@fuzdev/fuz_app 0.53.0 → 0.55.0

package/dist/http/route_spec.js

@@ -14,7 +14,8 @@
  */
 import { DEV } from 'esm-env';
 import { ERROR_INVALID_JSON_BODY, ERROR_INVALID_REQUEST_BODY, ERROR_INVALID_ROUTE_PARAMS, ERROR_INVALID_QUERY_PARAMS, } from './error_schemas.js';
-import { ThrownJsonrpcError, JSONRPC_ERROR_CODES, jsonrpc_error_code_to_http_status, } from './jsonrpc_errors.js';
+import { ThrownJsonrpcError, jsonrpc_error_code_to_http_status, jsonrpc_error_code_to_name, } from './jsonrpc_errors.js';
+import { CACHED_REQUEST_BODY_KEY } from '../hono_context.js';
 import { is_null_schema, merge_error_schemas } from './schema_helpers.js';
 /**
  * Get validated input from the Hono context.
@@ -63,12 +64,30 @@ const create_input_validation = (input_schema, method) => {
     if (is_null_schema(input_schema))
         return [];
     const validate = async (c, next) => {
+        // Prefer the cached parse result written by `read_raw_acting`
+        // (the dispatcher's `acting` extractor). The cache decouples
+        // us from Hono's internal `bodyCache` — Hono keeps the body
+        // text alive across multiple `c.req.json()` calls but still
+        // re-runs `JSON.parse` each time, so caching the parsed value
+        // saves work and pins behavior to fuz_app code rather than to
+        // undocumented Hono internals.
+        // Hono's `c.get()` types this as the variable-map entry, but at
+        // runtime it returns `undefined` when no setter has run for this
+        // request. Narrow defensively.
+        const cached = c.get(CACHED_REQUEST_BODY_KEY);
         let body;
-        try {
-            body = await c.req.json();
+        if (cached !== undefined) {
+            if (!cached.ok)
+                return c.json({ error: ERROR_INVALID_JSON_BODY }, 400);
+            body = cached.body;
         }
-        catch {
-            return c.json({ error: ERROR_INVALID_JSON_BODY }, 400);
+        else {
+            try {
+                body = await c.req.json();
+            }
+            catch {
+                return c.json({ error: ERROR_INVALID_JSON_BODY }, 400);
+            }
         }
         if (typeof body !== 'object' || body === null || Array.isArray(body)) {
             return c.json({ error: ERROR_INVALID_JSON_BODY }, 400);
@@ -192,10 +211,29 @@ export const apply_middleware_specs = (app, specs) => {
 /**
  * Wrap a handler with error catch logic.
  *
- * Catches `ThrownJsonrpcError` and maps to HTTP status + JSON-RPC error response.
- * Catches generic `Error` and maps to `internal_error` (-32603 → 500), including
- * the error message in DEV only. Existing handlers that return `c.json()` directly
- * are unaffected — the catch layer only activates when something is thrown.
+ * Catches `ThrownJsonrpcError` and maps it to a flat REST `ApiError` body
+ * (`{error: <reason>, message?, ...rest_data}`) at the matching HTTP status.
+ * Catches generic `Error` and maps to `{error: 'internal_error', message?}`
+ * at 500 (`message` populated only in DEV). Existing handlers that return
+ * `c.json()` directly are unaffected — the catch layer only activates when
+ * something is thrown.
+ *
+ * The flat shape matches what middleware and direct handler emissions
+ * produce (e.g. `c.json({error: ERROR_FOO}, status)`,
+ * `c.json(failure.body, status)` from the dispatcher's authorization phase),
+ * so REST callers see one error envelope across every emit site. The
+ * `<reason>` string comes from `err.data.reason` when set (consumer-supplied
+ * canonical reason code) or from `jsonrpc_error_code_to_name(err.code)`
+ * (the JSON-RPC error name — `'not_found'`, `'forbidden'`, etc.). Other
+ * `data` fields flatten alongside `error` so diagnostic data is visible
+ * to clients without descending an envelope.
+ *
+ * The JSON-RPC code is intentionally **not** carried on the REST body —
+ * REST callers key on HTTP status + `error` reason, and the JSON-RPC code
+ * is recoverable via `http_status_to_jsonrpc_error_code(status)` on the
+ * rare consumer that wants it. Keeping the shape transport-shaped (REST
+ * emits ApiError; JSON-RPC dispatcher emits the JSON-RPC envelope) avoids
+ * a hybrid envelope that has to be normalized on the way out.
  */
 const wrap_error_catch = (handler, log) => {
     return async (c, next) => {
@@ -205,25 +243,72 @@ const wrap_error_catch = (handler, log) => {
         catch (err) {
             if (err instanceof ThrownJsonrpcError) {
                 const status = jsonrpc_error_code_to_http_status(err.code);
-                const error = { code: err.code, message: err.message };
-                if (err.data !== undefined)
-                    error.data = err.data;
-                return c.json({ error }, status);
+                return c.json(build_rest_error_body(err), status);
             }
             // generic error — internal_error
             log.error('Unhandled handler error', err);
-            const message = DEV && err instanceof Error ? err.message : 'internal server error';
-            return c.json({ error: { code: JSONRPC_ERROR_CODES.internal_error, message } }, 500);
+            const body = { error: 'internal_error' };
+            if (DEV && err instanceof Error)
+                body.message = err.message;
+            return c.json(body, 500);
         }
     };
 };
+/**
+ * Build the REST body for a thrown `ThrownJsonrpcError`. Splits out
+ * for unit-test directness and keeps the catch handler readable.
+ *
+ * Reason resolution order:
+ * 1. `err.data.reason` (consumer-supplied canonical reason — overrides code-derived name)
+ * 2. `jsonrpc_error_code_to_name(err.code)` (e.g. -32003 → `'not_found'`)
+ *
+ * Remaining `err.data` fields (everything except `reason`) flatten under
+ * the body. Non-object `data` is dropped — we don't want a primitive
+ * `data` to overwrite the structured shape.
+ */
+const build_rest_error_body = (err) => {
+    let reason;
+    const rest = {};
+    if (err.data !== null &&
+        typeof err.data === 'object' &&
+        !Array.isArray(err.data) &&
+        typeof err.data.reason === 'string') {
+        const { reason: data_reason, ...other } = err.data;
+        reason = data_reason;
+        Object.assign(rest, other);
+    }
+    else {
+        reason = jsonrpc_error_code_to_name(err.code);
+        if (err.data !== null && typeof err.data === 'object' && !Array.isArray(err.data)) {
+            Object.assign(rest, err.data);
+        }
+    }
+    const body = { error: reason, ...rest };
+    if (err.message && err.message !== reason)
+        body.message = err.message;
+    return body;
+};
 /**
  * Apply route specs to a Hono app.
  *
  * For each spec: resolves auth to guards via the provided resolver,
  * adds input validation middleware (for routes with non-null input schemas),
- * wraps handler with DEV-only output and error validation, wraps with error
- * catch layer (catches `ThrownJsonrpcError` and generic errors), and registers the route.
+ * runs the optional authorization phase to resolve the acting actor + build
+ * the request context, wraps handler with DEV-only output and error
+ * validation, wraps with error catch layer (catches `ThrownJsonrpcError`
+ * and generic errors), and registers the route.
+ *
+ * Per-route middleware order: params → query → pre-validation auth
+ * guards (401) → authorization phase → post-authorization auth guards
+ * (403) → input validation → handler. The 401 check runs before any
+ * body parsing so unauthenticated callers never see route-shape
+ * information from parse failures. The authorization phase runs before
+ * input validation (matches the RPC dispatcher's order) so role /
+ * keeper denials surface 403 before 400 invalid_params; it extracts
+ * `acting` from raw query (GET) or pre-parsed JSON body (POST/PUT/...)
+ * — Hono caches the parsed body internally so the subsequent input-
+ * validation step does not re-parse. The role / keeper guards consume
+ * the `RequestContext` populated by the authorization phase.
  *
  * Each handler receives a `RouteContext` with:
  * - `db`: transaction-scoped (for non-GET) or pool-level (for GET)
@@ -231,11 +316,12 @@ const wrap_error_catch = (handler, log) => {
  * - `pending_effects`: fire-and-forget effect queue
  *
  * @param resolve_auth_guards - maps `RouteAuth` to middleware — use `fuz_auth_guard_resolver` from `auth/route_guards.ts`
+ * @param authorize - optional authorization phase; runs between guards and input validation
  * @param db - used for transaction wrapping and `RouteContext`
  * @mutates `app`
  * @throws Error if two specs share the same `method` + `path` (each combination must be unique)
  */
-export const apply_route_specs = (app, specs, resolve_auth_guards, log, db) => {
+export const apply_route_specs = (app, specs, resolve_auth_guards, log, db, authorize, is_acting_aware) => {
     const registered = new Set();
     for (const spec of specs) {
         const route_key = `${spec.method} ${spec.path}`;
@@ -243,11 +329,21 @@ export const apply_route_specs = (app, specs, resolve_auth_guards, log, db) => {
             throw new Error(`Duplicate route: ${route_key} — each method+path combination must be unique`);
         }
         registered.add(route_key);
-        const guards = resolve_auth_guards(spec.auth);
+        const { pre_validation: pre_validation_guards, post_authorization: post_authorization_guards } = resolve_auth_guards(spec.auth);
         const params_validation = create_params_validation(spec.params);
         const query_validation = create_query_validation(spec.query);
         const input_validation = create_input_validation(spec.input, spec.method);
-        const merged_errors = merge_error_schemas(spec);
+        const merged_errors = merge_error_schemas(spec, null, is_acting_aware?.(spec) ?? false);
+        const authorization = authorize
+            ? [
+                async (c, next) => {
+                    const response = await authorize(c, spec);
+                    if (response)
+                        return response;
+                    await next();
+                },
+            ]
+            : [];
         // Step 1: adapt RouteHandler → Handler (construct RouteContext, call spec.handler)
         const use_transaction = spec.transaction ?? spec.method !== 'GET';
         const inner = spec.handler;
@@ -258,7 +354,7 @@ export const apply_route_specs = (app, specs, resolve_auth_guards, log, db) => {
         handler = wrap_output_validation(handler, spec.output, merged_errors, log);
         // Step 3: error catch layer
         handler = wrap_error_catch(handler, log);
-        app.on(spec.method, [spec.path], ...guards, ...params_validation, ...query_validation, ...input_validation, handler);
+        app.on(spec.method, [spec.path], ...params_validation, ...query_validation, ...pre_validation_guards, ...authorization, ...post_authorization_guards, ...input_validation, handler);
     }
 };
 /**

package/dist/http/schema_helpers.d.ts

@@ -55,7 +55,19 @@ export declare const middleware_applies: (mw_path: string, route_path: string) =
  * Merge order: derived -> middleware -> explicit route errors.
  * Later layers override earlier ones for the same status code.
  *
+ * `acting_aware` flows through to `derive_error_schemas` so routes whose
+ * input declares `acting?: ActingActor` (or whose auth requires permits)
+ * pick up the actor-failure error shapes the dispatcher's authorization
+ * phase may emit. The flag is computed at the call site rather than here
+ * because the `acting`-detection helper lives in `auth/` (it depends on
+ * the canonical `ActingActor` schema for reference equality, and `http/`
+ * stays auth-agnostic). See `http/CLAUDE.md` § Three-layer error-schema
+ * merge.
+ *
  * @param spec - the route spec (needs `auth`, `input`, `params`, `rate_limit`, `errors`)
+ * @param middleware_errors - errors contributed by middleware whose path matches the route
+ * @param acting_aware - whether the dispatcher's authorization phase may emit
+ *   actor-failure errors on this route
  * @returns merged error schemas, or `null` if empty
  */
 export declare const merge_error_schemas: (spec: {
@@ -65,5 +77,5 @@ export declare const merge_error_schemas: (spec: {
     query?: z.ZodObject;
     rate_limit?: RateLimitKey;
     errors?: RouteErrorSchemas;
-}, middleware_errors?: RouteErrorSchemas | null) => RouteErrorSchemas | null;
+}, middleware_errors?: RouteErrorSchemas | null, acting_aware?: boolean) => RouteErrorSchemas | null;
 //# sourceMappingURL=schema_helpers.d.ts.map

package/dist/http/schema_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/schema_helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAuB,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAC,MAAM,oBAAoB,CAAC;AAEnG;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OAAsC,CAAC;AAE1F;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OAAsC,CAAC;AAE1F;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OACe,CAAC;AAE5E;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OAQrD,CAAC;AAoBF;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,KAAG,OAQxE,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM;IACL,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACrB,KAAK,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;IAC1B,MAAM,CAAC,EAAE,iBAAiB,CAAC;CAC3B,EACD,oBAAoB,iBAAiB,GAAG,IAAI,KAC1C,iBAAiB,GAAG,IAUtB,CAAC"}
+{"version":3,"file":"schema_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/schema_helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAuB,KAAK,YAAY,EAAE,KAAK,iBAAiB,EAAC,MAAM,oBAAoB,CAAC;AAEnG;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OAAsC,CAAC;AAE1F;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OAAsC,CAAC;AAE1F;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OACe,CAAC;AAE5E;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,OAQrD,CAAC;AAoBF;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,KAAG,OAQxE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM;IACL,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACrB,KAAK,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;IAC1B,MAAM,CAAC,EAAE,iBAAiB,CAAC;CAC3B,EACD,oBAAoB,iBAAiB,GAAG,IAAI,EAC5C,sBAAoB,KAClB,iBAAiB,GAAG,IAWtB,CAAC"}

package/dist/http/schema_helpers.js

@@ -94,11 +94,30 @@ export const middleware_applies = (mw_path, route_path) => {
  * Merge order: derived -> middleware -> explicit route errors.
  * Later layers override earlier ones for the same status code.
  *
+ * `acting_aware` flows through to `derive_error_schemas` so routes whose
+ * input declares `acting?: ActingActor` (or whose auth requires permits)
+ * pick up the actor-failure error shapes the dispatcher's authorization
+ * phase may emit. The flag is computed at the call site rather than here
+ * because the `acting`-detection helper lives in `auth/` (it depends on
+ * the canonical `ActingActor` schema for reference equality, and `http/`
+ * stays auth-agnostic). See `http/CLAUDE.md` § Three-layer error-schema
+ * merge.
+ *
  * @param spec - the route spec (needs `auth`, `input`, `params`, `rate_limit`, `errors`)
+ * @param middleware_errors - errors contributed by middleware whose path matches the route
+ * @param acting_aware - whether the dispatcher's authorization phase may emit
+ *   actor-failure errors on this route
  * @returns merged error schemas, or `null` if empty
  */
-export const merge_error_schemas = (spec, middleware_errors) => {
-    const derived = derive_error_schemas(spec.auth, !is_null_schema(spec.input), !!spec.params, !!spec.query, spec.rate_limit);
+export const merge_error_schemas = (spec, middleware_errors, acting_aware = false) => {
+    const derived = derive_error_schemas({
+        auth: spec.auth,
+        has_input: !is_null_schema(spec.input),
+        has_params: !!spec.params,
+        has_query: !!spec.query,
+        rate_limit: spec.rate_limit,
+        acting_aware,
+    });
     const merged = { ...derived, ...middleware_errors, ...spec.errors };
     return Object.keys(merged).length > 0 ? merged : null;
 };

package/dist/http/surface.d.ts

@@ -9,7 +9,7 @@
 import { z } from 'zod';
 import type { EventSpec } from '../realtime/sse.js';
 import type { MiddlewareSpec } from './middleware_spec.js';
-import type { RouteAuth, RouteSpec } from './route_spec.js';
+import type { IsActingAware, RouteAuth, RouteSpec } from './route_spec.js';
 import type { RateLimitKey, RouteErrorSchemas } from './error_schemas.js';
 import type { RpcAction } from '../actions/action_rpc.js';
 import type { Sensitivity } from '../sensitivity.js';
@@ -118,6 +118,15 @@ export interface GenerateAppSurfaceOptions {
     env_schema?: z.ZodObject;
     event_specs?: Array<EventSpec>;
     rpc_endpoints?: Array<RpcEndpointSpec>;
+    /**
+     * Per-route predicate that decides whether the dispatcher's authorization
+     * phase may emit `actor_required` / `actor_not_on_account` (400) or
+     * `no_actors_on_account` / `account_vanished` (500) on this spec. Mirrors
+     * the parameter on `apply_route_specs` so the surface exposes the same
+     * error shapes the live framework would emit. See `http/CLAUDE.md` §
+     * Three-layer error-schema merge.
+     */
+    is_acting_aware?: IsActingAware;
 }
 /**
  * Collect error schemas from all middleware that applies to a route path.

package/dist/http/surface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/surface.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,sBAAsB,CAAC;AACzD,OAAO,KAAK,EAAC,SAAS,EAAE,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAC1D,OAAO,KAAK,EAAC,YAAY,EAAE,iBAAiB,EAAC,MAAM,oBAAoB,CAAC;AACxE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AASxD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAKnD,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,qBAAqB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,WAAW,EAAE,OAAO,CAAC;IACrB,uEAAuE;IACvE,WAAW,EAAE,OAAO,CAAC;IACrB,oFAAoF;IACpF,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,uFAAuF;IACvF,aAAa,EAAE,OAAO,CAAC;IACvB,8FAA8F;IAC9F,YAAY,EAAE,OAAO,CAAC;IACtB,wFAAwF;IACxF,YAAY,EAAE,OAAO,CAAC;IACtB,iEAAiE;IACjE,aAAa,EAAE,OAAO,CAAC;IACvB,mGAAmG;IACnG,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9C;AAED,wEAAwE;AACxE,MAAM,WAAW,oBAAoB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,mGAAmG;IACnG,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9C;AAED,sEAAsE;AACtE,MAAM,WAAW,aAAa;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;CAClB;AAED,wEAAwE;AACxE,MAAM,WAAW,eAAe;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;CACvB;AAED,2FAA2F;AAC3F,MAAM,WAAW,mBAAmB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,qFAAqF;IACrF,YAAY,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;CACpC;AAED,2EAA2E;AAC3E,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,KAAK,CAAC,mBAAmB,CAAC,CAAC;CACpC;AAED,uFAAuF;AACvF,MAAM,WAAW,oBAAoB;IACpC,KAAK,EAAE,SAAS,GAAG,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,oDAAoD;AACpD,MAAM,WAAW,UAAU;IAC1B,UAAU,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAC/B,aAAa,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC5C,GAAG,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IAC1B,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAC/B,WAAW,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC;CACzC;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,gBAAgB,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IACxC,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CACtC;AAED,yDAAyD;AACzD,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAC1B;AAED,0CAA0C;AAC1C,MAAM,WAAW,yBAAyB;IACzC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,gBAAgB,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IACxC,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CACvC;AAID;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,GACrC,YAAY,KAAK,CAAC,cAAc,CAAC,EACjC,YAAY,MAAM,KAChB,iBAAiB,GAAG,IAQtB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,aAAa,CAe9E,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,aAAa,KAAK,CAAC,SAAS,CAAC,KAAG,KAAK,CAAC,eAAe,CAOtF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oBAAoB,GAAI,SAAS,yBAAyB,KAAG,UAyFzE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,GAAI,SAAS,yBAAyB,KAAG,cAQ5E,CAAC"}
+{"version":3,"file":"surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/surface.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,sBAAsB,CAAC;AACzD,OAAO,KAAK,EAAC,aAAa,EAAE,SAAS,EAAE,SAAS,EAAC,MAAM,iBAAiB,CAAC;AACzE,OAAO,KAAK,EAAC,YAAY,EAAE,iBAAiB,EAAC,MAAM,oBAAoB,CAAC;AACxE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AASxD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAKnD,mEAAmE;AACnE,MAAM,WAAW,eAAe;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,qBAAqB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,WAAW,EAAE,OAAO,CAAC;IACrB,uEAAuE;IACvE,WAAW,EAAE,OAAO,CAAC;IACrB,oFAAoF;IACpF,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,uFAAuF;IACvF,aAAa,EAAE,OAAO,CAAC;IACvB,8FAA8F;IAC9F,YAAY,EAAE,OAAO,CAAC;IACtB,wFAAwF;IACxF,YAAY,EAAE,OAAO,CAAC;IACtB,iEAAiE;IACjE,aAAa,EAAE,OAAO,CAAC;IACvB,mGAAmG;IACnG,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9C;AAED,wEAAwE;AACxE,MAAM,WAAW,oBAAoB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,mGAAmG;IACnG,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9C;AAED,sEAAsE;AACtE,MAAM,WAAW,aAAa;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;CAClB;AAED,wEAAwE;AACxE,MAAM,WAAW,eAAe;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;CACvB;AAED,2FAA2F;AAC3F,MAAM,WAAW,mBAAmB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,qFAAqF;IACrF,YAAY,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,cAAc,EAAE,YAAY,GAAG,IAAI,CAAC;CACpC;AAED,2EAA2E;AAC3E,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,KAAK,CAAC,mBAAmB,CAAC,CAAC;CACpC;AAED,uFAAuF;AACvF,MAAM,WAAW,oBAAoB;IACpC,KAAK,EAAE,SAAS,GAAG,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,oDAAoD;AACpD,MAAM,WAAW,UAAU;IAC1B,UAAU,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAC/B,aAAa,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC5C,GAAG,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IAC1B,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAC/B,WAAW,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAC;CACzC;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,gBAAgB,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IACxC,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CACtC;AAED,yDAAyD;AACzD,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAC1B;AAED,0CAA0C;AAC1C,MAAM,WAAW,yBAAyB;IACzC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,gBAAgB,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IACxC,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACvC;;;;;;;OAOG;IACH,eAAe,CAAC,EAAE,aAAa,CAAC;CAChC;AAID;;;;GAIG;AACH,eAAO,MAAM,yBAAyB,GACrC,YAAY,KAAK,CAAC,cAAc,CAAC,EACjC,YAAY,MAAM,KAChB,iBAAiB,GAAG,IAQtB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,aAAa,CAe9E,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,aAAa,KAAK,CAAC,SAAS,CAAC,KAAG,KAAK,CAAC,eAAe,CAOtF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oBAAoB,GAAI,SAAS,yBAAyB,KAAG,UA0FzE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,GAAI,SAAS,yBAAyB,KAAG,cAQ5E,CAAC"}

package/dist/http/surface.js

@@ -61,7 +61,7 @@ export const events_to_surface = (event_specs) => {
  * and optional env/event metadata.
  */
 export const generate_app_surface = (options) => {
-    const { route_specs, middleware_specs, env_schema, event_specs, rpc_endpoints } = options;
+    const { route_specs, middleware_specs, env_schema, event_specs, rpc_endpoints, is_acting_aware } = options;
     const diagnostics = [];
     // Spec-level diagnostics: check for non-strict input schemas
     for (const r of route_specs) {
@@ -98,7 +98,7 @@ export const generate_app_surface = (options) => {
                 .map((m) => m.name);
             // Merge auto-derived + middleware + explicit error schemas
             const mw_errors = collect_middleware_errors(middleware_specs, r.path);
-            const merged_errors = merge_error_schemas(r, mw_errors);
+            const merged_errors = merge_error_schemas(r, mw_errors, is_acting_aware?.(r) ?? false);
             let error_schemas = null;
             if (merged_errors) {
                 const schemas = {};

package/dist/server/app_server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAKN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAOrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;;;;OAQG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;;;;OAQG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,uGAAuG;IACvG,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,0GAA0G;IAC1G,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA4QpF,CAAC"}
+{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/app_server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,IAAI,EAAE,KAAK,OAAO,EAAC,MAAM,MAAM,CAAC;AAGxC,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAEN,KAAK,cAAc,EAEnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,8BAA8B,CAAC;AAC1E,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAGN,KAAK,WAAW,EAChB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAKN,KAAK,WAAW,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,oBAAoB,CAAC;AAE5B,OAAO,EAA2B,KAAK,kBAAkB,EAAC,MAAM,aAAa,CAAC;AAE9E,OAAO,EAEN,KAAK,cAAc,EAEnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAKN,KAAK,SAAS,EACd,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAGN,KAAK,eAAe,EACpB,MAAM,6BAA6B,CAAC;AAYrC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAChC,2DAA2D;IAC3D,OAAO,EAAE,UAAU,CAAC;IACpB,6CAA6C;IAC7C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,sCAAsC;IACtC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAE/B,6BAA6B;IAC7B,KAAK,EAAE;QACN,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,iBAAiB,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;KACtD,CAAC;IAEF;;;;;OAKG;IACH,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACrC;;;;;OAKG;IACH,0BAA0B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD;;;;;OAKG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;;;;OAQG;IACH,sBAAsB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5C;;;;;;;;OAQG;IACH,2BAA2B,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjD;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,2DAA2D;IAC3D,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IAEtC,yEAAyE;IACzE,SAAS,CAAC,EAAE;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,mEAAmE;QACnE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;KAC9E,CAAC;IAEF;;;OAGG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC;IAEtB;;;OAGG;IACH,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAEpE,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAE/E;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,IAAI,GAAG;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC;IAEvC,gFAAgF;IAChF,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAE/B;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAEjG,gHAAgH;IAChH,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC;IAExB,mFAAmF;IACnF,qBAAqB,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAE9C,6DAA6D;IAC7D,cAAc,CAAC,EAAE;QAChB,YAAY,EAAE,kBAAkB,CAAC;QACjC,YAAY,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IAEF;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAEhC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAExE,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,eAAe,CAAC;IAClC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yEAAyE;IACzE,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IACpC,iFAAiF;IACjF,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,kFAAkF;IAClF,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,uGAAuG;IACvG,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,0GAA0G;IAC1G,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;IAChD,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;CAC9B;AAED,uCAAuC;AACvC,MAAM,WAAW,SAAS;IACzB,GAAG,EAAE,IAAI,CAAC;IACV,wEAAwE;IACxE,YAAY,EAAE,cAAc,CAAC;IAC7B,gBAAgB,EAAE,eAAe,CAAC;IAClC,2EAA2E;IAC3E,YAAY,EAAE,WAAW,CAAC;IAC1B,oGAAoG;IACpG,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,oFAAoF;IACpF,SAAS,EAAE,WAAW,GAAG,IAAI,CAAC;IAC9B,mEAAmE;IACnE,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED,gDAAgD;AAChD,eAAO,MAAM,qBAAqB,QAAc,CAAC;AAEjD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iBAAiB,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,SAAS,CA+RpF,CAAC"}

package/dist/server/app_server.js

@@ -27,6 +27,7 @@ import { check_bootstrap_status, create_bootstrap_route_specs, } from '../auth/b
 import { create_surface_route_spec } from '../http/common_routes.js';
 import { create_auth_middleware_specs } from '../auth/middleware.js';
 import { fuz_auth_guard_resolver } from '../auth/route_guards.js';
+import { create_fuz_authorization_handler, input_schema_declares_acting, is_actor_implying_auth, } from '../auth/request_context.js';
 import { ERROR_PAYLOAD_TOO_LARGE } from '../http/error_schemas.js';
 import { create_rpc_endpoint } from '../actions/action_rpc.js';
 /** Default maximum request body size: 1 MiB. */
@@ -160,12 +161,20 @@ export const create_app_server = async (options) => {
         ...(options.event_specs ?? []),
         ...(audit_sse ? AUDIT_LOG_EVENT_SPECS : []),
     ];
+    // Per-route flag for the dispatcher's authorization-phase error shapes.
+    // Mirrors the runtime check in `apply_authorization_phase`: a route emits
+    // actor-failure errors when its input declares `acting?: ActingActor` or
+    // its auth requires permits. Routes that fail this check stay on the
+    // narrow derived schema (validation + auth shapes) so non-fuz_app HTTP
+    // frameworks aren't forced to surface fuz_app-specific error codes.
+    const fuz_is_acting_aware = (spec) => is_actor_implying_auth(spec.auth) || input_schema_declares_acting(spec.input);
     const surface_spec = create_app_surface_spec({
         middleware_specs: surface_middleware,
         route_specs,
         env_schema: options.env_schema,
         event_specs: all_event_specs,
         rpc_endpoints: resolved_rpc_endpoints,
+        is_acting_aware: fuz_is_acting_aware,
     });
     // Config-level diagnostics (concatenated after spec-level from generate_app_surface)
     const config_diagnostics = [];
@@ -257,7 +266,8 @@ export const create_app_server = async (options) => {
         }));
     }
     apply_middleware_specs(app, middleware_specs);
-    apply_route_specs(app, route_specs, fuz_auth_guard_resolver, log, deps.db);
+    const authorize = create_fuz_authorization_handler({ db: deps.db });
+    apply_route_specs(app, route_specs, fuz_auth_guard_resolver, log, deps.db, authorize, fuz_is_acting_aware);
     // Post-route middleware (before static serving)
     if (options.post_route_middleware) {
         apply_middleware_specs(app, options.post_route_middleware);

package/dist/testing/CLAUDE.md

@@ -157,9 +157,13 @@ bind to the server's deps (db, keyring). Hono assembly is cheap
 
 Pre-built Hono apps at each auth level (public / authed / keeper / per-role)
 for attack-surface testing. No middleware stack — a single `/*` middleware
-injects the `REQUEST_CONTEXT_KEY` + `CREDENTIAL_TYPE_KEY` (default
-`'session'`) and hands off to `apply_route_specs` with
-`fuz_auth_guard_resolver`.
+injects `ACCOUNT_ID_KEY` + `REQUEST_CONTEXT_KEY` + `CREDENTIAL_TYPE_KEY`
+(default `'session'`) plus the `TEST_CONTEXT_PRESET_KEY` flag (so the
+dispatcher's authorization phase trusts the pre-baked context and skips
+its DB-backed actor resolution), then hands off to `apply_route_specs`
+with `fuz_auth_guard_resolver` + `create_fuz_authorization_handler`.
+Production middleware never sets `TEST_CONTEXT_PRESET_KEY`, so the escape
+hatch is test-only by construction.
 
 | Helper                                                           | Role                                                                                                                                                                                   |
 | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -389,22 +393,24 @@ test file that imports from `middleware.ts` gets these mocks globally.
 Pair with `vi.restoreAllMocks()` in `afterEach` when mixing into
 `.db.test.ts` files (see DB test caveat below).
 
-| Helper                                                            | Role                                                                                                                                                          |
-| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `BearerAuthTestOptions`, `BearerAuthTestCase`                     | Test-case table shape for the bearer auth runner.                                                                                                             |
-| `create_bearer_auth_mocks(tc)`                                    | Configures the module-level mocks per test case; returns spy references.                                                                                      |
-| `TEST_CLIENT_IP = '127.0.0.1'`                                    | IP set by the proxy stub in `create_bearer_auth_test_app`.                                                                                                    |
-| `create_bearer_auth_test_app(tc, ip_rate_limiter?)`               | Hono app with bearer middleware + echo route at `/api/test` returning `{ok, has_context, credential_type, account_id, actor_id, permit_count, api_token_id}`. |
-| `describe_bearer_auth_cases(suite_name, cases, ip_rate_limiter?)` | Table-driven runner — one `test()` per case; asserts status, error, body fields, `api_token_id`, context preservation.                                        |
-| `TEST_MIDDLEWARE_PATH = '/api/test'`                              | Path used by the echo route in the stack factory.                                                                                                             |
-| `create_test_middleware_stack_app(options?)`                      | Real proxy + origin + bearer middleware for integration-shape testing. Echo route returns `{ok, client_ip, has_context}`.                                     |
+| Helper                                                            | Role                                                                                                                                                                                                                                                                           |
+| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `BearerAuthTestOptions`, `BearerAuthTestCase`                     | Test-case table shape for the bearer auth runner.                                                                                                                                                                                                                              |
+| `create_bearer_auth_mocks(tc)`                                    | Configures the module-level mocks per test case; returns spy references.                                                                                                                                                                                                       |
+| `TEST_CLIENT_IP = '127.0.0.1'`                                    | IP set by the proxy stub in `create_bearer_auth_test_app`.                                                                                                                                                                                                                     |
+| `create_bearer_auth_test_app(tc, ip_rate_limiter?)`               | Hono app with bearer middleware + echo route at `/api/test` returning `{ok, account_id, credential_type, api_token_id, request_context_set}` — the account-grain identity bearer auth writes, plus a flag for tests that pre-populate `REQUEST_CONTEXT_KEY` via `pre_context`. |
+| `describe_bearer_auth_cases(suite_name, cases, ip_rate_limiter?)` | Table-driven runner — one `test()` per case; asserts status, error, body fields, `api_token_id`, context preservation.                                                                                                                                                         |
+| `TEST_MIDDLEWARE_PATH = '/api/test'`                              | Path used by the echo route in the stack factory.                                                                                                                                                                                                                              |
+| `create_test_middleware_stack_app(options?)`                      | Real proxy + origin + bearer middleware for integration-shape testing. Echo route returns `{ok, client_ip, has_context}`.                                                                                                                                                      |
 
 The echo route under `create_bearer_auth_test_app` deliberately surfaces
-every middleware-written context variable (`REQUEST_CONTEXT_KEY`,
-`CREDENTIAL_TYPE_KEY`, `AUTH_API_TOKEN_ID_KEY`). When public auth surface
-gains a new context variable, header, or field, update this echo
-alongside the assertions in `src/test/auth/*.test.ts` — the two move
-together.
+every middleware-written context variable (`ACCOUNT_ID_KEY`,
+`CREDENTIAL_TYPE_KEY`, `AUTH_API_TOKEN_ID_KEY`) — bearer middleware
+writes account-grain identity only; the dispatcher's authorization phase
+owns `REQUEST_CONTEXT_KEY`. The `request_context_set` flag covers the
+test-only `pre_context` injection path. When public auth surface gains a
+new context variable, header, or field, update this echo alongside the
+assertions in `src/test/auth/*.test.ts` — the two move together.
 
 ## Round-trip suites
 

package/dist/testing/admin_integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAu1BF,CAAC"}
+{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAoB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IA21BF,CAAC"}

package/dist/testing/admin_integration.js

@@ -38,7 +38,6 @@ import { permit_offer_create_action_spec, permit_revoke_action_spec, } from '../
 import { admin_account_list_action_spec, admin_session_list_action_spec, admin_session_revoke_all_action_spec, admin_token_revoke_all_action_spec, audit_log_list_action_spec, audit_log_permit_history_action_spec, } from '../auth/admin_action_specs.js';
 import { account_token_create_action_spec, account_verify_action_spec, } from '../auth/account_action_specs.js';
 import { query_grant_permit } from '../auth/permit_queries.js';
-import { query_actor_by_account } from '../auth/account_queries.js';
 import { query_accept_offer } from '../auth/permit_offer_queries.js';
 /**
  * Pick a web-grantable role for testing, preferring a non-admin app-defined role.
@@ -153,7 +152,12 @@ export const describe_standard_admin_integration_tests = (options) => {
             });
             assert.ok(res.ok, `permit_offer_create failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
             const { offer } = res.result;
-            const accept_result = await get_db().transaction(async (tx) => query_accept_offer({ db: tx }, { offer_id: offer.id, to_account_id: args.to_account_id, ip: null }));
+            const accept_result = await get_db().transaction(async (tx) => query_accept_offer({ db: tx }, {
+                offer_id: offer.id,
+                to_account_id: args.to_account_id,
+                actor_id: args.to_actor_id,
+                ip: null,
+            }));
             return { offer_id: offer.id, permit_id: accept_result.permit.id };
         };
         // --- 1. Admin account listing (RPC) ---
@@ -165,7 +169,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_account_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(res.ok, `admin_account_list failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
@@ -183,7 +187,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_account_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(!res.ok, 'Expected admin_account_list to fail for non-admin');
@@ -207,7 +211,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_session_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(res.ok, `admin_session_list failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
@@ -358,6 +362,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     admin_headers: test_app.create_session_headers(),
                     to_account_id: user_two.account.id,
+                    to_actor_id: user_two.actor.id,
                     role: grantable_role,
                 });
                 const res = await rpc_call_for_spec({
@@ -376,10 +381,8 @@ export const describe_standard_admin_integration_tests = (options) => {
             test('permit revoke creates audit event', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
                 const user_two = await test_app.create_account({ username: 'user_two' });
-                const target_actor = await query_actor_by_account({ db: get_db() }, user_two.account.id);
-                assert.ok(target_actor);
                 const permit = await query_grant_permit({ db: get_db() }, {
-                    actor_id: target_actor.id,
+                    actor_id: user_two.actor.id,
                     role: grantable_role,
                     granted_by: test_app.backend.actor.id,
                 });
@@ -388,7 +391,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: permit_revoke_action_spec,
-                    params: { actor_id: target_actor.id, permit_id: permit.id },
+                    params: { actor_id: user_two.actor.id, permit_id: permit.id },
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(revoke_res.ok, `permit_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
@@ -560,16 +563,15 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     admin_headers: test_app.create_session_headers(),
                     to_account_id: user_two.account.id,
+                    to_actor_id: user_two.actor.id,
                     role: grantable_role,
                 });
                 // 4. revoke permit (RPC)
-                const target_actor = await query_actor_by_account({ db: get_db() }, user_two.account.id);
-                assert.ok(target_actor);
                 const revoke_res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
                     spec: permit_revoke_action_spec,
-                    params: { actor_id: target_actor.id, permit_id },
+                    params: { actor_id: user_two.actor.id, permit_id },
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(revoke_res.ok, `permit_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
@@ -727,7 +729,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_account_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: create_headers(regular_user.session_cookie),
                 });
                 assert.ok(!res.ok, 'Expected admin_account_list to fail for non-admin');

package/dist/testing/adversarial_headers.js

@@ -112,7 +112,7 @@ export const describe_standard_adversarial_headers = (suite_name, options, allow
                 }
                 if (tc.expected_status === 200) {
                     assert.strictEqual(body.ok, true, 'expected ok to be true for 200 response');
-                    assert.strictEqual(body.has_context, false, 'expected has_context to be false (no auth)');
+                    assert.strictEqual(body.account_id, null, 'expected account_id to be null (no auth)');
                 }
                 if (tc.validate_expectation === 'not_called') {
                     assert.strictEqual(mock_validate.mock.calls.length, 0, 'validate should not have been called — middleware should short-circuit');

package/dist/testing/app_server.js

@@ -56,10 +56,10 @@ export const bootstrap_test_account = async (options) => {
     for (const role of roles) {
         await query_grant_permit(deps, { actor_id: actor.id, role, granted_by: null });
     }
-    // Create API token
+    // Create API token (account-scoped — acting actor is per-request)
     const { token: api_token, id: token_id, token_hash } = generate_api_token();
     await query_create_api_token(deps, token_id, account.id, 'test-cli', token_hash);
-    // Create session + cookie
+    // Create session (account-scoped — acting actor is per-request)
     const session_token = generate_session_token();
     const session_hash = hash_session_token(session_token);
     const expires_at = new Date(Date.now() + AUTH_SESSION_LIFETIME_MS);

package/dist/testing/audit_completeness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAsB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAyezF,CAAC"}
+{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IA8fzF,CAAC"}