@fuzdev/fuz_app 0.51.0 → 0.53.0

package/dist/realtime/sse_auth_guard.d.ts

@@ -63,6 +63,24 @@ export interface AuditLogSse {
     /** The underlying registry — exposed for subscriber count monitoring. */
     registry: SubscriberRegistry<SseNotification>;
 }
+/**
+ * SSE event specs for audit log events.
+ *
+ * One spec per `AUDIT_EVENT_TYPES` entry, all sharing the `AuditLogEventJson` params schema.
+ * Pass to `create_app_server`'s `event_specs` for surface generation and DEV validation.
+ */
+export declare const AUDIT_LOG_EVENT_SPECS: Array<EventSpec>;
+/**
+ * Default max concurrent SSE subscribers per session scope for the audit log.
+ *
+ * The audit log SSE subscribes with `scope = session_hash` and
+ * `groups = [account_id]`. Only `scope` is capped — so this limits tabs
+ * per session. An account's total streams across all sessions is bounded
+ * transitively by `max_sessions × AUDIT_LOG_SSE_MAX_PER_SCOPE`. 10 tabs
+ * per session is a comfortable ceiling for normal use; consumers raising
+ * it above ~50 should consider server-side connection limits.
+ */
+export declare const AUDIT_LOG_SSE_MAX_PER_SCOPE = 10;
 /**
  * Create a complete audit log SSE setup with broadcasting and auth guard.
  *
@@ -70,6 +88,9 @@ export interface AuditLogSse {
  * call into a single object. The result satisfies `AuditLogRouteOptions['stream']`
  * and provides the `on_audit_event` callback for `CreateAppBackendOptions`.
  *
+ * @param options - factory options
+ * @returns audit log SSE setup (stream options + `on_audit_event` + registry)
+ *
  * @example
  * ```ts
  * const audit_sse = create_audit_log_sse({log});
@@ -83,28 +104,7 @@ export interface AuditLogSse {
  * // In create_app_server options:
  * event_specs: AUDIT_LOG_EVENT_SPECS,
  * ```
- *
- * @param options - factory options
- * @returns audit log SSE setup (stream options + on_audit_event + registry)
- */
-/**
- * SSE event specs for audit log events.
- *
- * One spec per `AUDIT_EVENT_TYPES` entry, all sharing the `AuditLogEventJson` params schema.
- * Pass to `create_app_server`'s `event_specs` for surface generation and DEV validation.
- */
-export declare const AUDIT_LOG_EVENT_SPECS: Array<EventSpec>;
-/**
- * Default max concurrent SSE subscribers per session scope for the audit log.
- *
- * The audit log SSE subscribes with `scope = session_hash` and
- * `groups = [account_id]`. Only `scope` is capped — so this limits tabs
- * per session. An account's total streams across all sessions is bounded
- * transitively by `max_sessions × AUDIT_LOG_SSE_MAX_PER_SCOPE`. 10 tabs
- * per session is a comfortable ceiling for normal use; consumers raising
- * it above ~50 should consider server-side connection limits.
  */
-export declare const AUDIT_LOG_SSE_MAX_PER_SCOPE = 10;
 export declare const create_audit_log_sse: (options: {
     /** Role required to access the SSE endpoint. Default `'admin'`. */
     role?: string;

package/dist/realtime/sse_auth_guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse_auth_guard.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/sse_auth_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAGN,KAAK,aAAa,EAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAC,kBAAkB,EAAE,KAAK,gBAAgB,EAAC,MAAM,0BAA0B,CAAC;AACnF,OAAO,KAAK,EAAC,SAAS,EAAE,eAAe,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEpE,2DAA2D;AAC3D,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,MAAM,CAKrD,CAAC;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,qBAAqB,GAAI,CAAC,EACtC,UAAU,kBAAkB,CAAC,CAAC,CAAC,EAC/B,eAAe,MAAM,GAAG,IAAI,EAC5B,KAAK,MAAM,KACT,CAAC,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CA6CjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,8FAA8F;IAC9F,SAAS,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,KAAK,MAAM,IAAI,CAAC;IAC1F,kFAAkF;IAClF,GAAG,EAAE,MAAM,CAAC;IACZ,kGAAkG;IAClG,cAAc,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAC/C,yEAAyE;IACzE,QAAQ,EAAE,kBAAkB,CAAC,eAAe,CAAC,CAAC;CAC9C;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,EAAE,KAAK,CAAC,SAAS,CAOlD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAE9C,eAAO,MAAM,oBAAoB,GAAI,SAAS;IAC7C,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,KAAG,WAgBH,CAAC"}
+{"version":3,"file":"sse_auth_guard.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/sse_auth_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAGN,KAAK,aAAa,EAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAC,kBAAkB,EAAE,KAAK,gBAAgB,EAAC,MAAM,0BAA0B,CAAC;AACnF,OAAO,KAAK,EAAC,SAAS,EAAE,eAAe,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEpE,2DAA2D;AAC3D,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,MAAM,CAKrD,CAAC;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,qBAAqB,GAAI,CAAC,EACtC,UAAU,kBAAkB,CAAC,CAAC,CAAC,EAC/B,eAAe,MAAM,GAAG,IAAI,EAC5B,KAAK,MAAM,KACT,CAAC,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CA6CjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,8FAA8F;IAC9F,SAAS,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,KAAK,MAAM,IAAI,CAAC;IAC1F,kFAAkF;IAClF,GAAG,EAAE,MAAM,CAAC;IACZ,kGAAkG;IAClG,cAAc,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAC/C,yEAAyE;IACzE,QAAQ,EAAE,kBAAkB,CAAC,eAAe,CAAC,CAAC;CAC9C;AAED;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,EAAE,KAAK,CAAC,SAAS,CAOlD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,oBAAoB,GAAI,SAAS;IAC7C,mEAAmE;IACnE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,KAAG,WAgBH,CAAC"}

package/dist/realtime/sse_auth_guard.js

@@ -92,30 +92,6 @@ export const create_sse_auth_guard = (registry, required_role, log) => {
         }
     };
 };
-/**
- * Create a complete audit log SSE setup with broadcasting and auth guard.
- *
- * Combines `SubscriberRegistry`, `create_sse_auth_guard`, and the broadcast
- * call into a single object. The result satisfies `AuditLogRouteOptions['stream']`
- * and provides the `on_audit_event` callback for `CreateAppBackendOptions`.
- *
- * @example
- * ```ts
- * const audit_sse = create_audit_log_sse({log});
- *
- * // In create_app_backend options:
- * on_audit_event: audit_sse.on_audit_event,
- *
- * // In create_route_specs:
- * create_audit_log_route_specs({stream: audit_sse});
- *
- * // In create_app_server options:
- * event_specs: AUDIT_LOG_EVENT_SPECS,
- * ```
- *
- * @param options - factory options
- * @returns audit log SSE setup (stream options + on_audit_event + registry)
- */
 /**
  * SSE event specs for audit log events.
  *
@@ -139,6 +115,30 @@ export const AUDIT_LOG_EVENT_SPECS = AUDIT_EVENT_TYPES.map((event_type) => ({
  * it above ~50 should consider server-side connection limits.
  */
 export const AUDIT_LOG_SSE_MAX_PER_SCOPE = 10;
+/**
+ * Create a complete audit log SSE setup with broadcasting and auth guard.
+ *
+ * Combines `SubscriberRegistry`, `create_sse_auth_guard`, and the broadcast
+ * call into a single object. The result satisfies `AuditLogRouteOptions['stream']`
+ * and provides the `on_audit_event` callback for `CreateAppBackendOptions`.
+ *
+ * @param options - factory options
+ * @returns audit log SSE setup (stream options + `on_audit_event` + registry)
+ *
+ * @example
+ * ```ts
+ * const audit_sse = create_audit_log_sse({log});
+ *
+ * // In create_app_backend options:
+ * on_audit_event: audit_sse.on_audit_event,
+ *
+ * // In create_route_specs:
+ * create_audit_log_route_specs({stream: audit_sse});
+ *
+ * // In create_app_server options:
+ * event_specs: AUDIT_LOG_EVENT_SPECS,
+ * ```
+ */
 export const create_audit_log_sse = (options) => {
     const role = options.role ?? 'admin';
     const max_per_scope = options.max_per_scope === undefined ? AUDIT_LOG_SSE_MAX_PER_SCOPE : options.max_per_scope;

package/dist/realtime/subscriber_registry.d.ts

@@ -101,8 +101,9 @@ export declare class SubscriberRegistry<T> {
      * Add a subscriber.
      *
      * @param stream - SSE stream to send data to
-     * @param options - channel filter and identity slots (scope + groups)
+     * @param options - channel filter and identity slots (`scope` + `groups`)
      * @returns unsubscribe function
+     * @mutates registry - adds the new subscriber; closes oldest matching subscribers when `max_per_scope` is exceeded
      */
     subscribe(stream: SseStream<T>, options?: SubscribeOptions): () => void;
     /**
@@ -110,9 +111,6 @@ export declare class SubscriberRegistry<T> {
      *
      * Subscribers with no channel filter receive all broadcasts.
      * Subscribers with a channel filter only receive matching broadcasts.
-     *
-     * @param channel - the channel to broadcast on
-     * @param data - the data to send
      */
     broadcast(channel: string, data: T): void;
     /**
@@ -122,8 +120,9 @@ export declare class SubscriberRegistry<T> {
      * Use for auth revocation — when a user's permissions change, close their
      * SSE connections so they must reconnect and re-authenticate.
      *
-     * @param identity - the identity key to match (checked against scope and groups)
+     * @param identity - the identity key to match (checked against `scope` and `groups`)
      * @returns the number of subscribers closed
+     * @mutates registry - removes matching subscribers and closes their streams
      */
     close_by_identity(identity: string): number;
 }

package/dist/realtime/subscriber_registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"subscriber_registry.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/subscriber_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,UAAU,CAAC,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACrB,sEAAsE;IACtE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IAC7B,mDAAmD;IACnD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,qEAAqE;IACrE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;CAC3B;AAED,wCAAwC;AACxC,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,kDAAkD;AAClD,MAAM,WAAW,gBAAgB;IAChC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,kBAAkB,CAAC,CAAC;;gBAIpB,OAAO,CAAC,EAAE,yBAAyB;IAI/C,oCAAoC;IACpC,IAAI,KAAK,IAAI,MAAM,CAElB;IAED;;;;;;OAMG;IACH,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,MAAM,IAAI;IAmBvE;;;;;;;;OAQG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI;IAQzC;;;;;;;;;OASG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAiC3C"}
+{"version":3,"file":"subscriber_registry.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/realtime/subscriber_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,UAAU,CAAC;AAExC,MAAM,WAAW,UAAU,CAAC,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACrB,sEAAsE;IACtE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IAC7B,mDAAmD;IACnD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,qEAAqE;IACrE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;CAC3B;AAED,wCAAwC;AACxC,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,kDAAkD;AAClD,MAAM,WAAW,gBAAgB;IAChC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,MAAM,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,kBAAkB,CAAC,CAAC;;gBAIpB,OAAO,CAAC,EAAE,yBAAyB;IAI/C,oCAAoC;IACpC,IAAI,KAAK,IAAI,MAAM,CAElB;IAED;;;;;;;OAOG;IACH,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,MAAM,IAAI;IAmBvE;;;;;OAKG;IACH,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI;IAQzC;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAiC3C"}

package/dist/realtime/subscriber_registry.js

@@ -71,8 +71,9 @@ export class SubscriberRegistry {
      * Add a subscriber.
      *
      * @param stream - SSE stream to send data to
-     * @param options - channel filter and identity slots (scope + groups)
+     * @param options - channel filter and identity slots (`scope` + `groups`)
      * @returns unsubscribe function
+     * @mutates registry - adds the new subscriber; closes oldest matching subscribers when `max_per_scope` is exceeded
      */
     subscribe(stream, options) {
         const channels = options?.channels && options.channels.length > 0 ? new Set(options.channels) : null;
@@ -94,9 +95,6 @@ export class SubscriberRegistry {
      *
      * Subscribers with no channel filter receive all broadcasts.
      * Subscribers with a channel filter only receive matching broadcasts.
-     *
-     * @param channel - the channel to broadcast on
-     * @param data - the data to send
      */
     broadcast(channel, data) {
         for (const subscriber of this.#subscribers) {
@@ -112,8 +110,9 @@ export class SubscriberRegistry {
      * Use for auth revocation — when a user's permissions change, close their
      * SSE connections so they must reconnect and re-authenticate.
      *
-     * @param identity - the identity key to match (checked against scope and groups)
+     * @param identity - the identity key to match (checked against `scope` and `groups`)
      * @returns the number of subscribers closed
+     * @mutates registry - removes matching subscribers and closes their streams
      */
     close_by_identity(identity) {
         // collect first, then close — avoids mutating the Set during iteration

package/dist/runtime/fs.d.ts

@@ -7,9 +7,11 @@ import type { FsWriteDeps } from './deps.js';
 /**
  * Write a file atomically via temp file + rename.
  *
- * @param deps - deps with file write capabilities
- * @param path - destination file path
- * @param content - file contents to write
+ * Writes to `<path>.tmp` then renames over `path` so readers either see the
+ * old contents or the full new contents — never a partial write.
+ *
+ * @mutates filesystem - creates `<path>.tmp` then renames it to `path`
+ * @throws Error if `write_text_file` or `rename` rejects (permissions, disk full, cross-device rename, etc.)
  */
 export declare const write_file_atomic: (deps: Pick<FsWriteDeps, "write_text_file" | "rename">, path: string, content: string) => Promise<void>;
 //# sourceMappingURL=fs.d.ts.map

package/dist/runtime/fs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/fs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,WAAW,CAAC;AAE3C;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,QAAQ,CAAC,EACrD,MAAM,MAAM,EACZ,SAAS,MAAM,KACb,OAAO,CAAC,IAAI,CAId,CAAC"}
+{"version":3,"file":"fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/fs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,WAAW,CAAC;AAE3C;;;;;;;;GAQG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,QAAQ,CAAC,EACrD,MAAM,MAAM,EACZ,SAAS,MAAM,KACb,OAAO,CAAC,IAAI,CAId,CAAC"}

package/dist/runtime/fs.js

@@ -6,9 +6,11 @@
 /**
  * Write a file atomically via temp file + rename.
  *
- * @param deps - deps with file write capabilities
- * @param path - destination file path
- * @param content - file contents to write
+ * Writes to `<path>.tmp` then renames over `path` so readers either see the
+ * old contents or the full new contents — never a partial write.
+ *
+ * @mutates filesystem - creates `<path>.tmp` then renames it to `path`
+ * @throws Error if `write_text_file` or `rename` rejects (permissions, disk full, cross-device rename, etc.)
  */
 export const write_file_atomic = async (deps, path, content) => {
     const temp_path = path + '.tmp';

package/dist/runtime/mock.d.ts

@@ -50,7 +50,10 @@ export interface MockRuntime extends RuntimeDeps {
 /**
  * Create a mock `RuntimeDeps` for testing.
  *
- * @param args - CLI arguments
+ * The mock `exit` records the code on `exit_calls` and throws `MockExitError`
+ * (so the never-returning contract holds in tests). `fetch` throws `TypeError`
+ * when no `mock_fetch_responses` pattern matches the request URL.
+ *
  * @returns `MockRuntime` with controllable state
  *
  * @example
@@ -69,14 +72,14 @@ export declare const create_mock_runtime: (args?: Array<string>) => MockRuntime;
 /**
  * Reset a mock runtime to initial state.
  *
- * @param runtime - `MockRuntime` to reset
+ * @mutates runtime - clears all mock state (env, fs, dirs, exit/command/stdout/fetch call records, mock results, stdin buffer)
  */
 export declare const reset_mock_runtime: (runtime: MockRuntime) => void;
 /**
  * Set stdin buffer for simulating user input.
  *
- * @param runtime - `MockRuntime` to configure
  * @param input - string to provide as stdin input
+ * @mutates `runtime.stdin_buffer`
  */
 export declare const set_mock_stdin: (runtime: MockRuntime, input: string) => void;
 /**

package/dist/runtime/mock.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mock.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/mock.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAc,aAAa,EAAE,iBAAiB,EAAC,MAAM,WAAW,CAAC;AAIzF;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,WAAW;IAC/C,kCAAkC;IAClC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,0CAA0C;IAC1C,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,+CAA+C;IAC/C,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACvC,mCAAmC;IACnC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvB,wCAAwC;IACxC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1B,gGAAgG;IAChG,aAAa,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAC,CAAC,CAAC;IACtF,sCAAsC;IACtC,qBAAqB,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;KAAC,CAAC,CAAC;IACjE,8BAA8B;IAC9B,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,4CAA4C;IAC5C,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACjD,yCAAyC;IACzC,YAAY,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,4BAA4B;IAC5B,WAAW,EAAE,KAAK,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAC,CAAC,CAAC;IACxE,wDAAwD;IACxD,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CAC5C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,mBAAmB,GAAI,OAAM,KAAK,CAAC,MAAM,CAAM,KAAG,WAkO9D,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,WAAW,KAAG,IAazD,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,SAAS,WAAW,EAAE,OAAO,MAAM,KAAG,IAEpE,CAAC;AAEF;;;;GAIG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM;CAKxB"}
+{"version":3,"file":"mock.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/runtime/mock.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,WAAW,EAAc,aAAa,EAAE,iBAAiB,EAAC,MAAM,WAAW,CAAC;AAIzF;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,WAAW;IAC/C,kCAAkC;IAClC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,0CAA0C;IAC1C,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,+CAA+C;IAC/C,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACvC,mCAAmC;IACnC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvB,wCAAwC;IACxC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1B,gGAAgG;IAChG,aAAa,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;KAAC,CAAC,CAAC;IACtF,sCAAsC;IACtC,qBAAqB,EAAE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;KAAC,CAAC,CAAC;IACjE,8BAA8B;IAC9B,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,4CAA4C;IAC5C,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACjD,yCAAyC;IACzC,YAAY,EAAE,UAAU,GAAG,IAAI,CAAC;IAChC,4BAA4B;IAC5B,WAAW,EAAE,KAAK,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAC,CAAC,CAAC;IACxE,wDAAwD;IACxD,oBAAoB,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;CAC5C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,mBAAmB,GAAI,OAAM,KAAK,CAAC,MAAM,CAAM,KAAG,WAkO9D,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,WAAW,KAAG,IAazD,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,SAAS,WAAW,EAAE,OAAO,MAAM,KAAG,IAEpE,CAAC;AAEF;;;;GAIG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM;CAKxB"}

package/dist/runtime/mock.js

@@ -10,7 +10,10 @@
 /**
  * Create a mock `RuntimeDeps` for testing.
  *
- * @param args - CLI arguments
+ * The mock `exit` records the code on `exit_calls` and throws `MockExitError`
+ * (so the never-returning contract holds in tests). `fetch` throws `TypeError`
+ * when no `mock_fetch_responses` pattern matches the request URL.
+ *
  * @returns `MockRuntime` with controllable state
  *
  * @example
@@ -256,7 +259,7 @@ export const create_mock_runtime = (args = []) => {
 /**
  * Reset a mock runtime to initial state.
  *
- * @param runtime - `MockRuntime` to reset
+ * @mutates runtime - clears all mock state (env, fs, dirs, exit/command/stdout/fetch call records, mock results, stdin buffer)
  */
 export const reset_mock_runtime = (runtime) => {
     runtime.mock_env.clear();
@@ -275,8 +278,8 @@ export const reset_mock_runtime = (runtime) => {
 /**
  * Set stdin buffer for simulating user input.
  *
- * @param runtime - `MockRuntime` to configure
  * @param input - string to provide as stdin input
+ * @mutates `runtime.stdin_buffer`
  */
 export const set_mock_stdin = (runtime, input) => {
     runtime.stdin_buffer = new TextEncoder().encode(input);

package/dist/server/app_backend.d.ts

@@ -89,6 +89,7 @@ export interface CreateAppBackendOptions {
  *
  * @param options - keyring, password deps, optional database URL, and optional `migration_namespaces`
  * @returns app backend with deps, database metadata, and combined migration results
+ * @throws Error if `migration_namespaces` contains the reserved `'fuz_auth'` namespace
  */
 export declare const create_app_backend: (options: CreateAppBackendOptions) => Promise<AppBackend>;
 //# sourceMappingURL=app_backend.d.ts.map

package/dist/server/app_backend.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_backend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAE/C,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/E,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAI/F;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IAC1B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,oIAAoI;IACpI,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAC3D,iEAAiE;IACjE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,+DAA+D;IAC/D,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,2BAA2B;IAC3B,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,iFAAiF;IACjF,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAClC;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC;CACzD;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,GAAU,SAAS,uBAAuB,KAAG,OAAO,CAAC,UAAU,CAoC7F,CAAC"}
+{"version":3,"file":"app_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_backend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAE/C,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/E,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,eAAe,EAAC,MAAM,kBAAkB,CAAC;AAI/F;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IAC1B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,oIAAoI;IACpI,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAC3D,iEAAiE;IACjE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,+DAA+D;IAC/D,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,2BAA2B;IAC3B,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,iFAAiF;IACjF,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;IAClC;;;;;;;;;OASG;IACH,oBAAoB,CAAC,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC;CACzD;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kBAAkB,GAAU,SAAS,uBAAuB,KAAG,OAAO,CAAC,UAAU,CAoC7F,CAAC"}

package/dist/server/app_backend.js

@@ -23,6 +23,7 @@ import { create_db } from '../db/create_db.js';
  *
  * @param options - keyring, password deps, optional database URL, and optional `migration_namespaces`
  * @returns app backend with deps, database metadata, and combined migration results
+ * @throws Error if `migration_namespaces` contains the reserved `'fuz_auth'` namespace
  */
 export const create_app_backend = async (options) => {
     const { database_url, keyring, password, stat, read_text_file, delete_file } = options;

package/dist/server/app_server.d.ts

@@ -1,10 +1,9 @@
 /**
  * Server assembly factory.
  *
- * `create_app_server()` eliminates the ~100 lines of duplicated server assembly
- * shared by tx, visiones, and mageguild. Consumers provide a pre-initialized
- * `AppBackend` and options (session, origins, routes); the factory handles
- * middleware, bootstrap status, surface generation, and Hono app assembly.
+ * Consumers provide a pre-initialized `AppBackend` and options (session,
+ * origins, routes); `create_app_server()` handles middleware, bootstrap
+ * status, surface generation, and Hono app assembly.
  *
  * @module
  */
@@ -80,6 +79,26 @@ export interface AppServerOptions {
      * Pass `null` to explicitly disable rate limiting.
      */
     bearer_ip_rate_limiter?: RateLimiter | null;
+    /**
+     * Per-IP rate limiter for the action dispatchers (HTTP RPC + WebSocket).
+     * Consulted for actions whose spec declares `rate_limit: 'ip'` or `'both'`.
+     * Same limiter applies across transports — one budget per action.
+     * Omit or `undefined` to use a default limiter (600 attempts per
+     * 15 minutes — permissive). Pass `null` to explicitly disable.
+     * Also available on `AppServerContext` for consumers wiring
+     * `register_action_ws`.
+     */
+    action_ip_rate_limiter?: RateLimiter | null;
+    /**
+     * Per-actor rate limiter for the action dispatchers (HTTP RPC + WebSocket).
+     * Consulted for actions whose spec declares `rate_limit: 'account'` or
+     * `'both'`. Keyed on `request_context.actor.id` (post-auth).
+     * Omit or `undefined` to use a default limiter (1200 attempts per
+     * 15 minutes — permissive). Pass `null` to explicitly disable.
+     * Also available on `AppServerContext` for consumers wiring
+     * `register_action_ws`.
+     */
+    action_account_rate_limiter?: RateLimiter | null;
     /**
      * Maximum allowed request body size in bytes.
      * Omit or `undefined` to use the default (1 MiB).
@@ -176,6 +195,10 @@ export interface AppServerContext {
     login_account_rate_limiter: RateLimiter | null;
     /** Per-account signup rate limiter (from options). `null` when not configured. */
     signup_account_rate_limiter: RateLimiter | null;
+    /** Per-IP action-dispatcher rate limiter — shared across HTTP RPC + WS. `null` when not configured. */
+    action_ip_rate_limiter: RateLimiter | null;
+    /** Per-actor action-dispatcher rate limiter — shared across HTTP RPC + WS. `null` when not configured. */
+    action_account_rate_limiter: RateLimiter | null;
     /** Global app settings (mutable ref — mutated by settings admin route). */
     app_settings: AppSettings;
     /** Factory-managed audit log SSE. `null` when `audit_log_sse` option is not set. */
@@ -206,7 +229,10 @@ export declare const DEFAULT_MAX_BODY_SIZE: number;
  * static serving. Database migrations belong to the backend lifecycle —
  * pass `migration_namespaces` to `create_app_backend`.
  *
- * @param options - server configuration
+ * When `audit_log_sse` is set, shallow-copies `backend.deps` with a composed
+ * `on_audit_event` that fans out to the SSE registry and the original
+ * callback — `backend.deps` itself is not mutated.
+ *
  * @returns assembled Hono app, backend, surface build, and bootstrap status
  */
 export declare const create_app_server: (options: AppServerOptions) => Promise<AppServer>;

package/dist/server/app_server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA4PpF,CAAC"}
+{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAKN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;;;;OAQG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;;;;OAQG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,uGAAuG;IACvG,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,0GAA0G;IAC1G,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA4QpF,CAAC"}

package/dist/server/app_server.js

@@ -1,10 +1,9 @@
 /**
  * Server assembly factory.
  *
- * `create_app_server()` eliminates the ~100 lines of duplicated server assembly
- * shared by tx, visiones, and mageguild. Consumers provide a pre-initialized
- * `AppBackend` and options (session, origins, routes); the factory handles
- * middleware, bootstrap status, surface generation, and Hono app assembly.
+ * Consumers provide a pre-initialized `AppBackend` and options (session,
+ * origins, routes); `create_app_server()` handles middleware, bootstrap
+ * status, surface generation, and Hono app assembly.
  *
  * @module
  */
@@ -15,7 +14,7 @@ import { z } from 'zod';
 import { SESSION_COOKIE_OPTIONS, } from '../auth/session_cookie.js';
 import { create_audit_log_sse, AUDIT_LOG_EVENT_SPECS, } from '../realtime/sse_auth_guard.js';
 import { query_app_settings_load } from '../auth/app_settings_queries.js';
-import { create_rate_limiter, DEFAULT_LOGIN_ACCOUNT_RATE_LIMIT, } from '../rate_limiter.js';
+import { create_rate_limiter, DEFAULT_LOGIN_ACCOUNT_RATE_LIMIT, DEFAULT_ACTION_ACCOUNT_RATE_LIMIT, DEFAULT_ACTION_IP_RATE_LIMIT, } from '../rate_limiter.js';
 // Side-effect import: augments Hono's ContextVariableMap so consumers
 // that import app_server get type-safe c.get('auth_session_id') etc.
 import '../hono_context.js';
@@ -40,7 +39,10 @@ export const DEFAULT_MAX_BODY_SIZE = 1024 * 1024;
  * static serving. Database migrations belong to the backend lifecycle —
  * pass `migration_namespaces` to `create_app_backend`.
  *
- * @param options - server configuration
+ * When `audit_log_sse` is set, shallow-copies `backend.deps` with a composed
+ * `on_audit_event` that fans out to the SSE registry and the original
+ * callback — `backend.deps` itself is not mutated.
+ *
  * @returns assembled Hono app, backend, surface build, and bootstrap status
  */
 export const create_app_server = async (options) => {
@@ -57,6 +59,12 @@ export const create_app_server = async (options) => {
     const bearer_ip_rate_limiter = options.bearer_ip_rate_limiter === undefined
         ? create_rate_limiter()
         : options.bearer_ip_rate_limiter;
+    const action_ip_rate_limiter = options.action_ip_rate_limiter === undefined
+        ? create_rate_limiter(DEFAULT_ACTION_IP_RATE_LIMIT)
+        : options.action_ip_rate_limiter;
+    const action_account_rate_limiter = options.action_account_rate_limiter === undefined
+        ? create_rate_limiter(DEFAULT_ACTION_ACCOUNT_RATE_LIMIT)
+        : options.action_account_rate_limiter;
     // Factory-managed audit SSE (shallow copy deps, no mutation of backend.deps)
     const audit_sse = options.audit_log_sse
         ? create_audit_log_sse({
@@ -104,6 +112,8 @@ export const create_app_server = async (options) => {
         ip_rate_limiter,
         login_account_rate_limiter,
         signup_account_rate_limiter,
+        action_ip_rate_limiter,
+        action_account_rate_limiter,
         app_settings,
         audit_sse,
     };
@@ -128,7 +138,13 @@ export const create_app_server = async (options) => {
         : options.rpc_endpoints;
     if (resolved_rpc_endpoints) {
         for (const endpoint of resolved_rpc_endpoints) {
-            factory_routes.push(...create_rpc_endpoint({ path: endpoint.path, actions: endpoint.actions, log }));
+            factory_routes.push(...create_rpc_endpoint({
+                path: endpoint.path,
+                actions: endpoint.actions,
+                log,
+                action_ip_rate_limiter,
+                action_account_rate_limiter,
+            }));
         }
     }
     // Surface route (default: enabled)

package/dist/server/startup.d.ts

@@ -14,8 +14,6 @@ import type { AppSurface } from '../http/surface.js';
  * and event/channel counts (when non-empty). When `env_values` is provided,
  * non-secret values are logged and secrets are masked with `***`.
  *
- * @param surface - the app surface to summarize
- * @param log - the logger instance
  * @param env_values - optional env values to log (secrets are masked)
  */
 export declare const log_startup_summary: (surface: AppSurface, log: Logger, env_values?: Record<string, unknown>) => void;

package/dist/server/startup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"startup.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/startup.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,mBAAmB,GAC/B,SAAS,UAAU,EACnB,KAAK,MAAM,EACX,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAClC,IAqCF,CAAC"}
+{"version":3,"file":"startup.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/startup.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AAEnD;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,GAC/B,SAAS,UAAU,EACnB,KAAK,MAAM,EACX,aAAa,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAClC,IAqCF,CAAC"}

package/dist/server/startup.js

@@ -13,8 +13,6 @@ import { format_env_display_value } from '../env/mask.js';
  * and event/channel counts (when non-empty). When `env_values` is provided,
  * non-secret values are logged and secrets are masked with `***`.
  *
- * @param surface - the app surface to summarize
- * @param log - the logger instance
  * @param env_values - optional env values to log (secrets are masked)
  */
 export const log_startup_summary = (surface, log, env_values) => {

package/dist/server/static.d.ts

@@ -30,7 +30,6 @@ export type ServeStaticFactory = (options: ServeStaticOptions) => MiddlewareHand
  *
  * @param serve_static - runtime-specific `serveStatic` factory
  * @param options - optional root directory and SPA fallback path
- * @returns array of middleware handlers to apply in order
  */
 export declare const create_static_middleware: (serve_static: ServeStaticFactory, options?: {
     root?: string;

package/dist/server/static.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"static.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/static.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAE5C;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,iBAAiB,CAAC;AAKpF;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GACpC,cAAc,kBAAkB,EAChC,UAAU;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAA;CAAC,KACxF,KAAK,CAAC,iBAAiB,CAyBzB,CAAC"}
+{"version":3,"file":"static.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/static.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAE5C;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,iBAAiB,CAAC;AAKpF;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,GACpC,cAAc,kBAAkB,EAChC,UAAU;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAA;CAAC,KACxF,KAAK,CAAC,iBAAiB,CAyBzB,CAAC"}

package/dist/server/static.js

@@ -17,7 +17,6 @@ const is_spa_route_default = (path) => !path.startsWith('/api/');
  *
  * @param serve_static - runtime-specific `serveStatic` factory
  * @param options - optional root directory and SPA fallback path
- * @returns array of middleware handlers to apply in order
  */
 export const create_static_middleware = (serve_static, options) => {
     const root = options?.root ?? './build';

package/dist/server/validate_nginx.d.ts

@@ -12,8 +12,11 @@
  * Result of validating an nginx config template string.
  */
 export interface NginxValidationResult {
+    /** True when no errors were detected. Warnings do not affect this flag. */
     ok: boolean;
+    /** Non-fatal issues — missing optional headers, weakened defaults, etc. */
     warnings: Array<string>;
+    /** Fatal issues — missing `/api` block, missing required security headers, etc. */
     errors: Array<string>;
 }
 /**
@@ -26,9 +29,6 @@ export interface NginxValidationResult {
  * Limitations: string pattern matching, not a real nginx parser. Catches
  * common omissions in fuz_app deploy configs but won't catch all possible
  * misconfigurations.
- *
- * @param config - nginx config template string
- * @returns validation result with ok status, warnings, and errors
  */
 export declare const validate_nginx_config: (config: string) => NginxValidationResult;
 //# sourceMappingURL=validate_nginx.d.ts.map

package/dist/server/validate_nginx.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validate_nginx.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/validate_nginx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAgGD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,qBA+FtD,CAAC"}
+{"version":3,"file":"validate_nginx.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/validate_nginx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,2EAA2E;IAC3E,EAAE,EAAE,OAAO,CAAC;IACZ,2EAA2E;IAC3E,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,mFAAmF;IACnF,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAgGD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,qBA+FtD,CAAC"}

package/dist/server/validate_nginx.js

@@ -97,9 +97,6 @@ const location_matches_api = (block) => {
  * Limitations: string pattern matching, not a real nginx parser. Catches
  * common omissions in fuz_app deploy configs but won't catch all possible
  * misconfigurations.
- *
- * @param config - nginx config template string
- * @returns validation result with ok status, warnings, and errors
  */
 export const validate_nginx_config = (config) => {
     const errors = [];

package/dist/testing/CLAUDE.md

@@ -584,7 +584,7 @@ three. Consumers that only wire admin will hit `method not found:
 account_token_create` on first run.
 
 Error-coverage scope is narrowed to the REST suffixes still on the
-admin surface (`/audit-log/stream`); the RPC surface is covered by
+admin surface (`/audit/stream`); the RPC surface is covered by
 `describe_rpc_round_trip_tests`. Post-RPC-migration that surface is
 0–1 routes — when the scoped count is ≤1, the `afterAll` hook logs
 `[error coverage] skipped admin REST coverage assertion — …` and

package/dist/testing/admin_integration.d.ts

@@ -54,7 +54,11 @@ export interface StandardAdminIntegrationTestOptions {
  * Output-schema conformance is not in scope — see the module docstring
  * for the suites that cover it.
  *
- * @param options - session config, route factory, role schema, RPC endpoints
+ * @throws Error at setup time when `options.rpc_endpoints` is empty — admin
+ *   permit grant/revoke, session/token revoke-all, and audit-log reads are
+ *   all RPC-only since the 2026-04-22 migration. Hard-fails via
+ *   `require_rpc_endpoint_path` so consumers see a clear setup error rather
+ *   than `method not found` mid-suite.
  */
 export declare const describe_standard_admin_integration_tests: (options: StandardAdminIntegrationTestOptions) => void;
 //# sourceMappingURL=admin_integration.d.ts.map

package/dist/testing/admin_integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAy1BF,CAAC"}
+{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAu1BF,CAAC"}