@fuzdev/fuz_app 0.51.0 → 0.53.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions/CLAUDE.md +43 -10
- package/dist/actions/action_bridge.d.ts +3 -1
- package/dist/actions/action_bridge.d.ts.map +1 -1
- package/dist/actions/action_bridge.js +3 -1
- package/dist/actions/action_codegen.d.ts +28 -43
- package/dist/actions/action_codegen.d.ts.map +1 -1
- package/dist/actions/action_codegen.js +31 -50
- package/dist/actions/action_event.d.ts +44 -1
- package/dist/actions/action_event.d.ts.map +1 -1
- package/dist/actions/action_event.js +44 -1
- package/dist/actions/action_event_helpers.d.ts +26 -0
- package/dist/actions/action_event_helpers.d.ts.map +1 -1
- package/dist/actions/action_event_helpers.js +26 -1
- package/dist/actions/action_peer.d.ts +17 -0
- package/dist/actions/action_peer.d.ts.map +1 -1
- package/dist/actions/action_peer.js +8 -9
- package/dist/actions/action_registry.d.ts +1 -5
- package/dist/actions/action_registry.d.ts.map +1 -1
- package/dist/actions/action_registry.js +5 -11
- package/dist/actions/action_rpc.d.ts +20 -0
- package/dist/actions/action_rpc.d.ts.map +1 -1
- package/dist/actions/action_rpc.js +45 -20
- package/dist/actions/action_spec.d.ts +75 -6
- package/dist/actions/action_spec.d.ts.map +1 -1
- package/dist/actions/action_spec.js +36 -6
- package/dist/actions/frontend_rpc_client.d.ts +1 -9
- package/dist/actions/frontend_rpc_client.d.ts.map +1 -1
- package/dist/actions/frontend_rpc_client.js +1 -9
- package/dist/actions/register_action_ws.d.ts +19 -0
- package/dist/actions/register_action_ws.d.ts.map +1 -1
- package/dist/actions/register_action_ws.js +44 -1
- package/dist/actions/register_ws_endpoint.d.ts +3 -0
- package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
- package/dist/actions/register_ws_endpoint.js +3 -0
- package/dist/actions/request_tracker.svelte.d.ts +24 -16
- package/dist/actions/request_tracker.svelte.d.ts.map +1 -1
- package/dist/actions/request_tracker.svelte.js +24 -16
- package/dist/actions/rpc_client.d.ts +0 -1
- package/dist/actions/rpc_client.d.ts.map +1 -1
- package/dist/actions/rpc_client.js +3 -17
- package/dist/actions/socket.svelte.d.ts +35 -16
- package/dist/actions/socket.svelte.d.ts.map +1 -1
- package/dist/actions/socket.svelte.js +33 -14
- package/dist/actions/transports.d.ts +15 -5
- package/dist/actions/transports.d.ts.map +1 -1
- package/dist/actions/transports.js +15 -15
- package/dist/actions/transports_http.d.ts +7 -0
- package/dist/actions/transports_http.d.ts.map +1 -1
- package/dist/actions/transports_http.js +7 -0
- package/dist/actions/transports_ws.d.ts +13 -0
- package/dist/actions/transports_ws.d.ts.map +1 -1
- package/dist/actions/transports_ws.js +13 -0
- package/dist/actions/transports_ws_auth_guard.d.ts +6 -4
- package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
- package/dist/actions/transports_ws_auth_guard.js +6 -4
- package/dist/actions/transports_ws_backend.d.ts +14 -1
- package/dist/actions/transports_ws_backend.d.ts.map +1 -1
- package/dist/actions/transports_ws_backend.js +14 -10
- package/dist/auth/CLAUDE.md +64 -18
- package/dist/auth/account_queries.d.ts +7 -0
- package/dist/auth/account_queries.d.ts.map +1 -1
- package/dist/auth/account_queries.js +7 -0
- package/dist/auth/admin_action_specs.d.ts +5 -0
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +5 -0
- package/dist/auth/admin_actions.d.ts +1 -0
- package/dist/auth/admin_actions.d.ts.map +1 -1
- package/dist/auth/admin_actions.js +1 -0
- package/dist/auth/api_token_queries.d.ts +6 -0
- package/dist/auth/api_token_queries.d.ts.map +1 -1
- package/dist/auth/api_token_queries.js +6 -0
- package/dist/auth/app_settings_queries.d.ts +4 -0
- package/dist/auth/app_settings_queries.d.ts.map +1 -1
- package/dist/auth/app_settings_queries.js +4 -0
- package/dist/auth/audit_log_queries.d.ts +5 -0
- package/dist/auth/audit_log_queries.d.ts.map +1 -1
- package/dist/auth/audit_log_queries.js +5 -0
- package/dist/auth/audit_log_routes.d.ts +2 -2
- package/dist/auth/audit_log_routes.js +2 -2
- package/dist/auth/audit_log_schema.d.ts +2 -0
- package/dist/auth/audit_log_schema.d.ts.map +1 -1
- package/dist/auth/audit_log_schema.js +134 -55
- package/dist/auth/bearer_auth.d.ts +2 -0
- package/dist/auth/bearer_auth.d.ts.map +1 -1
- package/dist/auth/bearer_auth.js +2 -0
- package/dist/auth/bootstrap_account.d.ts +3 -0
- package/dist/auth/bootstrap_account.d.ts.map +1 -1
- package/dist/auth/bootstrap_account.js +3 -0
- package/dist/auth/cleanup.d.ts +6 -0
- package/dist/auth/cleanup.d.ts.map +1 -1
- package/dist/auth/cleanup.js +6 -0
- package/dist/auth/daemon_token_middleware.d.ts +4 -0
- package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
- package/dist/auth/daemon_token_middleware.js +4 -0
- package/dist/auth/invite_queries.d.ts +3 -0
- package/dist/auth/invite_queries.d.ts.map +1 -1
- package/dist/auth/invite_queries.js +3 -0
- package/dist/auth/permit_offer_action_specs.d.ts +6 -0
- package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
- package/dist/auth/permit_offer_action_specs.js +11 -0
- package/dist/auth/permit_offer_queries.d.ts +18 -0
- package/dist/auth/permit_offer_queries.d.ts.map +1 -1
- package/dist/auth/permit_offer_queries.js +18 -0
- package/dist/auth/permit_queries.d.ts +7 -0
- package/dist/auth/permit_queries.d.ts.map +1 -1
- package/dist/auth/permit_queries.js +7 -0
- package/dist/auth/request_context.d.ts +1 -0
- package/dist/auth/request_context.d.ts.map +1 -1
- package/dist/auth/request_context.js +1 -0
- package/dist/auth/role_schema.d.ts +2 -0
- package/dist/auth/role_schema.d.ts.map +1 -1
- package/dist/auth/role_schema.js +2 -0
- package/dist/auth/self_service_role_actions.d.ts +1 -0
- package/dist/auth/self_service_role_actions.d.ts.map +1 -1
- package/dist/auth/self_service_role_actions.js +1 -0
- package/dist/auth/session_lifecycle.d.ts +2 -0
- package/dist/auth/session_lifecycle.d.ts.map +1 -1
- package/dist/auth/session_lifecycle.js +2 -0
- package/dist/auth/session_middleware.d.ts +1 -0
- package/dist/auth/session_middleware.d.ts.map +1 -1
- package/dist/auth/session_middleware.js +1 -0
- package/dist/auth/session_queries.d.ts +9 -0
- package/dist/auth/session_queries.d.ts.map +1 -1
- package/dist/auth/session_queries.js +9 -0
- package/dist/cli/config.d.ts +1 -2
- package/dist/cli/config.d.ts.map +1 -1
- package/dist/cli/config.js +1 -2
- package/dist/cli/daemon.d.ts +6 -1
- package/dist/cli/daemon.d.ts.map +1 -1
- package/dist/cli/daemon.js +6 -1
- package/dist/db/assert_row.d.ts +2 -1
- package/dist/db/assert_row.d.ts.map +1 -1
- package/dist/db/assert_row.js +2 -1
- package/dist/db/create_db.d.ts +3 -1
- package/dist/db/create_db.d.ts.map +1 -1
- package/dist/db/create_db.js +3 -1
- package/dist/db/db.d.ts +15 -4
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/db.js +14 -3
- package/dist/db/db_pg.d.ts +4 -3
- package/dist/db/db_pg.d.ts.map +1 -1
- package/dist/db/db_pg.js +7 -5
- package/dist/db/db_pglite.d.ts +4 -4
- package/dist/db/db_pglite.js +4 -4
- package/dist/db/migrate.d.ts +7 -4
- package/dist/db/migrate.d.ts.map +1 -1
- package/dist/db/migrate.js +5 -2
- package/dist/db/sql_identifier.d.ts +2 -1
- package/dist/db/sql_identifier.d.ts.map +1 -1
- package/dist/db/sql_identifier.js +2 -1
- package/dist/db/status.d.ts +4 -1
- package/dist/db/status.d.ts.map +1 -1
- package/dist/db/status.js +5 -2
- package/dist/dev/setup.d.ts +15 -2
- package/dist/dev/setup.d.ts.map +1 -1
- package/dist/dev/setup.js +15 -2
- package/dist/env/dotenv.d.ts +2 -1
- package/dist/env/dotenv.d.ts.map +1 -1
- package/dist/env/dotenv.js +2 -1
- package/dist/env/load.d.ts +1 -3
- package/dist/env/load.d.ts.map +1 -1
- package/dist/env/load.js +1 -3
- package/dist/env/resolve.d.ts +1 -1
- package/dist/env/resolve.js +1 -1
- package/dist/env/update_env_variable.d.ts +2 -0
- package/dist/env/update_env_variable.d.ts.map +1 -1
- package/dist/env/update_env_variable.js +2 -0
- package/dist/hono_context.d.ts +2 -5
- package/dist/hono_context.d.ts.map +1 -1
- package/dist/hono_context.js +2 -5
- package/dist/http/common_routes.d.ts +0 -8
- package/dist/http/common_routes.d.ts.map +1 -1
- package/dist/http/common_routes.js +0 -8
- package/dist/http/db_routes.d.ts +0 -3
- package/dist/http/db_routes.d.ts.map +1 -1
- package/dist/http/db_routes.js +0 -3
- package/dist/http/error_schemas.d.ts +12 -11
- package/dist/http/error_schemas.d.ts.map +1 -1
- package/dist/http/error_schemas.js +11 -7
- package/dist/http/jsonrpc_errors.d.ts +0 -6
- package/dist/http/jsonrpc_errors.d.ts.map +1 -1
- package/dist/http/jsonrpc_errors.js +0 -6
- package/dist/http/origin.d.ts +6 -13
- package/dist/http/origin.d.ts.map +1 -1
- package/dist/http/origin.js +7 -14
- package/dist/http/pending_effects.d.ts +4 -0
- package/dist/http/pending_effects.d.ts.map +1 -1
- package/dist/http/pending_effects.js +4 -0
- package/dist/http/proxy.d.ts +3 -6
- package/dist/http/proxy.d.ts.map +1 -1
- package/dist/http/proxy.js +3 -6
- package/dist/http/route_spec.d.ts +14 -35
- package/dist/http/route_spec.d.ts.map +1 -1
- package/dist/http/route_spec.js +17 -22
- package/dist/http/schema_helpers.d.ts +0 -4
- package/dist/http/schema_helpers.d.ts.map +1 -1
- package/dist/http/schema_helpers.js +0 -4
- package/dist/http/surface.d.ts +2 -12
- package/dist/http/surface.d.ts.map +1 -1
- package/dist/http/surface.js +1 -12
- package/dist/rate_limiter.d.ts +30 -1
- package/dist/rate_limiter.d.ts.map +1 -1
- package/dist/rate_limiter.js +40 -1
- package/dist/realtime/sse.d.ts +7 -2
- package/dist/realtime/sse.d.ts.map +1 -1
- package/dist/realtime/sse.js +3 -2
- package/dist/realtime/sse_auth_guard.d.ts +21 -21
- package/dist/realtime/sse_auth_guard.d.ts.map +1 -1
- package/dist/realtime/sse_auth_guard.js +24 -24
- package/dist/realtime/subscriber_registry.d.ts +4 -5
- package/dist/realtime/subscriber_registry.d.ts.map +1 -1
- package/dist/realtime/subscriber_registry.js +4 -5
- package/dist/runtime/fs.d.ts +5 -3
- package/dist/runtime/fs.d.ts.map +1 -1
- package/dist/runtime/fs.js +5 -3
- package/dist/runtime/mock.d.ts +6 -3
- package/dist/runtime/mock.d.ts.map +1 -1
- package/dist/runtime/mock.js +6 -3
- package/dist/server/app_backend.d.ts +1 -0
- package/dist/server/app_backend.d.ts.map +1 -1
- package/dist/server/app_backend.js +1 -0
- package/dist/server/app_server.d.ts +31 -5
- package/dist/server/app_server.d.ts.map +1 -1
- package/dist/server/app_server.js +23 -7
- package/dist/server/startup.d.ts +0 -2
- package/dist/server/startup.d.ts.map +1 -1
- package/dist/server/startup.js +0 -2
- package/dist/server/static.d.ts +0 -1
- package/dist/server/static.d.ts.map +1 -1
- package/dist/server/static.js +0 -1
- package/dist/server/validate_nginx.d.ts +3 -3
- package/dist/server/validate_nginx.d.ts.map +1 -1
- package/dist/server/validate_nginx.js +0 -3
- package/dist/testing/CLAUDE.md +1 -1
- package/dist/testing/admin_integration.d.ts +5 -1
- package/dist/testing/admin_integration.d.ts.map +1 -1
- package/dist/testing/admin_integration.js +8 -6
- package/dist/testing/adversarial_404.d.ts +0 -2
- package/dist/testing/adversarial_404.d.ts.map +1 -1
- package/dist/testing/adversarial_404.js +0 -2
- package/dist/testing/adversarial_headers.d.ts +5 -4
- package/dist/testing/adversarial_headers.d.ts.map +1 -1
- package/dist/testing/adversarial_headers.js +5 -4
- package/dist/testing/adversarial_input.d.ts +4 -2
- package/dist/testing/adversarial_input.d.ts.map +1 -1
- package/dist/testing/adversarial_input.js +4 -2
- package/dist/testing/app_server.d.ts +25 -0
- package/dist/testing/app_server.d.ts.map +1 -1
- package/dist/testing/app_server.js +11 -2
- package/dist/testing/assertions.d.ts +23 -11
- package/dist/testing/assertions.d.ts.map +1 -1
- package/dist/testing/assertions.js +23 -11
- package/dist/testing/attack_surface.d.ts +0 -4
- package/dist/testing/attack_surface.d.ts.map +1 -1
- package/dist/testing/attack_surface.js +0 -4
- package/dist/testing/audit_completeness.d.ts +4 -1
- package/dist/testing/audit_completeness.d.ts.map +1 -1
- package/dist/testing/audit_completeness.js +4 -1
- package/dist/testing/auth_apps.d.ts +5 -10
- package/dist/testing/auth_apps.d.ts.map +1 -1
- package/dist/testing/auth_apps.js +5 -10
- package/dist/testing/data_exposure.d.ts +0 -11
- package/dist/testing/data_exposure.d.ts.map +1 -1
- package/dist/testing/data_exposure.js +0 -11
- package/dist/testing/db.d.ts +9 -7
- package/dist/testing/db.d.ts.map +1 -1
- package/dist/testing/db.js +9 -7
- package/dist/testing/error_coverage.d.ts +9 -14
- package/dist/testing/error_coverage.d.ts.map +1 -1
- package/dist/testing/error_coverage.js +9 -14
- package/dist/testing/integration.d.ts +4 -1
- package/dist/testing/integration.d.ts.map +1 -1
- package/dist/testing/integration.js +4 -1
- package/dist/testing/integration_helpers.d.ts +5 -34
- package/dist/testing/integration_helpers.d.ts.map +1 -1
- package/dist/testing/integration_helpers.js +5 -41
- package/dist/testing/middleware.d.ts +5 -10
- package/dist/testing/middleware.d.ts.map +1 -1
- package/dist/testing/middleware.js +5 -10
- package/dist/testing/mock_fs.d.ts +0 -2
- package/dist/testing/mock_fs.d.ts.map +1 -1
- package/dist/testing/mock_fs.js +0 -2
- package/dist/testing/rate_limiting.d.ts +3 -1
- package/dist/testing/rate_limiting.d.ts.map +1 -1
- package/dist/testing/rate_limiting.js +3 -1
- package/dist/testing/round_trip.d.ts +0 -2
- package/dist/testing/round_trip.d.ts.map +1 -1
- package/dist/testing/round_trip.js +0 -2
- package/dist/testing/rpc_attack_surface.d.ts +0 -2
- package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
- package/dist/testing/rpc_attack_surface.js +0 -2
- package/dist/testing/rpc_helpers.d.ts +21 -14
- package/dist/testing/rpc_helpers.d.ts.map +1 -1
- package/dist/testing/rpc_helpers.js +21 -14
- package/dist/testing/rpc_round_trip.d.ts +0 -2
- package/dist/testing/rpc_round_trip.d.ts.map +1 -1
- package/dist/testing/rpc_round_trip.js +0 -2
- package/dist/testing/schema_generators.d.ts +5 -3
- package/dist/testing/schema_generators.d.ts.map +1 -1
- package/dist/testing/schema_generators.js +22 -3
- package/dist/testing/sse_round_trip.d.ts +3 -1
- package/dist/testing/sse_round_trip.d.ts.map +1 -1
- package/dist/testing/sse_round_trip.js +3 -1
- package/dist/testing/standard.d.ts +0 -2
- package/dist/testing/standard.d.ts.map +1 -1
- package/dist/testing/standard.js +0 -2
- package/dist/testing/stubs.d.ts +8 -3
- package/dist/testing/stubs.d.ts.map +1 -1
- package/dist/testing/stubs.js +10 -3
- package/dist/testing/surface_invariants.d.ts +14 -3
- package/dist/testing/surface_invariants.d.ts.map +1 -1
- package/dist/testing/surface_invariants.js +14 -3
- package/dist/testing/ws_round_trip.d.ts +13 -1
- package/dist/testing/ws_round_trip.d.ts.map +1 -1
- package/dist/ui/AccountSessions.svelte +9 -0
- package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
- package/dist/ui/AdminAccounts.svelte +10 -0
- package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
- package/dist/ui/AdminAuditLog.svelte +10 -0
- package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
- package/dist/ui/AdminInvites.svelte +9 -0
- package/dist/ui/AdminInvites.svelte.d.ts.map +1 -1
- package/dist/ui/AdminOverview.svelte +10 -0
- package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
- package/dist/ui/AdminPermitHistory.svelte +9 -0
- package/dist/ui/AdminPermitHistory.svelte.d.ts.map +1 -1
- package/dist/ui/AdminSessions.svelte +10 -0
- package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
- package/dist/ui/AdminSettings.svelte +9 -0
- package/dist/ui/AdminSettings.svelte.d.ts.map +1 -1
- package/dist/ui/AdminSurface.svelte +9 -0
- package/dist/ui/AdminSurface.svelte.d.ts.map +1 -1
- package/dist/ui/AppShell.svelte +24 -0
- package/dist/ui/AppShell.svelte.d.ts +23 -0
- package/dist/ui/AppShell.svelte.d.ts.map +1 -1
- package/dist/ui/BootstrapForm.svelte +17 -0
- package/dist/ui/BootstrapForm.svelte.d.ts +4 -0
- package/dist/ui/BootstrapForm.svelte.d.ts.map +1 -1
- package/dist/ui/CLAUDE.md +1 -1
- package/dist/ui/ColumnLayout.svelte +11 -0
- package/dist/ui/ColumnLayout.svelte.d.ts +10 -0
- package/dist/ui/ColumnLayout.svelte.d.ts.map +1 -1
- package/dist/ui/Datatable.svelte +18 -0
- package/dist/ui/Datatable.svelte.d.ts +17 -0
- package/dist/ui/Datatable.svelte.d.ts.map +1 -1
- package/dist/ui/LoginForm.svelte +18 -0
- package/dist/ui/LoginForm.svelte.d.ts +9 -0
- package/dist/ui/LoginForm.svelte.d.ts.map +1 -1
- package/dist/ui/LogoutButton.svelte +9 -0
- package/dist/ui/LogoutButton.svelte.d.ts +8 -0
- package/dist/ui/LogoutButton.svelte.d.ts.map +1 -1
- package/dist/ui/MenuLink.svelte +10 -0
- package/dist/ui/MenuLink.svelte.d.ts +9 -0
- package/dist/ui/MenuLink.svelte.d.ts.map +1 -1
- package/dist/ui/OpenSignupToggle.svelte +9 -0
- package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
- package/dist/ui/SignupForm.svelte +16 -0
- package/dist/ui/SignupForm.svelte.d.ts +4 -0
- package/dist/ui/SignupForm.svelte.d.ts.map +1 -1
- package/dist/ui/SurfaceExplorer.svelte +9 -0
- package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
- package/dist/ui/audit_log_state.svelte.d.ts +6 -1
- package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
- package/dist/ui/audit_log_state.svelte.js +7 -2
- package/dist/ui/auth_state.svelte.d.ts +16 -4
- package/dist/ui/auth_state.svelte.d.ts.map +1 -1
- package/dist/ui/auth_state.svelte.js +16 -4
- package/dist/ui/form_state.svelte.d.ts +9 -0
- package/dist/ui/form_state.svelte.d.ts.map +1 -1
- package/dist/ui/form_state.svelte.js +9 -0
- package/dist/ui/loadable.svelte.d.ts +6 -1
- package/dist/ui/loadable.svelte.d.ts.map +1 -1
- package/dist/ui/loadable.svelte.js +6 -1
- package/dist/ui/permit_offers_state.svelte.d.ts +2 -0
- package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -1
- package/dist/ui/permit_offers_state.svelte.js +2 -0
- package/dist/ui/popover.svelte.d.ts +17 -4
- package/dist/ui/popover.svelte.d.ts.map +1 -1
- package/dist/ui/popover.svelte.js +17 -4
- package/dist/ui/position_helpers.d.ts +1 -3
- package/dist/ui/position_helpers.d.ts.map +1 -1
- package/dist/ui/position_helpers.js +1 -3
- package/dist/ui/sidebar_state.svelte.d.ts +21 -9
- package/dist/ui/sidebar_state.svelte.d.ts.map +1 -1
- package/dist/ui/sidebar_state.svelte.js +16 -2
- package/dist/ui/table_state.svelte.d.ts +14 -0
- package/dist/ui/table_state.svelte.d.ts.map +1 -1
- package/dist/ui/table_state.svelte.js +14 -0
- package/dist/ui/ui_fetch.d.ts +1 -7
- package/dist/ui/ui_fetch.d.ts.map +1 -1
- package/dist/ui/ui_fetch.js +1 -7
- package/dist/ui/ui_format.d.ts +2 -14
- package/dist/ui/ui_format.d.ts.map +1 -1
- package/dist/ui/ui_format.js +2 -14
- package/package.json +2 -2
|
@@ -66,6 +66,9 @@ export declare class PermitOfferSelfTargetError extends Error {
|
|
|
66
66
|
*
|
|
67
67
|
* Self-offer rejection: throws `PermitOfferSelfTargetError` if the offering
|
|
68
68
|
* actor belongs to the recipient account.
|
|
69
|
+
*
|
|
70
|
+
* @mutates `permit_offer` table - inserts a new offer or upserts the matching pending row
|
|
71
|
+
* @throws PermitOfferSelfTargetError if the offering actor belongs to `to_account_id`
|
|
69
72
|
*/
|
|
70
73
|
export declare const query_permit_offer_create: (deps: QueryDeps, input: CreatePermitOfferInput) => Promise<PermitOffer>;
|
|
71
74
|
/**
|
|
@@ -75,6 +78,9 @@ export declare const query_permit_offer_create: (deps: QueryDeps, input: CreateP
|
|
|
75
78
|
* exist or belongs to a different account. Throws
|
|
76
79
|
* `PermitOfferAlreadyTerminalError` if the offer exists for the caller but
|
|
77
80
|
* is already in a terminal state.
|
|
81
|
+
*
|
|
82
|
+
* @mutates `permit_offer` row - sets `declined_at` and `decline_reason`
|
|
83
|
+
* @throws PermitOfferAlreadyTerminalError if the offer is already accepted, declined, retracted, or superseded
|
|
78
84
|
*/
|
|
79
85
|
export declare const query_permit_offer_decline: (deps: QueryDeps, offer_id: string, to_account_id: string, reason: string | null) => Promise<PermitOffer | null>;
|
|
80
86
|
/**
|
|
@@ -84,6 +90,9 @@ export declare const query_permit_offer_decline: (deps: QueryDeps, offer_id: str
|
|
|
84
90
|
* exist or was issued by a different actor. Throws
|
|
85
91
|
* `PermitOfferAlreadyTerminalError` if the offer exists for this grantor
|
|
86
92
|
* but is already in a terminal state.
|
|
93
|
+
*
|
|
94
|
+
* @mutates `permit_offer` row - sets `retracted_at`
|
|
95
|
+
* @throws PermitOfferAlreadyTerminalError if the offer is already accepted, declined, retracted, or superseded
|
|
87
96
|
*/
|
|
88
97
|
export declare const query_permit_offer_retract: (deps: QueryDeps, offer_id: string, from_actor_id: string) => Promise<PermitOffer | null>;
|
|
89
98
|
/**
|
|
@@ -160,6 +169,15 @@ export interface AcceptOfferResult {
|
|
|
160
169
|
* Sibling supersede is what closes the "accept a pre-revoke sibling offer
|
|
161
170
|
* to bypass a revoke" path: once A is accepted, B/C/... can no longer be
|
|
162
171
|
* accepted even if the resulting permit is later revoked.
|
|
172
|
+
*
|
|
173
|
+
* @mutates `permit_offer` row - stamps `accepted_at` and `resulting_permit_id`
|
|
174
|
+
* @mutates `permit` table - inserts the resulting permit (idempotent on race)
|
|
175
|
+
* @mutates `permit_offer` siblings - stamps `superseded_at` on every other pending offer for the tuple
|
|
176
|
+
* @mutates `audit_log` table - emits `permit_offer_accept` + `permit_grant` + one `permit_offer_supersede` per sibling
|
|
177
|
+
* @throws PermitOfferNotFoundError if the offer is missing or belongs to another recipient
|
|
178
|
+
* @throws PermitOfferAlreadyTerminalError if the offer is declined, retracted, or superseded
|
|
179
|
+
* @throws PermitOfferExpiredError if the offer is pending but past `expires_at`
|
|
180
|
+
* @throws Error if the accepting account has no actor (1:1 invariant) or invariant assertions fail
|
|
163
181
|
*/
|
|
164
182
|
export declare const query_accept_offer: (deps: QueryDeps, input: AcceptOfferInput) => Promise<AcceptOfferResult>;
|
|
165
183
|
//# sourceMappingURL=permit_offer_queries.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit_offer_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAEhD,OAAO,EAEN,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzD;;;;;GAKG;AACH,qBAAa,+BAAgC,SAAQ,KAAK;gBAC7C,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;gBACrC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;gBACtC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;;GAMG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;;CAKpD;AAED
|
|
1
|
+
{"version":3,"file":"permit_offer_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAEhD,OAAO,EAEN,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzD;;;;;GAKG;AACH,qBAAa,+BAAgC,SAAQ,KAAK;gBAC7C,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;gBACrC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;gBACtC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;;GAMG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;;CAKpD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,OAAO,sBAAsB,KAC3B,OAAO,CAAC,WAAW,CAyBrB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,eAAe,MAAM,EACrB,QAAQ,MAAM,GAAG,IAAI,KACnB,OAAO,CAAC,WAAW,GAAG,IAAI,CAe5B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,eAAe,MAAM,KACnB,OAAO,CAAC,WAAW,GAAG,IAAI,CAe5B,CAAC;AA8BF;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,eAAe,MAAM,KACnB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAY5B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sCAAsC,GAClD,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAAW,EACX,eAAU,KACR,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAS5B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,WAAW,GAAG,IAAI,CAY5B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,KACb,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAU5B,CAAC;AAEF,sCAAsC;AACtC,MAAM,WAAW,gBAAgB;IAChC,QAAQ,EAAE,IAAI,CAAC;IACf,mGAAmG;IACnG,aAAa,EAAE,IAAI,CAAC;IACpB,gDAAgD;IAChD,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnB;AAED,yHAAyH;AACzH,MAAM,WAAW,iBAAiB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,WAAW,CAAC;IACnB,4IAA4I;IAC5I,OAAO,EAAE,OAAO,CAAC;IACjB;;;;;OAKG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAC1C,sLAAsL;IACtL,YAAY,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;CACnC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,OAAO,gBAAgB,KACrB,OAAO,CAAC,iBAAiB,CAqK3B,CAAC"}
|
|
@@ -77,6 +77,9 @@ export class PermitOfferSelfTargetError extends Error {
|
|
|
77
77
|
*
|
|
78
78
|
* Self-offer rejection: throws `PermitOfferSelfTargetError` if the offering
|
|
79
79
|
* actor belongs to the recipient account.
|
|
80
|
+
*
|
|
81
|
+
* @mutates `permit_offer` table - inserts a new offer or upserts the matching pending row
|
|
82
|
+
* @throws PermitOfferSelfTargetError if the offering actor belongs to `to_account_id`
|
|
80
83
|
*/
|
|
81
84
|
export const query_permit_offer_create = async (deps, input) => {
|
|
82
85
|
const actor = await query_actor_by_account(deps, input.to_account_id);
|
|
@@ -108,6 +111,9 @@ export const query_permit_offer_create = async (deps, input) => {
|
|
|
108
111
|
* exist or belongs to a different account. Throws
|
|
109
112
|
* `PermitOfferAlreadyTerminalError` if the offer exists for the caller but
|
|
110
113
|
* is already in a terminal state.
|
|
114
|
+
*
|
|
115
|
+
* @mutates `permit_offer` row - sets `declined_at` and `decline_reason`
|
|
116
|
+
* @throws PermitOfferAlreadyTerminalError if the offer is already accepted, declined, retracted, or superseded
|
|
111
117
|
*/
|
|
112
118
|
export const query_permit_offer_decline = async (deps, offer_id, to_account_id, reason) => {
|
|
113
119
|
const updated = await deps.db.query_one(`UPDATE permit_offer
|
|
@@ -130,6 +136,9 @@ export const query_permit_offer_decline = async (deps, offer_id, to_account_id,
|
|
|
130
136
|
* exist or was issued by a different actor. Throws
|
|
131
137
|
* `PermitOfferAlreadyTerminalError` if the offer exists for this grantor
|
|
132
138
|
* but is already in a terminal state.
|
|
139
|
+
*
|
|
140
|
+
* @mutates `permit_offer` row - sets `retracted_at`
|
|
141
|
+
* @throws PermitOfferAlreadyTerminalError if the offer is already accepted, declined, retracted, or superseded
|
|
133
142
|
*/
|
|
134
143
|
export const query_permit_offer_retract = async (deps, offer_id, from_actor_id) => {
|
|
135
144
|
const updated = await deps.db.query_one(`UPDATE permit_offer
|
|
@@ -248,6 +257,15 @@ export const query_permit_offer_sweep_expired = async (deps) => {
|
|
|
248
257
|
* Sibling supersede is what closes the "accept a pre-revoke sibling offer
|
|
249
258
|
* to bypass a revoke" path: once A is accepted, B/C/... can no longer be
|
|
250
259
|
* accepted even if the resulting permit is later revoked.
|
|
260
|
+
*
|
|
261
|
+
* @mutates `permit_offer` row - stamps `accepted_at` and `resulting_permit_id`
|
|
262
|
+
* @mutates `permit` table - inserts the resulting permit (idempotent on race)
|
|
263
|
+
* @mutates `permit_offer` siblings - stamps `superseded_at` on every other pending offer for the tuple
|
|
264
|
+
* @mutates `audit_log` table - emits `permit_offer_accept` + `permit_grant` + one `permit_offer_supersede` per sibling
|
|
265
|
+
* @throws PermitOfferNotFoundError if the offer is missing or belongs to another recipient
|
|
266
|
+
* @throws PermitOfferAlreadyTerminalError if the offer is declined, retracted, or superseded
|
|
267
|
+
* @throws PermitOfferExpiredError if the offer is pending but past `expires_at`
|
|
268
|
+
* @throws Error if the accepting account has no actor (1:1 invariant) or invariant assertions fail
|
|
251
269
|
*/
|
|
252
270
|
export const query_accept_offer = async (deps, input) => {
|
|
253
271
|
const { offer_id, to_account_id, ip } = input;
|
|
@@ -24,6 +24,7 @@ import { type SupersededOffer } from './permit_offer_schema.js';
|
|
|
24
24
|
* @param deps - query dependencies
|
|
25
25
|
* @param input - the permit fields
|
|
26
26
|
* @returns the created or existing active permit
|
|
27
|
+
* @mutates `permit` table - inserts a row when no active permit matches `(actor_id, role, scope_id)`
|
|
27
28
|
*/
|
|
28
29
|
export declare const query_grant_permit: (deps: QueryDeps, input: GrantPermitInput) => Promise<Permit>;
|
|
29
30
|
/**
|
|
@@ -79,6 +80,8 @@ export interface RevokePermitResult {
|
|
|
79
80
|
* @param actor_id - the actor that must own the permit
|
|
80
81
|
* @param revoked_by - the actor who revoked it (for audit trail)
|
|
81
82
|
* @param reason - optional free-form reason, stamped on `permit.revoked_reason` and surfaced to the revokee notification.
|
|
83
|
+
* @mutates `permit` row - sets `revoked_at`, `revoked_by`, and `revoked_reason`
|
|
84
|
+
* @mutates `permit_offer` rows - stamps `superseded_at` on every pending sibling for the same `(account, role, scope)`
|
|
82
85
|
*/
|
|
83
86
|
export declare const query_revoke_permit: (deps: QueryDeps, permit_id: Uuid, actor_id: Uuid, revoked_by: Uuid | null, reason?: string | null) => Promise<RevokePermitResult | null>;
|
|
84
87
|
/**
|
|
@@ -157,6 +160,8 @@ export interface RevokeForScopeResult {
|
|
|
157
160
|
* @param revoked_by - the actor performing the cascade (audit trail)
|
|
158
161
|
* @param reason - optional free-form reason, stamped on `permit.revoked_reason`.
|
|
159
162
|
* @returns the revoked permits (with `account_id` for fan-out) and superseded offers (with `from_account_id` for fan-out)
|
|
163
|
+
* @mutates `permit` table - sets `revoked_at`/`revoked_by`/`revoked_reason` on every active row at `scope_id`
|
|
164
|
+
* @mutates `permit_offer` table - stamps `superseded_at` on every pending row at `scope_id`
|
|
160
165
|
*/
|
|
161
166
|
export declare const query_permit_revoke_for_scope: (deps: QueryDeps, scope_id: Uuid, revoked_by: Uuid | null, reason?: string | null) => Promise<RevokeForScopeResult>;
|
|
162
167
|
/** Result of `query_permit_revoke_role` — every permit revoked plus the pending offers superseded by the bulk revoke. */
|
|
@@ -198,6 +203,8 @@ export interface RevokeRoleResult {
|
|
|
198
203
|
* @param revoked_by - the actor who revoked it (for audit trail)
|
|
199
204
|
* @param reason - optional free-form reason, stamped on `permit.revoked_reason`.
|
|
200
205
|
* @returns the list of revoked permits (empty if none were active) and superseded pending offers
|
|
206
|
+
* @mutates `permit` table - sets `revoked_at`/`revoked_by`/`revoked_reason` on every active row for `(actor, role)`
|
|
207
|
+
* @mutates `permit_offer` table - stamps `superseded_at` on every matching pending offer
|
|
201
208
|
*/
|
|
202
209
|
export declare const query_permit_revoke_role: (deps: QueryDeps, actor_id: string, role: string, revoked_by: string | null, reason?: string | null) => Promise<RevokeRoleResult>;
|
|
203
210
|
//# sourceMappingURL=permit_queries.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,MAAM,EAAE,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAmC,KAAK,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAEhG
|
|
1
|
+
{"version":3,"file":"permit_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,MAAM,EAAE,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAmC,KAAK,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAEhG;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,OAAO,gBAAgB,KACrB,OAAO,CAAC,MAAM,CA4BhB,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,WAAW,MAAM,EACjB,UAAU,MAAM,KACd,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAC,GAAG,IAAI,CAO/B,CAAC;AAEF,6GAA6G;AAC7G,MAAM,WAAW,kBAAkB;IAClC,EAAE,EAAE,IAAI,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB;;;;;;;;OAQG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,WAAW,IAAI,EACf,UAAU,IAAI,EACd,YAAY,IAAI,GAAG,IAAI,EACvB,SAAS,MAAM,GAAG,IAAI,KACpB,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAsCnC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CASvB,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,GACjC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,MAAM,MAAM,EACZ,WAAW,MAAM,GAAG,IAAI,KACtB,OAAO,CAAC,OAAO,CAajB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAKvB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,qCAAqC,GACjD,MAAM,SAAS,EACf,MAAM,MAAM,KACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAavB,CAAC;AAEF,sIAAsI;AACtI,MAAM,WAAW,oBAAoB;IACpC;;;;OAIG;IACH,OAAO,EAAE,KAAK,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,IAAI,CAAC;QAAC,UAAU,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IAClF;;;;;;;;;;OAUG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,UAAU,IAAI,EACd,YAAY,IAAI,GAAG,IAAI,EACvB,SAAS,MAAM,GAAG,IAAI,KACpB,OAAO,CAAC,oBAAoB,CA2C9B,CAAC;AAEF,yHAAyH;AACzH,MAAM,WAAW,gBAAgB;IAChC;;;;OAIG;IACH,OAAO,EAAE,KAAK,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;IAC/F;;;;;OAKG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,MAAM,MAAM,EACZ,YAAY,MAAM,GAAG,IAAI,EACzB,SAAS,MAAM,GAAG,IAAI,KACpB,OAAO,CAAC,gBAAgB,CA2C1B,CAAC"}
|
|
@@ -22,6 +22,7 @@ import { PERMIT_OFFER_SCOPE_SENTINEL_UUID } from './permit_offer_schema.js';
|
|
|
22
22
|
* @param deps - query dependencies
|
|
23
23
|
* @param input - the permit fields
|
|
24
24
|
* @returns the created or existing active permit
|
|
25
|
+
* @mutates `permit` table - inserts a row when no active permit matches `(actor_id, role, scope_id)`
|
|
25
26
|
*/
|
|
26
27
|
export const query_grant_permit = async (deps, input) => {
|
|
27
28
|
const inserted = await deps.db.query_one(`INSERT INTO permit (actor_id, role, scope_id, expires_at, granted_by, source_offer_id)
|
|
@@ -86,6 +87,8 @@ export const query_permit_find_active_role_for_actor = async (deps, permit_id, a
|
|
|
86
87
|
* @param actor_id - the actor that must own the permit
|
|
87
88
|
* @param revoked_by - the actor who revoked it (for audit trail)
|
|
88
89
|
* @param reason - optional free-form reason, stamped on `permit.revoked_reason` and surfaced to the revokee notification.
|
|
90
|
+
* @mutates `permit` row - sets `revoked_at`, `revoked_by`, and `revoked_reason`
|
|
91
|
+
* @mutates `permit_offer` rows - stamps `superseded_at` on every pending sibling for the same `(account, role, scope)`
|
|
89
92
|
*/
|
|
90
93
|
export const query_revoke_permit = async (deps, permit_id, actor_id, revoked_by, reason) => {
|
|
91
94
|
const rows = await deps.db.query(`UPDATE permit SET revoked_at = NOW(), revoked_by = $3, revoked_reason = $4
|
|
@@ -199,6 +202,8 @@ export const query_permit_find_account_id_for_role = async (deps, role) => {
|
|
|
199
202
|
* @param revoked_by - the actor performing the cascade (audit trail)
|
|
200
203
|
* @param reason - optional free-form reason, stamped on `permit.revoked_reason`.
|
|
201
204
|
* @returns the revoked permits (with `account_id` for fan-out) and superseded offers (with `from_account_id` for fan-out)
|
|
205
|
+
* @mutates `permit` table - sets `revoked_at`/`revoked_by`/`revoked_reason` on every active row at `scope_id`
|
|
206
|
+
* @mutates `permit_offer` table - stamps `superseded_at` on every pending row at `scope_id`
|
|
202
207
|
*/
|
|
203
208
|
export const query_permit_revoke_for_scope = async (deps, scope_id, revoked_by, reason) => {
|
|
204
209
|
// Revoke every active permit at the scope. CTE pulls `account_id` via a
|
|
@@ -251,6 +256,8 @@ export const query_permit_revoke_for_scope = async (deps, scope_id, revoked_by,
|
|
|
251
256
|
* @param revoked_by - the actor who revoked it (for audit trail)
|
|
252
257
|
* @param reason - optional free-form reason, stamped on `permit.revoked_reason`.
|
|
253
258
|
* @returns the list of revoked permits (empty if none were active) and superseded pending offers
|
|
259
|
+
* @mutates `permit` table - sets `revoked_at`/`revoked_by`/`revoked_reason` on every active row for `(actor, role)`
|
|
260
|
+
* @mutates `permit_offer` table - stamps `superseded_at` on every matching pending offer
|
|
254
261
|
*/
|
|
255
262
|
export const query_permit_revoke_role = async (deps, actor_id, role, revoked_by, reason) => {
|
|
256
263
|
// CTE pulls the revokee's `account_id` via a join on `actor` so callers
|
|
@@ -77,6 +77,7 @@ export declare const has_role: (ctx: RequestContext, role: string, now?: Date) =
|
|
|
77
77
|
* @param deps - query dependencies (pool-level db for middleware)
|
|
78
78
|
* @param log - the logger instance
|
|
79
79
|
* @param session_context_key - the Hono context key where session middleware stored the session token
|
|
80
|
+
* @mutates Hono context - sets `REQUEST_CONTEXT_KEY`, `CREDENTIAL_TYPE_KEY`, `AUTH_SESSION_TOKEN_HASH_KEY`, and `AUTH_API_TOKEN_ID_KEY`
|
|
80
81
|
*/
|
|
81
82
|
export declare const create_request_context_middleware: (deps: QueryDeps, log: Logger, session_context_key?: string) => MiddlewareHandler;
|
|
82
83
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"request_context.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/request_context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AACrD,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAC,KAAK,OAAO,EAAE,KAAK,KAAK,EAAoB,KAAK,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAQ5F,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAOnD,kEAAkE;AAClE,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACvB;AAED,0DAA0D;AAC1D,eAAO,MAAM,mBAAmB,oBAAoB,CAAC;AAErD;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,4BAA4B,CAAC;AAErE;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,GAAI,GAAG,OAAO,KAAG,cAAc,GAAG,IAEjE,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,uBAAuB,GAAI,GAAG,OAAO,KAAG,cAMpD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,QAAQ,GAAI,KAAK,cAAc,EAAE,MAAM,MAAM,EAAE,MAAK,IAAiB,KAAG,OAChB,CAAC;AAEtE
|
|
1
|
+
{"version":3,"file":"request_context.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/request_context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AACrD,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAC,KAAK,OAAO,EAAE,KAAK,KAAK,EAAoB,KAAK,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAQ5F,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAOnD,kEAAkE;AAClE,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACvB;AAED,0DAA0D;AAC1D,eAAO,MAAM,mBAAmB,oBAAoB,CAAC;AAErD;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,4BAA4B,CAAC;AAErE;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,GAAI,GAAG,OAAO,KAAG,cAAc,GAAG,IAEjE,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,uBAAuB,GAAI,GAAG,OAAO,KAAG,cAMpD,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,QAAQ,GAAI,KAAK,cAAc,EAAE,MAAM,MAAM,EAAE,MAAK,IAAiB,KAAG,OAChB,CAAC;AAEtE;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,iCAAiC,GAC7C,MAAM,SAAS,EACf,KAAK,MAAM,EACX,4BAAuC,KACrC,iBA6CF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,YAAY,EAAE,iBAM1B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,KAAG,iBAW3C,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,GAC3B,KAAK,cAAc,EACnB,MAAM,SAAS,KACb,OAAO,CAAC,cAAc,CAGxB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,qBAAqB,GACjC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,cAAc,GAAG,IAAI,CAS/B,CAAC"}
|
|
@@ -81,6 +81,7 @@ export const has_role = (ctx, role, now = new Date()) => ctx.permits.some((p) =>
|
|
|
81
81
|
* @param deps - query dependencies (pool-level db for middleware)
|
|
82
82
|
* @param log - the logger instance
|
|
83
83
|
* @param session_context_key - the Hono context key where session middleware stored the session token
|
|
84
|
+
* @mutates Hono context - sets `REQUEST_CONTEXT_KEY`, `CREDENTIAL_TYPE_KEY`, `AUTH_SESSION_TOKEN_HASH_KEY`, and `AUTH_API_TOKEN_ID_KEY`
|
|
84
85
|
*/
|
|
85
86
|
export const create_request_context_middleware = (deps, log, session_context_key = 'auth_session_id') => {
|
|
86
87
|
return async (c, next) => {
|
|
@@ -64,6 +64,8 @@ export interface RoleSchemaResult {
|
|
|
64
64
|
* @param app_roles - app-defined roles with optional config overrides
|
|
65
65
|
* @returns `{Role, role_options}` — Zod schema and full config map
|
|
66
66
|
*
|
|
67
|
+
* @throws Error if any `app_roles` key fails the `RoleName` regex or collides with a builtin role
|
|
68
|
+
*
|
|
67
69
|
* @example
|
|
68
70
|
* ```ts
|
|
69
71
|
* // visiones
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,0FAA0F;AAC1F,eAAO,MAAM,QAAQ,aAKnB,CAAC;AACH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAIhD,sFAAsF;AACtF,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC,+EAA+E;AAC/E,eAAO,MAAM,UAAU,UAAU,CAAC;AAElC,+CAA+C;AAC/C,eAAO,MAAM,aAAa,8BAAqC,CAAC;AAEhE,yCAAyC;AACzC,eAAO,MAAM,WAAW;;;EAAwB,CAAC;AACjD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAItD;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,iGAAiG;IACjG,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0EAA0E;IAC1E,aAAa,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAG1E,CAAC;AAEH,sFAAsF;AACtF,MAAM,WAAW,gBAAgB;IAChC,sGAAsG;IACtG,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxB,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;CACzD;AAED
|
|
1
|
+
{"version":3,"file":"role_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,0FAA0F;AAC1F,eAAO,MAAM,QAAQ,aAKnB,CAAC;AACH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAIhD,sFAAsF;AACtF,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC,+EAA+E;AAC/E,eAAO,MAAM,UAAU,UAAU,CAAC;AAElC,+CAA+C;AAC/C,eAAO,MAAM,aAAa,8BAAqC,CAAC;AAEhE,yCAAyC;AACzC,eAAO,MAAM,WAAW;;;EAAwB,CAAC;AACjD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAItD;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,iGAAiG;IACjG,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0EAA0E;IAC1E,aAAa,CAAC,EAAE,OAAO,CAAC;CACxB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAG1E,CAAC;AAEH,sFAAsF;AACtF,MAAM,WAAW,gBAAgB;IAChC,sGAAsG;IACtG,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxB,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;CACzD;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,SAAS,MAAM,EAClD,WAAW,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC,KAC/B,gBAwBF,CAAC"}
|
package/dist/auth/role_schema.js
CHANGED
|
@@ -46,6 +46,8 @@ export const BUILTIN_ROLE_OPTIONS = new Map([
|
|
|
46
46
|
* @param app_roles - app-defined roles with optional config overrides
|
|
47
47
|
* @returns `{Role, role_options}` — Zod schema and full config map
|
|
48
48
|
*
|
|
49
|
+
* @throws Error if any `app_roles` key fails the `RoleName` regex or collides with a builtin role
|
|
50
|
+
*
|
|
49
51
|
* @example
|
|
50
52
|
* ```ts
|
|
51
53
|
* // visiones
|
|
@@ -62,6 +62,7 @@ export type SelfServiceRoleActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit
|
|
|
62
62
|
* @param deps - `SelfServiceRoleActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
|
|
63
63
|
* @param options - eligible-role allowlist plus optional role schema for typo-checking
|
|
64
64
|
* @returns the `RpcAction` array to spread into a `create_rpc_endpoint` call
|
|
65
|
+
* @throws Error at factory time if any `eligible_roles` entry is missing from `options.roles.role_options`
|
|
65
66
|
*/
|
|
66
67
|
export declare const create_self_service_role_actions: (deps: SelfServiceRoleActionDeps, options: SelfServiceRoleActionsOptions) => Array<RpcAction>;
|
|
67
68
|
//# sourceMappingURL=self_service_role_actions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"self_service_role_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/self_service_role_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAiC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAExF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAgBhD,sDAAsD;AACtD,MAAM,WAAW,6BAA6B;IAC7C;;;;OAIG;IACH,cAAc,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACtC;;;;OAIG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;CACzB;AAED;;;;;GAKG;AACH,MAAM,MAAM,yBAAyB,GAAG,IAAI,CAC3C,gBAAgB,EAChB,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAC7C,CAAC;AAOF
|
|
1
|
+
{"version":3,"file":"self_service_role_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/self_service_role_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAiC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAExF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAgBhD,sDAAsD;AACtD,MAAM,WAAW,6BAA6B;IAC7C;;;;OAIG;IACH,cAAc,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACtC;;;;OAIG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;CACzB;AAED;;;;;GAKG;AACH,MAAM,MAAM,yBAAyB,GAAG,IAAI,CAC3C,gBAAgB,EAChB,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAC7C,CAAC;AAOF;;;;;;;GAOG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,yBAAyB,EAC/B,SAAS,6BAA6B,KACpC,KAAK,CAAC,SAAS,CA4GjB,CAAC"}
|
|
@@ -47,6 +47,7 @@ const require_request_auth = (auth) => {
|
|
|
47
47
|
* @param deps - `SelfServiceRoleActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
|
|
48
48
|
* @param options - eligible-role allowlist plus optional role schema for typo-checking
|
|
49
49
|
* @returns the `RpcAction` array to spread into a `create_rpc_endpoint` call
|
|
50
|
+
* @throws Error at factory time if any `eligible_roles` entry is missing from `options.roles.role_options`
|
|
50
51
|
*/
|
|
51
52
|
export const create_self_service_role_actions = (deps, options) => {
|
|
52
53
|
const eligible = new Set(options.eligible_roles);
|
|
@@ -30,6 +30,8 @@ export interface CreateSessionAndSetCookieOptions {
|
|
|
30
30
|
* Shared by login and bootstrap — generates a token, hashes it, persists
|
|
31
31
|
* the session row, optionally enforces a per-account session limit, and
|
|
32
32
|
* sets the signed cookie.
|
|
33
|
+
*
|
|
34
|
+
* @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
|
|
33
35
|
*/
|
|
34
36
|
export declare const create_session_and_set_cookie: (options: CreateSessionAndSetCookieOptions) => Promise<void>;
|
|
35
37
|
//# sourceMappingURL=session_lifecycle.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED
|
|
1
|
+
{"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,SAAS,gCAAgC,KACvC,OAAO,CAAC,IAAI,CAad,CAAC"}
|
|
@@ -12,6 +12,8 @@ import { generate_session_token, hash_session_token, AUTH_SESSION_LIFETIME_MS, q
|
|
|
12
12
|
* Shared by login and bootstrap — generates a token, hashes it, persists
|
|
13
13
|
* the session row, optionally enforces a per-account session limit, and
|
|
14
14
|
* sets the signed cookie.
|
|
15
|
+
*
|
|
16
|
+
* @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
|
|
15
17
|
*/
|
|
16
18
|
export const create_session_and_set_cookie = async (options) => {
|
|
17
19
|
const { keyring, deps, c, account_id, session_options, max_sessions } = options;
|
|
@@ -28,6 +28,7 @@ export declare const clear_session_cookie: <T>(c: Context, options: SessionOptio
|
|
|
28
28
|
*
|
|
29
29
|
* @param keyring - key ring for cookie verification
|
|
30
30
|
* @param options - session configuration
|
|
31
|
+
* @mutates Hono context - sets `options.context_key` and may refresh or clear the session cookie
|
|
31
32
|
*/
|
|
32
33
|
export declare const create_session_middleware: <TIdentity>(keyring: Keyring, options: SessionOptions<TIdentity>) => MiddlewareHandler;
|
|
33
34
|
//# sourceMappingURL=session_middleware.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAGrD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EACN,KAAK,cAAc,EAInB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,MAAM,GAAG,SAEX,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,OAAO,MAAM,EACb,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,IASF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,cAAc,CAAC,CAAC,CAAC,KAAG,IAMhF,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"session_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAGrD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EACN,KAAK,cAAc,EAInB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,MAAM,GAAG,SAEX,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,OAAO,MAAM,EACb,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,IASF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,cAAc,CAAC,CAAC,CAAC,KAAG,IAMhF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,EAClD,SAAS,OAAO,EAChB,SAAS,cAAc,CAAC,SAAS,CAAC,KAChC,iBAgBF,CAAC"}
|
|
@@ -44,6 +44,7 @@ export const clear_session_cookie = (c, options) => {
|
|
|
44
44
|
*
|
|
45
45
|
* @param keyring - key ring for cookie verification
|
|
46
46
|
* @param options - session configuration
|
|
47
|
+
* @mutates Hono context - sets `options.context_key` and may refresh or clear the session cookie
|
|
47
48
|
*/
|
|
48
49
|
export const create_session_middleware = (keyring, options) => {
|
|
49
50
|
return async (c, next) => {
|
|
@@ -33,6 +33,7 @@ export declare const generate_session_token: () => string;
|
|
|
33
33
|
* @param token_hash - blake3 hash of the session token (use `hash_session_token`)
|
|
34
34
|
* @param account_id - the account this session belongs to
|
|
35
35
|
* @param expires_at - when the session expires
|
|
36
|
+
* @mutates `auth_session` table - inserts a row keyed by `token_hash`
|
|
36
37
|
*/
|
|
37
38
|
export declare const query_create_session: (deps: QueryDeps, token_hash: string, account_id: string, expires_at: Date) => Promise<void>;
|
|
38
39
|
/**
|
|
@@ -49,6 +50,7 @@ export declare const query_session_get_valid: (deps: QueryDeps, token_hash: stri
|
|
|
49
50
|
*
|
|
50
51
|
* @param deps - query dependencies
|
|
51
52
|
* @param token_hash - blake3 hash of the session token
|
|
53
|
+
* @mutates `auth_session` row - updates `last_seen_at` and conditionally `expires_at`
|
|
52
54
|
*/
|
|
53
55
|
export declare const query_session_touch: (deps: QueryDeps, token_hash: string) => Promise<void>;
|
|
54
56
|
/**
|
|
@@ -60,6 +62,8 @@ export declare const query_session_touch: (deps: QueryDeps, token_hash: string)
|
|
|
60
62
|
* caller — see `auth/account_routes.ts` `/logout`). For user-facing revocation
|
|
61
63
|
* of a specific session by ID, use `query_session_revoke_for_account`
|
|
62
64
|
* (IDOR-guarded).
|
|
65
|
+
*
|
|
66
|
+
* @mutates `auth_session` table - deletes the row keyed by `token_hash`
|
|
63
67
|
*/
|
|
64
68
|
export declare const query_session_revoke_by_hash_unscoped: (deps: QueryDeps, token_hash: string) => Promise<void>;
|
|
65
69
|
/**
|
|
@@ -71,12 +75,14 @@ export declare const query_session_revoke_by_hash_unscoped: (deps: QueryDeps, to
|
|
|
71
75
|
* @param token_hash - blake3 hash of the session token
|
|
72
76
|
* @param account_id - the account that must own the session
|
|
73
77
|
* @returns `true` if a session was revoked, `false` if not found or wrong account
|
|
78
|
+
* @mutates `auth_session` table - deletes the row when account ownership matches
|
|
74
79
|
*/
|
|
75
80
|
export declare const query_session_revoke_for_account: (deps: QueryDeps, token_hash: string, account_id: string) => Promise<boolean>;
|
|
76
81
|
/**
|
|
77
82
|
* Revoke all sessions for an account.
|
|
78
83
|
*
|
|
79
84
|
* @returns the number of sessions revoked
|
|
85
|
+
* @mutates `auth_session` table - deletes every row for `account_id`
|
|
80
86
|
*/
|
|
81
87
|
export declare const query_session_revoke_all_for_account: (deps: QueryDeps, account_id: string) => Promise<number>;
|
|
82
88
|
/**
|
|
@@ -104,6 +110,7 @@ export declare const query_session_list_for_account: (deps: QueryDeps, account_i
|
|
|
104
110
|
* @param account_id - the account to enforce the limit for
|
|
105
111
|
* @param max_sessions - maximum number of sessions to keep
|
|
106
112
|
* @returns the number of sessions evicted
|
|
113
|
+
* @mutates `auth_session` table - deletes the oldest rows past the cap
|
|
107
114
|
*/
|
|
108
115
|
export declare const query_session_enforce_limit: (deps: QueryDeps, account_id: string, max_sessions: number) => Promise<number>;
|
|
109
116
|
/**
|
|
@@ -120,6 +127,7 @@ export declare const query_session_list_all_active: (deps: QueryDeps, limit?: nu
|
|
|
120
127
|
* Delete expired sessions.
|
|
121
128
|
*
|
|
122
129
|
* @returns the number of sessions cleaned up
|
|
130
|
+
* @mutates `auth_session` table - deletes every row past `expires_at`
|
|
123
131
|
*/
|
|
124
132
|
export declare const query_session_cleanup_expired: (deps: QueryDeps) => Promise<number>;
|
|
125
133
|
/**
|
|
@@ -134,6 +142,7 @@ export declare const query_session_cleanup_expired: (deps: QueryDeps) => Promise
|
|
|
134
142
|
* @param pending_effects - optional array to register the effect for later awaiting
|
|
135
143
|
* @param log - the logger instance
|
|
136
144
|
* @returns the settled promise (callers may ignore it — fire-and-forget semantics preserved)
|
|
145
|
+
* @mutates `pending_effects` - pushes the in-flight settled promise when provided
|
|
137
146
|
*/
|
|
138
147
|
export declare const session_touch_fire_and_forget: (deps: QueryDeps, token_hash: string, pending_effects: Array<Promise<void>> | undefined, log: Logger) => Promise<void>;
|
|
139
148
|
//# sourceMappingURL=session_queries.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,qBAAqB,CAAC;AAErD,kDAAkD;AAClD,eAAO,MAAM,wBAAwB,QAA2B,CAAC;AAEjE,yEAAyE;AACzE,eAAO,MAAM,gCAAgC,QAAsB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,KAAG,MAElD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAEzC,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"session_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,qBAAqB,CAAC;AAErD,kDAAkD;AAClD,eAAO,MAAM,wBAAwB,QAA2B,CAAC;AAEjE,yEAAyE;AACzE,eAAO,MAAM,gCAAgC,QAAsB,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,KAAG,MAElD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,QAAO,MAEzC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,YAAY,MAAM,EAClB,YAAY,IAAI,KACd,OAAO,CAAC,IAAI,CAMd,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,WAAW,GAAG,SAAS,CAKjC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,GAAU,MAAM,SAAS,EAAE,YAAY,MAAM,KAAG,OAAO,CAAC,IAAI,CAY3F,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,qCAAqC,GACjD,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,IAAI,CAEd,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAMjB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,8BAA8B,GAC1C,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAAU,KACR,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAK5B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAAc,MAAM,KAClB,OAAO,CAAC,MAAM,CAYhB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,cAAW,KACT,OAAO,CAAC,KAAK,CAAC,WAAW,GAAG;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAC,CAAC,CASjD,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,6BAA6B,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,MAAM,CAKnF,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,iBAAiB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,SAAS,EACjD,KAAK,MAAM,KACT,OAAO,CAAC,IAAI,CAMd,CAAC"}
|
|
@@ -36,6 +36,7 @@ export const generate_session_token = () => {
|
|
|
36
36
|
* @param token_hash - blake3 hash of the session token (use `hash_session_token`)
|
|
37
37
|
* @param account_id - the account this session belongs to
|
|
38
38
|
* @param expires_at - when the session expires
|
|
39
|
+
* @mutates `auth_session` table - inserts a row keyed by `token_hash`
|
|
39
40
|
*/
|
|
40
41
|
export const query_create_session = async (deps, token_hash, account_id, expires_at) => {
|
|
41
42
|
await deps.db.query(`INSERT INTO auth_session (id, account_id, expires_at) VALUES ($1, $2, $3)`, [
|
|
@@ -60,6 +61,7 @@ export const query_session_get_valid = async (deps, token_hash) => {
|
|
|
60
61
|
*
|
|
61
62
|
* @param deps - query dependencies
|
|
62
63
|
* @param token_hash - blake3 hash of the session token
|
|
64
|
+
* @mutates `auth_session` row - updates `last_seen_at` and conditionally `expires_at`
|
|
63
65
|
*/
|
|
64
66
|
export const query_session_touch = async (deps, token_hash) => {
|
|
65
67
|
const new_expires = new Date(Date.now() + AUTH_SESSION_LIFETIME_MS);
|
|
@@ -80,6 +82,8 @@ export const query_session_touch = async (deps, token_hash) => {
|
|
|
80
82
|
* caller — see `auth/account_routes.ts` `/logout`). For user-facing revocation
|
|
81
83
|
* of a specific session by ID, use `query_session_revoke_for_account`
|
|
82
84
|
* (IDOR-guarded).
|
|
85
|
+
*
|
|
86
|
+
* @mutates `auth_session` table - deletes the row keyed by `token_hash`
|
|
83
87
|
*/
|
|
84
88
|
export const query_session_revoke_by_hash_unscoped = async (deps, token_hash) => {
|
|
85
89
|
await deps.db.query(`DELETE FROM auth_session WHERE id = $1`, [token_hash]);
|
|
@@ -93,6 +97,7 @@ export const query_session_revoke_by_hash_unscoped = async (deps, token_hash) =>
|
|
|
93
97
|
* @param token_hash - blake3 hash of the session token
|
|
94
98
|
* @param account_id - the account that must own the session
|
|
95
99
|
* @returns `true` if a session was revoked, `false` if not found or wrong account
|
|
100
|
+
* @mutates `auth_session` table - deletes the row when account ownership matches
|
|
96
101
|
*/
|
|
97
102
|
export const query_session_revoke_for_account = async (deps, token_hash, account_id) => {
|
|
98
103
|
const rows = await deps.db.query(`DELETE FROM auth_session WHERE id = $1 AND account_id = $2 RETURNING id`, [token_hash, account_id]);
|
|
@@ -102,6 +107,7 @@ export const query_session_revoke_for_account = async (deps, token_hash, account
|
|
|
102
107
|
* Revoke all sessions for an account.
|
|
103
108
|
*
|
|
104
109
|
* @returns the number of sessions revoked
|
|
110
|
+
* @mutates `auth_session` table - deletes every row for `account_id`
|
|
105
111
|
*/
|
|
106
112
|
export const query_session_revoke_all_for_account = async (deps, account_id) => {
|
|
107
113
|
const rows = await deps.db.query(`DELETE FROM auth_session WHERE account_id = $1 RETURNING id`, [account_id]);
|
|
@@ -134,6 +140,7 @@ export const query_session_list_for_account = async (deps, account_id, limit = 5
|
|
|
134
140
|
* @param account_id - the account to enforce the limit for
|
|
135
141
|
* @param max_sessions - maximum number of sessions to keep
|
|
136
142
|
* @returns the number of sessions evicted
|
|
143
|
+
* @mutates `auth_session` table - deletes the oldest rows past the cap
|
|
137
144
|
*/
|
|
138
145
|
export const query_session_enforce_limit = async (deps, account_id, max_sessions) => {
|
|
139
146
|
const rows = await deps.db.query(`DELETE FROM auth_session
|
|
@@ -163,6 +170,7 @@ export const query_session_list_all_active = async (deps, limit = 200) => {
|
|
|
163
170
|
* Delete expired sessions.
|
|
164
171
|
*
|
|
165
172
|
* @returns the number of sessions cleaned up
|
|
173
|
+
* @mutates `auth_session` table - deletes every row past `expires_at`
|
|
166
174
|
*/
|
|
167
175
|
export const query_session_cleanup_expired = async (deps) => {
|
|
168
176
|
const rows = await deps.db.query(`DELETE FROM auth_session WHERE expires_at <= NOW() RETURNING id`);
|
|
@@ -180,6 +188,7 @@ export const query_session_cleanup_expired = async (deps) => {
|
|
|
180
188
|
* @param pending_effects - optional array to register the effect for later awaiting
|
|
181
189
|
* @param log - the logger instance
|
|
182
190
|
* @returns the settled promise (callers may ignore it — fire-and-forget semantics preserved)
|
|
191
|
+
* @mutates `pending_effects` - pushes the in-flight settled promise when provided
|
|
183
192
|
*/
|
|
184
193
|
export const session_touch_fire_and_forget = (deps, token_hash, pending_effects, log) => {
|
|
185
194
|
const p = query_session_touch(deps, token_hash).catch((err) => {
|
package/dist/cli/config.d.ts
CHANGED
|
@@ -37,12 +37,11 @@ export declare const load_config: <T>(runtime: Pick<FsReadDeps, "stat" | "read_t
|
|
|
37
37
|
/**
|
|
38
38
|
* Save CLI configuration to a JSON file.
|
|
39
39
|
*
|
|
40
|
-
* Creates parent directories if they don't exist.
|
|
41
|
-
*
|
|
42
40
|
* @param runtime - runtime with file write capability
|
|
43
41
|
* @param path - path to the config JSON file
|
|
44
42
|
* @param dir - directory containing the config file (created if missing)
|
|
45
43
|
* @param config - configuration to save
|
|
44
|
+
* @mutates filesystem - creates `dir` (recursive) and writes JSON to `path`
|
|
46
45
|
*/
|
|
47
46
|
export declare const save_config: <T>(runtime: Pick<FsWriteDeps, "mkdir" | "write_text_file">, path: string, dir: string, config: T) => Promise<void>;
|
|
48
47
|
//# sourceMappingURL=config.d.ts.map
|
package/dist/cli/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/cli/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAElF;;;;;;GAMG;AACH,eAAO,MAAM,WAAW,GAAI,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,MAAM,KAAG,MAAM,GAAG,IAGtF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAI,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,MAAM,KAAG,MAAM,GAAG,IAG1F,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW,GAAU,CAAC,EAClC,SAAS,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,gBAAgB,CAAC,GAAG,OAAO,EAC9D,MAAM,MAAM,EACZ,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAClB,OAAO,CAAC,CAAC,GAAG,IAAI,CAoBlB,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/cli/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAElF;;;;;;GAMG;AACH,eAAO,MAAM,WAAW,GAAI,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,MAAM,KAAG,MAAM,GAAG,IAGtF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAI,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,MAAM,MAAM,KAAG,MAAM,GAAG,IAG1F,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW,GAAU,CAAC,EAClC,SAAS,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,gBAAgB,CAAC,GAAG,OAAO,EAC9D,MAAM,MAAM,EACZ,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAClB,OAAO,CAAC,CAAC,GAAG,IAAI,CAoBlB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,WAAW,GAAU,CAAC,EAClC,SAAS,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,iBAAiB,CAAC,EACvD,MAAM,MAAM,EACZ,KAAK,MAAM,EACX,QAAQ,CAAC,KACP,OAAO,CAAC,IAAI,CAOd,CAAC"}
|
package/dist/cli/config.js
CHANGED
|
@@ -61,12 +61,11 @@ export const load_config = async (runtime, path, schema) => {
|
|
|
61
61
|
/**
|
|
62
62
|
* Save CLI configuration to a JSON file.
|
|
63
63
|
*
|
|
64
|
-
* Creates parent directories if they don't exist.
|
|
65
|
-
*
|
|
66
64
|
* @param runtime - runtime with file write capability
|
|
67
65
|
* @param path - path to the config JSON file
|
|
68
66
|
* @param dir - directory containing the config file (created if missing)
|
|
69
67
|
* @param config - configuration to save
|
|
68
|
+
* @mutates filesystem - creates `dir` (recursive) and writes JSON to `path`
|
|
70
69
|
*/
|
|
71
70
|
export const save_config = async (runtime, path, dir, config) => {
|
|
72
71
|
// ensure directory exists
|
package/dist/cli/daemon.d.ts
CHANGED
|
@@ -39,6 +39,8 @@ export declare const get_daemon_info_path: (runtime: Pick<EnvDeps, "env_get">, n
|
|
|
39
39
|
* @param runtime - runtime with file write and env capabilities
|
|
40
40
|
* @param name - application name
|
|
41
41
|
* @param info - daemon info to write
|
|
42
|
+
* @mutates filesystem - creates `~/.{name}/run/` and atomically writes `daemon.json`
|
|
43
|
+
* @throws Error if `$HOME` is not set
|
|
42
44
|
*/
|
|
43
45
|
export declare const write_daemon_info: (runtime: Pick<EnvDeps, "env_get"> & Pick<FsWriteDeps, "mkdir" | "write_text_file" | "rename">, name: string, info: DaemonInfo) => Promise<void>;
|
|
44
46
|
/**
|
|
@@ -85,11 +87,14 @@ export interface StopDaemonResult {
|
|
|
85
87
|
* Stop a running daemon by sending SIGTERM and cleaning up the PID file.
|
|
86
88
|
*
|
|
87
89
|
* Returns a result object instead of logging directly, separating
|
|
88
|
-
* lifecycle from presentation.
|
|
90
|
+
* lifecycle from presentation. Errors removing the PID file are swallowed
|
|
91
|
+
* (the daemon's own shutdown handler may have removed it concurrently).
|
|
89
92
|
*
|
|
90
93
|
* @param runtime - runtime with command, file, and env capabilities
|
|
91
94
|
* @param name - application name
|
|
92
95
|
* @returns result describing the outcome
|
|
96
|
+
* @mutates filesystem - removes `~/.{name}/run/daemon.json` on success or when corrupt
|
|
97
|
+
* @mutates external process - sends `SIGTERM` to the daemon process via `kill`
|
|
93
98
|
*/
|
|
94
99
|
export declare const stop_daemon: (runtime: Pick<EnvDeps, "env_get"> & Pick<FsReadDeps, "stat" | "read_text_file"> & FsRemoveDeps & CommandDeps & LogDeps, name: string) => Promise<StopDaemonResult>;
|
|
95
100
|
//# sourceMappingURL=daemon.d.ts.map
|
package/dist/cli/daemon.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"daemon.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/cli/daemon.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,OAAO,EACZ,MAAM,oBAAoB,CAAC;AAI5B;;GAEG;AACH,eAAO,MAAM,UAAU;IACtB,sBAAsB;;IAEtB,yBAAyB;;IAEzB,uCAAuC;;IAEvC,yCAAyC;;IAEzC,0CAA0C;;kBAEzC,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EACjC,MAAM,MAAM,KACV,MAAM,GAAG,IAGX,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"daemon.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/cli/daemon.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,OAAO,EACZ,MAAM,oBAAoB,CAAC;AAI5B;;GAEG;AACH,eAAO,MAAM,UAAU;IACtB,sBAAsB;;IAEtB,yBAAyB;;IAEzB,uCAAuC;;IAEvC,yCAAyC;;IAEzC,0CAA0C;;kBAEzC,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EACjC,MAAM,MAAM,KACV,MAAM,GAAG,IAGX,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,iBAAiB,GAC7B,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,iBAAiB,GAAG,QAAQ,CAAC,EAC7F,MAAM,MAAM,EACZ,MAAM,UAAU,KACd,OAAO,CAAC,IAAI,CAWd,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,GAC5B,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,gBAAgB,CAAC,GAAG,OAAO,EACzF,MAAM,MAAM,KACV,OAAO,CAAC,UAAU,GAAG,IAAI,CAwB3B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,WAAW,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,OAAO,CAG1F,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,MAAM,MAAM,EACZ,aAAkB,EAClB,mBAAiB,KACf,OAAO,CAAC,OAAO,CAYjB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,yCAAyC;IACzC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,OAAO,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW,GACvB,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAChC,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,gBAAgB,CAAC,GAC3C,YAAY,GACZ,WAAW,GACX,OAAO,EACR,MAAM,MAAM,KACV,OAAO,CAAC,gBAAgB,CA2C1B,CAAC"}
|
package/dist/cli/daemon.js
CHANGED
|
@@ -43,6 +43,8 @@ export const get_daemon_info_path = (runtime, name) => {
|
|
|
43
43
|
* @param runtime - runtime with file write and env capabilities
|
|
44
44
|
* @param name - application name
|
|
45
45
|
* @param info - daemon info to write
|
|
46
|
+
* @mutates filesystem - creates `~/.{name}/run/` and atomically writes `daemon.json`
|
|
47
|
+
* @throws Error if `$HOME` is not set
|
|
46
48
|
*/
|
|
47
49
|
export const write_daemon_info = async (runtime, name, info) => {
|
|
48
50
|
const app_dir = get_app_dir(runtime, name);
|
|
@@ -126,11 +128,14 @@ export const check_daemon_health = async (deps, port, host = 'localhost', timeou
|
|
|
126
128
|
* Stop a running daemon by sending SIGTERM and cleaning up the PID file.
|
|
127
129
|
*
|
|
128
130
|
* Returns a result object instead of logging directly, separating
|
|
129
|
-
* lifecycle from presentation.
|
|
131
|
+
* lifecycle from presentation. Errors removing the PID file are swallowed
|
|
132
|
+
* (the daemon's own shutdown handler may have removed it concurrently).
|
|
130
133
|
*
|
|
131
134
|
* @param runtime - runtime with command, file, and env capabilities
|
|
132
135
|
* @param name - application name
|
|
133
136
|
* @returns result describing the outcome
|
|
137
|
+
* @mutates filesystem - removes `~/.{name}/run/daemon.json` on success or when corrupt
|
|
138
|
+
* @mutates external process - sends `SIGTERM` to the daemon process via `kill`
|
|
134
139
|
*/
|
|
135
140
|
export const stop_daemon = async (runtime, name) => {
|
|
136
141
|
const daemon_path = get_daemon_info_path(runtime, name);
|
package/dist/db/assert_row.d.ts
CHANGED
|
@@ -12,7 +12,8 @@
|
|
|
12
12
|
*
|
|
13
13
|
* @param row - the row from `query_one` (`T | undefined`) or `rows[0]` (`T | undefined`)
|
|
14
14
|
* @param context - optional context for the error message (e.g. table or operation name)
|
|
15
|
-
* @returns the row, guaranteed non
|
|
15
|
+
* @returns the row, guaranteed non-`undefined`
|
|
16
|
+
* @throws Error if `row` is `undefined`
|
|
16
17
|
*/
|
|
17
18
|
export declare const assert_row: <T>(row: T | undefined, context?: string) => T;
|
|
18
19
|
//# sourceMappingURL=assert_row.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assert_row.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/db/assert_row.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH
|
|
1
|
+
{"version":3,"file":"assert_row.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/db/assert_row.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,GAAI,CAAC,EAAE,KAAK,CAAC,GAAG,SAAS,EAAE,UAAU,MAAM,KAAG,CASpE,CAAC"}
|
package/dist/db/assert_row.js
CHANGED
|
@@ -12,7 +12,8 @@
|
|
|
12
12
|
*
|
|
13
13
|
* @param row - the row from `query_one` (`T | undefined`) or `rows[0]` (`T | undefined`)
|
|
14
14
|
* @param context - optional context for the error message (e.g. table or operation name)
|
|
15
|
-
* @returns the row, guaranteed non
|
|
15
|
+
* @returns the row, guaranteed non-`undefined`
|
|
16
|
+
* @throws Error if `row` is `undefined`
|
|
16
17
|
*/
|
|
17
18
|
export const assert_row = (row, context) => {
|
|
18
19
|
if (row === undefined) {
|
package/dist/db/create_db.d.ts
CHANGED
|
@@ -24,7 +24,6 @@ export interface CreateDbResult {
|
|
|
24
24
|
/**
|
|
25
25
|
* Create a database connection based on a URL.
|
|
26
26
|
*
|
|
27
|
-
* Returns the `Db` instance, a typed `close` callback, driver type, and display name.
|
|
28
27
|
* The `close` callback is bound to the actual driver — callers never need to
|
|
29
28
|
* know which driver is in use.
|
|
30
29
|
*
|
|
@@ -33,6 +32,9 @@ export interface CreateDbResult {
|
|
|
33
32
|
*
|
|
34
33
|
* @param database_url - connection URL (`postgres://`, `postgresql://`, `file://`, or `memory://`)
|
|
35
34
|
* @returns database instance, close callback, type, and display name
|
|
35
|
+
* @throws Error if `database_url` uses an unsupported scheme. Driver
|
|
36
|
+
* construction (`pg.Pool` or `PGlite`) may also throw on bad connection
|
|
37
|
+
* parameters or missing peer-dependency packages.
|
|
36
38
|
*/
|
|
37
39
|
export declare const create_db: (database_url: string) => Promise<CreateDbResult>;
|
|
38
40
|
//# sourceMappingURL=create_db.d.ts.map
|