npm - @fuzdev/fuz_app - Versions diffs - 0.51.0 → 0.53.0 - Mend

@fuzdev/fuz_app 0.51.0 → 0.53.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (395) hide show

package/dist/actions/CLAUDE.md +43 -10
package/dist/actions/action_bridge.d.ts +3 -1
package/dist/actions/action_bridge.d.ts.map +1 -1
package/dist/actions/action_bridge.js +3 -1
package/dist/actions/action_codegen.d.ts +28 -43
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +31 -50
package/dist/actions/action_event.d.ts +44 -1
package/dist/actions/action_event.d.ts.map +1 -1
package/dist/actions/action_event.js +44 -1
package/dist/actions/action_event_helpers.d.ts +26 -0
package/dist/actions/action_event_helpers.d.ts.map +1 -1
package/dist/actions/action_event_helpers.js +26 -1
package/dist/actions/action_peer.d.ts +17 -0
package/dist/actions/action_peer.d.ts.map +1 -1
package/dist/actions/action_peer.js +8 -9
package/dist/actions/action_registry.d.ts +1 -5
package/dist/actions/action_registry.d.ts.map +1 -1
package/dist/actions/action_registry.js +5 -11
package/dist/actions/action_rpc.d.ts +20 -0
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +45 -20
package/dist/actions/action_spec.d.ts +75 -6
package/dist/actions/action_spec.d.ts.map +1 -1
package/dist/actions/action_spec.js +36 -6
package/dist/actions/frontend_rpc_client.d.ts +1 -9
package/dist/actions/frontend_rpc_client.d.ts.map +1 -1
package/dist/actions/frontend_rpc_client.js +1 -9
package/dist/actions/register_action_ws.d.ts +19 -0
package/dist/actions/register_action_ws.d.ts.map +1 -1
package/dist/actions/register_action_ws.js +44 -1
package/dist/actions/register_ws_endpoint.d.ts +3 -0
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +3 -0
package/dist/actions/request_tracker.svelte.d.ts +24 -16
package/dist/actions/request_tracker.svelte.d.ts.map +1 -1
package/dist/actions/request_tracker.svelte.js +24 -16
package/dist/actions/rpc_client.d.ts +0 -1
package/dist/actions/rpc_client.d.ts.map +1 -1
package/dist/actions/rpc_client.js +3 -17
package/dist/actions/socket.svelte.d.ts +35 -16
package/dist/actions/socket.svelte.d.ts.map +1 -1
package/dist/actions/socket.svelte.js +33 -14
package/dist/actions/transports.d.ts +15 -5
package/dist/actions/transports.d.ts.map +1 -1
package/dist/actions/transports.js +15 -15
package/dist/actions/transports_http.d.ts +7 -0
package/dist/actions/transports_http.d.ts.map +1 -1
package/dist/actions/transports_http.js +7 -0
package/dist/actions/transports_ws.d.ts +13 -0
package/dist/actions/transports_ws.d.ts.map +1 -1
package/dist/actions/transports_ws.js +13 -0
package/dist/actions/transports_ws_auth_guard.d.ts +6 -4
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/actions/transports_ws_auth_guard.js +6 -4
package/dist/actions/transports_ws_backend.d.ts +14 -1
package/dist/actions/transports_ws_backend.d.ts.map +1 -1
package/dist/actions/transports_ws_backend.js +14 -10
package/dist/auth/CLAUDE.md +64 -18
package/dist/auth/account_queries.d.ts +7 -0
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +7 -0
package/dist/auth/admin_action_specs.d.ts +5 -0
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +5 -0
package/dist/auth/admin_actions.d.ts +1 -0
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +1 -0
package/dist/auth/api_token_queries.d.ts +6 -0
package/dist/auth/api_token_queries.d.ts.map +1 -1
package/dist/auth/api_token_queries.js +6 -0
package/dist/auth/app_settings_queries.d.ts +4 -0
package/dist/auth/app_settings_queries.d.ts.map +1 -1
package/dist/auth/app_settings_queries.js +4 -0
package/dist/auth/audit_log_queries.d.ts +5 -0
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +5 -0
package/dist/auth/audit_log_routes.d.ts +2 -2
package/dist/auth/audit_log_routes.js +2 -2
package/dist/auth/audit_log_schema.d.ts +2 -0
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +134 -55
package/dist/auth/bearer_auth.d.ts +2 -0
package/dist/auth/bearer_auth.d.ts.map +1 -1
package/dist/auth/bearer_auth.js +2 -0
package/dist/auth/bootstrap_account.d.ts +3 -0
package/dist/auth/bootstrap_account.d.ts.map +1 -1
package/dist/auth/bootstrap_account.js +3 -0
package/dist/auth/cleanup.d.ts +6 -0
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +6 -0
package/dist/auth/daemon_token_middleware.d.ts +4 -0
package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
package/dist/auth/daemon_token_middleware.js +4 -0
package/dist/auth/invite_queries.d.ts +3 -0
package/dist/auth/invite_queries.d.ts.map +1 -1
package/dist/auth/invite_queries.js +3 -0
package/dist/auth/permit_offer_action_specs.d.ts +6 -0
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
package/dist/auth/permit_offer_action_specs.js +11 -0
package/dist/auth/permit_offer_queries.d.ts +18 -0
package/dist/auth/permit_offer_queries.d.ts.map +1 -1
package/dist/auth/permit_offer_queries.js +18 -0
package/dist/auth/permit_queries.d.ts +7 -0
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +7 -0
package/dist/auth/request_context.d.ts +1 -0
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +1 -0
package/dist/auth/role_schema.d.ts +2 -0
package/dist/auth/role_schema.d.ts.map +1 -1
package/dist/auth/role_schema.js +2 -0
package/dist/auth/self_service_role_actions.d.ts +1 -0
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +1 -0
package/dist/auth/session_lifecycle.d.ts +2 -0
package/dist/auth/session_lifecycle.d.ts.map +1 -1
package/dist/auth/session_lifecycle.js +2 -0
package/dist/auth/session_middleware.d.ts +1 -0
package/dist/auth/session_middleware.d.ts.map +1 -1
package/dist/auth/session_middleware.js +1 -0
package/dist/auth/session_queries.d.ts +9 -0
package/dist/auth/session_queries.d.ts.map +1 -1
package/dist/auth/session_queries.js +9 -0
package/dist/cli/config.d.ts +1 -2
package/dist/cli/config.d.ts.map +1 -1
package/dist/cli/config.js +1 -2
package/dist/cli/daemon.d.ts +6 -1
package/dist/cli/daemon.d.ts.map +1 -1
package/dist/cli/daemon.js +6 -1
package/dist/db/assert_row.d.ts +2 -1
package/dist/db/assert_row.d.ts.map +1 -1
package/dist/db/assert_row.js +2 -1
package/dist/db/create_db.d.ts +3 -1
package/dist/db/create_db.d.ts.map +1 -1
package/dist/db/create_db.js +3 -1
package/dist/db/db.d.ts +15 -4
package/dist/db/db.d.ts.map +1 -1
package/dist/db/db.js +14 -3
package/dist/db/db_pg.d.ts +4 -3
package/dist/db/db_pg.d.ts.map +1 -1
package/dist/db/db_pg.js +7 -5
package/dist/db/db_pglite.d.ts +4 -4
package/dist/db/db_pglite.js +4 -4
package/dist/db/migrate.d.ts +7 -4
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +5 -2
package/dist/db/sql_identifier.d.ts +2 -1
package/dist/db/sql_identifier.d.ts.map +1 -1
package/dist/db/sql_identifier.js +2 -1
package/dist/db/status.d.ts +4 -1
package/dist/db/status.d.ts.map +1 -1
package/dist/db/status.js +5 -2
package/dist/dev/setup.d.ts +15 -2
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +15 -2
package/dist/env/dotenv.d.ts +2 -1
package/dist/env/dotenv.d.ts.map +1 -1
package/dist/env/dotenv.js +2 -1
package/dist/env/load.d.ts +1 -3
package/dist/env/load.d.ts.map +1 -1
package/dist/env/load.js +1 -3
package/dist/env/resolve.d.ts +1 -1
package/dist/env/resolve.js +1 -1
package/dist/env/update_env_variable.d.ts +2 -0
package/dist/env/update_env_variable.d.ts.map +1 -1
package/dist/env/update_env_variable.js +2 -0
package/dist/hono_context.d.ts +2 -5
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +2 -5
package/dist/http/common_routes.d.ts +0 -8
package/dist/http/common_routes.d.ts.map +1 -1
package/dist/http/common_routes.js +0 -8
package/dist/http/db_routes.d.ts +0 -3
package/dist/http/db_routes.d.ts.map +1 -1
package/dist/http/db_routes.js +0 -3
package/dist/http/error_schemas.d.ts +12 -11
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +11 -7
package/dist/http/jsonrpc_errors.d.ts +0 -6
package/dist/http/jsonrpc_errors.d.ts.map +1 -1
package/dist/http/jsonrpc_errors.js +0 -6
package/dist/http/origin.d.ts +6 -13
package/dist/http/origin.d.ts.map +1 -1
package/dist/http/origin.js +7 -14
package/dist/http/pending_effects.d.ts +4 -0
package/dist/http/pending_effects.d.ts.map +1 -1
package/dist/http/pending_effects.js +4 -0
package/dist/http/proxy.d.ts +3 -6
package/dist/http/proxy.d.ts.map +1 -1
package/dist/http/proxy.js +3 -6
package/dist/http/route_spec.d.ts +14 -35
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +17 -22
package/dist/http/schema_helpers.d.ts +0 -4
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +0 -4
package/dist/http/surface.d.ts +2 -12
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +1 -12
package/dist/rate_limiter.d.ts +30 -1
package/dist/rate_limiter.d.ts.map +1 -1
package/dist/rate_limiter.js +40 -1
package/dist/realtime/sse.d.ts +7 -2
package/dist/realtime/sse.d.ts.map +1 -1
package/dist/realtime/sse.js +3 -2
package/dist/realtime/sse_auth_guard.d.ts +21 -21
package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
package/dist/realtime/sse_auth_guard.js +24 -24
package/dist/realtime/subscriber_registry.d.ts +4 -5
package/dist/realtime/subscriber_registry.d.ts.map +1 -1
package/dist/realtime/subscriber_registry.js +4 -5
package/dist/runtime/fs.d.ts +5 -3
package/dist/runtime/fs.d.ts.map +1 -1
package/dist/runtime/fs.js +5 -3
package/dist/runtime/mock.d.ts +6 -3
package/dist/runtime/mock.d.ts.map +1 -1
package/dist/runtime/mock.js +6 -3
package/dist/server/app_backend.d.ts +1 -0
package/dist/server/app_backend.d.ts.map +1 -1
package/dist/server/app_backend.js +1 -0
package/dist/server/app_server.d.ts +31 -5
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +23 -7
package/dist/server/startup.d.ts +0 -2
package/dist/server/startup.d.ts.map +1 -1
package/dist/server/startup.js +0 -2
package/dist/server/static.d.ts +0 -1
package/dist/server/static.d.ts.map +1 -1
package/dist/server/static.js +0 -1
package/dist/server/validate_nginx.d.ts +3 -3
package/dist/server/validate_nginx.d.ts.map +1 -1
package/dist/server/validate_nginx.js +0 -3
package/dist/testing/CLAUDE.md +1 -1
package/dist/testing/admin_integration.d.ts +5 -1
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +8 -6
package/dist/testing/adversarial_404.d.ts +0 -2
package/dist/testing/adversarial_404.d.ts.map +1 -1
package/dist/testing/adversarial_404.js +0 -2
package/dist/testing/adversarial_headers.d.ts +5 -4
package/dist/testing/adversarial_headers.d.ts.map +1 -1
package/dist/testing/adversarial_headers.js +5 -4
package/dist/testing/adversarial_input.d.ts +4 -2
package/dist/testing/adversarial_input.d.ts.map +1 -1
package/dist/testing/adversarial_input.js +4 -2
package/dist/testing/app_server.d.ts +25 -0
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +11 -2
package/dist/testing/assertions.d.ts +23 -11
package/dist/testing/assertions.d.ts.map +1 -1
package/dist/testing/assertions.js +23 -11
package/dist/testing/attack_surface.d.ts +0 -4
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +0 -4
package/dist/testing/audit_completeness.d.ts +4 -1
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +4 -1
package/dist/testing/auth_apps.d.ts +5 -10
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +5 -10
package/dist/testing/data_exposure.d.ts +0 -11
package/dist/testing/data_exposure.d.ts.map +1 -1
package/dist/testing/data_exposure.js +0 -11
package/dist/testing/db.d.ts +9 -7
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +9 -7
package/dist/testing/error_coverage.d.ts +9 -14
package/dist/testing/error_coverage.d.ts.map +1 -1
package/dist/testing/error_coverage.js +9 -14
package/dist/testing/integration.d.ts +4 -1
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +4 -1
package/dist/testing/integration_helpers.d.ts +5 -34
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +5 -41
package/dist/testing/middleware.d.ts +5 -10
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +5 -10
package/dist/testing/mock_fs.d.ts +0 -2
package/dist/testing/mock_fs.d.ts.map +1 -1
package/dist/testing/mock_fs.js +0 -2
package/dist/testing/rate_limiting.d.ts +3 -1
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +3 -1
package/dist/testing/round_trip.d.ts +0 -2
package/dist/testing/round_trip.d.ts.map +1 -1
package/dist/testing/round_trip.js +0 -2
package/dist/testing/rpc_attack_surface.d.ts +0 -2
package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
package/dist/testing/rpc_attack_surface.js +0 -2
package/dist/testing/rpc_helpers.d.ts +21 -14
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +21 -14
package/dist/testing/rpc_round_trip.d.ts +0 -2
package/dist/testing/rpc_round_trip.d.ts.map +1 -1
package/dist/testing/rpc_round_trip.js +0 -2
package/dist/testing/schema_generators.d.ts +5 -3
package/dist/testing/schema_generators.d.ts.map +1 -1
package/dist/testing/schema_generators.js +22 -3
package/dist/testing/sse_round_trip.d.ts +3 -1
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +3 -1
package/dist/testing/standard.d.ts +0 -2
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +0 -2
package/dist/testing/stubs.d.ts +8 -3
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +10 -3
package/dist/testing/surface_invariants.d.ts +14 -3
package/dist/testing/surface_invariants.d.ts.map +1 -1
package/dist/testing/surface_invariants.js +14 -3
package/dist/testing/ws_round_trip.d.ts +13 -1
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/ui/AccountSessions.svelte +9 -0
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +10 -0
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +10 -0
package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
package/dist/ui/AdminInvites.svelte +9 -0
package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
package/dist/ui/AdminOverview.svelte +10 -0
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminPermitHistory.svelte +9 -0
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +10 -0
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminSettings.svelte +9 -0
package/dist/ui/AdminSettings.svelte.d.ts.map +1 -1
package/dist/ui/AdminSurface.svelte +9 -0
package/dist/ui/AdminSurface.svelte.d.ts.map +1 -1
package/dist/ui/AppShell.svelte +24 -0
package/dist/ui/AppShell.svelte.d.ts +23 -0
package/dist/ui/AppShell.svelte.d.ts.map +1 -1
package/dist/ui/BootstrapForm.svelte +17 -0
package/dist/ui/BootstrapForm.svelte.d.ts +4 -0
package/dist/ui/BootstrapForm.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +1 -1
package/dist/ui/ColumnLayout.svelte +11 -0
package/dist/ui/ColumnLayout.svelte.d.ts +10 -0
package/dist/ui/ColumnLayout.svelte.d.ts.map +1 -1
package/dist/ui/Datatable.svelte +18 -0
package/dist/ui/Datatable.svelte.d.ts +17 -0
package/dist/ui/Datatable.svelte.d.ts.map +1 -1
package/dist/ui/LoginForm.svelte +18 -0
package/dist/ui/LoginForm.svelte.d.ts +9 -0
package/dist/ui/LoginForm.svelte.d.ts.map +1 -1
package/dist/ui/LogoutButton.svelte +9 -0
package/dist/ui/LogoutButton.svelte.d.ts +8 -0
package/dist/ui/LogoutButton.svelte.d.ts.map +1 -1
package/dist/ui/MenuLink.svelte +10 -0
package/dist/ui/MenuLink.svelte.d.ts +9 -0
package/dist/ui/MenuLink.svelte.d.ts.map +1 -1
package/dist/ui/OpenSignupToggle.svelte +9 -0
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/SignupForm.svelte +16 -0
package/dist/ui/SignupForm.svelte.d.ts +4 -0
package/dist/ui/SignupForm.svelte.d.ts.map +1 -1
package/dist/ui/SurfaceExplorer.svelte +9 -0
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.d.ts +6 -1
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +7 -2
package/dist/ui/auth_state.svelte.d.ts +16 -4
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +16 -4
package/dist/ui/form_state.svelte.d.ts +9 -0
package/dist/ui/form_state.svelte.d.ts.map +1 -1
package/dist/ui/form_state.svelte.js +9 -0
package/dist/ui/loadable.svelte.d.ts +6 -1
package/dist/ui/loadable.svelte.d.ts.map +1 -1
package/dist/ui/loadable.svelte.js +6 -1
package/dist/ui/permit_offers_state.svelte.d.ts +2 -0
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -1
package/dist/ui/permit_offers_state.svelte.js +2 -0
package/dist/ui/popover.svelte.d.ts +17 -4
package/dist/ui/popover.svelte.d.ts.map +1 -1
package/dist/ui/popover.svelte.js +17 -4
package/dist/ui/position_helpers.d.ts +1 -3
package/dist/ui/position_helpers.d.ts.map +1 -1
package/dist/ui/position_helpers.js +1 -3
package/dist/ui/sidebar_state.svelte.d.ts +21 -9
package/dist/ui/sidebar_state.svelte.d.ts.map +1 -1
package/dist/ui/sidebar_state.svelte.js +16 -2
package/dist/ui/table_state.svelte.d.ts +14 -0
package/dist/ui/table_state.svelte.d.ts.map +1 -1
package/dist/ui/table_state.svelte.js +14 -0
package/dist/ui/ui_fetch.d.ts +1 -7
package/dist/ui/ui_fetch.d.ts.map +1 -1
package/dist/ui/ui_fetch.js +1 -7
package/dist/ui/ui_format.d.ts +2 -14
package/dist/ui/ui_format.d.ts.map +1 -1
package/dist/ui/ui_format.js +2 -14
package/package.json +2 -2

package/dist/actions/action_event.js CHANGED Viewed

@@ -40,10 +40,22 @@ export class ActionEvent {
     }
     // TODO rethink the reactivity of this class, maybe just use `$state` or `$state.raw`?
     // does that have any negative implications when used on the backend?
+    /**
+     * Subscribe a listener fired on every `data` transition.
+     *
+     * @param listener - called with `(new_data, old_data, event)` after each mutation
+     * @returns unsubscribe function
+     * @mutates this - adds `listener` to the internal observer set
+     */
     observe(listener) {
         this.#listeners.add(listener);
         return () => this.#listeners.delete(listener);
     }
+    /**
+     * Replace the event's `data` and notify observers.
+     *
+     * @mutates this - sets `data` and fires every registered observer in insertion order
+     */
     set_data(new_data) {
         const old_data = this.#data;
         this.#data = new_data;
@@ -54,6 +66,11 @@ export class ActionEvent {
     }
     /**
      * Parse input data according to the action's schema.
+     *
+     * @returns `this` for chaining with `handle_async` / `handle_sync`
+     * @mutates this - transitions step from `initial` to `parsed` (or to
+     *   `failed` / `receive_error` on validation or response error)
+     * @throws Error if called from a step other than `initial`
      */
     parse() {
         if (this.#data.step !== 'initial') {
@@ -93,6 +110,14 @@ export class ActionEvent {
     }
     /**
      * Execute the handler for the current phase.
+     *
+     * @mutates this - transitions step `parsed → handling → handled`, or to
+     *   `failed` / `send_error` / `receive_error` on handler throw. No-op
+     *   when already `failed`.
+     * @throws Error if called from a step other than `parsed` (or `failed`,
+     *   which no-ops). Handler-thrown `ThrownJsonrpcError` is caught and
+     *   routed through error phases; other throws are wrapped as
+     *   `internal_error`.
      */
     // TODO add timeout support
     // TODO add cancellation support
@@ -136,7 +161,12 @@ export class ActionEvent {
         }
     }
     /**
-     * Execute handler synchronously (only for sync local_call actions).
+     * Execute handler synchronously (only for sync `local_call` actions).
+     *
+     * @mutates this - transitions step `parsed → handling → handled`, or to
+     *   `failed` on handler throw. No-op when already `failed`.
+     * @throws Error if the spec is not a sync `local_call`, or if called
+     *   from a step other than `parsed` (or `failed`, which no-ops).
      */
     handle_sync() {
         if (this.spec.kind !== 'local_call' || this.spec.async) {
@@ -168,6 +198,14 @@ export class ActionEvent {
     }
     /**
      * Transition to a new phase.
+     *
+     * @param phase - the next phase to transition into
+     * @mutates this - replaces `data` with a fresh phase-initial record,
+     *   carrying forward `request` / `response` / `error` / `output` as
+     *   appropriate for the kind/phase pair
+     * @throws Error if called from a step other than `handled` (or
+     *   `failed`, which no-ops), or if the phase transition is illegal for
+     *   the current phase
      */
     transition(phase) {
         if (this.#data.step === 'failed') {
@@ -340,6 +378,9 @@ export class ActionEvent {
 // TODO not sure about this helper's design/location (should it be internal to the class constructor? a static method?)
 /**
  * Create an action event from a spec and initial input.
+ *
+ * @throws Error if `initial_phase` is omitted and the executor cannot
+ *   initiate the action (per `spec.initiator`)
  */
 export const create_action_event = (environment, spec, input, initial_phase) => {
     const phase = initial_phase || get_initial_phase(spec.kind, spec.initiator, environment.executor);
@@ -351,6 +392,8 @@ export const create_action_event = (environment, spec, input, initial_phase) =>
 };
 /**
  * Reconstruct an action event from serialized JSON data.
+ *
+ * @throws Error if the JSON's `method` field has no spec registered in `environment`
  */
 export const create_action_event_from_json = (json, environment) => {
     const spec = environment.lookup_action_spec(json.method);

package/dist/actions/action_event_helpers.d.ts CHANGED Viewed

@@ -58,13 +58,39 @@ export declare const is_notification_send_with_parsed_input: <TMethod extends st
     step: "parsed" | "handling";
     input: unknown;
 };
+/**
+ * Validate that a step transition is legal per `ACTION_EVENT_STEP_TRANSITIONS`.
+ *
+ * @throws Error if `from → to` is not a permitted transition
+ */
 export declare const validate_step_transition: (from: ActionEventStep, to: ActionEventStep) => void;
+/**
+ * Validate that `phase` is one of the phases allowed for `kind` per
+ * `ACTION_EVENT_PHASE_BY_KIND`.
+ *
+ * @throws Error if `phase` is not valid for `kind`
+ */
 export declare const validate_phase_for_kind: (kind: ActionKind, phase: ActionEventPhase) => void;
+/**
+ * Validate that a phase chain is legal per `ACTION_EVENT_PHASE_TRANSITIONS`.
+ *
+ * @throws Error if `from → to` is not the permitted next phase (or `from` is terminal)
+ */
 export declare const validate_phase_transition: (from: ActionEventPhase, to: ActionEventPhase) => void;
 export declare const get_initial_phase: (kind: ActionKind, initiator: ActionInitiator, executor: ActionExecutor) => ActionEventPhase | null;
 export declare const should_validate_output: (kind: ActionKind, phase: ActionEventPhase) => boolean;
 export declare const is_action_complete: (data: ActionEventData) => boolean;
 export declare const create_initial_data: (kind: ActionKind, phase: ActionEventPhase, method: string, executor: ActionExecutor, input: unknown) => ActionEventData;
+/**
+ * Pull the terminal `Result` from an action event.
+ *
+ * `data.error` populated → error path (covers both explicit `failed` and
+ * the unhandled `receive_error` / `send_error` case where no handler was
+ * registered for the error phase). `step === 'handled'` → success path.
+ *
+ * @throws Error if the event is in a non-terminal state (programming error —
+ *   callers should check `is_action_complete` first)
+ */
 export declare const extract_action_result: (event: ActionEvent) => Result<{
     value: ActionEventData["output"];
 }, {

package/dist/actions/action_event_helpers.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"action_event_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_event_helpers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,4BAA4B,CAAC;AAEvD,OAAO,EACN,KAAK,eAAe,EACpB,KAAK,cAAc,EAInB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EACX,eAAe,EACf,8BAA8B,EAC9B,iCAAiC,EACjC,wBAAwB,EACxB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAC,gBAAgB,EAAE,eAAe,EAAE,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAGnD,eAAO,MAAM,mBAAmB,GAC/B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAAkE,CAAC;AAE9E,eAAO,MAAM,sBAAsB,GAClC,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAwE,CAAC;AAEpF,eAAO,MAAM,aAAa,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,wBACnC,CAAC;AAG5B,eAAO,MAAM,eAAe,GAC3B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,cAAc,CAAA;CACA,CAAC;AAEnE,eAAO,MAAM,kBAAkB,GAC9B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,iBAAiB,CAAA;CACA,CAAC;AAEtE,eAAO,MAAM,gBAAgB,GAC5B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,eAAe,CAAA;CACA,CAAC;AAEpE,eAAO,MAAM,mBAAmB,GAC/B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,kBAAkB,CAAA;CACA,CAAC;AAEvE,eAAO,MAAM,oBAAoB,GAChC,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAiC,GAAG;IAAC,KAAK,EAAE,MAAM,CAAA;CACA,CAAC;AAE9D,eAAO,MAAM,uBAAuB,GACnC,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAiC,GAAG;IAAC,KAAK,EAAE,SAAS,CAAA;CACA,CAAC;AAEjE,eAAO,MAAM,UAAU,GACtB,MAAM,eAAe,KACnB,IAAI,IAAI,wBAAwB,GAAG;IAAC,KAAK,EAAE,SAAS,CAAA;CACA,CAAC;AAGxD,eAAO,MAAM,UAAU,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,SAAS,CAAA;CACrE,CAAC;AAEzB,eAAO,MAAM,SAAS,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,QAAQ,CAAA;CACpE,CAAC;AAExB,eAAO,MAAM,WAAW,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,UAAU,CAAA;CACtE,CAAC;AAE1B,eAAO,MAAM,UAAU,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,SAAS,CAAA;CACrE,CAAC;AAEzB,eAAO,MAAM,SAAS,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,QAAQ,CAAA;CACpE,CAAC;AAKxB,eAAO,MAAM,iCAAiC,GAAI,OAAO,SAAS,MAAM,GAAG,MAAM,EAChF,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,CAAC,OAAO,CAAC,GAAG;IACpD,KAAK,EAAE,cAAc,CAAC;IACtB,IAAI,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC5B,KAAK,EAAE,OAAO,CAAC;CACkE,CAAC;AAEnF,eAAO,MAAM,sCAAsC,GAAI,OAAO,SAAS,MAAM,GAAG,MAAM,EACrF,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAiC,CAAC,OAAO,CAAC,GAAG;IACvD,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC5B,KAAK,EAAE,OAAO,CAAC;CACuE,CAAC;~~AAGxF~~,eAAO,MAAM,wBAAwB,GAAI,MAAM,eAAe,EAAE,IAAI,eAAe,KAAG,IAIrF,CAAC;AAEF,eAAO,MAAM,uBAAuB,GAAI,MAAM,UAAU,EAAE,OAAO,gBAAgB,KAAG,IAInF,CAAC;AAEF,eAAO,MAAM,yBAAyB,GAAI,MAAM,gBAAgB,EAAE,IAAI,gBAAgB,KAAG,IAKxF,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC7B,MAAM,UAAU,EAChB,WAAW,eAAe,EAC1B,UAAU,cAAc,KACtB,gBAAgB,GAAG,IAWrB,CAAC;AAEF,eAAO,MAAM,sBAAsB,GAAI,MAAM,UAAU,EAAE,OAAO,gBAAgB,KAAG,OAEpC,CAAC;AAEhD,eAAO,MAAM,kBAAkB,GAAI,MAAM,eAAe,KAAG,OAO1D,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC/B,MAAM,UAAU,EAChB,OAAO,gBAAgB,EACvB,QAAQ,MAAM,EACd,UAAU,cAAc,EACxB,OAAO,OAAO,KACZ,eAaD,CAAC;AAEH,eAAO,MAAM,qBAAqB,GACjC,OAAO,WAAW,KAChB,MAAM,CAAC;IAAC,KAAK,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;CAAC,EAAE;IAAC,KAAK,EAAE,kBAAkB,CAAA;CAAC,CAuBxE,CAAC"}
1	+ {"version":3,"file":"action_event_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_event_helpers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,4BAA4B,CAAC;AAEvD,OAAO,EACN,KAAK,eAAe,EACpB,KAAK,cAAc,EAInB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EACX,eAAe,EACf,8BAA8B,EAC9B,iCAAiC,EACjC,wBAAwB,EACxB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAC,gBAAgB,EAAE,eAAe,EAAE,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACpF,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAGnD,eAAO,MAAM,mBAAmB,GAC/B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAAkE,CAAC;AAE9E,eAAO,MAAM,sBAAsB,GAClC,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAwE,CAAC;AAEpF,eAAO,MAAM,aAAa,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,wBACnC,CAAC;AAG5B,eAAO,MAAM,eAAe,GAC3B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,cAAc,CAAA;CACA,CAAC;AAEnE,eAAO,MAAM,kBAAkB,GAC9B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,iBAAiB,CAAA;CACA,CAAC;AAEtE,eAAO,MAAM,gBAAgB,GAC5B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,eAAe,CAAA;CACA,CAAC;AAEpE,eAAO,MAAM,mBAAmB,GAC/B,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,GAAG;IAAC,KAAK,EAAE,kBAAkB,CAAA;CACA,CAAC;AAEvE,eAAO,MAAM,oBAAoB,GAChC,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAiC,GAAG;IAAC,KAAK,EAAE,MAAM,CAAA;CACA,CAAC;AAE9D,eAAO,MAAM,uBAAuB,GACnC,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAiC,GAAG;IAAC,KAAK,EAAE,SAAS,CAAA;CACA,CAAC;AAEjE,eAAO,MAAM,UAAU,GACtB,MAAM,eAAe,KACnB,IAAI,IAAI,wBAAwB,GAAG;IAAC,KAAK,EAAE,SAAS,CAAA;CACA,CAAC;AAGxD,eAAO,MAAM,UAAU,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,SAAS,CAAA;CACrE,CAAC;AAEzB,eAAO,MAAM,SAAS,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,QAAQ,CAAA;CACpE,CAAC;AAExB,eAAO,MAAM,WAAW,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,UAAU,CAAA;CACtE,CAAC;AAE1B,eAAO,MAAM,UAAU,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,SAAS,CAAA;CACrE,CAAC;AAEzB,eAAO,MAAM,SAAS,GAAI,MAAM,eAAe,KAAG,IAAI,IAAI,eAAe,GAAG;IAAC,IAAI,EAAE,QAAQ,CAAA;CACpE,CAAC;AAKxB,eAAO,MAAM,iCAAiC,GAAI,OAAO,SAAS,MAAM,GAAG,MAAM,EAChF,MAAM,eAAe,KACnB,IAAI,IAAI,8BAA8B,CAAC,OAAO,CAAC,GAAG;IACpD,KAAK,EAAE,cAAc,CAAC;IACtB,IAAI,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC5B,KAAK,EAAE,OAAO,CAAC;CACkE,CAAC;AAEnF,eAAO,MAAM,sCAAsC,GAAI,OAAO,SAAS,MAAM,GAAG,MAAM,EACrF,MAAM,eAAe,KACnB,IAAI,IAAI,iCAAiC,CAAC,OAAO,CAAC,GAAG;IACvD,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC5B,KAAK,EAAE,OAAO,CAAC;CACuE,CAAC;AAExF;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GAAI,MAAM,eAAe,EAAE,IAAI,eAAe,KAAG,IAIrF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GAAI,MAAM,UAAU,EAAE,OAAO,gBAAgB,KAAG,IAInF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,GAAI,MAAM,gBAAgB,EAAE,IAAI,gBAAgB,KAAG,IAKxF,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC7B,MAAM,UAAU,EAChB,WAAW,eAAe,EAC1B,UAAU,cAAc,KACtB,gBAAgB,GAAG,IAWrB,CAAC;AAEF,eAAO,MAAM,sBAAsB,GAAI,MAAM,UAAU,EAAE,OAAO,gBAAgB,KAAG,OAEpC,CAAC;AAEhD,eAAO,MAAM,kBAAkB,GAAI,MAAM,eAAe,KAAG,OAO1D,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC/B,MAAM,UAAU,EAChB,OAAO,gBAAgB,EACvB,QAAQ,MAAM,EACd,UAAU,cAAc,EACxB,OAAO,OAAO,KACZ,eAaD,CAAC;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,GACjC,OAAO,WAAW,KAChB,MAAM,CAAC;IAAC,KAAK,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;CAAC,EAAE;IAAC,KAAK,EAAE,kBAAkB,CAAA;CAAC,CAuBxE,CAAC"}

package/dist/actions/action_event_helpers.js CHANGED Viewed

@@ -27,17 +27,32 @@ export const is_failed = (data) => data.step === 'failed';
 // are created when transitioning from 'parsed' to 'handling'
 export const is_send_request_with_parsed_input = (data) => is_send_request(data) && (data.step === 'parsed' || data.step === 'handling');
 export const is_notification_send_with_parsed_input = (data) => is_notification_send(data) && (data.step === 'parsed' || data.step === 'handling');
-// Validation helpers
+/**
+ * Validate that a step transition is legal per `ACTION_EVENT_STEP_TRANSITIONS`.
+ *
+ * @throws Error if `from → to` is not a permitted transition
+ */
 export const validate_step_transition = (from, to) => {
     if (!ACTION_EVENT_STEP_TRANSITIONS[from].includes(to)) {
         throw new Error(`Invalid step transition from '${from}' to '${to}'`);
     }
 };
+/**
+ * Validate that `phase` is one of the phases allowed for `kind` per
+ * `ACTION_EVENT_PHASE_BY_KIND`.
+ *
+ * @throws Error if `phase` is not valid for `kind`
+ */
 export const validate_phase_for_kind = (kind, phase) => {
     if (!ACTION_EVENT_PHASE_BY_KIND[kind].includes(phase)) {
         throw new Error(`Invalid phase '${phase}' for ${kind} action`);
     }
 };
+/**
+ * Validate that a phase chain is legal per `ACTION_EVENT_PHASE_TRANSITIONS`.
+ *
+ * @throws Error if `from → to` is not the permitted next phase (or `from` is terminal)
+ */
 export const validate_phase_transition = (from, to) => {
     const expected = ACTION_EVENT_PHASE_TRANSITIONS[from];
     if (expected !== to) {
@@ -81,6 +96,16 @@ export const create_initial_data = (kind, phase, method, executor, input) => ({
     response: null,
     notification: null,
 });
+/**
+ * Pull the terminal `Result` from an action event.
+ *
+ * `data.error` populated → error path (covers both explicit `failed` and
+ * the unhandled `receive_error` / `send_error` case where no handler was
+ * registered for the error phase). `step === 'handled'` → success path.
+ *
+ * @throws Error if the event is in a non-terminal state (programming error —
+ *   callers should check `is_action_complete` first)
+ */
 export const extract_action_result = (event) => {
     const { data } = event;
     // `data.error` populated → error path. This covers two cases:

package/dist/actions/action_peer.d.ts CHANGED Viewed

@@ -31,8 +31,25 @@ export declare class ActionPeer {
     readonly transports: Transports;
     default_send_options: Omit<ActionPeerSendOptions, 'signal'>;
     constructor(options: ActionPeerOptions);
+    /**
+     * Resolve a transport (per-call name → default name → registry default)
+     * and forward the message. Catches unexpected throws and converts them
+     * to JSON-RPC error responses — this method never throws.
+     *
+     * @returns the response envelope for requests, or `null` for successful
+     *   notifications (`JsonrpcErrorResponse` if the notification's transport
+     *   send failed)
+     */
     send(message: JsonrpcRequest, options?: ActionPeerSendOptions): Promise<JsonrpcResponseOrError>;
     send(message: JsonrpcNotification, options?: ActionPeerSendOptions): Promise<JsonrpcErrorResponse | null>;
+    /**
+     * Dispatch an inbound JSON-RPC message — request, notification, or
+     * malformed envelope. Never throws; unexpected failures become
+     * JSON-RPC error responses.
+     *
+     * @returns response message for requests, `null` for notifications, or
+     *   an `invalid_request` error for malformed input
+     */
     receive(message: unknown): Promise<JsonrpcMessageFromServerToClient | null>;
 }
 //# sourceMappingURL=action_peer.d.ts.map

package/dist/actions/action_peer.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"action_peer.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_peer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAEN,gCAAgC,EAChC,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,MAAM,oBAAoB,CAAC;AAU5B,OAAO,EAAC,UAAU,EAAE,KAAK,aAAa,EAAE,KAAK,oBAAoB,EAAC,MAAM,iBAAiB,CAAC;AAC1F,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,yBAAyB,CAAC;AAOpE;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAsB,SAAQ,oBAAoB;IAClE,cAAc,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IACjC,WAAW,EAAE,sBAAsB,CAAC;IAGpC,UAAU,CAAC,EAAE,UAAU,CAAC;IAKxB,oBAAoB,CAAC,EAAE,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;CAC7D;AAED,qBAAa,UAAU;;IACtB,QAAQ,CAAC,WAAW,EAAE,sBAAsB,CAAC;IAC7C,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAMhC,oBAAoB,EAAE,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;gBAEhD,OAAO,EAAE,iBAAiB;~~IAOhC~~,IAAI,CACT,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,sBAAsB,CAAC;IAC5B,IAAI,CACT,OAAO,EAAE,mBAAmB,EAC5B,OAAO,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;~~IA8CjC~~,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,gCAAgC,GAAG,IAAI,CAAC;~~CAyIjF~~"}
1	+ {"version":3,"file":"action_peer.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_peer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAEN,gCAAgC,EAChC,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,MAAM,oBAAoB,CAAC;AAU5B,OAAO,EAAC,UAAU,EAAE,KAAK,aAAa,EAAE,KAAK,oBAAoB,EAAC,MAAM,iBAAiB,CAAC;AAC1F,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,yBAAyB,CAAC;AAOpE;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAsB,SAAQ,oBAAoB;IAClE,cAAc,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IACjC,WAAW,EAAE,sBAAsB,CAAC;IAGpC,UAAU,CAAC,EAAE,UAAU,CAAC;IAKxB,oBAAoB,CAAC,EAAE,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;CAC7D;AAED,qBAAa,UAAU;;IACtB,QAAQ,CAAC,WAAW,EAAE,sBAAsB,CAAC;IAC7C,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAMhC,oBAAoB,EAAE,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;gBAEhD,OAAO,EAAE,iBAAiB;IAMtC;;;;;;;;OAQG;IAEG,IAAI,CACT,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,sBAAsB,CAAC;IAC5B,IAAI,CACT,OAAO,EAAE,mBAAmB,EAC5B,OAAO,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA8CvC;;;;;;;OAOG;IACG,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,gCAAgC,GAAG,IAAI,CAAC;CAgIjF"}

package/dist/actions/action_peer.js CHANGED Viewed

@@ -48,6 +48,14 @@ export class ActionPeer {
             return create_jsonrpc_error_response_from_thrown(to_jsonrpc_message_id(message), error);
         } // TODO finally?
     }
+    /**
+     * Dispatch an inbound JSON-RPC message — request, notification, or
+     * malformed envelope. Never throws; unexpected failures become
+     * JSON-RPC error responses.
+     *
+     * @returns response message for requests, `null` for notifications, or
+     *   an `invalid_request` error for malformed input
+     */
     async receive(message) {
         try {
             const result = await this.#receive_message(message);
@@ -59,9 +67,6 @@ export class ActionPeer {
             return create_jsonrpc_error_response_from_thrown(to_jsonrpc_message_id(message), error);
         } // TODO finally?
     }
-    /**
-     * Processes a single JSON-RPC message, returning a response message if any.
-     */
     async #receive_message(message) {
         if (is_jsonrpc_request(message)) {
             return this.#receive_request(message);
@@ -74,9 +79,6 @@ export class ActionPeer {
             return create_jsonrpc_error_response(to_jsonrpc_message_id(message), jsonrpc_error_messages.invalid_request());
         }
     }
-    /**
-     * Processes a JSON-RPC request. Returns the response message.
-     */
     async #receive_request(request) {
         const spec = this.environment.lookup_action_spec(request.method);
         if (!spec) {
@@ -122,9 +124,6 @@ export class ActionPeer {
             return create_jsonrpc_error_response_from_thrown(request.id, error);
         }
     }
-    /**
-     * Processes a JSON-RPC notification. Returns nothing, no response exists.
-     */
     async #receive_notification(notification) {
         const spec = this.environment.lookup_action_spec(notification.method);
         if (!spec) {

package/dist/actions/action_registry.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * `ActionRegistry` — query and filter utility over `ActionSpecUnion[]`.
  *
- * Vocabulary (set in API review III, see the `docs/` directory and the SAES quest):
+ * Vocabulary (see the `docs/` directory):
  * - `*_handled_*` — request_response specs the named side **receives**
  *   (so the named side owns the handler). Used by codegen to emit typed
  *   handler maps.
@@ -27,10 +27,6 @@
  * @module
  */
 import type { ActionSpecUnion, RequestResponseActionSpec, RemoteNotificationActionSpec, LocalCallActionSpec } from './action_spec.js';
-/**
- * Utility class to manage and query action specifications.
- * Provides helper methods to get actions by various criteria.
- */
 export declare class ActionRegistry {
     #private;
     readonly specs: Array<ActionSpecUnion>;

package/dist/actions/action_registry.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"action_registry.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,KAAK,EACX,eAAe,EACf,yBAAyB,EACzB,4BAA4B,EAC5B,mBAAmB,EACnB,MAAM,kBAAkB,CAAC;~~AAS1B;;;GAGG;AACH~~,qBAAa,cAAc;;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;gBAE3B,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC;IAKzC,IAAI,cAAc,IAAI,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAEjD;IAED,IAAI,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAE3B;IAID,IAAI,sBAAsB,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAE7D;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAEnE;IAED,IAAI,gBAAgB,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAEjD;IAED,IAAI,wBAAwB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE5C;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAED,IAAI,kBAAkB,IAAI,KAAK,CAAC,MAAM,CAAC,CAEtC;IAOD,IAAI,0BAA0B,IAAI,KAAK,CAAC,eAAe,CAAC,CAEvD;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEtD;IAED,IAAI,4BAA4B,IAAI,KAAK,CAAC,MAAM,CAAC,CAEhD;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAOD,IAAI,sBAAsB,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAE7D;IAED,IAAI,qBAAqB,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAE5D;IAED,IAAI,wBAAwB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE5C;IAED,IAAI,uBAAuB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE3C;IASD,IAAI,eAAe,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAKzD;IAED,IAAI,iBAAiB,IAAI,KAAK,CAAC,MAAM,CAAC,CAErC;IAED,IAAI,uBAAuB,IAAI,KAAK,CAAC,eAAe,CAAC,CAKpD;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE7C;IAID,IAAI,yBAAyB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEtD;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEtD;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAID,IAAI,YAAY,IAAI,KAAK,CAAC,eAAe,CAAC,CAEzC;IAED,IAAI,mBAAmB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEhD;IAED,IAAI,cAAc,IAAI,KAAK,CAAC,MAAM,CAAC,CAElC;IAED,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,CAAC,CAEzC;CAaD"}
1	+ {"version":3,"file":"action_registry.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,KAAK,EACX,eAAe,EACf,yBAAyB,EACzB,4BAA4B,EAC5B,mBAAmB,EACnB,MAAM,kBAAkB,CAAC;AAO1B,qBAAa,cAAc;;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;gBAE3B,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC;IAKzC,IAAI,cAAc,IAAI,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAEjD;IAED,IAAI,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,CAE3B;IAID,IAAI,sBAAsB,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAE7D;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAEnE;IAED,IAAI,gBAAgB,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAEjD;IAED,IAAI,wBAAwB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE5C;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAED,IAAI,kBAAkB,IAAI,KAAK,CAAC,MAAM,CAAC,CAEtC;IAOD,IAAI,0BAA0B,IAAI,KAAK,CAAC,eAAe,CAAC,CAEvD;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEtD;IAED,IAAI,4BAA4B,IAAI,KAAK,CAAC,MAAM,CAAC,CAEhD;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAOD,IAAI,sBAAsB,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAE7D;IAED,IAAI,qBAAqB,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAE5D;IAED,IAAI,wBAAwB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE5C;IAED,IAAI,uBAAuB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE3C;IASD,IAAI,eAAe,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAKzD;IAED,IAAI,iBAAiB,IAAI,KAAK,CAAC,MAAM,CAAC,CAErC;IAED,IAAI,uBAAuB,IAAI,KAAK,CAAC,eAAe,CAAC,CAKpD;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,MAAM,CAAC,CAE7C;IAID,IAAI,yBAAyB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEtD;IAED,IAAI,yBAAyB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEtD;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAED,IAAI,2BAA2B,IAAI,KAAK,CAAC,MAAM,CAAC,CAE/C;IAID,IAAI,YAAY,IAAI,KAAK,CAAC,eAAe,CAAC,CAEzC;IAED,IAAI,mBAAmB,IAAI,KAAK,CAAC,eAAe,CAAC,CAEhD;IAED,IAAI,cAAc,IAAI,KAAK,CAAC,MAAM,CAAC,CAElC;IAED,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,CAAC,CAEzC;CAaD"}

package/dist/actions/action_registry.js CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * `ActionRegistry` — query and filter utility over `ActionSpecUnion[]`.
  *
- * Vocabulary (set in API review III, see the `docs/` directory and the SAES quest):
+ * Vocabulary (see the `docs/` directory):
  * - `*_handled_*` — request_response specs the named side **receives**
  *   (so the named side owns the handler). Used by codegen to emit typed
  *   handler maps.
@@ -26,16 +26,10 @@
  *
  * @module
  */
-// TODO @action-system-review Many getters below are stub API surface — only
-// `spec_by_method`, `methods`, the kind-narrow `*_specs` (`request_response_specs`,
-// `remote_notification_specs`, `local_call_specs`), the `*_handled_*` pair,
-// the `*_relevant_to_*` pair, and `broadcast_*` / `backend_initiated_*` are
-// used by codegen. The auth + initiator-direction getters are pre-built for
-// future use. Revisit which getters to keep when the action system matures.
-/**
- * Utility class to manage and query action specifications.
- * Provides helper methods to get actions by various criteria.
- */
+// The auth (`public_*`, `authenticated_*`) and initiator-direction
+// (`backend_to_frontend_*`, `frontend_to_backend_*`) getters are pre-built
+// API surface unused by codegen today; kept low-cost for future filtering
+// without a registry change.
 export class ActionRegistry {
     specs;
     constructor(specs) {

package/dist/actions/action_rpc.d.ts CHANGED Viewed

@@ -18,6 +18,7 @@ import { type RouteSpec } from '../http/route_spec.js';
 import { type RequestContext } from '../auth/request_context.js';
 import type { Db } from '../db/db.js';
 import { type JsonrpcRequestId } from '../http/jsonrpc.js';
+import type { RateLimiter } from '../rate_limiter.js';
 /**
  * Per-request context provided to RPC action handlers.
  *
@@ -108,6 +109,21 @@ export interface CreateRpcEndpointOptions {
     actions: Array<RpcAction>;
     /** Logger instance for handler context. */
     log: Logger;
+    /**
+     * Per-IP rate limiter consulted for actions whose spec declares
+     * `rate_limit: 'ip'` or `'both'`. `null` disables the IP check.
+     * Per-action gate via `action.spec.rate_limit`. Same limiter is
+     * shared with the WebSocket action dispatcher — one budget per
+     * action, not per transport.
+     */
+    action_ip_rate_limiter?: RateLimiter | null;
+    /**
+     * Per-actor rate limiter consulted for actions whose spec declares
+     * `rate_limit: 'account'` or `'both'`. Keyed on
+     * `request_context.actor.id`. `null` disables the account check.
+     * Same limiter is shared with the WebSocket action dispatcher.
+     */
+    action_account_rate_limiter?: RateLimiter | null;
 }
 /**
  * Single JSON-RPC 2.0 endpoint — the canonical RPC transport binding.
@@ -132,6 +148,10 @@ export interface CreateRpcEndpointOptions {
  *
  * @param options - endpoint path, actions, and logger
  * @returns route specs (GET + POST) ready for `apply_route_specs`
+ * @throws Error if two actions share the same `spec.method` (registration-time
+ *   duplicate detection); also throws if any action's `spec.input` is
+ *   `z.null()` (JSON-RPC 2.0 §4.2 forbids `params: null` on the wire — use
+ *   `z.void()` for parameterless methods).
  */
 export declare const create_rpc_endpoint: (options: CreateRpcEndpointOptions) => Array<RouteSpec>;
 //# sourceMappingURL=action_rpc.d.ts.map

package/dist/actions/action_rpc.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"action_rpc.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_rpc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAoB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAExE,OAAO,EAAgC,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAE9F,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,OAAO,EAGN,KAAK,gBAAgB,EAGrB,MAAM,oBAAoB,CAAC;~~AAW5B~~;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC7B,+DAA+D;IAC/D,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IAC5B,iDAAiD;IACjD,UAAU,EAAE,gBAAgB,CAAC;IAC7B,8DAA8D;IAC9D,EAAE,EAAE,EAAE,CAAC;IACP,oFAAoF;IACpF,aAAa,EAAE,EAAE,CAAC;IAClB,2EAA2E;IAC3E,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC;;;;;;;OAOG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;;;OAQG;IACH,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;IAClD;;;;OAIG;IACH,MAAM,EAAE,WAAW,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,MAAM,aAAa,CAAC,MAAM,GAAG,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,CACxD,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,aAAa,KACd,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,yBAAyB,CAAC;IAChC,OAAO,EAAE,aAAa,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK,SAAS,yBAAyB,EACjE,MAAM,KAAK,EACX,SAAS,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,KACvE,SAGD,CAAC;AAEH,yCAAyC;AACzC,MAAM,WAAW,wBAAwB;IACxC,sDAAsD;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC1B,2CAA2C;IAC3C,GAAG,EAAE,MAAM,CAAC;~~CACZ~~;~~AA4DD;;;;;;;;;;;;;;;;;;;;;;;GAuBG~~;AACH,eAAO,MAAM,mBAAmB,GAAI,SAAS,wBAAwB,KAAG,KAAK,CAAC,SAAS,~~CAsQtF~~,CAAC"}
1	+ {"version":3,"file":"action_rpc.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/action_rpc.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAoB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAExE,OAAO,EAAgC,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAE9F,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,OAAO,EAGN,KAAK,gBAAgB,EAGrB,MAAM,oBAAoB,CAAC;AAU5B,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAEpD;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC7B,+DAA+D;IAC/D,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IAC5B,iDAAiD;IACjD,UAAU,EAAE,gBAAgB,CAAC;IAC7B,8DAA8D;IAC9D,EAAE,EAAE,EAAE,CAAC;IACP,oFAAoF;IACpF,aAAa,EAAE,EAAE,CAAC;IAClB,2EAA2E;IAC3E,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC;;;;;;;OAOG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;;;OAQG;IACH,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;IAClD;;;;OAIG;IACH,MAAM,EAAE,WAAW,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,MAAM,aAAa,CAAC,MAAM,GAAG,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,CACxD,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,aAAa,KACd,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,yBAAyB,CAAC;IAChC,OAAO,EAAE,aAAa,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK,SAAS,yBAAyB,EACjE,MAAM,KAAK,EACX,SAAS,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,KACvE,SAGD,CAAC;AAEH,yCAAyC;AACzC,MAAM,WAAW,wBAAwB;IACxC,sDAAsD;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC1B,2CAA2C;IAC3C,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;CACjD;AAkDD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,eAAO,MAAM,mBAAmB,GAAI,SAAS,wBAAwB,KAAG,KAAK,CAAC,SAAS,CAkTtF,CAAC"}

package/dist/actions/action_rpc.js CHANGED Viewed

@@ -43,13 +43,6 @@ export const rpc_action = (spec, handler) => ({
     spec,
     handler: handler,
 });
-/**
- * Format a JSON-RPC error response.
- *
- * @param id - the request id (null if unknown)
- * @param error - the error object
- * @returns a JSON-RPC error response object
- */
 const jsonrpc_error_response = (id, error) => ({
     jsonrpc: JSONRPC_VERSION,
     id,
@@ -58,10 +51,7 @@ const jsonrpc_error_response = (id, error) => ({
 /**
  * Check auth for an action spec against the request context.
  *
- * @param auth - the action's auth requirement
- * @param request_context - the resolved identity (null if unauthenticated)
- * @param credential_type - how the request was authenticated (session, api_token, daemon_token)
- * @returns an error json if auth fails, or null if authorized
+ * @returns a JSON-RPC error object if auth fails, or `null` if authorized
  */
 const check_action_auth = (auth, request_context, credential_type) => {
     if (auth === 'public')
@@ -118,9 +108,13 @@ const check_action_auth = (auth, request_context, credential_type) => {
  *
  * @param options - endpoint path, actions, and logger
  * @returns route specs (GET + POST) ready for `apply_route_specs`
+ * @throws Error if two actions share the same `spec.method` (registration-time
+ *   duplicate detection); also throws if any action's `spec.input` is
+ *   `z.null()` (JSON-RPC 2.0 §4.2 forbids `params: null` on the wire — use
+ *   `z.void()` for parameterless methods).
  */
 export const create_rpc_endpoint = (options) => {
-    const { path: endpoint_path, actions, log } = options;
+    const { path: endpoint_path, actions, log, action_ip_rate_limiter = null, action_account_rate_limiter = null, } = options;
     // build action lookup map
     const action_map = new Map();
     for (const action of actions) {
@@ -130,18 +124,18 @@ export const create_rpc_endpoint = (options) => {
         if (is_null_schema(action.spec.input)) {
             throw new Error(`RPC action "${action.spec.method}" uses z.null() for input — JSON-RPC 2.0 §4.2 forbids "params": null on the wire (must be omitted or be a Structured value). Use z.void() for parameterless methods.`);
         }
+        // Reject account-keyed rate limiting on public actions — there's no
+        // actor post-auth, so the account bucket has no key to consume.
+        if ((action.spec.rate_limit === 'account' || action.spec.rate_limit === 'both') &&
+            action.spec.auth === 'public') {
+            throw new Error(`RPC action "${action.spec.method}" declares rate_limit: '${action.spec.rate_limit}' but auth: 'public' — no actor available for account-keyed limiting. Use 'ip' or change auth.`);
+        }
         action_map.set(action.spec.method, action);
     }
     /**
      * Core dispatcher — shared by GET and POST handlers.
      *
-     * @param c - Hono context
-     * @param route - route context with db and pending_effects
-     * @param method_name - the JSON-RPC method name
-     * @param raw_params - the raw params (parsed from body or query string)
-     * @param id - the request id
-     * @param restrict_to_reads - true for GET requests (reject side_effects actions)
-     * @returns a Response
+     * @param restrict_to_reads - `true` for GET (rejects `side_effects: true` actions)
      */
     const dispatch = async (c, route, method_name, raw_params, id, restrict_to_reads) => {
         // step 2: lookup method
@@ -165,6 +159,38 @@ export const create_rpc_endpoint = (options) => {
             const error = jsonrpc_error_response(id, auth_error);
             return c.json(error, jsonrpc_error_code_to_http_status(auth_error.code));
         }
+        // step 3.5: rate limit — throttle-requests semantics (record on every
+        // invocation, no success-reset). Suits admin mutation oracles where
+        // the *successful* call is the threat. Different from REST login's
+        // throttle-failures pattern that resets on success. Silent partial
+        // enforcement: a key is checked iff its bucket's limiter is wired —
+        // `rate_limit: 'both'` with only one limiter set runs only that side.
+        const rate_limit = action.spec.rate_limit;
+        const client_ip = get_client_ip(c);
+        if (rate_limit) {
+            const ip_check = action_ip_rate_limiter && (rate_limit === 'ip' || rate_limit === 'both');
+            const account_check = action_account_rate_limiter &&
+                request_context &&
+                (rate_limit === 'account' || rate_limit === 'both');
+            const reject = (retry_after) => {
+                const error = jsonrpc_error_response(id, jsonrpc_error_messages.rate_limited('rate limited', { retry_after }));
+                return c.json(error, jsonrpc_error_code_to_http_status(JSONRPC_ERROR_CODES.rate_limited));
+            };
+            if (ip_check) {
+                const result = action_ip_rate_limiter.check(client_ip);
+                if (!result.allowed)
+                    return reject(result.retry_after);
+            }
+            if (account_check) {
+                const result = action_account_rate_limiter.check(request_context.actor.id);
+                if (!result.allowed)
+                    return reject(result.retry_after);
+            }
+            if (ip_check)
+                action_ip_rate_limiter.record(client_ip);
+            if (account_check)
+                action_account_rate_limiter.record(request_context.actor.id);
+        }
         // step 4: validate params
         // Missing `params` on the envelope maps to `undefined` for `z.void()`
         // input schemas and `{}` for object inputs (matches HTTP's "empty
@@ -191,7 +217,6 @@ export const create_rpc_endpoint = (options) => {
             }
         };
         const signal = c.req.raw.signal;
-        const client_ip = get_client_ip(c);
         const execute = async (db) => {
             const action_context = {
                 auth: request_context,