@fuzdev/fuz_app 0.49.0 → 0.51.0

package/dist/db/create_db.js

@@ -8,7 +8,7 @@
  *
  * Both `pg` and `@electric-sql/pglite` are optional peer dependencies,
  * dynamically imported only when needed. For direct driver construction
- * without auto-detection, use `db_pg.ts` or `db_pglite.ts`.
+ * without auto-detection, use `db/db_pg.ts` or `db/db_pglite.ts`.
  *
  * @module
  */
@@ -22,7 +22,7 @@ import { create_pglite_db } from './db_pglite.js';
  * know which driver is in use.
  *
  * For direct driver construction without URL routing, import
- * `create_pg_db` from `db_pg.ts` or `create_pglite_db` from `db_pglite.ts`.
+ * `create_pg_db` from `db/db_pg.ts` or `create_pglite_db` from `db/db_pglite.ts`.
  *
  * @param database_url - connection URL (`postgres://`, `postgresql://`, `file://`, or `memory://`)
  * @returns database instance, close callback, type, and display name

package/dist/db/db.d.ts

@@ -5,7 +5,7 @@
  * Both `pg.Pool` and `@electric-sql/pglite` satisfy this interface.
  *
  * Transaction safety is provided by an injected `transaction` callback —
- * the driver adapters (`db_pg.ts`, `db_pglite.ts`) supply the driver-appropriate
+ * the driver adapters (`db/db_pg.ts`, `db/db_pglite.ts`) supply the driver-appropriate
  * implementation. Close is handled externally (returned alongside the Db
  * as `DbDriverResult`), not as a method on this class.
  *
@@ -55,8 +55,8 @@ export declare const no_nested_transaction: DbDeps['transaction'];
 /**
  * Database wrapper providing a consistent query and transaction interface.
  *
- * Construct via `create_pg_db()` from `db_pg.ts` or `create_pglite_db()` from
- * `db_pglite.ts` for proper transaction support, or via `create_db()` for
+ * Construct via `create_pg_db()` from `db/db_pg.ts` or `create_pglite_db()` from
+ * `db/db_pglite.ts` for proper transaction support, or via `create_db()` for
  * URL-based auto-detection.
  *
  * @example

package/dist/db/db.js

@@ -5,7 +5,7 @@
  * Both `pg.Pool` and `@electric-sql/pglite` satisfy this interface.
  *
  * Transaction safety is provided by an injected `transaction` callback —
- * the driver adapters (`db_pg.ts`, `db_pglite.ts`) supply the driver-appropriate
+ * the driver adapters (`db/db_pg.ts`, `db/db_pglite.ts`) supply the driver-appropriate
  * implementation. Close is handled externally (returned alongside the Db
  * as `DbDriverResult`), not as a method on this class.
  *
@@ -24,8 +24,8 @@ export const no_nested_transaction = () => {
 /**
  * Database wrapper providing a consistent query and transaction interface.
  *
- * Construct via `create_pg_db()` from `db_pg.ts` or `create_pglite_db()` from
- * `db_pglite.ts` for proper transaction support, or via `create_db()` for
+ * Construct via `create_pg_db()` from `db/db_pg.ts` or `create_pglite_db()` from
+ * `db/db_pglite.ts` for proper transaction support, or via `create_db()` for
  * URL-based auto-detection.
  *
  * @example

package/dist/hono_context.d.ts

@@ -7,7 +7,7 @@
  * Import this module once in your app to get type-safe access to
  * `auth_session_id`, `request_context`, and `credential_type` on the Hono context.
  *
- * In practice, this is auto-loaded by `app_server.ts` (side-effect import)
+ * In practice, this is auto-loaded by `server/app_server.ts` (side-effect import)
  * and transitively by auth middleware modules that import `CREDENTIAL_TYPE_KEY`.
  * Consumers don't need a manual import unless bypassing the standard server assembly.
  *

package/dist/hono_context.js

@@ -7,7 +7,7 @@
  * Import this module once in your app to get type-safe access to
  * `auth_session_id`, `request_context`, and `credential_type` on the Hono context.
  *
- * In practice, this is auto-loaded by `app_server.ts` (side-effect import)
+ * In practice, this is auto-loaded by `server/app_server.ts` (side-effect import)
  * and transitively by auth middleware modules that import `CREDENTIAL_TYPE_KEY`.
  * Consumers don't need a manual import unless bypassing the standard server assembly.
  *

package/dist/http/jsonrpc_errors.d.ts

@@ -7,10 +7,10 @@
  * codes stay in consumers — add by casting `as JsonrpcErrorCode`.
  *
  * `JsonrpcErrorCode` and `JsonrpcErrorObject` types are Zod-inferred
- * from `jsonrpc.ts` — this module re-uses those as the single source
+ * from `http/jsonrpc.ts` — this module re-uses those as the single source
  * of truth.
  *
- * Complementary to `error_schemas.ts`: that module is declarative
+ * Complementary to `http/error_schemas.ts`: that module is declarative
  * (Zod schemas for surface introspection), this one is runtime
  * (throw + catch + map).
  *

package/dist/http/jsonrpc_errors.js

@@ -7,10 +7,10 @@
  * codes stay in consumers — add by casting `as JsonrpcErrorCode`.
  *
  * `JsonrpcErrorCode` and `JsonrpcErrorObject` types are Zod-inferred
- * from `jsonrpc.ts` — this module re-uses those as the single source
+ * from `http/jsonrpc.ts` — this module re-uses those as the single source
  * of truth.
  *
- * Complementary to `error_schemas.ts`: that module is declarative
+ * Complementary to `http/error_schemas.ts`: that module is declarative
  * (Zod schemas for surface introspection), this one is runtime
  * (throw + catch + map).
  *

package/dist/http/jsonrpc_helpers.d.ts

@@ -2,8 +2,8 @@
  * JSON-RPC message builders, type guards, and converters.
  *
  * Used by the SAES runtime (ActionEvent, ActionPeer, transports) and
- * the RPC endpoint dispatcher. Complements `jsonrpc.ts` (schemas) and
- * `jsonrpc_errors.ts` (error infrastructure).
+ * the RPC endpoint dispatcher. Complements `http/jsonrpc.ts` (schemas) and
+ * `http/jsonrpc_errors.ts` (error infrastructure).
  *
  * @module
  */

package/dist/http/jsonrpc_helpers.js

@@ -2,8 +2,8 @@
  * JSON-RPC message builders, type guards, and converters.
  *
  * Used by the SAES runtime (ActionEvent, ActionPeer, transports) and
- * the RPC endpoint dispatcher. Complements `jsonrpc.ts` (schemas) and
- * `jsonrpc_errors.ts` (error infrastructure).
+ * the RPC endpoint dispatcher. Complements `http/jsonrpc.ts` (schemas) and
+ * `http/jsonrpc_errors.ts` (error infrastructure).
  *
  * @module
  */

package/dist/http/middleware_spec.d.ts

@@ -1,7 +1,7 @@
 /**
  * Middleware spec type — named middleware layer definition.
  *
- * Separated from `route_spec.ts` so middleware modules can import this
+ * Separated from `http/route_spec.ts` so middleware modules can import this
  * type without creating an upward dependency on routes.
  *
  * @module

package/dist/http/middleware_spec.js

@@ -1,7 +1,7 @@
 /**
  * Middleware spec type — named middleware layer definition.
  *
- * Separated from `route_spec.ts` so middleware modules can import this
+ * Separated from `http/route_spec.ts` so middleware modules can import this
  * type without creating an upward dependency on routes.
  *
  * @module

package/dist/http/origin.d.ts

@@ -3,7 +3,7 @@
  *
  * Verifies requests are coming from expected origins/referers.
  * CSRF protection is provided by `SameSite: strict` on session cookies
- * (see `session_middleware.ts`). This module provides origin allowlisting
+ * (see `auth/session_middleware.ts`). This module provides origin allowlisting
  * for locally-running services — preventing untrusted websites from
  * making requests as the user browses the web.
  *

package/dist/http/origin.js

@@ -3,7 +3,7 @@
  *
  * Verifies requests are coming from expected origins/referers.
  * CSRF protection is provided by `SameSite: strict` on session cookies
- * (see `session_middleware.ts`). This module provides origin allowlisting
+ * (see `auth/session_middleware.ts`). This module provides origin allowlisting
  * for locally-running services — preventing untrusted websites from
  * making requests as the user browses the web.
  *

package/dist/http/schema_helpers.d.ts

@@ -1,7 +1,7 @@
 /**
  * Shared pure helpers for schema introspection and middleware matching.
  *
- * Used by both `route_spec.ts` (input validation) and `surface.ts`
+ * Used by both `http/route_spec.ts` (input validation) and `http/surface.ts`
  * (attack surface generation). Extracted to avoid circular dependencies
  * between routes and middleware.
  *

package/dist/http/schema_helpers.js

@@ -1,7 +1,7 @@
 /**
  * Shared pure helpers for schema introspection and middleware matching.
  *
- * Used by both `route_spec.ts` (input validation) and `surface.ts`
+ * Used by both `http/route_spec.ts` (input validation) and `http/surface.ts`
  * (attack surface generation). Extracted to avoid circular dependencies
  * between routes and middleware.
  *

package/dist/http/surface.d.ts

@@ -2,7 +2,7 @@
  * App surface generation — JSON-serializable attack surface from route and middleware specs.
  *
  * Pure schema helpers (`is_null_schema`, `schema_to_surface`, `middleware_applies`,
- * `merge_error_schemas`) live in `schema_helpers.ts`.
+ * `merge_error_schemas`) live in `http/schema_helpers.ts`.
  *
  * @module
  */

package/dist/http/surface.js

@@ -2,7 +2,7 @@
  * App surface generation — JSON-serializable attack surface from route and middleware specs.
  *
  * Pure schema helpers (`is_null_schema`, `schema_to_surface`, `middleware_applies`,
- * `merge_error_schemas`) live in `schema_helpers.ts`.
+ * `merge_error_schemas`) live in `http/schema_helpers.ts`.
  *
  * @module
  */

package/dist/runtime/deno.d.ts

@@ -11,7 +11,7 @@ import type { RuntimeDeps } from './deps.js';
 /**
  * Create a runtime backed by Deno APIs.
  *
- * Returns an object satisfying all `*Deps` interfaces from `deps.ts`.
+ * Returns an object satisfying all `*Deps` interfaces from `runtime/deps.ts`.
  * Pass to shared functions that accept `EnvDeps`, `FsReadDeps`, etc.
  *
  * @param args - CLI arguments (typically `Deno.args`)

package/dist/runtime/deno.js

@@ -10,7 +10,7 @@
 /**
  * Create a runtime backed by Deno APIs.
  *
- * Returns an object satisfying all `*Deps` interfaces from `deps.ts`.
+ * Returns an object satisfying all `*Deps` interfaces from `runtime/deps.ts`.
  * Pass to shared functions that accept `EnvDeps`, `FsReadDeps`, etc.
  *
  * @param args - CLI arguments (typically `Deno.args`)

package/dist/runtime/node.d.ts

@@ -1,7 +1,7 @@
 /**
  * Node.js implementation of `RuntimeDeps`.
  *
- * Provides the same interface as `deno.ts` but backed by Node.js APIs.
+ * Provides the same interface as `runtime/deno.ts` but backed by Node.js APIs.
  * Used for running servers in Node.js and for tests (vitest runs in Node).
  *
  * @module

package/dist/runtime/node.js

@@ -1,7 +1,7 @@
 /**
  * Node.js implementation of `RuntimeDeps`.
  *
- * Provides the same interface as `deno.ts` but backed by Node.js APIs.
+ * Provides the same interface as `runtime/deno.ts` but backed by Node.js APIs.
  * Used for running servers in Node.js and for tests (vitest runs in Node).
  *
  * @module

package/dist/testing/rpc_attack_surface.js

@@ -306,7 +306,7 @@ const describe_rpc_adversarial_envelopes = (options) => {
  * For each method with a non-null input schema, generates test cases
  * from the schema (wrong types, missing fields, format violations)
  * and wraps them in valid JSON-RPC envelopes. Reuses
- * `generate_input_test_cases` from `adversarial_input.ts`.
+ * `generate_input_test_cases` from `testing/adversarial_input.ts`.
  */
 const describe_rpc_adversarial_params = (options) => {
     const { build, roles } = options;

package/dist/testing/rpc_helpers.js

@@ -3,7 +3,7 @@ import './assert_dev_env.js';
  * JSON-RPC test helpers — request construction, response assertion, and
  * one-shot call ergonomics.
  *
- * Shared by `rpc_attack_surface.ts`, `rpc_round_trip.ts`, and
+ * Shared by `testing/rpc_attack_surface.ts`, `testing/rpc_round_trip.ts`, and
  * consumer-facing admin/audit suites that exercise RPC methods directly.
  *
  * @module

package/dist/testing/ws_round_trip.js

@@ -203,7 +203,7 @@ const build_multi_role_request_context = (account_id, roles) => {
 /**
  * Stub `RequestContext` for single-role or public fakes. Hardcoded
  * ids (`acc_1` / `act_1`) mirror `create_test_request_context` in
- * `auth_apps.ts`.
+ * `testing/auth_apps.ts`.
  */
 const build_simple_request_context = (role) => ({
     account: create_test_account({ id: 'acc_1', username: 'testuser' }),

package/dist/ui/account_sessions_state.svelte.d.ts

@@ -1,7 +1,7 @@
 /**
  * Reactive state for managing the authenticated account's auth sessions on a
  * settings page. Reads and mutations flow through a narrow RPC adapter; the
- * REST routes that backed this class moved to `account_actions.ts` in the
+ * REST routes that backed this class moved to `auth/account_actions.ts` in the
  * 2026-04-23 RPC migration.
  *
  * @module
@@ -14,7 +14,7 @@ import type { AuthSessionJson } from '../auth/account_schema.js';
  * interfaces (`AdminAccountsRpc`, `AuditLogRpc`, `AdminInvitesRpc`).
  *
  * The three methods wrap the corresponding action specs on
- * `account_actions.ts`:
+ * `auth/account_actions.ts`:
  *
  * - `list` → `account_session_list`
  * - `revoke` → `account_session_revoke` (IDOR-guarded by `account_id` server-side)

package/dist/ui/account_sessions_state.svelte.js

@@ -1,7 +1,7 @@
 /**
  * Reactive state for managing the authenticated account's auth sessions on a
  * settings page. Reads and mutations flow through a narrow RPC adapter; the
- * REST routes that backed this class moved to `account_actions.ts` in the
+ * REST routes that backed this class moved to `auth/account_actions.ts` in the
  * 2026-04-23 RPC migration.
  *
  * @module

package/dist/ui/admin_rpc_adapters.d.ts

@@ -21,7 +21,7 @@
  * ```
  *
  * The throwing Proxy spreads the JSON-RPC `{code, message, data?}` onto
- * the thrown `Error` so form components (e.g. `PermitOfferForm.svelte`)
+ * the thrown `Error` so form components (e.g. `ui/PermitOfferForm.svelte`)
  * can match on `error.data?.reason` via `ERROR_OFFER_*` constants —
  * optional chaining is required because JSON-RPC `data` is spec-level
  * optional. Consumers that need a custom unwrap strategy can construct

package/dist/ui/admin_rpc_adapters.js

@@ -21,7 +21,7 @@
  * ```
  *
  * The throwing Proxy spreads the JSON-RPC `{code, message, data?}` onto
- * the thrown `Error` so form components (e.g. `PermitOfferForm.svelte`)
+ * the thrown `Error` so form components (e.g. `ui/PermitOfferForm.svelte`)
  * can match on `error.data?.reason` via `ERROR_OFFER_*` constants —
  * optional chaining is required because JSON-RPC `data` is spec-level
  * optional. Consumers that need a custom unwrap strategy can construct

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fuzdev/fuz_app",
-  "version": "0.49.0",
+  "version": "0.51.0",
   "description": "fullstack app library",
   "glyph": "🗝",
   "logo": "logo.svg",