npm - @fuzdev/fuz_app - Versions diffs - 0.54.0 → 0.55.0 - Mend

@fuzdev/fuz_app 0.54.0 → 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

package/dist/actions/CLAUDE.md +68 -13
package/dist/actions/action_codegen.d.ts +13 -0
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +15 -1
package/dist/actions/action_rpc.d.ts +60 -7
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +158 -44
package/dist/actions/register_action_ws.d.ts +4 -4
package/dist/actions/register_action_ws.js +6 -6
package/dist/actions/register_ws_endpoint.d.ts +20 -7
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +30 -5
package/dist/actions/transports.d.ts.map +1 -1
package/dist/actions/transports.js +0 -4
package/dist/auth/CLAUDE.md +219 -66
package/dist/auth/account_actions.d.ts +6 -6
package/dist/auth/account_actions.d.ts.map +1 -1
package/dist/auth/account_actions.js +8 -11
package/dist/auth/account_queries.d.ts +6 -3
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +14 -5
package/dist/auth/account_routes.d.ts +7 -10
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +70 -23
package/dist/auth/account_schema.d.ts +19 -0
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +20 -0
package/dist/auth/admin_action_specs.d.ts +45 -11
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +23 -8
package/dist/auth/admin_actions.d.ts +8 -7
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +11 -18
package/dist/auth/audit_log_queries.d.ts +53 -14
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +45 -2
package/dist/auth/audit_log_schema.d.ts +55 -1
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +19 -3
package/dist/auth/bearer_auth.d.ts +9 -7
package/dist/auth/bearer_auth.d.ts.map +1 -1
package/dist/auth/bearer_auth.js +13 -21
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +5 -0
package/dist/auth/daemon_token_middleware.d.ts +23 -11
package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
package/dist/auth/daemon_token_middleware.js +26 -20
package/dist/auth/deps.d.ts +14 -0
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +4 -2
package/dist/auth/migrations.d.ts +15 -7
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +15 -7
package/dist/auth/permit_offer_action_specs.d.ts +45 -6
package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
package/dist/auth/permit_offer_action_specs.js +38 -7
package/dist/auth/permit_offer_actions.d.ts +2 -2
package/dist/auth/permit_offer_actions.d.ts.map +1 -1
package/dist/auth/permit_offer_actions.js +98 -90
package/dist/auth/permit_offer_notifications.d.ts +10 -0
package/dist/auth/permit_offer_notifications.d.ts.map +1 -1
package/dist/auth/permit_offer_queries.d.ts +68 -9
package/dist/auth/permit_offer_queries.d.ts.map +1 -1
package/dist/auth/permit_offer_queries.js +147 -35
package/dist/auth/permit_offer_schema.d.ts +23 -1
package/dist/auth/permit_offer_schema.d.ts.map +1 -1
package/dist/auth/permit_offer_schema.js +5 -0
package/dist/auth/permit_queries.d.ts +17 -5
package/dist/auth/permit_queries.d.ts.map +1 -1
package/dist/auth/permit_queries.js +19 -8
package/dist/auth/request_context.d.ts +321 -38
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +393 -66
package/dist/auth/route_guards.d.ts +10 -4
package/dist/auth/route_guards.d.ts.map +1 -1
package/dist/auth/route_guards.js +14 -8
package/dist/auth/self_service_role_action_specs.d.ts +2 -0
package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
package/dist/auth/self_service_role_action_specs.js +2 -0
package/dist/auth/self_service_role_actions.d.ts +6 -5
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +18 -8
package/dist/db/migrate.d.ts +11 -7
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +9 -6
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +5 -3
package/dist/hono_context.d.ts +77 -0
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +50 -0
package/dist/http/CLAUDE.md +80 -17
package/dist/http/error_schemas.d.ts +92 -1
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +73 -16
package/dist/http/jsonrpc_errors.d.ts +27 -2
package/dist/http/jsonrpc_errors.d.ts.map +1 -1
package/dist/http/jsonrpc_errors.js +26 -2
package/dist/http/route_spec.d.ts +62 -4
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +117 -21
package/dist/http/schema_helpers.d.ts +13 -1
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +21 -2
package/dist/http/surface.d.ts +10 -1
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +2 -2
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +11 -1
package/dist/testing/CLAUDE.md +23 -17
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +15 -13
package/dist/testing/adversarial_headers.js +1 -1
package/dist/testing/app_server.js +2 -2
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +21 -7
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +6 -3
package/dist/testing/entities.d.ts +2 -1
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +1 -0
package/dist/testing/integration_helpers.d.ts +4 -2
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +9 -5
package/dist/testing/middleware.d.ts +12 -8
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +67 -25
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +3 -1
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +5 -1
package/dist/ui/CLAUDE.md +16 -10
package/dist/ui/PermitOfferForm.svelte +14 -0
package/dist/ui/PermitOfferForm.svelte.d.ts +6 -0
package/dist/ui/PermitOfferForm.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.d.ts +8 -1
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +14 -3
package/dist/ui/permit_offers_state.svelte.d.ts +9 -1
package/dist/ui/permit_offers_state.svelte.d.ts.map +1 -1
package/dist/ui/permit_offers_state.svelte.js +7 -1
package/package.json +1 -1

package/dist/auth/permit_offer_action_specs.js CHANGED Viewed

@@ -11,18 +11,19 @@
  * policy checks (e.g. `permit_offer_list`/`_history` elevate to admin only
  * when inspecting another account — an input-dependent check that can't be
  * expressed at the spec level). `permit_revoke` declares
- * `auth: {role: 'admin'}` — the RPC dispatcher's per-spec `check_action_auth`
- * gates it before the handler runs even though the endpoint hosts non-admin
+ * `auth: {role: 'admin'}` — the RPC dispatcher's per-spec post-authorization
+ * auth gate (`check_action_auth_post_authorization`) rejects non-admin
+ * callers before the handler runs even though the endpoint hosts non-admin
  * methods alongside.
  *
  * @module
  */
 import { z } from 'zod';
 import { Uuid } from '@fuzdev/fuz_util/id.js';
-import { ERROR_ACCOUNT_NOT_FOUND, ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE, } from '../http/error_schemas.js';
+import { ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE } from '../http/error_schemas.js';
 import { RoleName } from './role_schema.js';
 import { PERMIT_OFFER_MESSAGE_LENGTH_MAX, PermitOfferJson } from './permit_offer_schema.js';
-import { PERMIT_REVOKED_REASON_LENGTH_MAX } from './account_schema.js';
+import { ActingActor, PERMIT_REVOKED_REASON_LENGTH_MAX } from './account_schema.js';
 /** Error reason — caller tried to offer themselves a permit. */
 export const ERROR_OFFER_SELF_TARGET = 'offer_self_target';
 /** Error reason — offer is declined, retracted, or superseded. */
@@ -35,10 +36,27 @@ export const ERROR_OFFER_NOT_FOUND = 'offer_not_found';
 export const ERROR_OFFER_ROLE_NOT_GRANTABLE = 'offer_role_not_grantable';
 /** Error reason — caller is not authorized to offer this role (default policy: caller lacks the role; consumer `authorize` callback may add further policy). */
 export const ERROR_OFFER_NOT_AUTHORIZED = 'offer_not_authorized';
+/** Error reason — actor-targeted offer was accepted by an actor other than `to_actor_id`. */
+export const ERROR_OFFER_ACTOR_MISMATCH = 'offer_actor_mismatch';
+/** Error reason — `permit_offer_create` was called with a `to_actor_id` that does not belong to `to_account_id`. */
+export const ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH = 'offer_actor_account_mismatch';
 // -- Input/output schemas ---------------------------------------------------
-/** Input for `permit_offer_create`. */
+/**
+ * Input for `permit_offer_create`.
+ *
+ * `to_actor_id` (optional) narrows the offer to a specific actor on the
+ * recipient account. When supplied, `permit_offer_accept` will only admit
+ * the named actor — wrong-actor accepts reject with
+ * `offer_actor_mismatch`. The audit envelope's `target_actor_id` is
+ * stamped from this column on the create / supersede / expire / retract
+ * events. Omit (or pass null) for the account-grain default — any actor
+ * on `to_account_id` may accept.
+ */
 export const PermitOfferCreateInput = z.strictObject({
     to_account_id: Uuid.meta({ description: 'Account id of the recipient.' }),
+    to_actor_id: Uuid.nullish().meta({
+        description: 'Optional actor-grain target on the recipient account. When set, only this actor may accept and the audit envelope carries it on offer-shape events. Must belong to `to_account_id`.',
+    }),
     role: RoleName.meta({ description: 'Role being offered.' }),
     scope_id: Uuid.nullish().meta({
         description: 'Scope id for resource-scoped grants (e.g. classroom id). `null` for global.',
@@ -48,10 +66,12 @@ export const PermitOfferCreateInput = z.strictObject({
         .max(PERMIT_OFFER_MESSAGE_LENGTH_MAX)
         .nullish()
         .meta({ description: 'Optional free-form note from the grantor.' }),
+    acting: ActingActor,
 });
 /** Input for `permit_offer_accept`. */
 export const PermitOfferAcceptInput = z.strictObject({
     offer_id: Uuid.meta({ description: 'The offer to accept.' }),
+    acting: ActingActor,
 });
 /** Input for `permit_offer_decline`. */
 export const PermitOfferDeclineInput = z.strictObject({
@@ -61,16 +81,19 @@ export const PermitOfferDeclineInput = z.strictObject({
         .max(PERMIT_OFFER_MESSAGE_LENGTH_MAX)
         .nullish()
         .meta({ description: 'Optional free-form reason given on decline.' }),
+    acting: ActingActor,
 });
 /** Input for `permit_offer_retract`. */
 export const PermitOfferRetractInput = z.strictObject({
     offer_id: Uuid.meta({ description: 'The offer to retract.' }),
+    acting: ActingActor,
 });
 /** Input for `permit_offer_list`. `account_id` is admin-only (inspect another account's inbox). */
 export const PermitOfferListInput = z.strictObject({
     account_id: Uuid.nullish().meta({
         description: 'Admin-only — list offers for another account. Defaults to the caller.',
     }),
+    acting: ActingActor,
 });
 /**
  * Input for `permit_revoke`. Admin-only mutation that revokes an active
@@ -85,6 +108,7 @@ export const PermitRevokeInput = z.strictObject({
     reason: z.string().max(PERMIT_REVOKED_REASON_LENGTH_MAX).nullish().meta({
         description: 'Optional free-form reason; stamped on `permit.revoked_reason` and surfaced on the revokee WS notification.',
     }),
+    acting: ActingActor,
 });
 /**
  * Input for `permit_offer_history`. Returns every offer involving the account
@@ -101,6 +125,7 @@ export const PermitOfferHistoryInput = z.strictObject({
     offset: z.number().int().min(0).nullish().meta({
         description: 'Pagination offset (default 0).',
     }),
+    acting: ActingActor,
 });
 /** Output for `permit_offer_create`. */
 export const PermitOfferCreateOutput = z.strictObject({
@@ -138,6 +163,7 @@ export const permit_offer_create_action_spec = {
         ERROR_OFFER_SELF_TARGET,
         ERROR_OFFER_ROLE_NOT_GRANTABLE,
         ERROR_OFFER_NOT_AUTHORIZED,
+        ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH,
     ],
 };
 export const permit_offer_accept_action_spec = {
@@ -150,7 +176,12 @@ export const permit_offer_accept_action_spec = {
     output: PermitOfferAcceptOutput,
     async: true,
     description: 'Accept an offer. Atomically marks the offer accepted, inserts the permit, and supersedes sibling pending offers for the same (account, role, scope).',
-    error_reasons: [ERROR_OFFER_NOT_FOUND, ERROR_OFFER_TERMINAL, ERROR_OFFER_EXPIRED],
+    error_reasons: [
+        ERROR_OFFER_NOT_FOUND,
+        ERROR_OFFER_TERMINAL,
+        ERROR_OFFER_EXPIRED,
+        ERROR_OFFER_ACTOR_MISMATCH,
+    ],
 };
 export const permit_offer_decline_action_spec = {
     method: 'permit_offer_decline',
@@ -208,7 +239,7 @@ export const permit_revoke_action_spec = {
     output: PermitRevokeOutput,
     async: true,
     description: 'Revoke an active permit on a target actor. Admin-only. Supersedes any pending offers for the same (account, role, scope). Fires permit_revoke + permit_offer_supersede notifications.',
-    error_reasons: [ERROR_PERMIT_NOT_FOUND, ERROR_ACCOUNT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE],
+    error_reasons: [ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE],
     rate_limit: 'account',
 };
 /**

package/dist/auth/permit_offer_actions.d.ts CHANGED Viewed

@@ -39,7 +39,7 @@
 import { type ActionContext, type RpcAction } from '../actions/action_rpc.js';
 import { type RoleSchemaResult } from './role_schema.js';
 import { type RequestContext } from './request_context.js';
-import type { RouteFactoryDeps } from './deps.js';
+import type { AuditEmitDeps, RouteFactoryDeps } from './deps.js';
 import { type NotificationSender } from './permit_offer_notifications.js';
 /**
  * Authorization callback for `permit_offer_create`. Returns `true` to allow,
@@ -94,7 +94,7 @@ export declare const authorize_admin_or_holder: PermitOfferCreateAuthorize;
  * directly (the transport's `send_to_account` signature accepts the broader
  * `JsonrpcMessageFromServerToClient`, which is contravariantly compatible).
  */
-export interface PermitOfferActionDeps extends Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'> {
+export interface PermitOfferActionDeps extends AuditEmitDeps {
     /** Optional WS fan-out primitive. `null` or absent → notifications skipped. */
     notification_sender?: NotificationSender | null;
 }

package/dist/auth/permit_offer_actions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"permit_offer_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,~~EAAa~~,KAAK,aAAa,~~EAAE~~,KAAK,SAAS,~~EAAC~~,MAAM,0BAA0B,CAAC;~~AAGxF~~,OAAO,EAAmC,KAAK,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;~~AAkBzF~~,OAAO,~~EAA4B~~,KAAK,cAAc,~~EAAC~~,MAAM,sBAAsB,CAAC;~~AACpF~~,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;~~AAChD~~,OAAO,EAON,KAAK,kBAAkB,EACvB,MAAM,iCAAiC,CAAC;~~AAmCzC~~;;;;;;;;GAQG;AACH,MAAM,MAAM,0BAA0B,GAAG,CACxC,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EACrE,IAAI,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,EACnC,GAAG,EAAE,aAAa,KACd,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,iDAAiD;AACjD,MAAM,WAAW,wBAAwB;IACxC;;;OAGG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,sFAAsF;IACtF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,0BAA0B,CAAC;CACvC;AA4BD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB,EAAE,0BASvC,CAAC;~~AAcF~~;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAsB,SAAQ,~~IAAI,CAClD,gBAAgB,EAChB,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAC7C~~;~~IACA~~,+EAA+E;IAC/E,mBAAmB,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAChD;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,qBAAqB,EAC3B,UAAS,wBAA6B,KACpC,KAAK,CAAC,SAAS,~~CAudjB~~,CAAC"}
1	+ {"version":3,"file":"permit_offer_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,EAGN,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAmC,KAAK,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;AAoBzF,OAAO,EAIN,KAAK,cAAc,EACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAC,aAAa,EAAE,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAC/D,OAAO,EAON,KAAK,kBAAkB,EACvB,MAAM,iCAAiC,CAAC;AAiCzC;;;;;;;;GAQG;AACH,MAAM,MAAM,0BAA0B,GAAG,CACxC,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EACrE,IAAI,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,EACnC,GAAG,EAAE,aAAa,KACd,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,iDAAiD;AACjD,MAAM,WAAW,wBAAwB;IACxC;;;OAGG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,sFAAsF;IACtF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,0BAA0B,CAAC;CACvC;AA4BD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB,EAAE,0BASvC,CAAC;AAIF;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAsB,SAAQ,aAAa;IAC3D,+EAA+E;IAC/E,mBAAmB,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAChD;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,qBAAqB,EAC3B,UAAS,wBAA6B,KACpC,KAAK,CAAC,SAAS,CA4cjB,CAAC"}

package/dist/auth/permit_offer_actions.js CHANGED Viewed

@@ -36,19 +36,19 @@
  *
  * @module
  */
-import { rpc_action } from '../actions/action_rpc.js';
+import { rpc_actor_action, } from '../actions/action_rpc.js';
 import { jsonrpc_errors } from '../http/jsonrpc_errors.js';
 import { emit_after_commit } from '../http/pending_effects.js';
 import { BUILTIN_ROLE_OPTIONS, ROLE_ADMIN } from './role_schema.js';
 import { PERMIT_OFFER_DEFAULT_TTL_MS, to_permit_offer_json } from './permit_offer_schema.js';
-import { query_permit_offer_create, query_permit_offer_decline, query_permit_offer_retract, query_permit_offer_list, query_permit_offer_history_for_account, query_accept_offer, PermitOfferAlreadyTerminalError, PermitOfferExpiredError, PermitOfferNotFoundError, PermitOfferSelfTargetError, } from './permit_offer_queries.js';
+import { query_permit_offer_create, query_permit_offer_decline, query_permit_offer_retract, query_permit_offer_list, query_permit_offer_history_for_account, query_accept_offer, PermitOfferActorAccountMismatchError, PermitOfferActorMismatchError, PermitOfferAlreadyTerminalError, PermitOfferExpiredError, PermitOfferNotFoundError, PermitOfferSelfTargetError, } from './permit_offer_queries.js';
 import { query_permit_find_active_role_for_actor, query_revoke_permit } from './permit_queries.js';
 import { query_actor_by_id } from './account_queries.js';
-import { audit_log_fire_and_forget } from './audit_log_queries.js';
-import { has_role, has_scoped_role } from './request_context.js';
+import { emit_permit_target_event } from './audit_log_queries.js';
+import { has_role, has_scoped_role, } from './request_context.js';
 import { build_permit_offer_accepted_notification, build_permit_offer_declined_notification, build_permit_offer_received_notification, build_permit_offer_retracted_notification, build_permit_offer_supersede_notification, build_permit_revoke_notification, } from './permit_offer_notifications.js';
-import { ERROR_ACCOUNT_NOT_FOUND, ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE, } from '../http/error_schemas.js';
-import { ERROR_OFFER_EXPIRED, ERROR_OFFER_NOT_AUTHORIZED, ERROR_OFFER_NOT_FOUND, ERROR_OFFER_ROLE_NOT_GRANTABLE, ERROR_OFFER_SELF_TARGET, ERROR_OFFER_TERMINAL, permit_offer_create_action_spec, permit_offer_accept_action_spec, permit_offer_decline_action_spec, permit_offer_retract_action_spec, permit_offer_list_action_spec, permit_offer_history_action_spec, permit_revoke_action_spec, } from './permit_offer_action_specs.js';
+import { ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE } from '../http/error_schemas.js';
+import { ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH, ERROR_OFFER_ACTOR_MISMATCH, ERROR_OFFER_EXPIRED, ERROR_OFFER_NOT_AUTHORIZED, ERROR_OFFER_NOT_FOUND, ERROR_OFFER_ROLE_NOT_GRANTABLE, ERROR_OFFER_SELF_TARGET, ERROR_OFFER_TERMINAL, permit_offer_create_action_spec, permit_offer_accept_action_spec, permit_offer_decline_action_spec, permit_offer_retract_action_spec, permit_offer_list_action_spec, permit_offer_history_action_spec, permit_revoke_action_spec, } from './permit_offer_action_specs.js';
 // -- Helpers ----------------------------------------------------------------
 /** Fire `on_audit_event` for each event — used by accept, whose events were written in-transaction. */
 const fan_out_audit_events = (events, on_audit_event, log) => {
@@ -87,16 +87,6 @@ export const authorize_admin_or_holder = async (auth, input, _deps, _ctx) => {
         return true;
     return has_scoped_role(auth, input.role, null);
 };
-/**
- * Narrow `ctx.auth` to non-null. The RPC dispatcher has already enforced
- * `auth: 'authenticated'` before the handler runs — this is a type narrow,
- * not a runtime check that would otherwise fail.
- */
-const require_request_auth = (auth) => {
-    if (!auth)
-        throw new Error('unreachable: action auth guard did not enforce authentication');
-    return auth;
-};
 /**
  * Create the seven permit-offer RPC actions (six offer-lifecycle methods
  * plus `permit_revoke`).
@@ -110,28 +100,29 @@ export const create_permit_offer_actions = (deps, options = {}) => {
     const role_options = options.roles?.role_options ?? BUILTIN_ROLE_OPTIONS;
     const default_ttl_ms = options.default_ttl_ms ?? PERMIT_OFFER_DEFAULT_TTL_MS;
     const authorize = options.authorize ?? default_authorize;
-    // Three denial paths (web_grantable, authorize, self-target) all emit the
-    // same failure-outcome audit event. Local closure over `log` + `on_audit_event`.
+    // Four denial paths (web_grantable, authorize, self-target,
+    // actor-account mismatch) all emit the same failure-outcome audit
+    // event. `target_actor_id` is populated when the caller supplied a
+    // `to_actor_id` so failure rows match the success-shape envelope of
+    // actor-targeted offers.
     const emit_create_failure_audit = (ctx, auth, input) => {
-        void audit_log_fire_and_forget(ctx, {
+        void emit_permit_target_event(ctx, auth, deps, {
             event_type: 'permit_offer_create',
             outcome: 'failure',
-            actor_id: auth.actor.id,
-            account_id: auth.account.id,
             target_account_id: input.to_account_id,
-            ip: ctx.client_ip,
+            target_actor_id: input.to_actor_id ?? null,
             metadata: {
                 role: input.role,
                 scope_id: input.scope_id ?? null,
                 to_account_id: input.to_account_id,
             },
-        }, deps);
+        });
     };
     // Returns {offer} only — no auto-accept. Recipient must call
     // permit_offer_accept; admin tests materialize permits via
     // query_accept_offer (see testing/admin_integration.ts `offer_and_accept`).
     const create_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
+        const auth = ctx.auth;
         // Role must be web_grantable — same gate as admin direct-grant.
         const rc = role_options.get(input.role);
         if (!rc?.web_grantable) {
@@ -156,6 +147,7 @@ export const create_permit_offer_actions = (deps, options = {}) => {
             offer = await query_permit_offer_create(ctx, {
                 from_actor_id: auth.actor.id,
                 to_account_id: input.to_account_id,
+                to_actor_id: input.to_actor_id ?? null,
                 role: input.role,
                 scope_id: input.scope_id ?? null,
                 message: input.message ?? null,
@@ -169,21 +161,29 @@ export const create_permit_offer_actions = (deps, options = {}) => {
                     reason: ERROR_OFFER_SELF_TARGET,
                 });
             }
+            if (err instanceof PermitOfferActorAccountMismatchError) {
+                emit_create_failure_audit(ctx, auth, input);
+                throw jsonrpc_errors.invalid_params('to_actor_id does not belong to to_account_id', {
+                    reason: ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH,
+                });
+            }
             throw err;
         }
-        void audit_log_fire_and_forget(ctx, {
+        // `target_actor_id` is populated when the offer is actor-targeted
+        // (per the offer's `to_actor_id`), null for account-grain offers
+        // — closes the audit hole where offer-shape events used to leave
+        // actor-grain forensics blank even when the binding was known.
+        void emit_permit_target_event(ctx, auth, deps, {
             event_type: 'permit_offer_create',
-            actor_id: auth.actor.id,
-            account_id: auth.account.id,
             target_account_id: input.to_account_id,
-            ip: ctx.client_ip,
+            target_actor_id: offer.to_actor_id,
             metadata: {
                 offer_id: offer.id,
                 role: offer.role,
                 scope_id: offer.scope_id,
                 to_account_id: offer.to_account_id,
             },
-        }, deps);
+        });
         const offer_json = to_permit_offer_json(offer);
         if (notification_sender) {
             emit_after_commit(ctx, () => {
@@ -193,12 +193,13 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         return { offer: offer_json };
     };
     const accept_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
+        const auth = ctx.auth;
         let result;
         try {
             result = await query_accept_offer(ctx, {
                 offer_id: input.offer_id,
                 to_account_id: auth.account.id,
+                actor_id: auth.actor.id,
                 ip: ctx.client_ip,
             });
         }
@@ -212,6 +213,11 @@ export const create_permit_offer_actions = (deps, options = {}) => {
             if (err instanceof PermitOfferExpiredError) {
                 throw jsonrpc_errors.invalid_request({ reason: ERROR_OFFER_EXPIRED });
             }
+            if (err instanceof PermitOfferActorMismatchError) {
+                throw jsonrpc_errors.forbidden('offer is targeted to a different actor', {
+                    reason: ERROR_OFFER_ACTOR_MISMATCH,
+                });
+            }
             throw err;
         }
         // Look up the grantor's account_id inside the transaction so the
@@ -254,7 +260,7 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         };
     };
     const decline_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
+        const auth = ctx.auth;
         let declined;
         try {
             declined = await query_permit_offer_decline(ctx, input.offer_id, auth.account.id, input.reason ?? null);
@@ -268,35 +274,36 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         if (!declined) {
             throw jsonrpc_errors.not_found('offer', { reason: ERROR_OFFER_NOT_FOUND });
         }
-        void audit_log_fire_and_forget(ctx, {
+        // `permit_offer_decline` is *to* the offering actor — populate both
+        // `target_actor_id` (the grantor actor) and `target_account_id`
+        // (the grantor account, joined in the decline RETURNING via CTE).
+        // The "both populated → same account" invariant holds: the
+        // grantor's actor↔account binding is 1:1 by definition of `actor`.
+        void emit_permit_target_event(ctx, auth, deps, {
             event_type: 'permit_offer_decline',
-            actor_id: auth.actor.id,
-            account_id: auth.account.id,
-            ip: ctx.client_ip,
+            target_account_id: declined.from_account_id,
+            target_actor_id: declined.from_actor_id,
             metadata: {
                 offer_id: declined.id,
                 role: declined.role,
                 scope_id: declined.scope_id,
                 reason: input.reason ?? undefined,
             },
-        }, deps);
+        });
         if (notification_sender) {
-            // Look up the grantor's account (SELECT by PK, same tx) for the
-            // notification target. The decline reason rides along on
-            // `offer.decline_reason` — the DB set it in the RETURNING above.
-            const grantor_actor = await query_actor_by_id(ctx, declined.from_actor_id);
-            const grantor_account_id = grantor_actor?.account_id ?? null;
-            if (grantor_account_id) {
-                const offer_json = to_permit_offer_json(declined);
-                emit_after_commit(ctx, () => {
-                    notification_sender.send_to_account(grantor_account_id, build_permit_offer_declined_notification({ offer: offer_json }));
-                });
-            }
+            // Grantor's account_id rides on `declined.from_account_id` from
+            // the decline RETURNING — no second SELECT needed. The decline
+            // reason rides along on `offer.decline_reason` — the DB set it
+            // in the RETURNING above.
+            const offer_json = to_permit_offer_json(declined);
+            emit_after_commit(ctx, () => {
+                notification_sender.send_to_account(declined.from_account_id, build_permit_offer_declined_notification({ offer: offer_json }));
+            });
         }
         return { ok: true };
     };
     const retract_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
+        const auth = ctx.auth;
         let retracted;
         try {
             retracted = await query_permit_offer_retract(ctx, input.offer_id, auth.actor.id);
@@ -310,17 +317,20 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         if (!retracted) {
             throw jsonrpc_errors.not_found('offer', { reason: ERROR_OFFER_NOT_FOUND });
         }
-        void audit_log_fire_and_forget(ctx, {
+        // `permit_offer_retract` is *from* the recipient inbox —
+        // `target_account_id` is the recipient account; `target_actor_id`
+        // inherits the offer's `to_actor_id` (set on actor-targeted
+        // offers, null on account-grain offers).
+        void emit_permit_target_event(ctx, auth, deps, {
             event_type: 'permit_offer_retract',
-            actor_id: auth.actor.id,
-            account_id: auth.account.id,
-            ip: ctx.client_ip,
+            target_account_id: retracted.to_account_id,
+            target_actor_id: retracted.to_actor_id,
             metadata: {
                 offer_id: retracted.id,
                 role: retracted.role,
                 scope_id: retracted.scope_id,
             },
-        }, deps);
+        });
         if (notification_sender) {
             const offer_json = to_permit_offer_json(retracted);
             emit_after_commit(ctx, () => {
@@ -330,7 +340,7 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         return { ok: true };
     };
     const list_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
+        const auth = ctx.auth;
         const target = input.account_id ?? auth.account.id;
         if (target !== auth.account.id && !has_role(auth, ROLE_ADMIN)) {
             throw jsonrpc_errors.forbidden('admin required to inspect another account');
@@ -339,7 +349,7 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         return { offers: offers.map(to_permit_offer_json) };
     };
     const history_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
+        const auth = ctx.auth;
         const target = input.account_id ?? auth.account.id;
         if (target !== auth.account.id && !has_role(auth, ROLE_ADMIN)) {
             throw jsonrpc_errors.forbidden('admin required to inspect another account');
@@ -348,35 +358,32 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         return { offers: offers.map(to_permit_offer_json) };
     };
     const revoke_handler = async (input, ctx) => {
-        const auth = require_request_auth(ctx.auth);
-        // IDOR guard + role lookup. One SELECT — returns null when the
-        // permit is revoked, missing, or belongs to a different actor.
+        const auth = ctx.auth;
+        // IDOR guard + role lookup + actor → account JOIN. One SELECT —
+        // returns null when the permit is revoked, missing, or belongs
+        // to a different actor. The JOIN supplies `account_id` for the
+        // audit envelope's `target_account_id` and the post-commit
+        // SSE/WS socket-close fan-out target. `permit_revoke` is the
+        // canonical actor-bound-subject event: `target_actor_id` is the
+        // permit's grantee (input.actor_id); `target_account_id` is the
+        // account hosting that actor (sessions remain account-grain
+        // after multi-actor lands).
         const permit_row = await query_permit_find_active_role_for_actor(ctx, input.permit_id, input.actor_id);
         if (!permit_row) {
             throw jsonrpc_errors.not_found('permit', { reason: ERROR_PERMIT_NOT_FOUND });
         }
-        // Resolve the target actor's account once — drives both the audit
-        // `target_account_id` and the post-commit notification target.
-        const target_actor = await query_actor_by_id(ctx, input.actor_id);
-        if (!target_actor) {
-            // The IDOR guard above already matched, so a missing actor here
-            // indicates a race (account deleted between the two SELECTs).
-            // Treat as account-not-found for the caller.
-            throw jsonrpc_errors.not_found('account', { reason: ERROR_ACCOUNT_NOT_FOUND });
-        }
-        const target_account_id = target_actor.account_id;
+        const target_account_id = permit_row.account_id;
+        const target_actor_id = input.actor_id;
         // web_grantable gate — keeper/daemon-scoped roles stay CLI-only.
         const rc = role_options.get(permit_row.role);
         if (!rc?.web_grantable) {
-            void audit_log_fire_and_forget(ctx, {
+            void emit_permit_target_event(ctx, auth, deps, {
                 event_type: 'permit_revoke',
                 outcome: 'failure',
-                actor_id: auth.actor.id,
-                account_id: auth.account.id,
                 target_account_id,
-                ip: ctx.client_ip,
+                target_actor_id,
                 metadata: { role: permit_row.role, permit_id: input.permit_id },
-            }, deps);
+            });
             throw jsonrpc_errors.forbidden('role not web-grantable', {
                 reason: ERROR_ROLE_NOT_WEB_GRANTABLE,
             });
@@ -387,25 +394,26 @@ export const create_permit_offer_actions = (deps, options = {}) => {
             // the IDOR check and the UPDATE.
             throw jsonrpc_errors.not_found('permit', { reason: ERROR_PERMIT_NOT_FOUND });
         }
-        void audit_log_fire_and_forget(ctx, {
+        void emit_permit_target_event(ctx, auth, deps, {
             event_type: 'permit_revoke',
-            actor_id: auth.actor.id,
-            account_id: auth.account.id,
             target_account_id,
-            ip: ctx.client_ip,
+            target_actor_id,
             metadata: {
                 role: result.role,
                 permit_id: result.id,
                 scope_id: result.scope_id,
                 reason: input.reason ?? undefined,
             },
-        }, deps);
+        });
+        // Supersede cascade — the recipient is known (`offer.to_account_id`),
+        // so populate `target_account_id` rather than leaving it null;
+        // `target_actor_id` inherits the offer's `to_actor_id` (actor-grain
+        // when the superseded offer was actor-targeted, null otherwise).
         for (const offer of result.superseded_offers) {
-            void audit_log_fire_and_forget(ctx, {
+            void emit_permit_target_event(ctx, auth, deps, {
                 event_type: 'permit_offer_supersede',
-                actor_id: auth.actor.id,
-                account_id: offer.to_account_id,
-                ip: ctx.client_ip,
+                target_account_id: offer.to_account_id,
+                target_actor_id: offer.to_actor_id,
                 metadata: {
                     offer_id: offer.id,
                     role: offer.role,
@@ -413,7 +421,7 @@ export const create_permit_offer_actions = (deps, options = {}) => {
                     reason: 'permit_revoked',
                     cause_id: result.id,
                 },
-            }, deps);
+            });
         }
         if (notification_sender) {
             const superseded = result.superseded_offers.map((o) => ({
@@ -441,12 +449,12 @@ export const create_permit_offer_actions = (deps, options = {}) => {
         return { ok: true, revoked: true };
     };
     return [
-        rpc_action(permit_offer_create_action_spec, create_handler),
-        rpc_action(permit_offer_accept_action_spec, accept_handler),
-        rpc_action(permit_offer_decline_action_spec, decline_handler),
-        rpc_action(permit_offer_retract_action_spec, retract_handler),
-        rpc_action(permit_offer_list_action_spec, list_handler),
-        rpc_action(permit_offer_history_action_spec, history_handler),
-        rpc_action(permit_revoke_action_spec, revoke_handler),
+        rpc_actor_action(permit_offer_create_action_spec, create_handler),
+        rpc_actor_action(permit_offer_accept_action_spec, accept_handler),
+        rpc_actor_action(permit_offer_decline_action_spec, decline_handler),
+        rpc_actor_action(permit_offer_retract_action_spec, retract_handler),
+        rpc_actor_action(permit_offer_list_action_spec, list_handler),
+        rpc_actor_action(permit_offer_history_action_spec, history_handler),
+        rpc_actor_action(permit_revoke_action_spec, revoke_handler),
     ];
 };

package/dist/auth/permit_offer_notifications.d.ts CHANGED Viewed

@@ -62,6 +62,7 @@ export declare const PermitOfferReceivedParams: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -82,6 +83,7 @@ export declare const PermitOfferRetractedParams: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -102,6 +104,7 @@ export declare const PermitOfferAcceptedParams: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -126,6 +129,7 @@ export declare const PermitOfferDeclinedParams: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -154,6 +158,7 @@ export declare const PermitOfferSupersedeParams: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
@@ -199,6 +204,7 @@ export declare const permit_offer_received_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -227,6 +233,7 @@ export declare const permit_offer_retracted_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -255,6 +262,7 @@ export declare const permit_offer_accepted_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -283,6 +291,7 @@ export declare const permit_offer_declined_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
@@ -311,6 +320,7 @@ export declare const permit_offer_supersede_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;

package/dist/auth/permit_offer_notifications.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"permit_offer_notifications.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_notifications.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAqB,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAIrE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,oBAAoB,CAAC;AAM5D;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,kBAAkB;IAClC,eAAe,EAAE,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,KAAK,MAAM,CAAC;CAC5E;AAID,eAAO,MAAM,yCAAyC,0BAA0B,CAAC;AACjF,eAAO,MAAM,0CAA0C,2BAA2B,CAAC;AACnF,eAAO,MAAM,yCAAyC,0BAA0B,CAAC;AACjF,eAAO,MAAM,yCAAyC,0BAA0B,CAAC;AACjF,eAAO,MAAM,0CAA0C,2BAA2B,CAAC;AACnF,eAAO,MAAM,iCAAiC,kBAAkB,CAAC;AAIjE,6EAA6E;AAC7E,eAAO,MAAM,yBAAyB~~;;;;;;;;;;;;;;;;;~~kBAEpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,qEAAqE;AACrE,eAAO,MAAM,0BAA0B~~;;;;;;;;;;;;;;;;;~~kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,yEAAyE;AACzE,eAAO,MAAM,yBAAyB~~;;;;;;;;;;;;;;;;;~~kBAEpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;GAIG;AACH,eAAO,MAAM,yBAAyB~~;;;;;;;;;;;;;;;;;~~kBAEpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B~~;;;;;;;;;;;;;;;;;;;;;;;~~kBAIrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB;;;;;kBAK7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,uCAAuC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUZ,CAAC;AAEzC,eAAO,MAAM,wCAAwC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUb,CAAC;AAEzC,eAAO,MAAM,uCAAuC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUZ,CAAC;AAEzC,eAAO,MAAM,uCAAuC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAUZ,CAAC;AAEzC,eAAO,MAAM,wCAAwC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAWb,CAAC;AAEzC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;CAUJ,CAAC;AAIzC;;;;;GAKG;AACH,eAAO,MAAM,+BAA+B,EAAE,KAAK,CAAC,SAAS,CAO5D,CAAC;AAIF,eAAO,MAAM,wCAAwC,GACpD,QAAQ,yBAAyB,KAC/B,mBAC4E,CAAC;AAEhF,eAAO,MAAM,yCAAyC,GACrD,QAAQ,0BAA0B,KAChC,mBAC6E,CAAC;AAEjF,eAAO,MAAM,wCAAwC,GACpD,QAAQ,yBAAyB,KAC/B,mBAC4E,CAAC;AAEhF,eAAO,MAAM,wCAAwC,GACpD,QAAQ,yBAAyB,KAC/B,mBAC4E,CAAC;AAEhF,eAAO,MAAM,yCAAyC,GACrD,QAAQ,0BAA0B,KAChC,mBAC6E,CAAC;AAEjF,eAAO,MAAM,gCAAgC,GAAI,QAAQ,kBAAkB,KAAG,mBACP,CAAC"}
1	+ {"version":3,"file":"permit_offer_notifications.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_notifications.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAqB,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAIrE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,oBAAoB,CAAC;AAM5D;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,kBAAkB;IAClC,eAAe,EAAE,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,KAAK,MAAM,CAAC;CAC5E;AAID,eAAO,MAAM,yCAAyC,0BAA0B,CAAC;AACjF,eAAO,MAAM,0CAA0C,2BAA2B,CAAC;AACnF,eAAO,MAAM,yCAAyC,0BAA0B,CAAC;AACjF,eAAO,MAAM,yCAAyC,0BAA0B,CAAC;AACjF,eAAO,MAAM,0CAA0C,2BAA2B,CAAC;AACnF,eAAO,MAAM,iCAAiC,kBAAkB,CAAC;AAIjE,6EAA6E;AAC7E,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;kBAEpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,qEAAqE;AACrE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,yEAAyE;AACzE,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;kBAEpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;kBAEpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;kBAIrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB;;;;;kBAK7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUZ,CAAC;AAEzC,eAAO,MAAM,wCAAwC;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUb,CAAC;AAEzC,eAAO,MAAM,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUZ,CAAC;AAEzC,eAAO,MAAM,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUZ,CAAC;AAEzC,eAAO,MAAM,wCAAwC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWb,CAAC;AAEzC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;CAUJ,CAAC;AAIzC;;;;;GAKG;AACH,eAAO,MAAM,+BAA+B,EAAE,KAAK,CAAC,SAAS,CAO5D,CAAC;AAIF,eAAO,MAAM,wCAAwC,GACpD,QAAQ,yBAAyB,KAC/B,mBAC4E,CAAC;AAEhF,eAAO,MAAM,yCAAyC,GACrD,QAAQ,0BAA0B,KAChC,mBAC6E,CAAC;AAEjF,eAAO,MAAM,wCAAwC,GACpD,QAAQ,yBAAyB,KAC/B,mBAC4E,CAAC;AAEhF,eAAO,MAAM,wCAAwC,GACpD,QAAQ,yBAAyB,KAC/B,mBAC4E,CAAC;AAEhF,eAAO,MAAM,yCAAyC,GACrD,QAAQ,0BAA0B,KAChC,mBAC6E,CAAC;AAEjF,eAAO,MAAM,gCAAgC,GAAI,QAAQ,kBAAkB,KAAG,mBACP,CAAC"}