@fuzdev/fuz_app 0.50.0 → 0.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (374) hide show
  1. package/dist/actions/CLAUDE.md +16 -3
  2. package/dist/actions/action_bridge.d.ts +3 -1
  3. package/dist/actions/action_bridge.d.ts.map +1 -1
  4. package/dist/actions/action_bridge.js +3 -1
  5. package/dist/actions/action_codegen.d.ts +44 -13
  6. package/dist/actions/action_codegen.d.ts.map +1 -1
  7. package/dist/actions/action_codegen.js +58 -20
  8. package/dist/actions/action_event.d.ts +44 -1
  9. package/dist/actions/action_event.d.ts.map +1 -1
  10. package/dist/actions/action_event.js +44 -1
  11. package/dist/actions/action_event_helpers.d.ts +26 -0
  12. package/dist/actions/action_event_helpers.d.ts.map +1 -1
  13. package/dist/actions/action_event_helpers.js +26 -1
  14. package/dist/actions/action_peer.d.ts +17 -0
  15. package/dist/actions/action_peer.d.ts.map +1 -1
  16. package/dist/actions/action_peer.js +8 -0
  17. package/dist/actions/action_registry.d.ts +2 -2
  18. package/dist/actions/action_registry.js +2 -2
  19. package/dist/actions/action_rpc.d.ts +4 -0
  20. package/dist/actions/action_rpc.d.ts.map +1 -1
  21. package/dist/actions/action_rpc.js +4 -0
  22. package/dist/actions/action_spec.d.ts +23 -3
  23. package/dist/actions/action_spec.d.ts.map +1 -1
  24. package/dist/actions/action_spec.js +17 -3
  25. package/dist/actions/action_types.d.ts +2 -2
  26. package/dist/actions/action_types.js +2 -2
  27. package/dist/actions/cancel.d.ts +2 -2
  28. package/dist/actions/cancel.js +2 -2
  29. package/dist/actions/heartbeat.d.ts +2 -2
  30. package/dist/actions/heartbeat.js +2 -2
  31. package/dist/actions/protocol.d.ts +1 -1
  32. package/dist/actions/protocol.js +1 -1
  33. package/dist/actions/register_action_ws.d.ts +4 -1
  34. package/dist/actions/register_action_ws.d.ts.map +1 -1
  35. package/dist/actions/register_action_ws.js +4 -1
  36. package/dist/actions/register_ws_endpoint.d.ts +3 -0
  37. package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
  38. package/dist/actions/register_ws_endpoint.js +3 -0
  39. package/dist/actions/request_tracker.svelte.d.ts +14 -1
  40. package/dist/actions/request_tracker.svelte.d.ts.map +1 -1
  41. package/dist/actions/request_tracker.svelte.js +14 -1
  42. package/dist/actions/socket.svelte.d.ts +35 -15
  43. package/dist/actions/socket.svelte.d.ts.map +1 -1
  44. package/dist/actions/socket.svelte.js +33 -13
  45. package/dist/actions/transports.d.ts +12 -3
  46. package/dist/actions/transports.d.ts.map +1 -1
  47. package/dist/actions/transports.js +16 -7
  48. package/dist/actions/transports_http.d.ts +7 -0
  49. package/dist/actions/transports_http.d.ts.map +1 -1
  50. package/dist/actions/transports_http.js +7 -0
  51. package/dist/actions/transports_ws.d.ts +13 -0
  52. package/dist/actions/transports_ws.d.ts.map +1 -1
  53. package/dist/actions/transports_ws.js +13 -0
  54. package/dist/actions/transports_ws_auth_guard.d.ts +6 -2
  55. package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
  56. package/dist/actions/transports_ws_auth_guard.js +6 -2
  57. package/dist/actions/transports_ws_backend.d.ts +14 -1
  58. package/dist/actions/transports_ws_backend.d.ts.map +1 -1
  59. package/dist/actions/transports_ws_backend.js +14 -1
  60. package/dist/auth/CLAUDE.md +40 -4
  61. package/dist/auth/account_queries.d.ts +10 -0
  62. package/dist/auth/account_queries.d.ts.map +1 -1
  63. package/dist/auth/account_queries.js +10 -0
  64. package/dist/auth/account_routes.d.ts +3 -3
  65. package/dist/auth/account_routes.js +3 -3
  66. package/dist/auth/account_schema.d.ts +1 -1
  67. package/dist/auth/account_schema.js +1 -1
  68. package/dist/auth/admin_actions.d.ts +1 -0
  69. package/dist/auth/admin_actions.d.ts.map +1 -1
  70. package/dist/auth/admin_actions.js +1 -0
  71. package/dist/auth/api_token.d.ts +1 -1
  72. package/dist/auth/api_token.js +1 -1
  73. package/dist/auth/api_token_queries.d.ts +7 -0
  74. package/dist/auth/api_token_queries.d.ts.map +1 -1
  75. package/dist/auth/api_token_queries.js +7 -0
  76. package/dist/auth/app_settings_queries.d.ts +4 -0
  77. package/dist/auth/app_settings_queries.d.ts.map +1 -1
  78. package/dist/auth/app_settings_queries.js +4 -0
  79. package/dist/auth/audit_log_queries.d.ts +6 -0
  80. package/dist/auth/audit_log_queries.d.ts.map +1 -1
  81. package/dist/auth/audit_log_queries.js +6 -0
  82. package/dist/auth/audit_log_routes.d.ts +1 -1
  83. package/dist/auth/audit_log_routes.js +1 -1
  84. package/dist/auth/audit_log_schema.d.ts +3 -1
  85. package/dist/auth/audit_log_schema.d.ts.map +1 -1
  86. package/dist/auth/audit_log_schema.js +134 -55
  87. package/dist/auth/bearer_auth.d.ts +2 -0
  88. package/dist/auth/bearer_auth.d.ts.map +1 -1
  89. package/dist/auth/bearer_auth.js +2 -0
  90. package/dist/auth/bootstrap_account.d.ts +3 -0
  91. package/dist/auth/bootstrap_account.d.ts.map +1 -1
  92. package/dist/auth/bootstrap_account.js +3 -0
  93. package/dist/auth/cleanup.d.ts +6 -0
  94. package/dist/auth/cleanup.d.ts.map +1 -1
  95. package/dist/auth/cleanup.js +6 -0
  96. package/dist/auth/daemon_token.d.ts +1 -1
  97. package/dist/auth/daemon_token.js +1 -1
  98. package/dist/auth/daemon_token_middleware.d.ts +5 -1
  99. package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
  100. package/dist/auth/daemon_token_middleware.js +5 -1
  101. package/dist/auth/ddl.d.ts +1 -1
  102. package/dist/auth/ddl.js +1 -1
  103. package/dist/auth/invite_queries.d.ts +4 -0
  104. package/dist/auth/invite_queries.d.ts.map +1 -1
  105. package/dist/auth/invite_queries.js +4 -0
  106. package/dist/auth/password.d.ts +1 -1
  107. package/dist/auth/password.js +1 -1
  108. package/dist/auth/permit_offer_action_specs.d.ts +5 -0
  109. package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
  110. package/dist/auth/permit_offer_action_specs.js +10 -0
  111. package/dist/auth/permit_offer_queries.d.ts +19 -0
  112. package/dist/auth/permit_offer_queries.d.ts.map +1 -1
  113. package/dist/auth/permit_offer_queries.js +19 -0
  114. package/dist/auth/permit_queries.d.ts +8 -0
  115. package/dist/auth/permit_queries.d.ts.map +1 -1
  116. package/dist/auth/permit_queries.js +8 -0
  117. package/dist/auth/request_context.d.ts +1 -0
  118. package/dist/auth/request_context.d.ts.map +1 -1
  119. package/dist/auth/request_context.js +1 -0
  120. package/dist/auth/role_schema.d.ts +2 -0
  121. package/dist/auth/role_schema.d.ts.map +1 -1
  122. package/dist/auth/role_schema.js +2 -0
  123. package/dist/auth/route_guards.d.ts +1 -1
  124. package/dist/auth/route_guards.js +1 -1
  125. package/dist/auth/self_service_role_action_specs.d.ts +1 -1
  126. package/dist/auth/self_service_role_action_specs.js +1 -1
  127. package/dist/auth/self_service_role_actions.d.ts +2 -1
  128. package/dist/auth/self_service_role_actions.d.ts.map +1 -1
  129. package/dist/auth/self_service_role_actions.js +2 -1
  130. package/dist/auth/session_lifecycle.d.ts +3 -0
  131. package/dist/auth/session_lifecycle.d.ts.map +1 -1
  132. package/dist/auth/session_lifecycle.js +3 -0
  133. package/dist/auth/session_middleware.d.ts +5 -0
  134. package/dist/auth/session_middleware.d.ts.map +1 -1
  135. package/dist/auth/session_middleware.js +5 -0
  136. package/dist/auth/session_queries.d.ts +10 -1
  137. package/dist/auth/session_queries.d.ts.map +1 -1
  138. package/dist/auth/session_queries.js +10 -1
  139. package/dist/auth/signup_routes.d.ts +1 -1
  140. package/dist/auth/signup_routes.js +1 -1
  141. package/dist/cli/config.d.ts +2 -0
  142. package/dist/cli/config.d.ts.map +1 -1
  143. package/dist/cli/config.js +2 -0
  144. package/dist/cli/daemon.d.ts +6 -1
  145. package/dist/cli/daemon.d.ts.map +1 -1
  146. package/dist/cli/daemon.js +6 -1
  147. package/dist/cli/util.d.ts +1 -1
  148. package/dist/cli/util.js +1 -1
  149. package/dist/db/assert_row.d.ts +2 -1
  150. package/dist/db/assert_row.d.ts.map +1 -1
  151. package/dist/db/assert_row.js +2 -1
  152. package/dist/db/create_db.d.ts +5 -2
  153. package/dist/db/create_db.d.ts.map +1 -1
  154. package/dist/db/create_db.js +5 -2
  155. package/dist/db/db.d.ts +22 -7
  156. package/dist/db/db.d.ts.map +1 -1
  157. package/dist/db/db.js +21 -6
  158. package/dist/db/db_pg.d.ts +2 -1
  159. package/dist/db/db_pg.d.ts.map +1 -1
  160. package/dist/db/db_pg.js +5 -3
  161. package/dist/db/db_pglite.d.ts +3 -2
  162. package/dist/db/db_pglite.d.ts.map +1 -1
  163. package/dist/db/db_pglite.js +3 -2
  164. package/dist/db/migrate.d.ts +8 -4
  165. package/dist/db/migrate.d.ts.map +1 -1
  166. package/dist/db/migrate.js +6 -2
  167. package/dist/db/sql_identifier.d.ts +2 -1
  168. package/dist/db/sql_identifier.d.ts.map +1 -1
  169. package/dist/db/sql_identifier.js +2 -1
  170. package/dist/db/status.d.ts +4 -1
  171. package/dist/db/status.d.ts.map +1 -1
  172. package/dist/db/status.js +5 -2
  173. package/dist/dev/setup.d.ts +18 -2
  174. package/dist/dev/setup.d.ts.map +1 -1
  175. package/dist/dev/setup.js +18 -2
  176. package/dist/env/dotenv.d.ts +2 -1
  177. package/dist/env/dotenv.d.ts.map +1 -1
  178. package/dist/env/dotenv.js +2 -1
  179. package/dist/env/load.d.ts +1 -1
  180. package/dist/env/load.js +1 -1
  181. package/dist/env/resolve.d.ts +1 -1
  182. package/dist/env/resolve.js +1 -1
  183. package/dist/env/update_env_variable.d.ts +2 -0
  184. package/dist/env/update_env_variable.d.ts.map +1 -1
  185. package/dist/env/update_env_variable.js +2 -0
  186. package/dist/hono_context.d.ts +1 -1
  187. package/dist/hono_context.js +1 -1
  188. package/dist/http/jsonrpc_errors.d.ts +2 -2
  189. package/dist/http/jsonrpc_errors.js +2 -2
  190. package/dist/http/jsonrpc_helpers.d.ts +2 -2
  191. package/dist/http/jsonrpc_helpers.js +2 -2
  192. package/dist/http/middleware_spec.d.ts +1 -1
  193. package/dist/http/middleware_spec.js +1 -1
  194. package/dist/http/origin.d.ts +1 -1
  195. package/dist/http/origin.js +1 -1
  196. package/dist/http/pending_effects.d.ts +4 -0
  197. package/dist/http/pending_effects.d.ts.map +1 -1
  198. package/dist/http/pending_effects.js +4 -0
  199. package/dist/http/proxy.d.ts +3 -0
  200. package/dist/http/proxy.d.ts.map +1 -1
  201. package/dist/http/proxy.js +3 -0
  202. package/dist/http/route_spec.d.ts +1 -0
  203. package/dist/http/route_spec.d.ts.map +1 -1
  204. package/dist/http/route_spec.js +7 -0
  205. package/dist/http/schema_helpers.d.ts +1 -1
  206. package/dist/http/schema_helpers.js +1 -1
  207. package/dist/http/surface.d.ts +1 -1
  208. package/dist/http/surface.js +1 -1
  209. package/dist/rate_limiter.d.ts +14 -1
  210. package/dist/rate_limiter.d.ts.map +1 -1
  211. package/dist/rate_limiter.js +14 -1
  212. package/dist/realtime/sse.d.ts +7 -1
  213. package/dist/realtime/sse.d.ts.map +1 -1
  214. package/dist/realtime/sse.js +3 -1
  215. package/dist/realtime/sse_auth_guard.d.ts +21 -21
  216. package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
  217. package/dist/realtime/sse_auth_guard.js +24 -24
  218. package/dist/realtime/subscriber_registry.d.ts +4 -2
  219. package/dist/realtime/subscriber_registry.d.ts.map +1 -1
  220. package/dist/realtime/subscriber_registry.js +4 -2
  221. package/dist/runtime/deno.d.ts +1 -1
  222. package/dist/runtime/deno.js +1 -1
  223. package/dist/runtime/fs.d.ts +5 -0
  224. package/dist/runtime/fs.d.ts.map +1 -1
  225. package/dist/runtime/fs.js +5 -0
  226. package/dist/runtime/mock.d.ts +6 -0
  227. package/dist/runtime/mock.d.ts.map +1 -1
  228. package/dist/runtime/mock.js +6 -0
  229. package/dist/runtime/node.d.ts +1 -1
  230. package/dist/runtime/node.js +1 -1
  231. package/dist/server/app_backend.d.ts +1 -0
  232. package/dist/server/app_backend.d.ts.map +1 -1
  233. package/dist/server/app_backend.js +1 -0
  234. package/dist/server/app_server.d.ts +4 -0
  235. package/dist/server/app_server.d.ts.map +1 -1
  236. package/dist/server/app_server.js +4 -0
  237. package/dist/server/validate_nginx.d.ts +3 -0
  238. package/dist/server/validate_nginx.d.ts.map +1 -1
  239. package/dist/testing/admin_integration.d.ts +5 -0
  240. package/dist/testing/admin_integration.d.ts.map +1 -1
  241. package/dist/testing/admin_integration.js +5 -0
  242. package/dist/testing/adversarial_headers.d.ts +5 -3
  243. package/dist/testing/adversarial_headers.d.ts.map +1 -1
  244. package/dist/testing/adversarial_headers.js +5 -3
  245. package/dist/testing/adversarial_input.d.ts +4 -0
  246. package/dist/testing/adversarial_input.d.ts.map +1 -1
  247. package/dist/testing/adversarial_input.js +4 -0
  248. package/dist/testing/app_server.d.ts +3 -0
  249. package/dist/testing/app_server.d.ts.map +1 -1
  250. package/dist/testing/app_server.js +11 -0
  251. package/dist/testing/assertions.d.ts +23 -7
  252. package/dist/testing/assertions.d.ts.map +1 -1
  253. package/dist/testing/assertions.js +23 -7
  254. package/dist/testing/audit_completeness.d.ts +4 -0
  255. package/dist/testing/audit_completeness.d.ts.map +1 -1
  256. package/dist/testing/audit_completeness.js +4 -0
  257. package/dist/testing/auth_apps.d.ts +3 -0
  258. package/dist/testing/auth_apps.d.ts.map +1 -1
  259. package/dist/testing/auth_apps.js +3 -0
  260. package/dist/testing/db.d.ts +9 -1
  261. package/dist/testing/db.d.ts.map +1 -1
  262. package/dist/testing/db.js +9 -1
  263. package/dist/testing/error_coverage.d.ts +9 -0
  264. package/dist/testing/error_coverage.d.ts.map +1 -1
  265. package/dist/testing/error_coverage.js +9 -0
  266. package/dist/testing/integration.d.ts +4 -0
  267. package/dist/testing/integration.d.ts.map +1 -1
  268. package/dist/testing/integration.js +4 -0
  269. package/dist/testing/integration_helpers.d.ts +10 -4
  270. package/dist/testing/integration_helpers.d.ts.map +1 -1
  271. package/dist/testing/integration_helpers.js +10 -4
  272. package/dist/testing/middleware.d.ts +5 -0
  273. package/dist/testing/middleware.d.ts.map +1 -1
  274. package/dist/testing/middleware.js +5 -0
  275. package/dist/testing/rate_limiting.d.ts +3 -0
  276. package/dist/testing/rate_limiting.d.ts.map +1 -1
  277. package/dist/testing/rate_limiting.js +3 -0
  278. package/dist/testing/rpc_attack_surface.js +1 -1
  279. package/dist/testing/rpc_helpers.d.ts +21 -8
  280. package/dist/testing/rpc_helpers.d.ts.map +1 -1
  281. package/dist/testing/rpc_helpers.js +22 -9
  282. package/dist/testing/schema_generators.d.ts +7 -2
  283. package/dist/testing/schema_generators.d.ts.map +1 -1
  284. package/dist/testing/schema_generators.js +7 -2
  285. package/dist/testing/sse_round_trip.d.ts +3 -0
  286. package/dist/testing/sse_round_trip.d.ts.map +1 -1
  287. package/dist/testing/sse_round_trip.js +3 -0
  288. package/dist/testing/stubs.d.ts +7 -0
  289. package/dist/testing/stubs.d.ts.map +1 -1
  290. package/dist/testing/stubs.js +7 -0
  291. package/dist/testing/surface_invariants.d.ts +14 -0
  292. package/dist/testing/surface_invariants.d.ts.map +1 -1
  293. package/dist/testing/surface_invariants.js +14 -0
  294. package/dist/testing/ws_round_trip.d.ts +13 -1
  295. package/dist/testing/ws_round_trip.d.ts.map +1 -1
  296. package/dist/testing/ws_round_trip.js +1 -1
  297. package/dist/ui/AccountSessions.svelte +9 -0
  298. package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
  299. package/dist/ui/AdminAccounts.svelte +10 -0
  300. package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
  301. package/dist/ui/AdminAuditLog.svelte +10 -0
  302. package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
  303. package/dist/ui/AdminInvites.svelte +9 -0
  304. package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
  305. package/dist/ui/AdminOverview.svelte +10 -0
  306. package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
  307. package/dist/ui/AdminPermitHistory.svelte +9 -0
  308. package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
  309. package/dist/ui/AdminSessions.svelte +10 -0
  310. package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
  311. package/dist/ui/AdminSettings.svelte +9 -0
  312. package/dist/ui/AdminSettings.svelte.d.ts.map +1 -1
  313. package/dist/ui/AdminSurface.svelte +9 -0
  314. package/dist/ui/AdminSurface.svelte.d.ts.map +1 -1
  315. package/dist/ui/AppShell.svelte +24 -0
  316. package/dist/ui/AppShell.svelte.d.ts +23 -0
  317. package/dist/ui/AppShell.svelte.d.ts.map +1 -1
  318. package/dist/ui/BootstrapForm.svelte +17 -0
  319. package/dist/ui/BootstrapForm.svelte.d.ts +4 -0
  320. package/dist/ui/BootstrapForm.svelte.d.ts.map +1 -1
  321. package/dist/ui/ColumnLayout.svelte +11 -0
  322. package/dist/ui/ColumnLayout.svelte.d.ts +10 -0
  323. package/dist/ui/ColumnLayout.svelte.d.ts.map +1 -1
  324. package/dist/ui/Datatable.svelte +18 -0
  325. package/dist/ui/Datatable.svelte.d.ts +17 -0
  326. package/dist/ui/Datatable.svelte.d.ts.map +1 -1
  327. package/dist/ui/LoginForm.svelte +18 -0
  328. package/dist/ui/LoginForm.svelte.d.ts +9 -0
  329. package/dist/ui/LoginForm.svelte.d.ts.map +1 -1
  330. package/dist/ui/LogoutButton.svelte +9 -0
  331. package/dist/ui/LogoutButton.svelte.d.ts +8 -0
  332. package/dist/ui/LogoutButton.svelte.d.ts.map +1 -1
  333. package/dist/ui/MenuLink.svelte +10 -0
  334. package/dist/ui/MenuLink.svelte.d.ts +9 -0
  335. package/dist/ui/MenuLink.svelte.d.ts.map +1 -1
  336. package/dist/ui/OpenSignupToggle.svelte +9 -0
  337. package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
  338. package/dist/ui/SignupForm.svelte +16 -0
  339. package/dist/ui/SignupForm.svelte.d.ts +4 -0
  340. package/dist/ui/SignupForm.svelte.d.ts.map +1 -1
  341. package/dist/ui/SurfaceExplorer.svelte +9 -0
  342. package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
  343. package/dist/ui/account_sessions_state.svelte.d.ts +2 -2
  344. package/dist/ui/account_sessions_state.svelte.js +1 -1
  345. package/dist/ui/admin_rpc_adapters.d.ts +1 -1
  346. package/dist/ui/admin_rpc_adapters.js +1 -1
  347. package/dist/ui/audit_log_state.svelte.d.ts +6 -1
  348. package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
  349. package/dist/ui/audit_log_state.svelte.js +6 -1
  350. package/dist/ui/auth_state.svelte.d.ts +16 -4
  351. package/dist/ui/auth_state.svelte.d.ts.map +1 -1
  352. package/dist/ui/auth_state.svelte.js +16 -4
  353. package/dist/ui/form_state.svelte.d.ts +9 -0
  354. package/dist/ui/form_state.svelte.d.ts.map +1 -1
  355. package/dist/ui/form_state.svelte.js +9 -0
  356. package/dist/ui/loadable.svelte.d.ts +6 -1
  357. package/dist/ui/loadable.svelte.d.ts.map +1 -1
  358. package/dist/ui/loadable.svelte.js +6 -1
  359. package/dist/ui/permit_offers_state.svelte.d.ts +2 -0
  360. package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -1
  361. package/dist/ui/permit_offers_state.svelte.js +2 -0
  362. package/dist/ui/popover.svelte.d.ts +17 -4
  363. package/dist/ui/popover.svelte.d.ts.map +1 -1
  364. package/dist/ui/popover.svelte.js +17 -4
  365. package/dist/ui/position_helpers.d.ts +1 -0
  366. package/dist/ui/position_helpers.d.ts.map +1 -1
  367. package/dist/ui/position_helpers.js +1 -0
  368. package/dist/ui/sidebar_state.svelte.d.ts +22 -9
  369. package/dist/ui/sidebar_state.svelte.d.ts.map +1 -1
  370. package/dist/ui/sidebar_state.svelte.js +17 -2
  371. package/dist/ui/table_state.svelte.d.ts +14 -0
  372. package/dist/ui/table_state.svelte.d.ts.map +1 -1
  373. package/dist/ui/table_state.svelte.js +14 -0
  374. package/package.json +1 -1
package/dist/rate_limiter.js CHANGED
@@ -71,8 +71,13 @@ export class RateLimiter {
71
71
  /**
72
72
  * Check whether `key` is allowed without recording an attempt.
73
73
  *
74
+ * Prunes timestamps that fell outside the window as a side effect (and
75
+ * removes the key entirely when none remain), so the backing map stays
76
+ * bounded even under read-only traffic.
77
+ *
74
78
  * @param key - rate limit key (e.g. IP address)
75
79
  * @param now - current timestamp in ms (defaults to `Date.now()`)
80
+ * @mutates internal map - prunes expired timestamps for `key`
76
81
  */
77
82
  check(key, now = Date.now()) {
78
83
  const { max_attempts, window_ms } = this.options;
@@ -102,6 +107,7 @@ export class RateLimiter {
102
107
  *
103
108
  * @param key - rate limit key (e.g. IP address)
104
109
  * @param now - current timestamp in ms (defaults to `Date.now()`)
110
+ * @mutates internal map - appends `now` to the timestamp list for `key` (after pruning expired entries)
105
111
  */
106
112
  record(key, now = Date.now()) {
107
113
  const { max_attempts, window_ms } = this.options;
@@ -128,6 +134,8 @@ export class RateLimiter {
128
134
  }
129
135
  /**
130
136
  * Clear all attempts for `key` (e.g. after successful login).
137
+ *
138
+ * @mutates internal map - removes the entry for `key`
131
139
  */
132
140
  reset(key) {
133
141
  this.#attempts.delete(key);
@@ -136,6 +144,7 @@ export class RateLimiter {
136
144
  * Remove entries whose timestamps are all outside the window.
137
145
  *
138
146
  * @param now - current timestamp in ms (defaults to `Date.now()`)
147
+ * @mutates internal map - prunes expired timestamps and deletes empty keys
139
148
  */
140
149
  cleanup(now = Date.now()) {
141
150
  const cutoff = now - this.options.window_ms;
@@ -153,7 +162,11 @@ export class RateLimiter {
153
162
  }
154
163
  }
155
164
  }
156
- /** Stop the cleanup timer. Safe to call multiple times. */
165
+ /**
166
+ * Stop the cleanup timer. Safe to call multiple times.
167
+ *
168
+ * @mutates timer - clears the cleanup `setInterval` and nulls the handle
169
+ */
157
170
  dispose() {
158
171
  if (this.#cleanup_timer !== null) {
159
172
  clearInterval(this.#cleanup_timer);
package/dist/realtime/sse.d.ts CHANGED
@@ -47,7 +47,8 @@ export interface SseNotification {
47
47
  * Hono's HTML callback resolution — keeps the same `data: JSON\n\n` format.
48
48
  *
49
49
  * @param c - Hono context
50
- * @returns object with response and stream controller
50
+ * @param log - logger for serialization and `on_close` listener errors
51
+ * @returns object with the streaming `Response` and an `SseStream` controller
51
52
  */
52
53
  export declare const create_sse_response: <T = unknown>(c: Context, log: Logger) => {
53
54
  response: Response;
@@ -57,9 +58,13 @@ export declare const create_sse_response: <T = unknown>(c: Context, log: Logger)
57
58
  export declare const SSE_CONNECTED_COMMENT = ": connected\n\n";
58
59
  /** Spec for a push event — declares params schema, description, and channel. */
59
60
  export interface EventSpec {
61
+ /** Event method name, used as the JSON-RPC notification `method`. */
60
62
  method: string;
63
+ /** Zod schema for the notification `params` payload. */
61
64
  params: z.ZodType;
65
+ /** Human-readable description for surface output and docs. */
62
66
  description: string;
67
+ /** Channel this event broadcasts on. Omit for cross-channel events. */
63
68
  channel?: string;
64
69
  }
65
70
  /**
@@ -70,6 +75,7 @@ export interface EventSpec {
70
75
  *
71
76
  * @param broadcaster - duck-typed broadcaster (e.g. `SubscriberRegistry`)
72
77
  * @param event_specs - event specs to validate against
78
+ * @param log - logger used to emit DEV warnings on unknown methods or param mismatches
73
79
  * @returns validated broadcaster wrapper (passthrough in production)
74
80
  */
75
81
  export declare const create_validated_broadcaster: <T extends SseNotification>(broadcaster: {
package/dist/realtime/sse.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sse.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/sse.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD;;;;GAIG;AACH,MAAM,WAAW,SAAS,CAAC,CAAC,GAAG,OAAO;IACrC,mDAAmD;IACnD,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAC;IACxB,6CAA6C;IAC7C,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,wBAAwB;IACxB,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,+FAA+F;IAC/F,QAAQ,EAAE,CAAC,EAAE,EAAE,MAAM,IAAI,KAAK,IAAI,CAAC;CACnC;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC/B,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;CAChB;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,mBAAmB,GAAI,CAAC,GAAG,OAAO,EAC9C,GAAG,OAAO,EACV,KAAK,MAAM,KACT;IAAC,QAAQ,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAA;CAiD3C,CAAC;AAEF,kGAAkG;AAClG,eAAO,MAAM,qBAAqB,oBAAoB,CAAC;AAEvD,gFAAgF;AAChF,MAAM,WAAW,SAAS;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GAAI,CAAC,SAAS,eAAe,EACrE,aAAa;IAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;CAAC,EAC5D,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,KAAK,MAAM,KACT;IAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;CAmBhD,CAAC"}
1
+ {"version":3,"file":"sse.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/sse.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD;;;;GAIG;AACH,MAAM,WAAW,SAAS,CAAC,CAAC,GAAG,OAAO;IACrC,mDAAmD;IACnD,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAC;IACxB,6CAA6C;IAC7C,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,wBAAwB;IACxB,KAAK,EAAE,MAAM,IAAI,CAAC;IAClB,+FAA+F;IAC/F,QAAQ,EAAE,CAAC,EAAE,EAAE,MAAM,IAAI,KAAK,IAAI,CAAC;CACnC;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC/B,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;CAChB;AAED;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,mBAAmB,GAAI,CAAC,GAAG,OAAO,EAC9C,GAAG,OAAO,EACV,KAAK,MAAM,KACT;IAAC,QAAQ,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAA;CAiD3C,CAAC;AAEF,kGAAkG;AAClG,eAAO,MAAM,qBAAqB,oBAAoB,CAAC;AAEvD,gFAAgF;AAChF,MAAM,WAAW,SAAS;IACzB,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC;IAClB,8DAA8D;IAC9D,WAAW,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GAAI,CAAC,SAAS,eAAe,EACrE,aAAa;IAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;CAAC,EAC5D,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,KAAK,MAAM,KACT;IAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;CAmBhD,CAAC"}
package/dist/realtime/sse.js CHANGED
@@ -21,7 +21,8 @@ import { DEV } from 'esm-env';
21
21
  * Hono's HTML callback resolution — keeps the same `data: JSON\n\n` format.
22
22
  *
23
23
  * @param c - Hono context
24
- * @returns object with response and stream controller
24
+ * @param log - logger for serialization and `on_close` listener errors
25
+ * @returns object with the streaming `Response` and an `SseStream` controller
25
26
  */
26
27
  export const create_sse_response = (c, log) => {
27
28
  const { promise, resolve } = Promise.withResolvers();
@@ -84,6 +85,7 @@ export const SSE_CONNECTED_COMMENT = `: connected\n\n`;
84
85
  *
85
86
  * @param broadcaster - duck-typed broadcaster (e.g. `SubscriberRegistry`)
86
87
  * @param event_specs - event specs to validate against
88
+ * @param log - logger used to emit DEV warnings on unknown methods or param mismatches
87
89
  * @returns validated broadcaster wrapper (passthrough in production)
88
90
  */
89
91
  export const create_validated_broadcaster = (broadcaster, event_specs, log) => {
package/dist/realtime/sse_auth_guard.d.ts CHANGED
@@ -63,6 +63,24 @@ export interface AuditLogSse {
63
63
  /** The underlying registry — exposed for subscriber count monitoring. */
64
64
  registry: SubscriberRegistry<SseNotification>;
65
65
  }
66
+ /**
67
+ * SSE event specs for audit log events.
68
+ *
69
+ * One spec per `AUDIT_EVENT_TYPES` entry, all sharing the `AuditLogEventJson` params schema.
70
+ * Pass to `create_app_server`'s `event_specs` for surface generation and DEV validation.
71
+ */
72
+ export declare const AUDIT_LOG_EVENT_SPECS: Array<EventSpec>;
73
+ /**
74
+ * Default max concurrent SSE subscribers per session scope for the audit log.
75
+ *
76
+ * The audit log SSE subscribes with `scope = session_hash` and
77
+ * `groups = [account_id]`. Only `scope` is capped — so this limits tabs
78
+ * per session. An account's total streams across all sessions is bounded
79
+ * transitively by `max_sessions × AUDIT_LOG_SSE_MAX_PER_SCOPE`. 10 tabs
80
+ * per session is a comfortable ceiling for normal use; consumers raising
81
+ * it above ~50 should consider server-side connection limits.
82
+ */
83
+ export declare const AUDIT_LOG_SSE_MAX_PER_SCOPE = 10;
66
84
  /**
67
85
  * Create a complete audit log SSE setup with broadcasting and auth guard.
68
86
  *
@@ -70,6 +88,9 @@ export interface AuditLogSse {
70
88
  * call into a single object. The result satisfies `AuditLogRouteOptions['stream']`
71
89
  * and provides the `on_audit_event` callback for `CreateAppBackendOptions`.
72
90
  *
91
+ * @param options - factory options
92
+ * @returns audit log SSE setup (stream options + `on_audit_event` + registry)
93
+ *
73
94
  * @example
74
95
  * ```ts
75
96
  * const audit_sse = create_audit_log_sse({log});
@@ -83,28 +104,7 @@ export interface AuditLogSse {
83
104
  * // In create_app_server options:
84
105
  * event_specs: AUDIT_LOG_EVENT_SPECS,
85
106
  * ```
86
- *
87
- * @param options - factory options
88
- * @returns audit log SSE setup (stream options + on_audit_event + registry)
89
- */
90
- /**
91
- * SSE event specs for audit log events.
92
- *
93
- * One spec per `AUDIT_EVENT_TYPES` entry, all sharing the `AuditLogEventJson` params schema.
94
- * Pass to `create_app_server`'s `event_specs` for surface generation and DEV validation.
95
- */
96
- export declare const AUDIT_LOG_EVENT_SPECS: Array<EventSpec>;
97
- /**
98
- * Default max concurrent SSE subscribers per session scope for the audit log.
99
- *
100
- * The audit log SSE subscribes with `scope = session_hash` and
101
- * `groups = [account_id]`. Only `scope` is capped — so this limits tabs
102
- * per session. An account's total streams across all sessions is bounded
103
- * transitively by `max_sessions × AUDIT_LOG_SSE_MAX_PER_SCOPE`. 10 tabs
104
- * per session is a comfortable ceiling for normal use; consumers raising
105
- * it above ~50 should consider server-side connection limits.
106
107
  */
107
- export declare const AUDIT_LOG_SSE_MAX_PER_SCOPE = 10;
108
108
  export declare const create_audit_log_sse: (options: {
109
109
  /** Role required to access the SSE endpoint. Default `'admin'`. */
110
110
  role?: string;
package/dist/realtime/sse_auth_guard.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sse_auth_guard.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/sse_auth_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAGN,KAAK,aAAa,EAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAC,kBAAkB,EAAE,KAAK,gBAAgB,EAAC,MAAM,0BAA0B,CAAC;AACnF,OAAO,KAAK,EAAC,SAAS,EAAE,eAAe,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEpE,2DAA2D;AAC3D,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,MAAM,CAKrD,CAAC;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,qBAAqB,GAAI,CAAC,EACtC,UAAU,kBAAkB,CAAC,CAAC,CAAC,EAC/B,eAAe,MAAM,GAAG,IAAI,EAC5B,KAAK,MAAM,KACT,CAAC,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CA6CjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,8FAA8F;IAC9F,SAAS,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,KAAK,MAAM,IAAI,CAAC;IAC1F,kFAAkF;IAClF,GAAG,EAAE,MAAM,CAAC;IACZ,kGAAkG;IAClG,cAAc,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAC/C,yEAAyE;IACzE,QAAQ,EAAE,kBAAkB,CAAC,eAAe,CAAC,CAAC;CAC9C;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,EAAE,KAAK,CAAC,SAAS,CAOlD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAE9C,eAAO,MAAM,oBAAoB,GAAI,SAAS;IAC7C,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,KAAG,WAgBH,CAAC"}
1
+ {"version":3,"file":"sse_auth_guard.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/sse_auth_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAGN,KAAK,aAAa,EAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAC,kBAAkB,EAAE,KAAK,gBAAgB,EAAC,MAAM,0BAA0B,CAAC;AACnF,OAAO,KAAK,EAAC,SAAS,EAAE,eAAe,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEpE,2DAA2D;AAC3D,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,MAAM,CAKrD,CAAC;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,qBAAqB,GAAI,CAAC,EACtC,UAAU,kBAAkB,CAAC,CAAC,CAAC,EAC/B,eAAe,MAAM,GAAG,IAAI,EAC5B,KAAK,MAAM,KACT,CAAC,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CA6CjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,8FAA8F;IAC9F,SAAS,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,KAAK,MAAM,IAAI,CAAC;IAC1F,kFAAkF;IAClF,GAAG,EAAE,MAAM,CAAC;IACZ,kGAAkG;IAClG,cAAc,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAC/C,yEAAyE;IACzE,QAAQ,EAAE,kBAAkB,CAAC,eAAe,CAAC,CAAC;CAC9C;AAED;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,EAAE,KAAK,CAAC,SAAS,CAOlD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,oBAAoB,GAAI,SAAS;IAC7C,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,KAAG,WAgBH,CAAC"}
package/dist/realtime/sse_auth_guard.js CHANGED
@@ -92,30 +92,6 @@ export const create_sse_auth_guard = (registry, required_role, log) => {
92
92
  }
93
93
  };
94
94
  };
95
- /**
96
- * Create a complete audit log SSE setup with broadcasting and auth guard.
97
- *
98
- * Combines `SubscriberRegistry`, `create_sse_auth_guard`, and the broadcast
99
- * call into a single object. The result satisfies `AuditLogRouteOptions['stream']`
100
- * and provides the `on_audit_event` callback for `CreateAppBackendOptions`.
101
- *
102
- * @example
103
- * ```ts
104
- * const audit_sse = create_audit_log_sse({log});
105
- *
106
- * // In create_app_backend options:
107
- * on_audit_event: audit_sse.on_audit_event,
108
- *
109
- * // In create_route_specs:
110
- * create_audit_log_route_specs({stream: audit_sse});
111
- *
112
- * // In create_app_server options:
113
- * event_specs: AUDIT_LOG_EVENT_SPECS,
114
- * ```
115
- *
116
- * @param options - factory options
117
- * @returns audit log SSE setup (stream options + on_audit_event + registry)
118
- */
119
95
  /**
120
96
  * SSE event specs for audit log events.
121
97
  *
@@ -139,6 +115,30 @@ export const AUDIT_LOG_EVENT_SPECS = AUDIT_EVENT_TYPES.map((event_type) => ({
139
115
  * it above ~50 should consider server-side connection limits.
140
116
  */
141
117
  export const AUDIT_LOG_SSE_MAX_PER_SCOPE = 10;
118
+ /**
119
+ * Create a complete audit log SSE setup with broadcasting and auth guard.
120
+ *
121
+ * Combines `SubscriberRegistry`, `create_sse_auth_guard`, and the broadcast
122
+ * call into a single object. The result satisfies `AuditLogRouteOptions['stream']`
123
+ * and provides the `on_audit_event` callback for `CreateAppBackendOptions`.
124
+ *
125
+ * @param options - factory options
126
+ * @returns audit log SSE setup (stream options + `on_audit_event` + registry)
127
+ *
128
+ * @example
129
+ * ```ts
130
+ * const audit_sse = create_audit_log_sse({log});
131
+ *
132
+ * // In create_app_backend options:
133
+ * on_audit_event: audit_sse.on_audit_event,
134
+ *
135
+ * // In create_route_specs:
136
+ * create_audit_log_route_specs({stream: audit_sse});
137
+ *
138
+ * // In create_app_server options:
139
+ * event_specs: AUDIT_LOG_EVENT_SPECS,
140
+ * ```
141
+ */
142
142
  export const create_audit_log_sse = (options) => {
143
143
  const role = options.role ?? 'admin';
144
144
  const max_per_scope = options.max_per_scope === undefined ? AUDIT_LOG_SSE_MAX_PER_SCOPE : options.max_per_scope;
package/dist/realtime/subscriber_registry.d.ts CHANGED
@@ -101,8 +101,9 @@ export declare class SubscriberRegistry<T> {
101
101
  * Add a subscriber.
102
102
  *
103
103
  * @param stream - SSE stream to send data to
104
- * @param options - channel filter and identity slots (scope + groups)
104
+ * @param options - channel filter and identity slots (`scope` + `groups`)
105
105
  * @returns unsubscribe function
106
+ * @mutates registry - adds the new subscriber; closes oldest matching subscribers when `max_per_scope` is exceeded
106
107
  */
107
108
  subscribe(stream: SseStream<T>, options?: SubscribeOptions): () => void;
108
109
  /**
@@ -122,8 +123,9 @@ export declare class SubscriberRegistry<T> {
122
123
  * Use for auth revocation — when a user's permissions change, close their
123
124
  * SSE connections so they must reconnect and re-authenticate.
124
125
  *
125
- * @param identity - the identity key to match (checked against scope and groups)
126
+ * @param identity - the identity key to match (checked against `scope` and `groups`)
126
127
  * @returns the number of subscribers closed
128
+ * @mutates registry - removes matching subscribers and closes their streams
127
129
  */
128
130
  close_by_identity(identity: string): number;
129
131
  }
package/dist/realtime/subscriber_registry.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"subscriber_registry.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/subscriber_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,UAAU,CAAC,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACrB,sEAAsE;IACtE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IAC7B,mDAAmD;IACnD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,qEAAqE;IACrE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;CAC3B;AAED,wCAAwC;AACxC,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,kDAAkD;AAClD,MAAM,WAAW,gBAAgB;IAChC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,kBAAkB,CAAC,CAAC;;gBAIpB,OAAO,CAAC,EAAE,yBAAyB;IAI/C,oCAAoC;IACpC,IAAI,KAAK,IAAI,MAAM,CAElB;IAED;;;;;;OAMG;IACH,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,MAAM,IAAI;IAmBvE;;;;;;;;OAQG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI;IAQzC;;;;;;;;;OASG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAiC3C"}
1
+ {"version":3,"file":"subscriber_registry.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/subscriber_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,UAAU,CAAC,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACrB,sEAAsE;IACtE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IAC7B,mDAAmD;IACnD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,qEAAqE;IACrE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;CAC3B;AAED,wCAAwC;AACxC,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,kDAAkD;AAClD,MAAM,WAAW,gBAAgB;IAChC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,kBAAkB,CAAC,CAAC;;gBAIpB,OAAO,CAAC,EAAE,yBAAyB;IAI/C,oCAAoC;IACpC,IAAI,KAAK,IAAI,MAAM,CAElB;IAED;;;;;;;OAOG;IACH,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,MAAM,IAAI;IAmBvE;;;;;;;;OAQG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI;IAQzC;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAiC3C"}
package/dist/realtime/subscriber_registry.js CHANGED
@@ -71,8 +71,9 @@ export class SubscriberRegistry {
71
71
  * Add a subscriber.
72
72
  *
73
73
  * @param stream - SSE stream to send data to
74
- * @param options - channel filter and identity slots (scope + groups)
74
+ * @param options - channel filter and identity slots (`scope` + `groups`)
75
75
  * @returns unsubscribe function
76
+ * @mutates registry - adds the new subscriber; closes oldest matching subscribers when `max_per_scope` is exceeded
76
77
  */
77
78
  subscribe(stream, options) {
78
79
  const channels = options?.channels && options.channels.length > 0 ? new Set(options.channels) : null;
@@ -112,8 +113,9 @@ export class SubscriberRegistry {
112
113
  * Use for auth revocation — when a user's permissions change, close their
113
114
  * SSE connections so they must reconnect and re-authenticate.
114
115
  *
115
- * @param identity - the identity key to match (checked against scope and groups)
116
+ * @param identity - the identity key to match (checked against `scope` and `groups`)
116
117
  * @returns the number of subscribers closed
118
+ * @mutates registry - removes matching subscribers and closes their streams
117
119
  */
118
120
  close_by_identity(identity) {
119
121
  // collect first, then close — avoids mutating the Set during iteration
package/dist/runtime/deno.d.ts CHANGED
@@ -11,7 +11,7 @@ import type { RuntimeDeps } from './deps.js';
11
11
  /**
12
12
  * Create a runtime backed by Deno APIs.
13
13
  *
14
- * Returns an object satisfying all `*Deps` interfaces from `deps.ts`.
14
+ * Returns an object satisfying all `*Deps` interfaces from `runtime/deps.ts`.
15
15
  * Pass to shared functions that accept `EnvDeps`, `FsReadDeps`, etc.
16
16
  *
17
17
  * @param args - CLI arguments (typically `Deno.args`)
package/dist/runtime/deno.js CHANGED
@@ -10,7 +10,7 @@
10
10
  /**
11
11
  * Create a runtime backed by Deno APIs.
12
12
  *
13
- * Returns an object satisfying all `*Deps` interfaces from `deps.ts`.
13
+ * Returns an object satisfying all `*Deps` interfaces from `runtime/deps.ts`.
14
14
  * Pass to shared functions that accept `EnvDeps`, `FsReadDeps`, etc.
15
15
  *
16
16
  * @param args - CLI arguments (typically `Deno.args`)
package/dist/runtime/fs.d.ts CHANGED
@@ -7,9 +7,14 @@ import type { FsWriteDeps } from './deps.js';
7
7
  /**
8
8
  * Write a file atomically via temp file + rename.
9
9
  *
10
+ * Writes to `<path>.tmp` then renames over `path` so readers either see the
11
+ * old contents or the full new contents — never a partial write.
12
+ *
10
13
  * @param deps - deps with file write capabilities
11
14
  * @param path - destination file path
12
15
  * @param content - file contents to write
16
+ * @mutates filesystem - creates `<path>.tmp` then renames it to `path`
17
+ * @throws if `write_text_file` or `rename` rejects (permissions, disk full, cross-device rename, etc.)
13
18
  */
14
19
  export declare const write_file_atomic: (deps: Pick<FsWriteDeps, "write_text_file" | "rename">, path: string, content: string) => Promise<void>;
15
20
  //# sourceMappingURL=fs.d.ts.map
package/dist/runtime/fs.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/fs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,WAAW,CAAC;AAE3C;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,QAAQ,CAAC,EACrD,MAAM,MAAM,EACZ,SAAS,MAAM,KACb,OAAO,CAAC,IAAI,CAId,CAAC"}
1
+ {"version":3,"file":"fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/fs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,WAAW,CAAC;AAE3C;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,QAAQ,CAAC,EACrD,MAAM,MAAM,EACZ,SAAS,MAAM,KACb,OAAO,CAAC,IAAI,CAId,CAAC"}
package/dist/runtime/fs.js CHANGED
@@ -6,9 +6,14 @@
6
6
  /**
7
7
  * Write a file atomically via temp file + rename.
8
8
  *
9
+ * Writes to `<path>.tmp` then renames over `path` so readers either see the
10
+ * old contents or the full new contents — never a partial write.
11
+ *
9
12
  * @param deps - deps with file write capabilities
10
13
  * @param path - destination file path
11
14
  * @param content - file contents to write
15
+ * @mutates filesystem - creates `<path>.tmp` then renames it to `path`
16
+ * @throws if `write_text_file` or `rename` rejects (permissions, disk full, cross-device rename, etc.)
12
17
  */
13
18
  export const write_file_atomic = async (deps, path, content) => {
14
19
  const temp_path = path + '.tmp';
package/dist/runtime/mock.d.ts CHANGED
@@ -50,6 +50,10 @@ export interface MockRuntime extends RuntimeDeps {
50
50
  /**
51
51
  * Create a mock `RuntimeDeps` for testing.
52
52
  *
53
+ * The mock `exit` records the code on `exit_calls` and throws `MockExitError`
54
+ * (so the never-returning contract holds in tests). `fetch` throws `TypeError`
55
+ * when no `mock_fetch_responses` pattern matches the request URL.
56
+ *
53
57
  * @param args - CLI arguments
54
58
  * @returns `MockRuntime` with controllable state
55
59
  *
@@ -70,6 +74,7 @@ export declare const create_mock_runtime: (args?: Array<string>) => MockRuntime;
70
74
  * Reset a mock runtime to initial state.
71
75
  *
72
76
  * @param runtime - `MockRuntime` to reset
77
+ * @mutates runtime - clears all mock state (env, fs, dirs, exit/command/stdout/fetch call records, mock results, stdin buffer)
73
78
  */
74
79
  export declare const reset_mock_runtime: (runtime: MockRuntime) => void;
75
80
  /**
@@ -77,6 +82,7 @@ export declare const reset_mock_runtime: (runtime: MockRuntime) => void;
77
82
  *
78
83
  * @param runtime - `MockRuntime` to configure
79
84
  * @param input - string to provide as stdin input
85
+ * @mutates `runtime.stdin_buffer`
80
86
  */
81
87
  export declare const set_mock_stdin: (runtime: MockRuntime, input: string) => void;
82
88
  /**
package/dist/runtime/mock.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mock.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/mock.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAc,aAAa,EAAE,iBAAiB,EAAC,MAAM,WAAW,CAAC;AAIzF;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,WAAW;IAC/C,kCAAkC;IAClC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,0CAA0C;IAC1C,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,+CAA+C;IAC/C,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACvC,mCAAmC;IACnC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvB,wCAAwC;IACxC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1B,gGAAgG;IAChG,aAAa,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAC,CAAC,CAAC;IACtF,sCAAsC;IACtC,qBAAqB,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;KAAC,CAAC,CAAC;IACjE,8BAA8B;IAC9B,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,4CAA4C;IAC5C,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACjD,yCAAyC;IACzC,YAAY,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,4BAA4B;IAC5B,WAAW,EAAE,KAAK,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAC,CAAC,CAAC;IACxE,wDAAwD;IACxD,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CAC5C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,mBAAmB,GAAI,OAAM,KAAK,CAAC,MAAM,CAAM,KAAG,WAkO9D,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,WAAW,KAAG,IAazD,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,SAAS,WAAW,EAAE,OAAO,MAAM,KAAG,IAEpE,CAAC;AAEF;;;;GAIG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM;CAKxB"}
1
+ {"version":3,"file":"mock.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/mock.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAc,aAAa,EAAE,iBAAiB,EAAC,MAAM,WAAW,CAAC;AAIzF;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,WAAW;IAC/C,kCAAkC;IAClC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,0CAA0C;IAC1C,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,+CAA+C;IAC/C,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACvC,mCAAmC;IACnC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvB,wCAAwC;IACxC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1B,gGAAgG;IAChG,aAAa,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAC,CAAC,CAAC;IACtF,sCAAsC;IACtC,qBAAqB,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;KAAC,CAAC,CAAC;IACjE,8BAA8B;IAC9B,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,4CAA4C;IAC5C,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACjD,yCAAyC;IACzC,YAAY,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,4BAA4B;IAC5B,WAAW,EAAE,KAAK,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAC,CAAC,CAAC;IACxE,wDAAwD;IACxD,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CAC5C;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,mBAAmB,GAAI,OAAM,KAAK,CAAC,MAAM,CAAM,KAAG,WAkO9D,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,WAAW,KAAG,IAazD,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,GAAI,SAAS,WAAW,EAAE,OAAO,MAAM,KAAG,IAEpE,CAAC;AAEF;;;;GAIG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM;CAKxB"}
package/dist/runtime/mock.js CHANGED
@@ -10,6 +10,10 @@
10
10
  /**
11
11
  * Create a mock `RuntimeDeps` for testing.
12
12
  *
13
+ * The mock `exit` records the code on `exit_calls` and throws `MockExitError`
14
+ * (so the never-returning contract holds in tests). `fetch` throws `TypeError`
15
+ * when no `mock_fetch_responses` pattern matches the request URL.
16
+ *
13
17
  * @param args - CLI arguments
14
18
  * @returns `MockRuntime` with controllable state
15
19
  *
@@ -257,6 +261,7 @@ export const create_mock_runtime = (args = []) => {
257
261
  * Reset a mock runtime to initial state.
258
262
  *
259
263
  * @param runtime - `MockRuntime` to reset
264
+ * @mutates runtime - clears all mock state (env, fs, dirs, exit/command/stdout/fetch call records, mock results, stdin buffer)
260
265
  */
261
266
  export const reset_mock_runtime = (runtime) => {
262
267
  runtime.mock_env.clear();
@@ -277,6 +282,7 @@ export const reset_mock_runtime = (runtime) => {
277
282
  *
278
283
  * @param runtime - `MockRuntime` to configure
279
284
  * @param input - string to provide as stdin input
285
+ * @mutates `runtime.stdin_buffer`
280
286
  */
281
287
  export const set_mock_stdin = (runtime, input) => {
282
288
  runtime.stdin_buffer = new TextEncoder().encode(input);
package/dist/runtime/node.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Node.js implementation of `RuntimeDeps`.
3
3
  *
4
- * Provides the same interface as `deno.ts` but backed by Node.js APIs.
4
+ * Provides the same interface as `runtime/deno.ts` but backed by Node.js APIs.
5
5
  * Used for running servers in Node.js and for tests (vitest runs in Node).
6
6
  *
7
7
  * @module
package/dist/runtime/node.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Node.js implementation of `RuntimeDeps`.
3
3
  *
4
- * Provides the same interface as `deno.ts` but backed by Node.js APIs.
4
+ * Provides the same interface as `runtime/deno.ts` but backed by Node.js APIs.
5
5
  * Used for running servers in Node.js and for tests (vitest runs in Node).
6
6
  *
7
7
  * @module
package/dist/server/app_backend.d.ts CHANGED
@@ -89,6 +89,7 @@ export interface CreateAppBackendOptions {
89
89
  *
90
90
  * @param options - keyring, password deps, optional database URL, and optional `migration_namespaces`
91
91
  * @returns app backend with deps, database metadata, and combined migration results
92
+ * @throws Error if `migration_namespaces` contains the reserved `'fuz_auth'` namespace
92
93
  */
93
94
  export declare const create_app_backend: (options: CreateAppBackendOptions) => Promise<AppBackend>;
94
95
  //# sourceMappingURL=app_backend.d.ts.map
package/dist/server/app_backend.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"app_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_backend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAE/C,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/E,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAI/F;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IAC1B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,oIAAoI;IACpI,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAC3D,iEAAiE;IACjE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,+DAA+D;IAC/D,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,2BAA2B;IAC3B,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,iFAAiF;IACjF,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAClC;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC;CACzD;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,GAAU,SAAS,uBAAuB,KAAG,OAAO,CAAC,UAAU,CAoC7F,CAAC"}
1
+ {"version":3,"file":"app_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_backend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAE/C,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/E,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAI/F;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IAC1B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,oIAAoI;IACpI,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAC3D,iEAAiE;IACjE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,+DAA+D;IAC/D,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,2BAA2B;IAC3B,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,iFAAiF;IACjF,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAClC;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC;CACzD;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kBAAkB,GAAU,SAAS,uBAAuB,KAAG,OAAO,CAAC,UAAU,CAoC7F,CAAC"}
package/dist/server/app_backend.js CHANGED
@@ -23,6 +23,7 @@ import { create_db } from '../db/create_db.js';
23
23
  *
24
24
  * @param options - keyring, password deps, optional database URL, and optional `migration_namespaces`
25
25
  * @returns app backend with deps, database metadata, and combined migration results
26
+ * @throws Error if `migration_namespaces` contains the reserved `'fuz_auth'` namespace
26
27
  */
27
28
  export const create_app_backend = async (options) => {
28
29
  const { database_url, keyring, password, stat, read_text_file, delete_file } = options;
package/dist/server/app_server.d.ts CHANGED
@@ -206,6 +206,10 @@ export declare const DEFAULT_MAX_BODY_SIZE: number;
206
206
  * static serving. Database migrations belong to the backend lifecycle —
207
207
  * pass `migration_namespaces` to `create_app_backend`.
208
208
  *
209
+ * When `audit_log_sse` is set, shallow-copies `backend.deps` with a composed
210
+ * `on_audit_event` that fans out to the SSE registry and the original
211
+ * callback — `backend.deps` itself is not mutated.
212
+ *
209
213
  * @param options - server configuration
210
214
  * @returns assembled Hono app, backend, surface build, and bootstrap status
211
215
  */
package/dist/server/app_server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA4PpF,CAAC"}
1
+ {"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA4PpF,CAAC"}
package/dist/server/app_server.js CHANGED
@@ -40,6 +40,10 @@ export const DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
40
40
  * static serving. Database migrations belong to the backend lifecycle —
41
41
  * pass `migration_namespaces` to `create_app_backend`.
42
42
  *
43
+ * When `audit_log_sse` is set, shallow-copies `backend.deps` with a composed
44
+ * `on_audit_event` that fans out to the SSE registry and the original
45
+ * callback — `backend.deps` itself is not mutated.
46
+ *
43
47
  * @param options - server configuration
44
48
  * @returns assembled Hono app, backend, surface build, and bootstrap status
45
49
  */
package/dist/server/validate_nginx.d.ts CHANGED
@@ -12,8 +12,11 @@
12
12
  * Result of validating an nginx config template string.
13
13
  */
14
14
  export interface NginxValidationResult {
15
+ /** True when no errors were detected. Warnings do not affect this flag. */
15
16
  ok: boolean;
17
+ /** Non-fatal issues — missing optional headers, weakened defaults, etc. */
16
18
  warnings: Array<string>;
19
+ /** Fatal issues — missing `/api` block, missing required security headers, etc. */
17
20
  errors: Array<string>;
18
21
  }
19
22
  /**
package/dist/server/validate_nginx.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"validate_nginx.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/validate_nginx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAgGD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,qBA+FtD,CAAC"}
1
+ {"version":3,"file":"validate_nginx.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/validate_nginx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,2EAA2E;IAC3E,EAAE,EAAE,OAAO,CAAC;IACZ,2EAA2E;IAC3E,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,mFAAmF;IACnF,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAgGD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,qBA+FtD,CAAC"}
package/dist/testing/admin_integration.d.ts CHANGED
@@ -55,6 +55,11 @@ export interface StandardAdminIntegrationTestOptions {
55
55
  * for the suites that cover it.
56
56
  *
57
57
  * @param options - session config, route factory, role schema, RPC endpoints
58
+ * @throws Error at setup time when `options.rpc_endpoints` is empty — admin
59
+ * permit grant/revoke, session/token revoke-all, and audit-log reads are
60
+ * all RPC-only since the 2026-04-22 migration. Hard-fails via
61
+ * `require_rpc_endpoint_path` so consumers see a clear setup error rather
62
+ * than `method not found` mid-suite.
58
63
  */
59
64
  export declare const describe_standard_admin_integration_tests: (options: StandardAdminIntegrationTestOptions) => void;
60
65
  //# sourceMappingURL=admin_integration.d.ts.map
package/dist/testing/admin_integration.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAy1BF,CAAC"}
1
+ {"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAy1BF,CAAC"}
package/dist/testing/admin_integration.js CHANGED
@@ -73,6 +73,11 @@ const build_admin_test_app_options = (options, db, roles) => ({
73
73
  * for the suites that cover it.
74
74
  *
75
75
  * @param options - session config, route factory, role schema, RPC endpoints
76
+ * @throws Error at setup time when `options.rpc_endpoints` is empty — admin
77
+ * permit grant/revoke, session/token revoke-all, and audit-log reads are
78
+ * all RPC-only since the 2026-04-22 migration. Hard-fails via
79
+ * `require_rpc_endpoint_path` so consumers see a clear setup error rather
80
+ * than `method not found` mid-suite.
76
81
  */
77
82
  export const describe_standard_admin_integration_tests = (options) => {
78
83
  // Hard-fail early so consumers see a clear setup error instead of a
package/dist/testing/adversarial_headers.d.ts CHANGED
@@ -23,9 +23,11 @@ export declare const create_standard_adversarial_cases: (allowed_origin: string)
23
23
  * Create a middleware stack app with standard adversarial header tests.
24
24
  *
25
25
  * Convenience wrapper combining `create_test_middleware_stack_app`
26
- * and `create_standard_adversarial_cases`.
27
- * Asserts body content for both error and success cases, and checks
28
- * `mock_validate` call status via per-case declarative flags.
26
+ * and `create_standard_adversarial_cases`. Generates one `test()` per case
27
+ * inside a `describe()` block — asserts body content for both error and
28
+ * success cases, and verifies that `mock_validate` was (or was not) reached
29
+ * per the case's `validate_expectation` flag, ensuring earlier middleware
30
+ * actually short-circuits before token validation in the rejection cases.
29
31
  *
30
32
  * @param suite_name - the describe block name
31
33
  * @param options - middleware stack configuration
package/dist/testing/adversarial_headers.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"adversarial_headers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_headers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAY7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAG3B,OAAO,EAGN,KAAK,0BAA0B,EAC/B,MAAM,iBAAiB,CAAC;AAIzB,+DAA+D;AAC/D,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAClC,qGAAqG;IACrG,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;CAC9C;AAID;;;;;GAKG;AACH,eAAO,MAAM,iCAAiC,GAC7C,gBAAgB,MAAM,KACpB,KAAK,CAAC,qBAAqB,CA+D7B,CAAC;AAIF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,qCAAqC,GACjD,YAAY,MAAM,EAClB,SAAS,0BAA0B,EACnC,gBAAgB,MAAM,EACtB,cAAc,KAAK,CAAC,qBAAqB,CAAC,KACxC,IAkCF,CAAC"}
1
+ {"version":3,"file":"adversarial_headers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_headers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAY7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAG3B,OAAO,EAGN,KAAK,0BAA0B,EAC/B,MAAM,iBAAiB,CAAC;AAIzB,+DAA+D;AAC/D,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAClC,qGAAqG;IACrG,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;CAC9C;AAID;;;;;GAKG;AACH,eAAO,MAAM,iCAAiC,GAC7C,gBAAgB,MAAM,KACpB,KAAK,CAAC,qBAAqB,CA+D7B,CAAC;AAIF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,qCAAqC,GACjD,YAAY,MAAM,EAClB,SAAS,0BAA0B,EACnC,gBAAgB,MAAM,EACtB,cAAc,KAAK,CAAC,qBAAqB,CAAC,KACxC,IAkCF,CAAC"}
package/dist/testing/adversarial_headers.js CHANGED
@@ -86,9 +86,11 @@ export const create_standard_adversarial_cases = (allowed_origin) => [
86
86
  * Create a middleware stack app with standard adversarial header tests.
87
87
  *
88
88
  * Convenience wrapper combining `create_test_middleware_stack_app`
89
- * and `create_standard_adversarial_cases`.
90
- * Asserts body content for both error and success cases, and checks
91
- * `mock_validate` call status via per-case declarative flags.
89
+ * and `create_standard_adversarial_cases`. Generates one `test()` per case
90
+ * inside a `describe()` block — asserts body content for both error and
91
+ * success cases, and verifies that `mock_validate` was (or was not) reached
92
+ * per the case's `validate_expectation` flag, ensuring earlier middleware
93
+ * actually short-circuits before token validation in the rejection cases.
92
94
  *
93
95
  * @param suite_name - the describe block name
94
96
  * @param options - middleware stack configuration
package/dist/testing/adversarial_input.d.ts CHANGED
@@ -24,6 +24,10 @@ interface QueryTestCase {
24
24
  * - One wrong-type value per field
25
25
  * - Null for required non-nullable fields
26
26
  * - One format violation per constrained field
27
+ *
28
+ * @throws Error if the seed body built by `generate_valid_value` fails
29
+ * `input_schema.safeParse` — surfaces broken generation logic with the
30
+ * Zod issues path rather than producing nonsense adversarial cases.
27
31
  */
28
32
  export declare const generate_input_test_cases: (input_schema: z.ZodType) => Array<InputTestCase>;
29
33
  /**