npm - @fuzdev/fuz_app - Versions diffs - 0.54.0 → 0.55.0 - Mend

@fuzdev/fuz_app 0.54.0 → 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

package/dist/actions/CLAUDE.md +68 -13
package/dist/actions/action_codegen.d.ts +13 -0
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +15 -1
package/dist/actions/action_rpc.d.ts +60 -7
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +158 -44
package/dist/actions/register_action_ws.d.ts +4 -4
package/dist/actions/register_action_ws.js +6 -6
package/dist/actions/register_ws_endpoint.d.ts +20 -7
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +30 -5
package/dist/actions/transports.d.ts.map +1 -1
package/dist/actions/transports.js +0 -4
package/dist/auth/CLAUDE.md +219 -66
package/dist/auth/account_actions.d.ts +6 -6
package/dist/auth/account_actions.d.ts.map +1 -1
package/dist/auth/account_actions.js +8 -11
package/dist/auth/account_queries.d.ts +6 -3
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +14 -5
package/dist/auth/account_routes.d.ts +7 -10
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +70 -23
package/dist/auth/account_schema.d.ts +19 -0
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +20 -0
package/dist/auth/admin_action_specs.d.ts +45 -11
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +23 -8
package/dist/auth/admin_actions.d.ts +8 -7
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +11 -18
package/dist/auth/audit_log_queries.d.ts +53 -14
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +45 -2
package/dist/auth/audit_log_schema.d.ts +55 -1
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +19 -3
package/dist/auth/bearer_auth.d.ts +9 -7
package/dist/auth/bearer_auth.d.ts.map +1 -1
package/dist/auth/bearer_auth.js +13 -21
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +5 -0
package/dist/auth/daemon_token_middleware.d.ts +23 -11
package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
package/dist/auth/daemon_token_middleware.js +26 -20
package/dist/auth/deps.d.ts +14 -0
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +4 -2
package/dist/auth/migrations.d.ts +15 -7
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +15 -7
package/dist/auth/permit_offer_action_specs.d.ts +45 -6
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
package/dist/auth/permit_offer_action_specs.js +38 -7
package/dist/auth/permit_offer_actions.d.ts +2 -2
package/dist/auth/permit_offer_actions.d.ts.map +1 -1
package/dist/auth/permit_offer_actions.js +98 -90
package/dist/auth/permit_offer_notifications.d.ts +10 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -1
package/dist/auth/permit_offer_queries.d.ts +68 -9
package/dist/auth/permit_offer_queries.d.ts.map +1 -1
package/dist/auth/permit_offer_queries.js +147 -35
package/dist/auth/permit_offer_schema.d.ts +23 -1
package/dist/auth/permit_offer_schema.d.ts.map +1 -1
package/dist/auth/permit_offer_schema.js +5 -0
package/dist/auth/permit_queries.d.ts +17 -5
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +19 -8
package/dist/auth/request_context.d.ts +321 -38
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +393 -66
package/dist/auth/route_guards.d.ts +10 -4
package/dist/auth/route_guards.d.ts.map +1 -1
package/dist/auth/route_guards.js +14 -8
package/dist/auth/self_service_role_action_specs.d.ts +2 -0
package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
package/dist/auth/self_service_role_action_specs.js +2 -0
package/dist/auth/self_service_role_actions.d.ts +6 -5
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +18 -8
package/dist/db/migrate.d.ts +11 -7
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +9 -6
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +5 -3
package/dist/hono_context.d.ts +77 -0
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +50 -0
package/dist/http/CLAUDE.md +80 -17
package/dist/http/error_schemas.d.ts +92 -1
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +73 -16
package/dist/http/jsonrpc_errors.d.ts +27 -2
package/dist/http/jsonrpc_errors.d.ts.map +1 -1
package/dist/http/jsonrpc_errors.js +26 -2
package/dist/http/route_spec.d.ts +62 -4
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +117 -21
package/dist/http/schema_helpers.d.ts +13 -1
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +21 -2
package/dist/http/surface.d.ts +10 -1
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +2 -2
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +11 -1
package/dist/testing/CLAUDE.md +23 -17
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +15 -13
package/dist/testing/adversarial_headers.js +1 -1
package/dist/testing/app_server.js +2 -2
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +21 -7
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +6 -3
package/dist/testing/entities.d.ts +2 -1
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +1 -0
package/dist/testing/integration_helpers.d.ts +4 -2
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +9 -5
package/dist/testing/middleware.d.ts +12 -8
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +67 -25
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +3 -1
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +5 -1
package/dist/ui/CLAUDE.md +16 -10
package/dist/ui/PermitOfferForm.svelte +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +6 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.d.ts +8 -1
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +14 -3
package/dist/ui/permit_offers_state.svelte.d.ts +9 -1
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -1
package/dist/ui/permit_offers_state.svelte.js +7 -1
package/package.json +1 -1

package/dist/auth/cleanup.js CHANGED Viewed

@@ -38,10 +38,15 @@ export const cleanup_expired_permit_offers = async (deps) => {
     const { on_audit_event, audit_log_config } = deps;
     for (const offer of expired) {
         try {
+            // `permit_offer_expire` populates `target_actor_id` only when the
+            // offer was actor-targeted (`to_actor_id` set at create time).
+            // Account-grain offers (no `to_actor_id`) never bound to a
+            // specific actor and leave the field null.
             const event = await query_audit_log(deps, {
                 event_type: 'permit_offer_expire',
                 actor_id: offer.from_actor_id,
                 target_account_id: offer.to_account_id,
+                target_actor_id: offer.to_actor_id,
                 ip: null,
                 metadata: {
                     offer_id: offer.id,

package/dist/auth/daemon_token_middleware.d.ts CHANGED Viewed

@@ -41,10 +41,16 @@ export declare const get_daemon_token_path: (runtime: Pick<EnvDeps, "env_get">,
  */
 export declare const write_daemon_token: (runtime: DaemonTokenWriteDeps, token_path: string, token: string) => Promise<void>;
 /**
- * Resolve the keeper account ID by querying for the account with an active keeper permit.
+ * Resolve the keeper account ID by querying for the account with an active
+ * keeper permit.
  *
- * There is exactly one keeper account (the bootstrap account). Runs once at
- * server startup — the result is cached in `DaemonTokenState.keeper_account_id`.
+ * There is exactly one keeper account (the bootstrap account). Runs once
+ * at server startup — the result is cached in
+ * `DaemonTokenState.keeper_account_id`. The acting actor is resolved
+ * per-request by the dispatcher's authorization phase (which runs
+ * `resolve_acting_actor` against this account id), so multi-actor keeper
+ * accounts surface `actor_required` if a daemon caller doesn't pass an
+ * explicit `acting`.
  *
  * @param deps - query dependencies
  * @returns the keeper account ID, or `null` if no keeper exists yet (pre-bootstrap)
@@ -83,15 +89,21 @@ export declare const start_daemon_token_rotation: (runtime: DaemonTokenWriteDeps
  * Create middleware that authenticates via daemon token.
  *
  * Checks the `X-Daemon-Token` header. Behavior:
- * - No header: pass through (don't touch existing context)
- * - Header present + valid: build `RequestContext` from keeper account,
- *   set `credential_type: 'daemon_token'` (overrides any existing session/bearer context)
- * - Header present + invalid: return 401 (fail-closed, no downgrade)
- * - Header present + valid but `keeper_account_id` is null: return 503
+ * - No header: pass through (don't touch existing context).
+ * - Header present + Zod-invalid: return 401 (fail-closed).
+ * - Header present + invalid value: return 401 (fail-closed, no downgrade).
+ * - Header present + valid + `keeper_account_id` null: return 503.
+ * - Header present + valid + ok: set `c.var.auth_account_id =
+ *   state.keeper_account_id`, `CREDENTIAL_TYPE_KEY = 'daemon_token'`
+ *   (overrides any existing session / bearer identity).
+ *
+ * Acting-actor resolution + `RequestContext` construction are deferred
+ * to the dispatcher's authorization phase. Multi-actor keeper accounts
+ * surface `actor_required` from there if a daemon caller doesn't pass
+ * an explicit `acting` value.
  *
  * @param state - the daemon token runtime state
- * @param deps - query dependencies (pool-level db for middleware)
- * @mutates Hono context - sets `REQUEST_CONTEXT_KEY`, `CREDENTIAL_TYPE_KEY`, and `AUTH_API_TOKEN_ID_KEY` on a valid token
+ * @mutates Hono context - sets `ACCOUNT_ID_KEY`, `CREDENTIAL_TYPE_KEY`, and `AUTH_API_TOKEN_ID_KEY` on a valid token
  */
-export declare const create_daemon_token_middleware: (state: DaemonTokenState, deps: QueryDeps) => MiddlewareHandler;
+export declare const create_daemon_token_middleware: (state: DaemonTokenState, _deps: QueryDeps) => MiddlewareHandler;
 //# sourceMappingURL=daemon_token_middleware.d.ts.map

package/dist/auth/daemon_token_middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"daemon_token_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/daemon_token_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAC,KAAK,WAAW,EAAE,KAAK,YAAY,EAAE,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;~~AAWrF~~,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAKN,KAAK,gBAAgB,EACrB,MAAM,mBAAmB,CAAC;AAE3B,8DAA8D;AAC9D,eAAO,MAAM,4BAA4B,QAAS,CAAC;AAEnD,iDAAiD;AACjD,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAC1D,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,iBAAiB,GAAG,QAAQ,CAAC,GAAG;IAC3D,6FAA6F;IAC7F,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GACjC,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EACjC,MAAM,MAAM,KACV,MAAM,GAAG,IAGX,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,GAC9B,SAAS,oBAAoB,EAC7B,YAAY,MAAM,EAClB,OAAO,MAAM,KACX,OAAO,CAAC,IAAI,CAKd,CAAC;AAEF~~;;;;;;;;GAQG~~;AACH,eAAO,MAAM,yBAAyB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAEtF,CAAC;AAEF,yCAAyC;AACzC,MAAM,WAAW,0BAA0B;IAC1C,2DAA2D;IAC3D,QAAQ,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IACnC,2EAA2E;IAC3E,KAAK,EAAE,gBAAgB,CAAC;IACxB,kGAAkG;IAClG,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,2BAA2B,GACvC,SAAS,oBAAoB,GAAG,YAAY,EAC5C,MAAM,SAAS,EACf,SAAS,0BAA0B,EACnC,KAAK,MAAM,KACT,OAAO,CAAC,mBAAmB,CAwD7B,CAAC;AAEF~~;;;;;;;;;;;;;GAaG~~;AACH,eAAO,MAAM,8BAA8B,GAC1C,OAAO,gBAAgB,EACvB,~~MAAM~~,SAAS,~~KACb~~,~~iBAqCF~~,CAAC"}
1	+ {"version":3,"file":"daemon_token_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/daemon_token_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAC,KAAK,WAAW,EAAE,KAAK,YAAY,EAAE,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAKN,KAAK,gBAAgB,EACrB,MAAM,mBAAmB,CAAC;AAE3B,8DAA8D;AAC9D,eAAO,MAAM,4BAA4B,QAAS,CAAC;AAEnD,iDAAiD;AACjD,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAC1D,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,iBAAiB,GAAG,QAAQ,CAAC,GAAG;IAC3D,6FAA6F;IAC7F,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GACjC,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EACjC,MAAM,MAAM,KACV,MAAM,GAAG,IAGX,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,GAC9B,SAAS,oBAAoB,EAC7B,YAAY,MAAM,EAClB,OAAO,MAAM,KACX,OAAO,CAAC,IAAI,CAKd,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yBAAyB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAEtF,CAAC;AAEF,yCAAyC;AACzC,MAAM,WAAW,0BAA0B;IAC1C,2DAA2D;IAC3D,QAAQ,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IACnC,2EAA2E;IAC3E,KAAK,EAAE,gBAAgB,CAAC;IACxB,kGAAkG;IAClG,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,2BAA2B,GACvC,SAAS,oBAAoB,GAAG,YAAY,EAC5C,MAAM,SAAS,EACf,SAAS,0BAA0B,EACnC,KAAK,MAAM,KACT,OAAO,CAAC,mBAAmB,CAwD7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,8BAA8B,GAC1C,OAAO,gBAAgB,EACvB,OAAO,SAAS,KACd,iBA+BF,CAAC"}

package/dist/auth/daemon_token_middleware.js CHANGED Viewed

@@ -12,9 +12,8 @@
 import {} from '../runtime/deps.js';
 import { write_file_atomic } from '../runtime/fs.js';
 import { get_app_dir } from '../cli/config.js';
-import { REQUEST_CONTEXT_KEY, build_request_context } from './request_context.js';
-import { AUTH_API_TOKEN_ID_KEY, CREDENTIAL_TYPE_KEY } from '../hono_context.js';
-import { ERROR_INVALID_DAEMON_TOKEN, ERROR_KEEPER_ACCOUNT_NOT_CONFIGURED, ERROR_KEEPER_ACCOUNT_NOT_FOUND, } from '../http/error_schemas.js';
+import { ACCOUNT_ID_KEY, AUTH_API_TOKEN_ID_KEY, CREDENTIAL_TYPE_KEY } from '../hono_context.js';
+import { ERROR_INVALID_DAEMON_TOKEN, ERROR_KEEPER_ACCOUNT_NOT_CONFIGURED, } from '../http/error_schemas.js';
 import { query_permit_find_account_id_for_role } from './permit_queries.js';
 import { ROLE_KEEPER } from './role_schema.js';
 import { DaemonToken, DAEMON_TOKEN_HEADER, generate_daemon_token, validate_daemon_token, } from './daemon_token.js';
@@ -48,10 +47,16 @@ export const write_daemon_token = async (runtime, token_path, token) => {
     }
 };
 /**
- * Resolve the keeper account ID by querying for the account with an active keeper permit.
+ * Resolve the keeper account ID by querying for the account with an active
+ * keeper permit.
  *
- * There is exactly one keeper account (the bootstrap account). Runs once at
- * server startup — the result is cached in `DaemonTokenState.keeper_account_id`.
+ * There is exactly one keeper account (the bootstrap account). Runs once
+ * at server startup — the result is cached in
+ * `DaemonTokenState.keeper_account_id`. The acting actor is resolved
+ * per-request by the dispatcher's authorization phase (which runs
+ * `resolve_acting_actor` against this account id), so multi-actor keeper
+ * accounts surface `actor_required` if a daemon caller doesn't pass an
+ * explicit `acting`.
  *
  * @param deps - query dependencies
  * @returns the keeper account ID, or `null` if no keeper exists yet (pre-bootstrap)
@@ -129,17 +134,23 @@ export const start_daemon_token_rotation = async (runtime, deps, options, log) =
  * Create middleware that authenticates via daemon token.
  *
  * Checks the `X-Daemon-Token` header. Behavior:
- * - No header: pass through (don't touch existing context)
- * - Header present + valid: build `RequestContext` from keeper account,
- *   set `credential_type: 'daemon_token'` (overrides any existing session/bearer context)
- * - Header present + invalid: return 401 (fail-closed, no downgrade)
- * - Header present + valid but `keeper_account_id` is null: return 503
+ * - No header: pass through (don't touch existing context).
+ * - Header present + Zod-invalid: return 401 (fail-closed).
+ * - Header present + invalid value: return 401 (fail-closed, no downgrade).
+ * - Header present + valid + `keeper_account_id` null: return 503.
+ * - Header present + valid + ok: set `c.var.auth_account_id =
+ *   state.keeper_account_id`, `CREDENTIAL_TYPE_KEY = 'daemon_token'`
+ *   (overrides any existing session / bearer identity).
+ *
+ * Acting-actor resolution + `RequestContext` construction are deferred
+ * to the dispatcher's authorization phase. Multi-actor keeper accounts
+ * surface `actor_required` from there if a daemon caller doesn't pass
+ * an explicit `acting` value.
  *
  * @param state - the daemon token runtime state
- * @param deps - query dependencies (pool-level db for middleware)
- * @mutates Hono context - sets `REQUEST_CONTEXT_KEY`, `CREDENTIAL_TYPE_KEY`, and `AUTH_API_TOKEN_ID_KEY` on a valid token
+ * @mutates Hono context - sets `ACCOUNT_ID_KEY`, `CREDENTIAL_TYPE_KEY`, and `AUTH_API_TOKEN_ID_KEY` on a valid token
  */
-export const create_daemon_token_middleware = (state, deps) => {
+export const create_daemon_token_middleware = (state, _deps) => {
     return async (c, next) => {
         const token_header = c.req.header(DAEMON_TOKEN_HEADER);
         if (!token_header) {
@@ -159,12 +170,7 @@ export const create_daemon_token_middleware = (state, deps) => {
         if (!state.keeper_account_id) {
             return c.json({ error: ERROR_KEEPER_ACCOUNT_NOT_CONFIGURED }, 503);
         }
-        // build request context from the keeper account (overrides any existing session/bearer context)
-        const ctx = await build_request_context(deps, state.keeper_account_id);
-        if (!ctx) {
-            return c.json({ error: ERROR_KEEPER_ACCOUNT_NOT_FOUND }, 500);
-        }
-        c.set(REQUEST_CONTEXT_KEY, ctx);
+        c.set(ACCOUNT_ID_KEY, state.keeper_account_id);
         c.set(CREDENTIAL_TYPE_KEY, 'daemon_token');
         c.set(AUTH_API_TOKEN_ID_KEY, null);
         await next();

package/dist/auth/deps.d.ts CHANGED Viewed

@@ -61,4 +61,18 @@ export interface AppDeps {
  * via `RouteContext`, so factories don't capture a pool-level `Db`.
  */
 export type RouteFactoryDeps = Omit<AppDeps, 'db'>;
+/**
+ * Capabilities required by anything that emits audit events.
+ *
+ * The slice every audit-emitting site needs: `log` for sibling failure
+ * reporting, `on_audit_event` for SSE/WS fan-out, and the optional
+ * `audit_log_config` for consumer-extended event-type validation. Used
+ * by `audit_log_fire_and_forget` / `emit_permit_target_event` (the
+ * primitives) and by every action-factory deps type in `auth/`
+ * (`AdminActionDeps`, `AccountActionDeps`, `PermitOfferActionDeps`,
+ * `SelfServiceRoleActionDeps`) that runs through them. Lifted here so
+ * the five factory deps stop spelling the same `Pick<RouteFactoryDeps,
+ * 'log' | 'on_audit_event' | 'audit_log_config'>` independently.
+ */
+export type AuditEmitDeps = Pick<AppDeps, 'log' | 'on_audit_event' | 'audit_log_config'>;
 //# sourceMappingURL=deps.d.ts.map

package/dist/auth/deps.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"deps.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/deps.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,eAAe,CAAC;AACpD,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AACpC,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzE;;;;;GAKG;AACH,MAAM,WAAW,OAAO;IACvB,+DAA+D;IAC/D,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,2BAA2B;IAC3B,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,6EAA6E;IAC7E,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,yBAAyB;IACzB,EAAE,EAAE,EAAE,CAAC;IACP,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;OAKG;IACH,cAAc,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAC/C;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;CAClC;AAED;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC"}
1	+ {"version":3,"file":"deps.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/deps.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,eAAe,CAAC;AACpD,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AACpC,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzE;;;;;GAKG;AACH,MAAM,WAAW,OAAO;IACvB,+DAA+D;IAC/D,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,2BAA2B;IAC3B,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,6EAA6E;IAC7E,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,yBAAyB;IACzB,EAAE,EAAE,EAAE,CAAC;IACP,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;OAKG;IACH,cAAc,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAC/C;;;;;;;;;;OAUG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;CAClC;AAED;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAEnD;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAAC,CAAC"}

package/dist/auth/middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,WAAW,CAAC;AACvC,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,mBAAmB,CAAC;AACxD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AACpD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAG/D;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/B,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mFAAmF;IACnF,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IACtC,oFAAoF;IACpF,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;CAC3C;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,OAAO,EACb,SAAS,qBAAqB,KAC5B,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,~~CAmE~~/B,CAAC"}
1	+ {"version":3,"file":"middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,WAAW,CAAC;AACvC,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,mBAAmB,CAAC;AACxD,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AACpD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAG/D;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/B,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mFAAmF;IACnF,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;IACtC,oFAAoF;IACpF,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;CAC3C;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,OAAO,EACb,SAAS,qBAAqB,KAC5B,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAqE/B,CAAC"}

package/dist/auth/middleware.js CHANGED Viewed

@@ -49,8 +49,10 @@ export const create_auth_middleware_specs = async (deps, options) => {
             handler: bearer_auth_middleware,
             // Bearer middleware soft-fails for invalid/expired tokens (calls next()
             // without setting context). Only 429 is a hard-fail from this layer.
-            // Auth enforcement (401/403) happens downstream via check_action_auth
-            // or require_auth, producing consistent JSON-RPC or route-level errors.
+            // Auth enforcement (401/403) happens downstream — the RPC dispatcher's
+            // pre-validation / post-authorization auth gates, or `require_auth` /
+            // `require_role` on REST — producing consistent JSON-RPC or
+            // route-level errors.
             errors: { 429: RateLimitError },
         },
     ];

package/dist/auth/migrations.d.ts CHANGED Viewed

@@ -4,14 +4,22 @@
  * Ordered list of `{name, up}` migrations for the fuz identity system tables.
  * Consumed by `run_migrations` with namespace `'fuz_auth'`.
  *
- * **Append-only after first publish.** Once a fuz_app version containing a
- * given migration is published (`npm publish` / `jsr publish`), that
- * migration's name and position are frozen. Never edit, rename, or reorder —
- * append only. Pre-publish, anything goes; the cliff is the publish event.
- * Body edits to a published migration slip past the runner (no content
- * hashing) and are caught by schema-snapshot tests in consumers.
+ * **Schema is not stabilized yet — append-only is NOT the rule.** While
+ * fuz_app is pre-stable, migration bodies, names, and positions can change
+ * freely between versions; consumers upgrading across a schema change are
+ * expected to drop and re-bootstrap their dev/test databases (production
+ * deployments are not yet a supported use case). Once the schema is
+ * declared stable a hard append-only-after-publish rule will apply and the
+ * cliff will be called out in the release notes for that version. Until
+ * then: edit, rename, reorder, or replace migrations as needed; bias toward
+ * collapsing work into the existing v0/v1 entries rather than appending v2
+ * patch migrations.
  *
- * To add a migration, append a new entry to `AUTH_MIGRATIONS`:
+ * To add a migration in the pre-stable phase, prefer extending an existing
+ * entry's body (consumers will re-bootstrap on upgrade). If you do append
+ * a new entry to `AUTH_MIGRATIONS`, the runner will apply it on existing
+ * tracker rows — the same shape that will become mandatory once the
+ * schema stabilizes:
  *
  * ```ts
  * // v2: add display_name to account

package/dist/auth/migrations.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"migrations.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/migrations.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG~~;AA6BH,OAAO,KAAK,EAAC,SAAS,EAAE,kBAAkB,EAAC,MAAM,kBAAkB,CAAC;AAEpE,wDAAwD;AACxD,eAAO,MAAM,wBAAwB,aAAa,CAAC;AAEnD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,SAAS,CA6D5C,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,iBAAiB,EAAE,kBAG/B,CAAC"}
1	+ {"version":3,"file":"migrations.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/migrations.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AA6BH,OAAO,KAAK,EAAC,SAAS,EAAE,kBAAkB,EAAC,MAAM,kBAAkB,CAAC;AAEpE,wDAAwD;AACxD,eAAO,MAAM,wBAAwB,aAAa,CAAC;AAEnD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,EAAE,KAAK,CAAC,SAAS,CA6D5C,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,iBAAiB,EAAE,kBAG/B,CAAC"}

package/dist/auth/migrations.js CHANGED Viewed

@@ -4,14 +4,22 @@
  * Ordered list of `{name, up}` migrations for the fuz identity system tables.
  * Consumed by `run_migrations` with namespace `'fuz_auth'`.
  *
- * **Append-only after first publish.** Once a fuz_app version containing a
- * given migration is published (`npm publish` / `jsr publish`), that
- * migration's name and position are frozen. Never edit, rename, or reorder —
- * append only. Pre-publish, anything goes; the cliff is the publish event.
- * Body edits to a published migration slip past the runner (no content
- * hashing) and are caught by schema-snapshot tests in consumers.
+ * **Schema is not stabilized yet — append-only is NOT the rule.** While
+ * fuz_app is pre-stable, migration bodies, names, and positions can change
+ * freely between versions; consumers upgrading across a schema change are
+ * expected to drop and re-bootstrap their dev/test databases (production
+ * deployments are not yet a supported use case). Once the schema is
+ * declared stable a hard append-only-after-publish rule will apply and the
+ * cliff will be called out in the release notes for that version. Until
+ * then: edit, rename, reorder, or replace migrations as needed; bias toward
+ * collapsing work into the existing v0/v1 entries rather than appending v2
+ * patch migrations.
  *
- * To add a migration, append a new entry to `AUTH_MIGRATIONS`:
+ * To add a migration in the pre-stable phase, prefer extending an existing
+ * entry's body (consumers will re-bootstrap on upgrade). If you do append
+ * a new entry to `AUTH_MIGRATIONS`, the runner will apply it on existing
+ * tracker rows — the same shape that will become mandatory once the
+ * schema stabilizes:
  *
  * ```ts
  * // v2: add display_name to account

package/dist/auth/permit_offer_action_specs.d.ts CHANGED Viewed

@@ -11,8 +11,9 @@
  * policy checks (e.g. `permit_offer_list`/`_history` elevate to admin only
  * when inspecting another account — an input-dependent check that can't be
  * expressed at the spec level). `permit_revoke` declares
- * `auth: {role: 'admin'}` — the RPC dispatcher's per-spec `check_action_auth`
- * gates it before the handler runs even though the endpoint hosts non-admin
+ * `auth: {role: 'admin'}` — the RPC dispatcher's per-spec post-authorization
+ * auth gate (`check_action_auth_post_authorization`) rejects non-admin
+ * callers before the handler runs even though the endpoint hosts non-admin
  * methods alongside.
  *
  * @module
@@ -31,33 +32,53 @@ export declare const ERROR_OFFER_NOT_FOUND: "offer_not_found";
 export declare const ERROR_OFFER_ROLE_NOT_GRANTABLE: "offer_role_not_grantable";
 /** Error reason — caller is not authorized to offer this role (default policy: caller lacks the role; consumer `authorize` callback may add further policy). */
 export declare const ERROR_OFFER_NOT_AUTHORIZED: "offer_not_authorized";
-/** Input for `permit_offer_create`. */
+/** Error reason — actor-targeted offer was accepted by an actor other than `to_actor_id`. */
+export declare const ERROR_OFFER_ACTOR_MISMATCH: "offer_actor_mismatch";
+/** Error reason — `permit_offer_create` was called with a `to_actor_id` that does not belong to `to_account_id`. */
+export declare const ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH: "offer_actor_account_mismatch";
+/**
+ * Input for `permit_offer_create`.
+ *
+ * `to_actor_id` (optional) narrows the offer to a specific actor on the
+ * recipient account. When supplied, `permit_offer_accept` will only admit
+ * the named actor — wrong-actor accepts reject with
+ * `offer_actor_mismatch`. The audit envelope's `target_actor_id` is
+ * stamped from this column on the create / supersede / expire / retract
+ * events. Omit (or pass null) for the account-grain default — any actor
+ * on `to_account_id` may accept.
+ */
 export declare const PermitOfferCreateInput: z.ZodObject<{
     to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+    to_actor_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
     role: z.ZodString;
     scope_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
     message: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitOfferCreateInput = z.infer<typeof PermitOfferCreateInput>;
 /** Input for `permit_offer_accept`. */
 export declare const PermitOfferAcceptInput: z.ZodObject<{
     offer_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitOfferAcceptInput = z.infer<typeof PermitOfferAcceptInput>;
 /** Input for `permit_offer_decline`. */
 export declare const PermitOfferDeclineInput: z.ZodObject<{
     offer_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     reason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitOfferDeclineInput = z.infer<typeof PermitOfferDeclineInput>;
 /** Input for `permit_offer_retract`. */
 export declare const PermitOfferRetractInput: z.ZodObject<{
     offer_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitOfferRetractInput = z.infer<typeof PermitOfferRetractInput>;
 /** Input for `permit_offer_list`. `account_id` is admin-only (inspect another account's inbox). */
 export declare const PermitOfferListInput: z.ZodObject<{
     account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitOfferListInput = z.infer<typeof PermitOfferListInput>;
 /**
@@ -71,6 +92,7 @@ export declare const PermitRevokeInput: z.ZodObject<{
     actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     permit_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     reason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitRevokeInput = z.infer<typeof PermitRevokeInput>;
 /**
@@ -82,6 +104,7 @@ export declare const PermitOfferHistoryInput: z.ZodObject<{
     account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
     limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
     offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+    acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
 }, z.core.$strict>;
 export type PermitOfferHistoryInput = z.infer<typeof PermitOfferHistoryInput>;
 /** Output for `permit_offer_create`. */
@@ -90,6 +113,7 @@ export declare const PermitOfferCreateOutput: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -111,6 +135,7 @@ export declare const PermitOfferAcceptOutput: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -137,6 +162,7 @@ export declare const PermitOfferListOutput: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -157,6 +183,7 @@ export declare const PermitOfferHistoryOutput: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -185,15 +212,18 @@ export declare const permit_offer_create_action_spec: {
     side_effects: true;
     input: z.ZodObject<{
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
         role: z.ZodString;
         scope_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
         message: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         offer: z.ZodObject<{
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -209,7 +239,7 @@ export declare const permit_offer_create_action_spec: {
     }, z.core.$strict>;
     async: true;
     description: string;
-    error_reasons: ("offer_self_target" | "offer_role_not_grantable" | "offer_not_authorized")[];
+    error_reasons: ("offer_self_target" | "offer_role_not_grantable" | "offer_not_authorized" | "offer_actor_account_mismatch")[];
 };
 export declare const permit_offer_accept_action_spec: {
     method: string;
@@ -219,6 +249,7 @@ export declare const permit_offer_accept_action_spec: {
     side_effects: true;
     input: z.ZodObject<{
         offer_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         permit_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
@@ -226,6 +257,7 @@ export declare const permit_offer_accept_action_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -242,7 +274,7 @@ export declare const permit_offer_accept_action_spec: {
     }, z.core.$strict>;
     async: true;
     description: string;
-    error_reasons: ("offer_terminal" | "offer_expired" | "offer_not_found")[];
+    error_reasons: ("offer_terminal" | "offer_expired" | "offer_not_found" | "offer_actor_mismatch")[];
 };
 export declare const permit_offer_decline_action_spec: {
     method: string;
@@ -253,6 +285,7 @@ export declare const permit_offer_decline_action_spec: {
     input: z.ZodObject<{
         offer_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         reason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         ok: z.ZodLiteral<true>;
@@ -269,6 +302,7 @@ export declare const permit_offer_retract_action_spec: {
     side_effects: true;
     input: z.ZodObject<{
         offer_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         ok: z.ZodLiteral<true>;
@@ -285,12 +319,14 @@ export declare const permit_offer_list_action_spec: {
     side_effects: false;
     input: z.ZodObject<{
         account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         offers: z.ZodArray<z.ZodObject<{
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -317,12 +353,14 @@ export declare const permit_offer_history_action_spec: {
         account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
         limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
         offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         offers: z.ZodArray<z.ZodObject<{
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -351,6 +389,7 @@ export declare const permit_revoke_action_spec: {
         actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         permit_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         reason: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+        acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     output: z.ZodObject<{
         ok: z.ZodLiteral<true>;
@@ -358,7 +397,7 @@ export declare const permit_revoke_action_spec: {
     }, z.core.$strict>;
     async: true;
     description: string;
-    error_reasons: ("account_not_found" | "role_not_web_grantable" | "permit_not_found")[];
+    error_reasons: ("role_not_web_grantable" | "permit_not_found")[];
     rate_limit: "account";
 };
 /**

package/dist/auth/permit_offer_action_specs.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"permit_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_action_specs.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;;GAkBG~~;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;~~AAUzE~~,gEAAgE;AAChE,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,kEAAkE;AAClE,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAC9D,sDAAsD;AACtD,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAC5D,wGAAwG;AACxG,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAChE,qGAAqG;AACrG,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,gKAAgK;AAChK,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;~~AAI1E~~,~~uCAAuC~~;~~AACvC~~,eAAO,MAAM,sBAAsB~~;;;;;kBAWjC~~,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB~~;;kBAEjC~~,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB~~;;;kBAOlC~~,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB~~;;kBAElC~~,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,mGAAmG;AACnG,eAAO,MAAM,oBAAoB~~;;kBAI~~/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB~~;;;;kBAO5B~~,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE;;;;GAIG;AACH,eAAO,MAAM,uBAAuB~~;;;;kBAUlC~~,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB~~;;;;;;;;;;;;;;;;;~~kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB~~;;;;;;;;;;;;;;;;;;;~~kBAIlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,kEAAkE;AAClE,eAAO,MAAM,mBAAmB;;kBAAwC,CAAC;AACzE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,sCAAsC;AACtC,eAAO,MAAM,qBAAqB~~;;;;;;;;;;;;;;;;;~~kBAAqD,CAAC;AACxF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,yCAAyC;AACzC,eAAO,MAAM,wBAAwB~~;;;;;;;;;;;;;;;;;~~kBAAqD,CAAC;AAC3F,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,+BAA+B~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgBP~~,CAAC;AAEtC,eAAO,MAAM,+BAA+B~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAYP~~,CAAC;AAEtC,eAAO,MAAM,gCAAgC~~;;;;;;;;;;;;;;;;~~CAWR,CAAC;AAEtC,eAAO,MAAM,gCAAgC~~;;;;;;;;;;;;;;;~~CAWR,CAAC;AAEtC,eAAO,MAAM,6BAA6B~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAWL,CAAC;AAEtC,eAAO,MAAM,gCAAgC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAWR,CAAC;AAEtC,eAAO,MAAM,yBAAyB~~;;;;;;;;;;;;;;;;;;;;;~~CAaD,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,EAAE,KAAK,CAAC,yBAAyB,CAQ1E,CAAC"}
1	+ {"version":3,"file":"permit_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAMzE,gEAAgE;AAChE,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,kEAAkE;AAClE,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAC9D,sDAAsD;AACtD,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAC5D,wGAAwG;AACxG,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAChE,qGAAqG;AACrG,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,gKAAgK;AAChK,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAC1E,6FAA6F;AAC7F,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAC1E,oHAAoH;AACpH,eAAO,MAAM,kCAAkC,EAAG,8BAAuC,CAAC;AAI1F;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB;;;;;;;kBAgBjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;kBAQlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,mGAAmG;AACnG,eAAO,MAAM,oBAAoB;;;kBAK/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB;;;;;kBAQ5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE;;;;GAIG;AACH,eAAO,MAAM,uBAAuB;;;;;kBAWlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;kBAIlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,kEAAkE;AAClE,eAAO,MAAM,mBAAmB;;kBAAwC,CAAC;AACzE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AACxF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,yCAAyC;AACzC,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AAC3F,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiBP,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiBP,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWL,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;CAaD,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,EAAE,KAAK,CAAC,yBAAyB,CAQ1E,CAAC"}