-        ok: true;
-        revoked: true;
-    }>;
-    retract_offer: (offer_id: string) => Promise<{
-        ok: true;
-    }>;
-    session_revoke_all: (params: {
-        account_id: string;
-    }) => Promise<{
-        ok: true;
-        count: number;
-    }>;
-    token_revoke_all: (params: {
-        account_id: string;
-    }) => Promise<{
-        ok: true;
-        count: number;
-    }>;
+    list_accounts: () => Promise<AdminAccountListOutput>;
+    list_sessions: () => Promise<AdminSessionListOutput>;
+    grant_permit: (params: PermitOfferCreateInput) => Promise<PermitOfferCreateOutput>;
+    revoke_permit: (params: PermitRevokeInput) => Promise<PermitRevokeOutput>;
+    retract_offer: (offer_id: Uuid) => Promise<PermitOfferOkOutput>;
+    session_revoke_all: (params: AdminSessionRevokeAllInput) => Promise<AdminSessionRevokeAllOutput>;
+    token_revoke_all: (params: AdminTokenRevokeAllInput) => Promise<AdminTokenRevokeAllOutput>;
 }
 /**
  * Svelte context carrying the reactive `AdminAccountsRpc` accessor. The
@@ -86,7 +65,7 @@ export interface AdminAccountsStateOptions {
 export declare class AdminAccountsState extends Loadable {
     #private;
     accounts: Array<AdminAccountEntryJson>;
-    grantable_roles: Array<string>;
+    grantable_roles: Array<RoleName>;
     readonly granting_keys: SvelteSet<string>;
     readonly revoking_ids: SvelteSet<string>;
     readonly retracting_ids: SvelteSet<string>;
@@ -111,7 +90,7 @@ export declare class AdminAccountsState extends Loadable {
      * No-op when the rpc adapter is absent; `error` is set to a descriptive
      * message so the UI surfaces the misconfiguration.
      */
-    grant_permit(account_id: string, role: string): Promise<PermitOfferJson | undefined>;
+    grant_permit(account_id: Uuid, role: RoleName): Promise<PermitOfferJson | undefined>;
     /**
      * Revoke an active permit via the `permit_revoke` RPC.
      *
@@ -121,7 +100,7 @@ export declare class AdminAccountsState extends Loadable {
      * The optional `reason` is stamped on `permit.revoked_reason` and
      * surfaced on the revokee's WS notification.
      */
-    revoke_permit(actor_id: string, permit_id: string, reason?: string | null): Promise<void>;
+    revoke_permit(actor_id: Uuid, permit_id: Uuid, reason?: string | null): Promise<void>;
     /**
      * Retract a pending offer the admin issued via the `permit_offer_retract`
      * RPC. The action handles auth, audit, and the
@@ -130,6 +109,6 @@ export declare class AdminAccountsState extends Loadable {
      * After success, refetches the listing so `pending_offers` drops the
      * row and the "+ {role}" button un-hides.
      */
-    retract_offer(offer_id: string): Promise<void>;
+    retract_offer(offer_id: Uuid): Promise<void>;
 }
 //# sourceMappingURL=admin_accounts_state.svelte.d.ts.map

package/dist/ui/admin_accounts_state.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_accounts_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_accounts_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAG5C,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,gCAAgC,CAAC;AAEpE;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,gBAAgB;IAChC,aAAa,EAAE,MAAM,OAAO,CAAC;QAC5B,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACvC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KAC/B,CAAC,CAAC;IACH,aAAa,EAAE,MAAM,OAAO,CAAC;QAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAA;KAAC,CAAC,CAAC;IAClE,YAAY,EAAE,CAAC,MAAM,EAAE;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;KACb,KAAK,OAAO,CAAC;QAAC,KAAK,EAAE,eAAe,CAAA;KAAC,CAAC,CAAC;IACxC,aAAa,EAAE,CAAC,MAAM,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACvB,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IACzC,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IACzD,kBAAkB,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;IACzF,gBAAgB,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CACvF;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,0BAA0B;qBAAwB,gBAAgB,GAAG,IAAI;yBAAvB,gBAAgB,GAAG,IAAI,wBAAvB,gBAAgB,GAAG,IAAI;CAErF,CAAC;AAEF,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,gBAAgB,GAAG,IAAI,CAAC;CACxC;AAED,qBAAa,kBAAmB,SAAQ,QAAQ;;IAG/C,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAkB;IACxD,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAkB;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC5D,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC3D,QAAQ,CAAC,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE7D,QAAQ,CAAC,aAAa,SAAkC;gBAE5C,OAAO,CAAC,EAAE,yBAAyB;IAK/C;;;OAGG;IACH,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAa5B;;;;;;;;;;;;OAYG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAqB1F;;;;;;;;OAQG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB/F;;;;;;;OAOG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBpD"}
+{"version":3,"file":"admin_accounts_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_accounts_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAE5C,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,wBAAwB,CAAC;AACrD,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,gCAAgC,CAAC;AACpE,OAAO,KAAK,EACX,sBAAsB,EACtB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EACX,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,sCAAsC,CAAC;AAE9C;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,gBAAgB;IAChC,aAAa,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,aAAa,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,YAAY,EAAE,CAAC,MAAM,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACnF,aAAa,EAAE,CAAC,MAAM,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC1E,aAAa,EAAE,CAAC,QAAQ,EAAE,IAAI,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAChE,kBAAkB,EAAE,CAAC,MAAM,EAAE,0BAA0B,KAAK,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACjG,gBAAgB,EAAE,CAAC,MAAM,EAAE,wBAAwB,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;CAC3F;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,0BAA0B;qBAAwB,gBAAgB,GAAG,IAAI;yBAAvB,gBAAgB,GAAG,IAAI,wBAAvB,gBAAgB,GAAG,IAAI;CAErF,CAAC;AAEF,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,gBAAgB,GAAG,IAAI,CAAC;CACxC;AAED,qBAAa,kBAAmB,SAAQ,QAAQ;;IAG/C,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAkB;IACxD,eAAe,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAkB;IAClD,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC5D,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC3D,QAAQ,CAAC,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE7D,QAAQ,CAAC,aAAa,SAAkC;gBAE5C,OAAO,CAAC,EAAE,yBAAyB;IAK/C;;;OAGG;IACH,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAa5B;;;;;;;;;;;;OAYG;IACG,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAqB1F;;;;;;;;OAQG;IACG,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB3F;;;;;;;OAOG;IACG,aAAa,CAAC,QAAQ,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBlD"}

package/dist/ui/admin_invites_state.svelte.d.ts

@@ -8,30 +8,21 @@
  * @module
  */
 import { SvelteSet } from 'svelte/reactivity';
+import type { Uuid } from '@fuzdev/fuz_util/id.js';
 import { Loadable } from './loadable.svelte.js';
-import type { InviteJson, InviteWithUsernamesJson } from '../auth/invite_schema.js';
+import type { InviteWithUsernamesJson } from '../auth/invite_schema.js';
+import type { InviteCreateInput, InviteCreateOutput, InviteDeleteInput, InviteDeleteOutput, InviteListOutput } from '../auth/admin_action_specs.js';
 /**
  * Narrow RPC surface consumed by `AdminInvitesState`. Consumers adapt their
  * typed RPC client to this shape. `error.data.reason` on thrown errors
  * carries the `ERROR_INVITE_*` constant — handled by the caller when
- * user-friendly messages are needed.
+ * user-friendly messages are needed. Method signatures track the wire
+ * spec types directly so the adapter needs no casts.
  */
 export interface AdminInvitesRpc {
-    list: () => Promise<{
-        invites: Array<InviteWithUsernamesJson>;
-    }>;
-    create: (params: {
-        email?: string | null;
-        username?: string | null;
-    }) => Promise<{
-        ok: true;
-        invite: InviteJson;
-    }>;
-    delete: (params: {
-        invite_id: string;
-    }) => Promise<{
-        ok: true;
-    }>;
+    list: () => Promise<InviteListOutput>;
+    create: (params: InviteCreateInput) => Promise<InviteCreateOutput>;
+    delete: (params: InviteDeleteInput) => Promise<InviteDeleteOutput>;
 }
 /**
  * Svelte context carrying the reactive `AdminInvitesRpc` accessor. Mirrors
@@ -60,6 +51,6 @@ export declare class AdminInvitesState extends Loadable {
     get has_rpc(): boolean;
     fetch(): Promise<void>;
     create_invite(email?: string, username?: string): Promise<boolean>;
-    delete_invite(id: string): Promise<void>;
+    delete_invite(id: Uuid): Promise<void>;
 }
 //# sourceMappingURL=admin_invites_state.svelte.d.ts.map

package/dist/ui/admin_invites_state.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_invites_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_invites_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAG5C,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,UAAU,EAAE,uBAAuB,EAAC,MAAM,0BAA0B,CAAC;AAElF;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,OAAO,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAA;KAAC,CAAC,CAAC;IAC/D,MAAM,EAAE,CAAC,MAAM,EAAE;QAChB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACzB,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAC,CAAC,CAAC;IAC9C,MAAM,EAAE,CAAC,MAAM,EAAE;QAAC,SAAS,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;CAC7D;AAED;;;GAGG;AACH,eAAO,MAAM,yBAAyB;qBAAwB,eAAe,GAAG,IAAI;yBAAtB,eAAe,GAAG,IAAI,wBAAtB,eAAe,GAAG,IAAI;CAEnF,CAAC;AAEF,MAAM,WAAW,wBAAwB;IACxC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,eAAe,GAAG,IAAI,CAAC;CACvC;AAED,qBAAa,iBAAkB,SAAQ,QAAQ;;IAG9C,OAAO,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAkB;IACzD,QAAQ,UAAqB;IAC7B,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE3D,QAAQ,CAAC,YAAY,SAAiC;IACtD,QAAQ,CAAC,eAAe,SAA8D;gBAE1E,OAAO,CAAC,EAAE,wBAAwB;IAK9C,6DAA6D;IAC7D,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBlE,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB9C"}
+{"version":3,"file":"admin_invites_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_invites_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAE5C,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,0BAA0B,CAAC;AACtE,OAAO,KAAK,EACX,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,MAAM,+BAA+B,CAAC;AAEvC;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtC,MAAM,EAAE,CAAC,MAAM,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnE,MAAM,EAAE,CAAC,MAAM,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACnE;AAED;;;GAGG;AACH,eAAO,MAAM,yBAAyB;qBAAwB,eAAe,GAAG,IAAI;yBAAtB,eAAe,GAAG,IAAI,wBAAtB,eAAe,GAAG,IAAI;CAEnF,CAAC;AAEF,MAAM,WAAW,wBAAwB;IACxC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,eAAe,GAAG,IAAI,CAAC;CACvC;AAED,qBAAa,iBAAkB,SAAQ,QAAQ;;IAG9C,OAAO,EAAE,KAAK,CAAC,uBAAuB,CAAC,CAAkB;IACzD,QAAQ,UAAqB;IAC7B,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE3D,QAAQ,CAAC,YAAY,SAAiC;IACtD,QAAQ,CAAC,eAAe,SAA8D;gBAE1E,OAAO,CAAC,EAAE,wBAAwB;IAK9C,6DAA6D;IAC7D,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,aAAa,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBlE,aAAa,CAAC,EAAE,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB5C"}

package/dist/ui/admin_rpc_adapters.d.ts

@@ -1,7 +1,7 @@
 /**
  * Admin RPC adapter helpers for consumer UIs.
  *
- * Bridges a typed `rpc_call`-shaped function to the four narrow admin RPC
+ * Bridges a typed throwing RPC client to the four narrow admin RPC
  * interfaces the state classes consume — `AdminAccountsRpc`,
  * `AdminInvitesRpc`, `AuditLogRpc`, `AppSettingsRpc`. Two calls at the
  * admin shell layout wire everything.
@@ -16,44 +16,57 @@
  * and backend factory names diverge by design.
  *
  * ```ts
- * import {create_throwing_rpc_call} from '@fuzdev/fuz_app/actions/rpc_client.js';
- * const rpc_call = create_throwing_rpc_call(api);
- * provide_admin_rpc_contexts(create_admin_rpc_adapters(rpc_call));
+ * // `api` is the typed throwing Proxy from `create_frontend_rpc_client`.
+ * provide_admin_rpc_contexts(create_admin_rpc_adapters(api));
  * ```
  *
- * `create_throwing_rpc_call` unwraps every `Result` to throw on error, spreading
- * the JSON-RPC `{code, message, data?}` onto the thrown `Error` so form
- * components (e.g. `PermitOfferForm.svelte`) can match on
- * `error.data?.reason` via `ERROR_OFFER_*` constants — optional chaining is
- * required because JSON-RPC `data` is spec-level optional. Consumers that
- * need a custom unwrap strategy can supply any function matching
- * `AdminRpcCall` directly instead.
+ * The throwing Proxy spreads the JSON-RPC `{code, message, data?}` onto
+ * the thrown `Error` so form components (e.g. `PermitOfferForm.svelte`)
+ * can match on `error.data?.reason` via `ERROR_OFFER_*` constants —
+ * optional chaining is required because JSON-RPC `data` is spec-level
+ * optional. Consumers that need a custom unwrap strategy can construct
+ * their own object satisfying `AdminRpcApi` and pass it directly.
  *
  * No `.svelte.ts` suffix — this module holds no reactive state, only
  * method-name mappings.
  *
  * @module
  */
-import type { ThrowingRpcCall } from '../actions/rpc_client.js';
+import type { AdminAccountListOutput, AdminSessionListOutput, AdminSessionRevokeAllInput, AdminSessionRevokeAllOutput, AdminTokenRevokeAllInput, AdminTokenRevokeAllOutput, AuditLogListInput, AuditLogListOutput, AuditLogPermitHistoryInput, AuditLogPermitHistoryOutput, InviteCreateInput, InviteCreateOutput, InviteDeleteInput, InviteDeleteOutput, InviteListOutput, AppSettingsGetOutput, AppSettingsUpdateInput, AppSettingsUpdateOutput } from '../auth/admin_action_specs.js';
+import type { PermitOfferCreateInput, PermitOfferCreateOutput, PermitOfferRetractInput, PermitOfferOkOutput, PermitRevokeInput, PermitRevokeOutput } from '../auth/permit_offer_action_specs.js';
 import { type AdminAccountsRpc } from './admin_accounts_state.svelte.js';
 import { type AdminInvitesRpc } from './admin_invites_state.svelte.js';
 import { type AuditLogRpc } from './audit_log_state.svelte.js';
 import { type AppSettingsRpc } from './app_settings_state.svelte.js';
 import { type FormatScope } from './format_scope.js';
 /**
- * Function-shaped contract for dispatching an RPC call by method name.
+ * The wire-method surface this module needs from the typed throwing RPC
+ * client. Every method returns the unwrapped value or throws an `Error`
+ * carrying the JSON-RPC `{code, message, data?}` shape — i.e. the
+ * `ThrowingApi<...>` view of the corresponding action specs.
  *
- * Alias of `ThrowingRpcCall` — kept as a domain-specific name so reads of
- * the admin UI code stay self-contained. Receives the method string and
- * input, returns a Promise of the output — or throws on error carrying the
- * JSON-RPC `{code, message, data?}` shape.
- *
- * The generic is load-bearing: contextual typing lets the narrow
- * `Admin*Rpc` return types flow into `TOutput` so adapter methods typecheck
- * without explicit casts.
+ * Consumers pass the typed throwing Proxy returned by
+ * `create_frontend_rpc_client` directly. Structural typing means any
+ * superset (e.g. the consumer's full `ThrowingApi<ActionsApi>`) is
+ * assignable as long as these methods are present at these signatures.
  */
-export type AdminRpcCall = ThrowingRpcCall;
-/** The four admin RPC adapters assembled from a shared `rpc_call`. */
+export interface AdminRpcApi {
+    admin_account_list: () => Promise<AdminAccountListOutput>;
+    admin_session_list: () => Promise<AdminSessionListOutput>;
+    admin_session_revoke_all: (input: AdminSessionRevokeAllInput) => Promise<AdminSessionRevokeAllOutput>;
+    admin_token_revoke_all: (input: AdminTokenRevokeAllInput) => Promise<AdminTokenRevokeAllOutput>;
+    audit_log_list: (input?: AuditLogListInput) => Promise<AuditLogListOutput>;
+    audit_log_permit_history: (input?: AuditLogPermitHistoryInput) => Promise<AuditLogPermitHistoryOutput>;
+    invite_list: () => Promise<InviteListOutput>;
+    invite_create: (input: InviteCreateInput) => Promise<InviteCreateOutput>;
+    invite_delete: (input: InviteDeleteInput) => Promise<InviteDeleteOutput>;
+    app_settings_get: () => Promise<AppSettingsGetOutput>;
+    app_settings_update: (input: AppSettingsUpdateInput) => Promise<AppSettingsUpdateOutput>;
+    permit_offer_create: (input: PermitOfferCreateInput) => Promise<PermitOfferCreateOutput>;
+    permit_offer_retract: (input: PermitOfferRetractInput) => Promise<PermitOfferOkOutput>;
+    permit_revoke: (input: PermitRevokeInput) => Promise<PermitRevokeOutput>;
+}
+/** The four admin RPC adapters assembled from a shared `api`. */
 export interface AdminRpcAdapters {
     admin_accounts: AdminAccountsRpc;
     admin_invites: AdminInvitesRpc;
@@ -61,7 +74,7 @@ export interface AdminRpcAdapters {
     app_settings: AppSettingsRpc;
 }
 /**
- * Build the four admin RPC adapters from a single typed `rpc_call`.
+ * Build the four admin RPC adapters from a typed throwing RPC client.
  *
  * Method-name mapping:
  *
@@ -82,12 +95,11 @@ export interface AdminRpcAdapters {
  * | `app_settings.get`                  | `app_settings_get`           |
  * | `app_settings.update`               | `app_settings_update`        |
  *
- * All four adapter factories call through the same `rpc_call` — consumers
- * only construct one adapter closure (typically wrapping
- * `create_rpc_client`'s Proxy + Result-unwrap) regardless of how many
- * admin surfaces they mount.
+ * All four adapter factories call through the same `api` — consumers
+ * pass the typed throwing Proxy from `create_frontend_rpc_client` once,
+ * regardless of how many admin surfaces they mount.
  */
-export declare const create_admin_rpc_adapters: (rpc_call: AdminRpcCall) => AdminRpcAdapters;
+export declare const create_admin_rpc_adapters: (api: AdminRpcApi) => AdminRpcAdapters;
 /** Optional knobs alongside the adapters when wiring admin contexts. */
 export interface ProvideAdminRpcContextsOptions {
     /**

package/dist/ui/admin_rpc_adapters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAEH,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAC7F,OAAO,EAAuB,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAEzE;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,YAAY,GAAG,eAAe,CAAC;AAE3C,sEAAsE;AACtE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,eAAO,MAAM,yBAAyB,GAAI,UAAU,YAAY,KAAG,gBAuBjE,CAAC;AAEH,wEAAwE;AACxE,MAAM,WAAW,8BAA8B;IAC9C;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,0BAA0B,GACtC,UAAU,gBAAgB,EAC1B,UAAU,8BAA8B,KACtC,IASF,CAAC"}
+{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EACX,sBAAsB,EACtB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,iBAAiB,EACjB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EACX,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAC7F,OAAO,EAAuB,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC3B,kBAAkB,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC1D,kBAAkB,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC1D,wBAAwB,EAAE,CACzB,KAAK,EAAE,0BAA0B,KAC7B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,sBAAsB,EAAE,CAAC,KAAK,EAAE,wBAAwB,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAChG,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC3E,wBAAwB,EAAE,CACzB,KAAK,CAAC,EAAE,0BAA0B,KAC9B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,WAAW,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7C,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzE,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzE,gBAAgB,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACtD,mBAAmB,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACzF,mBAAmB,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACzF,oBAAoB,EAAE,CAAC,KAAK,EAAE,uBAAuB,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACvF,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACzE;AAED,iEAAiE;AACjE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,yBAAyB,GAAI,KAAK,WAAW,KAAG,gBAuB3D,CAAC;AAEH,wEAAwE;AACxE,MAAM,WAAW,8BAA8B;IAC9C;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,0BAA0B,GACtC,UAAU,gBAAgB,EAC1B,UAAU,8BAA8B,KACtC,IASF,CAAC"}