@fuzdev/fuz_app 0.54.0 → 0.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions/CLAUDE.md +214 -103
- package/dist/actions/action_bridge.d.ts +8 -5
- package/dist/actions/action_bridge.d.ts.map +1 -1
- package/dist/actions/action_bridge.js +1 -11
- package/dist/actions/action_codegen.d.ts +32 -0
- package/dist/actions/action_codegen.d.ts.map +1 -1
- package/dist/actions/action_codegen.js +35 -15
- package/dist/actions/action_registry.d.ts.map +1 -1
- package/dist/actions/action_registry.js +5 -2
- package/dist/actions/action_rpc.d.ts +141 -22
- package/dist/actions/action_rpc.d.ts.map +1 -1
- package/dist/actions/action_rpc.js +106 -187
- package/dist/actions/action_spec.d.ts +55 -16
- package/dist/actions/action_spec.d.ts.map +1 -1
- package/dist/actions/action_spec.js +16 -11
- package/dist/actions/action_types.d.ts +28 -60
- package/dist/actions/action_types.d.ts.map +1 -1
- package/dist/actions/action_types.js +13 -5
- package/dist/actions/broadcast_api.d.ts +2 -2
- package/dist/actions/broadcast_api.js +2 -2
- package/dist/actions/compile_action_registry.d.ts +50 -0
- package/dist/actions/compile_action_registry.d.ts.map +1 -0
- package/dist/actions/compile_action_registry.js +69 -0
- package/dist/actions/heartbeat.d.ts +8 -4
- package/dist/actions/heartbeat.d.ts.map +1 -1
- package/dist/actions/heartbeat.js +5 -4
- package/dist/actions/perform_action.d.ts +145 -0
- package/dist/actions/perform_action.d.ts.map +1 -0
- package/dist/actions/perform_action.js +258 -0
- package/dist/actions/register_action_ws.d.ts +46 -40
- package/dist/actions/register_action_ws.d.ts.map +1 -1
- package/dist/actions/register_action_ws.js +101 -159
- package/dist/actions/register_ws_endpoint.d.ts +15 -10
- package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
- package/dist/actions/register_ws_endpoint.js +54 -7
- package/dist/actions/transports.d.ts.map +1 -1
- package/dist/actions/transports.js +0 -4
- package/dist/actions/transports_ws_auth_guard.d.ts +1 -1
- package/dist/actions/transports_ws_auth_guard.js +1 -1
- package/dist/actions/transports_ws_backend.d.ts +1 -1
- package/dist/actions/transports_ws_backend.js +1 -1
- package/dist/auth/CLAUDE.md +794 -410
- package/dist/auth/account_action_specs.d.ts +28 -7
- package/dist/auth/account_action_specs.d.ts.map +1 -1
- package/dist/auth/account_action_specs.js +7 -7
- package/dist/auth/account_actions.d.ts +7 -13
- package/dist/auth/account_actions.d.ts.map +1 -1
- package/dist/auth/account_actions.js +26 -35
- package/dist/auth/account_queries.d.ts +52 -16
- package/dist/auth/account_queries.d.ts.map +1 -1
- package/dist/auth/account_queries.js +87 -38
- package/dist/auth/account_routes.d.ts +9 -11
- package/dist/auth/account_routes.d.ts.map +1 -1
- package/dist/auth/account_routes.js +118 -46
- package/dist/auth/account_schema.d.ts +46 -35
- package/dist/auth/account_schema.d.ts.map +1 -1
- package/dist/auth/account_schema.js +21 -28
- package/dist/auth/admin_action_specs.d.ts +100 -32
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +64 -33
- package/dist/auth/admin_actions.d.ts +13 -19
- package/dist/auth/admin_actions.d.ts.map +1 -1
- package/dist/auth/admin_actions.js +37 -41
- package/dist/auth/audit_emitter.d.ts +160 -0
- package/dist/auth/audit_emitter.d.ts.map +1 -0
- package/dist/auth/audit_emitter.js +83 -0
- package/dist/auth/audit_log_queries.d.ts +17 -48
- package/dist/auth/audit_log_queries.d.ts.map +1 -1
- package/dist/auth/audit_log_queries.js +20 -56
- package/dist/auth/audit_log_routes.d.ts +1 -1
- package/dist/auth/audit_log_routes.d.ts.map +1 -1
- package/dist/auth/audit_log_routes.js +7 -3
- package/dist/auth/audit_log_schema.d.ts +92 -32
- package/dist/auth/audit_log_schema.d.ts.map +1 -1
- package/dist/auth/audit_log_schema.js +75 -46
- package/dist/auth/auth_guard_resolver.d.ts +44 -0
- package/dist/auth/auth_guard_resolver.d.ts.map +1 -0
- package/dist/auth/auth_guard_resolver.js +56 -0
- package/dist/auth/bearer_auth.d.ts +9 -7
- package/dist/auth/bearer_auth.d.ts.map +1 -1
- package/dist/auth/bearer_auth.js +13 -21
- package/dist/auth/bootstrap_account.d.ts +7 -7
- package/dist/auth/bootstrap_account.d.ts.map +1 -1
- package/dist/auth/bootstrap_account.js +7 -7
- package/dist/auth/bootstrap_routes.d.ts.map +1 -1
- package/dist/auth/bootstrap_routes.js +11 -10
- package/dist/auth/cleanup.d.ts +20 -26
- package/dist/auth/cleanup.d.ts.map +1 -1
- package/dist/auth/cleanup.js +33 -42
- package/dist/auth/credential_type_schema.d.ts +115 -0
- package/dist/auth/credential_type_schema.d.ts.map +1 -0
- package/dist/auth/credential_type_schema.js +127 -0
- package/dist/auth/daemon_token_middleware.d.ts +23 -11
- package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
- package/dist/auth/daemon_token_middleware.js +28 -22
- package/dist/auth/ddl.d.ts +2 -2
- package/dist/auth/ddl.d.ts.map +1 -1
- package/dist/auth/ddl.js +6 -6
- package/dist/auth/deps.d.ts +7 -18
- package/dist/auth/deps.d.ts.map +1 -1
- package/dist/auth/grant_path_schema.d.ts +117 -0
- package/dist/auth/grant_path_schema.d.ts.map +1 -0
- package/dist/auth/grant_path_schema.js +137 -0
- package/dist/auth/invite_queries.d.ts +12 -1
- package/dist/auth/invite_queries.d.ts.map +1 -1
- package/dist/auth/invite_queries.js +12 -1
- package/dist/auth/invite_schema.d.ts +1 -1
- package/dist/auth/invite_schema.d.ts.map +1 -1
- package/dist/auth/invite_schema.js +1 -1
- package/dist/auth/middleware.d.ts.map +1 -1
- package/dist/auth/middleware.js +9 -4
- package/dist/auth/migrations.d.ts +37 -14
- package/dist/auth/migrations.d.ts.map +1 -1
- package/dist/auth/migrations.js +79 -32
- package/dist/auth/request_context.d.ts +331 -61
- package/dist/auth/request_context.d.ts.map +1 -1
- package/dist/auth/request_context.js +378 -95
- package/dist/auth/{permit_offer_action_specs.d.ts → role_grant_offer_action_specs.d.ts} +163 -94
- package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -0
- package/dist/auth/role_grant_offer_action_specs.js +262 -0
- package/dist/auth/role_grant_offer_actions.d.ts +104 -0
- package/dist/auth/role_grant_offer_actions.d.ts.map +1 -0
- package/dist/auth/role_grant_offer_actions.js +473 -0
- package/dist/auth/{permit_offer_notifications.d.ts → role_grant_offer_notifications.d.ts} +90 -70
- package/dist/auth/role_grant_offer_notifications.d.ts.map +1 -0
- package/dist/auth/role_grant_offer_notifications.js +182 -0
- package/dist/auth/role_grant_offer_queries.d.ts +242 -0
- package/dist/auth/role_grant_offer_queries.d.ts.map +1 -0
- package/dist/auth/role_grant_offer_queries.js +533 -0
- package/dist/auth/role_grant_offer_schema.d.ts +150 -0
- package/dist/auth/role_grant_offer_schema.d.ts.map +1 -0
- package/dist/auth/{permit_offer_schema.js → role_grant_offer_schema.js} +60 -36
- package/dist/auth/role_grant_queries.d.ts +231 -0
- package/dist/auth/role_grant_queries.d.ts.map +1 -0
- package/dist/auth/role_grant_queries.js +320 -0
- package/dist/auth/role_schema.d.ts +150 -40
- package/dist/auth/role_schema.d.ts.map +1 -1
- package/dist/auth/role_schema.js +144 -45
- package/dist/auth/scope_kind_schema.d.ts +96 -0
- package/dist/auth/scope_kind_schema.d.ts.map +1 -0
- package/dist/auth/scope_kind_schema.js +94 -0
- package/dist/auth/self_service_role_action_specs.d.ts +6 -1
- package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
- package/dist/auth/self_service_role_action_specs.js +3 -1
- package/dist/auth/self_service_role_actions.d.ts +34 -27
- package/dist/auth/self_service_role_actions.d.ts.map +1 -1
- package/dist/auth/self_service_role_actions.js +68 -48
- package/dist/auth/session_cookie.d.ts +43 -6
- package/dist/auth/session_cookie.d.ts.map +1 -1
- package/dist/auth/session_cookie.js +31 -5
- package/dist/auth/session_middleware.d.ts +37 -3
- package/dist/auth/session_middleware.d.ts.map +1 -1
- package/dist/auth/session_middleware.js +33 -7
- package/dist/auth/signup_routes.d.ts.map +1 -1
- package/dist/auth/signup_routes.js +48 -19
- package/dist/auth/standard_action_specs.d.ts +2 -2
- package/dist/auth/standard_action_specs.js +4 -4
- package/dist/auth/standard_rpc_actions.d.ts +23 -19
- package/dist/auth/standard_rpc_actions.d.ts.map +1 -1
- package/dist/auth/standard_rpc_actions.js +12 -12
- package/dist/db/migrate.d.ts +12 -8
- package/dist/db/migrate.d.ts.map +1 -1
- package/dist/db/migrate.js +10 -7
- package/dist/dev/setup.d.ts +2 -2
- package/dist/dev/setup.d.ts.map +1 -1
- package/dist/dev/setup.js +9 -7
- package/dist/env/load.d.ts +1 -1
- package/dist/env/load.js +1 -1
- package/dist/hono_context.d.ts +64 -5
- package/dist/hono_context.d.ts.map +1 -1
- package/dist/hono_context.js +38 -2
- package/dist/http/CLAUDE.md +264 -87
- package/dist/http/auth_shape.d.ts +191 -0
- package/dist/http/auth_shape.d.ts.map +1 -0
- package/dist/http/auth_shape.js +237 -0
- package/dist/http/common_routes.js +3 -3
- package/dist/http/db_routes.d.ts +4 -0
- package/dist/http/db_routes.d.ts.map +1 -1
- package/dist/http/db_routes.js +44 -7
- package/dist/http/error_schemas.d.ts +132 -19
- package/dist/http/error_schemas.d.ts.map +1 -1
- package/dist/http/error_schemas.js +132 -40
- package/dist/http/jsonrpc_errors.d.ts +27 -2
- package/dist/http/jsonrpc_errors.d.ts.map +1 -1
- package/dist/http/jsonrpc_errors.js +26 -2
- package/dist/http/pending_effects.d.ts +71 -18
- package/dist/http/pending_effects.d.ts.map +1 -1
- package/dist/http/pending_effects.js +87 -18
- package/dist/http/proxy.d.ts +52 -5
- package/dist/http/proxy.d.ts.map +1 -1
- package/dist/http/proxy.js +92 -14
- package/dist/http/route_spec.d.ts +113 -41
- package/dist/http/route_spec.d.ts.map +1 -1
- package/dist/http/route_spec.js +130 -52
- package/dist/http/schema_helpers.d.ts +3 -2
- package/dist/http/schema_helpers.d.ts.map +1 -1
- package/dist/http/schema_helpers.js +9 -2
- package/dist/http/surface.d.ts +2 -1
- package/dist/http/surface.d.ts.map +1 -1
- package/dist/http/surface.js +1 -2
- package/dist/http/surface_query.d.ts +39 -35
- package/dist/http/surface_query.d.ts.map +1 -1
- package/dist/http/surface_query.js +79 -36
- package/dist/primitive_schemas.d.ts +39 -0
- package/dist/primitive_schemas.d.ts.map +1 -0
- package/dist/primitive_schemas.js +40 -0
- package/dist/realtime/sse_auth_guard.d.ts +5 -5
- package/dist/realtime/sse_auth_guard.js +9 -9
- package/dist/runtime/mock.d.ts +1 -1
- package/dist/runtime/mock.js +1 -1
- package/dist/server/app_backend.d.ts +14 -11
- package/dist/server/app_backend.d.ts.map +1 -1
- package/dist/server/app_backend.js +12 -8
- package/dist/server/app_server.d.ts +7 -7
- package/dist/server/app_server.d.ts.map +1 -1
- package/dist/server/app_server.js +36 -31
- package/dist/server/validate_nginx.d.ts +1 -1
- package/dist/server/validate_nginx.js +1 -1
- package/dist/testing/CLAUDE.md +73 -55
- package/dist/testing/admin_integration.d.ts +5 -6
- package/dist/testing/admin_integration.d.ts.map +1 -1
- package/dist/testing/admin_integration.js +100 -96
- package/dist/testing/adversarial_headers.js +1 -1
- package/dist/testing/app_server.d.ts +11 -14
- package/dist/testing/app_server.d.ts.map +1 -1
- package/dist/testing/app_server.js +18 -17
- package/dist/testing/assertions.d.ts.map +1 -1
- package/dist/testing/assertions.js +2 -1
- package/dist/testing/attack_surface.d.ts.map +1 -1
- package/dist/testing/attack_surface.js +15 -9
- package/dist/testing/audit_completeness.d.ts +2 -2
- package/dist/testing/audit_completeness.d.ts.map +1 -1
- package/dist/testing/audit_completeness.js +53 -39
- package/dist/testing/auth_apps.d.ts +5 -4
- package/dist/testing/auth_apps.d.ts.map +1 -1
- package/dist/testing/auth_apps.js +28 -22
- package/dist/testing/data_exposure.d.ts.map +1 -1
- package/dist/testing/data_exposure.js +5 -5
- package/dist/testing/db.d.ts +1 -1
- package/dist/testing/db.d.ts.map +1 -1
- package/dist/testing/db.js +4 -4
- package/dist/testing/db_entities.d.ts +22 -0
- package/dist/testing/db_entities.d.ts.map +1 -0
- package/dist/testing/db_entities.js +28 -0
- package/dist/testing/entities.d.ts +10 -8
- package/dist/testing/entities.d.ts.map +1 -1
- package/dist/testing/entities.js +22 -18
- package/dist/testing/integration.d.ts.map +1 -1
- package/dist/testing/integration.js +13 -14
- package/dist/testing/integration_helpers.d.ts +8 -6
- package/dist/testing/integration_helpers.d.ts.map +1 -1
- package/dist/testing/integration_helpers.js +29 -23
- package/dist/testing/middleware.d.ts +15 -11
- package/dist/testing/middleware.d.ts.map +1 -1
- package/dist/testing/middleware.js +75 -32
- package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
- package/dist/testing/rpc_attack_surface.js +40 -24
- package/dist/testing/rpc_helpers.d.ts.map +1 -1
- package/dist/testing/rpc_helpers.js +3 -1
- package/dist/testing/rpc_round_trip.d.ts +1 -1
- package/dist/testing/rpc_round_trip.d.ts.map +1 -1
- package/dist/testing/rpc_round_trip.js +14 -13
- package/dist/testing/sse_round_trip.d.ts +3 -4
- package/dist/testing/sse_round_trip.d.ts.map +1 -1
- package/dist/testing/sse_round_trip.js +7 -11
- package/dist/testing/standard.d.ts +1 -1
- package/dist/testing/stubs.d.ts +25 -0
- package/dist/testing/stubs.d.ts.map +1 -1
- package/dist/testing/stubs.js +43 -2
- package/dist/testing/surface_invariants.d.ts +2 -2
- package/dist/testing/ws_round_trip.d.ts +12 -13
- package/dist/testing/ws_round_trip.d.ts.map +1 -1
- package/dist/testing/ws_round_trip.js +24 -12
- package/dist/ui/AdminAccounts.svelte +23 -20
- package/dist/ui/AdminOverview.svelte +15 -13
- package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
- package/dist/ui/{AdminPermitHistory.svelte → AdminRoleGrantHistory.svelte} +12 -12
- package/dist/ui/AdminRoleGrantHistory.svelte.d.ts +4 -0
- package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map +1 -0
- package/dist/ui/BootstrapForm.svelte +1 -1
- package/dist/ui/CLAUDE.md +65 -59
- package/dist/ui/{PermitOfferForm.svelte → RoleGrantOfferForm.svelte} +37 -22
- package/dist/ui/RoleGrantOfferForm.svelte.d.ts +20 -0
- package/dist/ui/RoleGrantOfferForm.svelte.d.ts.map +1 -0
- package/dist/ui/{PermitOfferHistory.svelte → RoleGrantOfferHistory.svelte} +12 -12
- package/dist/ui/{PermitOfferHistory.svelte.d.ts → RoleGrantOfferHistory.svelte.d.ts} +4 -4
- package/dist/ui/RoleGrantOfferHistory.svelte.d.ts.map +1 -0
- package/dist/ui/{PermitOfferInbox.svelte → RoleGrantOfferInbox.svelte} +14 -14
- package/dist/ui/{PermitOfferInbox.svelte.d.ts → RoleGrantOfferInbox.svelte.d.ts} +4 -4
- package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map +1 -0
- package/dist/ui/SignupForm.svelte +1 -1
- package/dist/ui/SurfaceExplorer.svelte +35 -15
- package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
- package/dist/ui/account_sessions_state.svelte.d.ts +2 -3
- package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
- package/dist/ui/account_sessions_state.svelte.js +2 -3
- package/dist/ui/admin_accounts_state.svelte.d.ts +25 -18
- package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
- package/dist/ui/admin_accounts_state.svelte.js +28 -17
- package/dist/ui/admin_rpc_adapters.d.ts +20 -20
- package/dist/ui/admin_rpc_adapters.d.ts.map +1 -1
- package/dist/ui/admin_rpc_adapters.js +17 -17
- package/dist/ui/admin_sessions_state.svelte.d.ts +2 -2
- package/dist/ui/admin_sessions_state.svelte.js +2 -2
- package/dist/ui/audit_log_state.svelte.d.ts +7 -7
- package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
- package/dist/ui/audit_log_state.svelte.js +6 -6
- package/dist/ui/auth_state.svelte.d.ts +3 -3
- package/dist/ui/auth_state.svelte.d.ts.map +1 -1
- package/dist/ui/auth_state.svelte.js +6 -6
- package/dist/ui/format_scope.d.ts +2 -2
- package/dist/ui/format_scope.js +2 -2
- package/dist/ui/{permit_offers_state.svelte.d.ts → role_grant_offers_state.svelte.d.ts} +39 -31
- package/dist/ui/role_grant_offers_state.svelte.d.ts.map +1 -0
- package/dist/ui/{permit_offers_state.svelte.js → role_grant_offers_state.svelte.js} +25 -19
- package/dist/ui/ui_format.js +2 -2
- package/package.json +3 -3
- package/dist/auth/permit_offer_action_specs.d.ts.map +0 -1
- package/dist/auth/permit_offer_action_specs.js +0 -227
- package/dist/auth/permit_offer_actions.d.ts +0 -110
- package/dist/auth/permit_offer_actions.d.ts.map +0 -1
- package/dist/auth/permit_offer_actions.js +0 -452
- package/dist/auth/permit_offer_notifications.d.ts.map +0 -1
- package/dist/auth/permit_offer_notifications.js +0 -182
- package/dist/auth/permit_offer_queries.d.ts +0 -183
- package/dist/auth/permit_offer_queries.d.ts.map +0 -1
- package/dist/auth/permit_offer_queries.js +0 -408
- package/dist/auth/permit_offer_schema.d.ts +0 -103
- package/dist/auth/permit_offer_schema.d.ts.map +0 -1
- package/dist/auth/permit_queries.d.ts +0 -210
- package/dist/auth/permit_queries.d.ts.map +0 -1
- package/dist/auth/permit_queries.js +0 -294
- package/dist/auth/require_keeper.d.ts +0 -20
- package/dist/auth/require_keeper.d.ts.map +0 -1
- package/dist/auth/require_keeper.js +0 -35
- package/dist/auth/route_guards.d.ts +0 -21
- package/dist/auth/route_guards.d.ts.map +0 -1
- package/dist/auth/route_guards.js +0 -32
- package/dist/auth/session_lifecycle.d.ts +0 -37
- package/dist/auth/session_lifecycle.d.ts.map +0 -1
- package/dist/auth/session_lifecycle.js +0 -29
- package/dist/ui/AdminPermitHistory.svelte.d.ts +0 -4
- package/dist/ui/AdminPermitHistory.svelte.d.ts.map +0 -1
- package/dist/ui/PermitOfferForm.svelte.d.ts +0 -14
- package/dist/ui/PermitOfferForm.svelte.d.ts.map +0 -1
- package/dist/ui/PermitOfferHistory.svelte.d.ts.map +0 -1
- package/dist/ui/PermitOfferInbox.svelte.d.ts.map +0 -1
- package/dist/ui/permit_offers_state.svelte.d.ts.map +0 -1
|
@@ -2,7 +2,14 @@
|
|
|
2
2
|
* Auth entity types and client-safe schemas.
|
|
3
3
|
*
|
|
4
4
|
* Defines the runtime types for the fuz identity system:
|
|
5
|
-
* `Account`, `Actor`, `
|
|
5
|
+
* `Account`, `Actor`, `RoleGrant`, `AuthSession`, and `ApiToken`.
|
|
6
|
+
*
|
|
7
|
+
* Identifier primitives (`Username`, `UsernameProvided`, `Email`) live
|
|
8
|
+
* in `../primitive_schemas.ts` — they're general validator shapes that
|
|
9
|
+
* don't depend on the auth domain. The auth-shape request-contract
|
|
10
|
+
* primitive `ActingActor` lives in `../http/auth_shape.ts` next to
|
|
11
|
+
* `RouteAuth` (the two pair: `auth.actor !== 'none'` ⟺ input declares
|
|
12
|
+
* `acting?: ActingActor`).
|
|
6
13
|
*
|
|
7
14
|
* DDL lives in `auth/ddl.ts`; role system in `auth/role_schema.ts`.
|
|
8
15
|
* See docs/identity.md for design rationale.
|
|
@@ -11,31 +18,15 @@
|
|
|
11
18
|
*/
|
|
12
19
|
import { z } from 'zod';
|
|
13
20
|
import { Uuid } from '@fuzdev/fuz_util/id.js';
|
|
14
|
-
|
|
15
|
-
/** Minimum username length (must have start + middle + end characters). */
|
|
16
|
-
export const USERNAME_LENGTH_MIN = 3;
|
|
17
|
-
/** Maximum username length (matches GitHub's limit). */
|
|
18
|
-
export const USERNAME_LENGTH_MAX = 39;
|
|
19
|
-
/** Maximum length for username input on login/lookup — more permissive than `USERNAME_LENGTH_MAX` for forward-compatibility if the creation limit is raised. */
|
|
20
|
-
export const USERNAME_PROVIDED_LENGTH_MAX = 255;
|
|
21
|
-
/** Username for account creation — starts with letter, alphanumeric/dash/underscore middle, ends with alphanumeric. No @ or . allowed. */
|
|
22
|
-
export const Username = z
|
|
23
|
-
.string()
|
|
24
|
-
.min(USERNAME_LENGTH_MIN)
|
|
25
|
-
.max(USERNAME_LENGTH_MAX)
|
|
26
|
-
.regex(/^[a-zA-Z][0-9a-zA-Z_-]*[0-9a-zA-Z]$/);
|
|
27
|
-
/** Username submitted for login or lookup — minimal validation for forward-compatibility if format rules change. */
|
|
28
|
-
export const UsernameProvided = z.string().min(1).max(USERNAME_PROVIDED_LENGTH_MAX);
|
|
29
|
-
/** Email validation. */
|
|
30
|
-
export const Email = z.email();
|
|
21
|
+
import { Username, Email } from '../primitive_schemas.js';
|
|
31
22
|
/**
|
|
32
23
|
* Maximum length of the optional free-form `revoked_reason` attached to a
|
|
33
|
-
* revoked
|
|
24
|
+
* revoked role_grant. Bounds the value at the schema layer so both the admin
|
|
34
25
|
* input (when the route surfaces a reason field) and the revokee-facing
|
|
35
|
-
* `
|
|
26
|
+
* `role_grant_revoke` WS notification validate against the same ceiling.
|
|
36
27
|
*/
|
|
37
|
-
export const
|
|
38
|
-
export const
|
|
28
|
+
export const ROLE_GRANT_REVOKED_REASON_LENGTH_MAX = 500;
|
|
29
|
+
export const is_role_grant_active = (p, now = new Date()) => !p.revoked_at && (!p.expires_at || new Date(p.expires_at) > now);
|
|
39
30
|
// Client-safe Zod schemas — for route output validation and ActionSpec outputs.
|
|
40
31
|
/** Zod schema for `SessionAccount` — account without sensitive fields. */
|
|
41
32
|
export const SessionAccountJson = z.strictObject({
|
|
@@ -63,10 +54,11 @@ export const ClientApiTokenJson = z.strictObject({
|
|
|
63
54
|
last_used_ip: z.string().nullable(),
|
|
64
55
|
created_at: z.string(),
|
|
65
56
|
});
|
|
66
|
-
/** Zod schema for the
|
|
67
|
-
export const
|
|
57
|
+
/** Zod schema for the role_grant summary returned in admin account listings. */
|
|
58
|
+
export const RoleGrantSummaryJson = z.strictObject({
|
|
68
59
|
id: Uuid,
|
|
69
60
|
role: z.string(),
|
|
61
|
+
scope_kind: z.string().nullable(),
|
|
70
62
|
scope_id: Uuid.nullable(),
|
|
71
63
|
created_at: z.string(),
|
|
72
64
|
expires_at: z.string().nullable(),
|
|
@@ -83,9 +75,9 @@ export const AdminAccountJson = SessionAccountJson.extend({
|
|
|
83
75
|
updated_by: Uuid.nullable(),
|
|
84
76
|
});
|
|
85
77
|
/**
|
|
86
|
-
* Zod schema for a pending
|
|
78
|
+
* Zod schema for a pending role_grant offer surfaced in admin account listings.
|
|
87
79
|
*
|
|
88
|
-
* Deliberately narrower than `
|
|
80
|
+
* Deliberately narrower than `RoleGrantOfferJson`: omits `message` and
|
|
89
81
|
* `decline_reason` so cross-admin visibility of the listing does not expose
|
|
90
82
|
* grantor-authored text that the audit log also withholds. Full offer
|
|
91
83
|
* payloads remain available through the offer-specific RPC surface and the
|
|
@@ -98,17 +90,18 @@ export const AdminAccountJson = SessionAccountJson.extend({
|
|
|
98
90
|
export const PendingOfferSummaryJson = z.strictObject({
|
|
99
91
|
id: Uuid,
|
|
100
92
|
role: z.string(),
|
|
93
|
+
scope_kind: z.string().nullable(),
|
|
101
94
|
scope_id: Uuid.nullable(),
|
|
102
95
|
from_actor_id: Uuid,
|
|
103
96
|
from_username: z.string(),
|
|
104
97
|
created_at: z.string(),
|
|
105
98
|
expires_at: z.string(),
|
|
106
99
|
});
|
|
107
|
-
/** Zod schema for an admin account listing entry (account + actor +
|
|
100
|
+
/** Zod schema for an admin account listing entry (account + actor + role_grants + pending offers). */
|
|
108
101
|
export const AdminAccountEntryJson = z.strictObject({
|
|
109
102
|
account: AdminAccountJson,
|
|
110
103
|
actor: ActorSummaryJson.nullable(),
|
|
111
|
-
|
|
104
|
+
role_grants: z.array(RoleGrantSummaryJson),
|
|
112
105
|
pending_offers: z.array(PendingOfferSummaryJson),
|
|
113
106
|
});
|
|
114
107
|
/**
|
|
@@ -17,10 +17,18 @@
|
|
|
17
17
|
*/
|
|
18
18
|
import { z } from 'zod';
|
|
19
19
|
import type { RequestResponseActionSpec } from '../actions/action_spec.js';
|
|
20
|
-
/** Max audit-log page size.
|
|
20
|
+
/** Max audit-log page size. */
|
|
21
21
|
export declare const AUDIT_LOG_LIST_LIMIT_MAX = 200;
|
|
22
|
-
/**
|
|
23
|
-
export declare const
|
|
22
|
+
/** Default `admin_account_list` page size. */
|
|
23
|
+
export declare const ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT = 50;
|
|
24
|
+
/** Max `admin_account_list` page size. */
|
|
25
|
+
export declare const ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200;
|
|
26
|
+
/** Input for `admin_account_list`. */
|
|
27
|
+
export declare const AdminAccountListInput: z.ZodObject<{
|
|
28
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
29
|
+
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
30
|
+
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
31
|
+
}, z.core.$strict>;
|
|
24
32
|
export type AdminAccountListInput = z.infer<typeof AdminAccountListInput>;
|
|
25
33
|
/** Output for `admin_account_list`. */
|
|
26
34
|
export declare const AdminAccountListOutput: z.ZodObject<{
|
|
@@ -38,9 +46,10 @@ export declare const AdminAccountListOutput: z.ZodObject<{
|
|
|
38
46
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
39
47
|
name: z.ZodString;
|
|
40
48
|
}, z.core.$strict>>;
|
|
41
|
-
|
|
49
|
+
role_grants: z.ZodArray<z.ZodObject<{
|
|
42
50
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
43
51
|
role: z.ZodString;
|
|
52
|
+
scope_kind: z.ZodNullable<z.ZodString>;
|
|
44
53
|
scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
45
54
|
created_at: z.ZodString;
|
|
46
55
|
expires_at: z.ZodNullable<z.ZodString>;
|
|
@@ -49,6 +58,7 @@ export declare const AdminAccountListOutput: z.ZodObject<{
|
|
|
49
58
|
pending_offers: z.ZodArray<z.ZodObject<{
|
|
50
59
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
51
60
|
role: z.ZodString;
|
|
61
|
+
scope_kind: z.ZodNullable<z.ZodString>;
|
|
52
62
|
scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
53
63
|
from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
54
64
|
from_username: z.ZodString;
|
|
@@ -59,8 +69,10 @@ export declare const AdminAccountListOutput: z.ZodObject<{
|
|
|
59
69
|
grantable_roles: z.ZodArray<z.ZodString>;
|
|
60
70
|
}, z.core.$strict>;
|
|
61
71
|
export type AdminAccountListOutput = z.infer<typeof AdminAccountListOutput>;
|
|
62
|
-
/** Input for `admin_session_list`.
|
|
63
|
-
export declare const AdminSessionListInput: z.
|
|
72
|
+
/** Input for `admin_session_list`. */
|
|
73
|
+
export declare const AdminSessionListInput: z.ZodObject<{
|
|
74
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
75
|
+
}, z.core.$strict>;
|
|
64
76
|
export type AdminSessionListInput = z.infer<typeof AdminSessionListInput>;
|
|
65
77
|
/** Output for `admin_session_list`. Cross-account listing; fan-out already scoped by role auth. */
|
|
66
78
|
export declare const AdminSessionListOutput: z.ZodObject<{
|
|
@@ -77,6 +89,7 @@ export type AdminSessionListOutput = z.infer<typeof AdminSessionListOutput>;
|
|
|
77
89
|
/** Input for `admin_session_revoke_all`. */
|
|
78
90
|
export declare const AdminSessionRevokeAllInput: z.ZodObject<{
|
|
79
91
|
account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
92
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
80
93
|
}, z.core.$strict>;
|
|
81
94
|
export type AdminSessionRevokeAllInput = z.infer<typeof AdminSessionRevokeAllInput>;
|
|
82
95
|
/** Output for `admin_session_revoke_all`. */
|
|
@@ -88,6 +101,7 @@ export type AdminSessionRevokeAllOutput = z.infer<typeof AdminSessionRevokeAllOu
|
|
|
88
101
|
/** Input for `admin_token_revoke_all`. */
|
|
89
102
|
export declare const AdminTokenRevokeAllInput: z.ZodObject<{
|
|
90
103
|
account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
104
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
91
105
|
}, z.core.$strict>;
|
|
92
106
|
export type AdminTokenRevokeAllInput = z.infer<typeof AdminTokenRevokeAllInput>;
|
|
93
107
|
/** Output for `admin_token_revoke_all`. */
|
|
@@ -112,6 +126,7 @@ export declare const AuditLogListInput: z.ZodObject<{
|
|
|
112
126
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
113
127
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
114
128
|
since_seq: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
129
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
115
130
|
}, z.core.$strict>;
|
|
116
131
|
export type AuditLogListInput = z.infer<typeof AuditLogListInput>;
|
|
117
132
|
/** Output for `audit_log_list`. */
|
|
@@ -127,6 +142,7 @@ export declare const AuditLogListOutput: z.ZodObject<{
|
|
|
127
142
|
actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
128
143
|
account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
129
144
|
target_account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
145
|
+
target_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
130
146
|
ip: z.ZodNullable<z.ZodString>;
|
|
131
147
|
created_at: z.ZodString;
|
|
132
148
|
metadata: z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
@@ -135,14 +151,15 @@ export declare const AuditLogListOutput: z.ZodObject<{
|
|
|
135
151
|
}, z.core.$strict>>;
|
|
136
152
|
}, z.core.$strict>;
|
|
137
153
|
export type AuditLogListOutput = z.infer<typeof AuditLogListOutput>;
|
|
138
|
-
/** Input for `
|
|
139
|
-
export declare const
|
|
154
|
+
/** Input for `audit_log_role_grant_history`. */
|
|
155
|
+
export declare const AuditLogRoleGrantHistoryInput: z.ZodObject<{
|
|
140
156
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
141
157
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
158
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
142
159
|
}, z.core.$strict>;
|
|
143
|
-
export type
|
|
144
|
-
/** Output for `
|
|
145
|
-
export declare const
|
|
160
|
+
export type AuditLogRoleGrantHistoryInput = z.infer<typeof AuditLogRoleGrantHistoryInput>;
|
|
161
|
+
/** Output for `audit_log_role_grant_history`. */
|
|
162
|
+
export declare const AuditLogRoleGrantHistoryOutput: z.ZodObject<{
|
|
146
163
|
events: z.ZodArray<z.ZodObject<{
|
|
147
164
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
148
165
|
seq: z.ZodNumber;
|
|
@@ -154,6 +171,7 @@ export declare const AuditLogPermitHistoryOutput: z.ZodObject<{
|
|
|
154
171
|
actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
155
172
|
account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
156
173
|
target_account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
174
|
+
target_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
157
175
|
ip: z.ZodNullable<z.ZodString>;
|
|
158
176
|
created_at: z.ZodString;
|
|
159
177
|
metadata: z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
@@ -161,11 +179,12 @@ export declare const AuditLogPermitHistoryOutput: z.ZodObject<{
|
|
|
161
179
|
target_username: z.ZodNullable<z.ZodString>;
|
|
162
180
|
}, z.core.$strict>>;
|
|
163
181
|
}, z.core.$strict>;
|
|
164
|
-
export type
|
|
182
|
+
export type AuditLogRoleGrantHistoryOutput = z.infer<typeof AuditLogRoleGrantHistoryOutput>;
|
|
165
183
|
/** Input for `invite_create`. At least one of `email` / `username` must be provided. */
|
|
166
184
|
export declare const InviteCreateInput: z.ZodObject<{
|
|
167
185
|
email: z.ZodOptional<z.ZodNullable<z.ZodEmail>>;
|
|
168
186
|
username: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
187
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
169
188
|
}, z.core.$strict>;
|
|
170
189
|
export type InviteCreateInput = z.infer<typeof InviteCreateInput>;
|
|
171
190
|
/** Output for `invite_create`. */
|
|
@@ -183,7 +202,9 @@ export declare const InviteCreateOutput: z.ZodObject<{
|
|
|
183
202
|
}, z.core.$strict>;
|
|
184
203
|
export type InviteCreateOutput = z.infer<typeof InviteCreateOutput>;
|
|
185
204
|
/** Input for `invite_list`. */
|
|
186
|
-
export declare const InviteListInput: z.
|
|
205
|
+
export declare const InviteListInput: z.ZodObject<{
|
|
206
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
207
|
+
}, z.core.$strict>;
|
|
187
208
|
export type InviteListInput = z.infer<typeof InviteListInput>;
|
|
188
209
|
/** Output for `invite_list`. Uses the enriched row including creator/claimer usernames. */
|
|
189
210
|
export declare const InviteListOutput: z.ZodObject<{
|
|
@@ -203,6 +224,7 @@ export type InviteListOutput = z.infer<typeof InviteListOutput>;
|
|
|
203
224
|
/** Input for `invite_delete`. */
|
|
204
225
|
export declare const InviteDeleteInput: z.ZodObject<{
|
|
205
226
|
invite_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
227
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
206
228
|
}, z.core.$strict>;
|
|
207
229
|
export type InviteDeleteInput = z.infer<typeof InviteDeleteInput>;
|
|
208
230
|
/** Output for `invite_delete`. */
|
|
@@ -210,8 +232,10 @@ export declare const InviteDeleteOutput: z.ZodObject<{
|
|
|
210
232
|
ok: z.ZodLiteral<true>;
|
|
211
233
|
}, z.core.$strict>;
|
|
212
234
|
export type InviteDeleteOutput = z.infer<typeof InviteDeleteOutput>;
|
|
213
|
-
/** Input for `app_settings_get`.
|
|
214
|
-
export declare const AppSettingsGetInput: z.
|
|
235
|
+
/** Input for `app_settings_get`. */
|
|
236
|
+
export declare const AppSettingsGetInput: z.ZodObject<{
|
|
237
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
238
|
+
}, z.core.$strict>;
|
|
215
239
|
export type AppSettingsGetInput = z.infer<typeof AppSettingsGetInput>;
|
|
216
240
|
/** Output for `app_settings_get`. */
|
|
217
241
|
export declare const AppSettingsGetOutput: z.ZodObject<{
|
|
@@ -226,6 +250,7 @@ export type AppSettingsGetOutput = z.infer<typeof AppSettingsGetOutput>;
|
|
|
226
250
|
/** Input for `app_settings_update`. */
|
|
227
251
|
export declare const AppSettingsUpdateInput: z.ZodObject<{
|
|
228
252
|
open_signup: z.ZodBoolean;
|
|
253
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
229
254
|
}, z.core.$strict>;
|
|
230
255
|
export type AppSettingsUpdateInput = z.infer<typeof AppSettingsUpdateInput>;
|
|
231
256
|
/** Output for `app_settings_update`. */
|
|
@@ -244,10 +269,16 @@ export declare const admin_account_list_action_spec: {
|
|
|
244
269
|
kind: "request_response";
|
|
245
270
|
initiator: "frontend";
|
|
246
271
|
auth: {
|
|
247
|
-
|
|
272
|
+
account: "required";
|
|
273
|
+
actor: "required";
|
|
274
|
+
roles: string[];
|
|
248
275
|
};
|
|
249
276
|
side_effects: false;
|
|
250
|
-
input: z.
|
|
277
|
+
input: z.ZodObject<{
|
|
278
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
279
|
+
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
280
|
+
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
281
|
+
}, z.core.$strict>;
|
|
251
282
|
output: z.ZodObject<{
|
|
252
283
|
accounts: z.ZodArray<z.ZodObject<{
|
|
253
284
|
account: z.ZodObject<{
|
|
@@ -263,9 +294,10 @@ export declare const admin_account_list_action_spec: {
|
|
|
263
294
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
264
295
|
name: z.ZodString;
|
|
265
296
|
}, z.core.$strict>>;
|
|
266
|
-
|
|
297
|
+
role_grants: z.ZodArray<z.ZodObject<{
|
|
267
298
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
268
299
|
role: z.ZodString;
|
|
300
|
+
scope_kind: z.ZodNullable<z.ZodString>;
|
|
269
301
|
scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
270
302
|
created_at: z.ZodString;
|
|
271
303
|
expires_at: z.ZodNullable<z.ZodString>;
|
|
@@ -274,6 +306,7 @@ export declare const admin_account_list_action_spec: {
|
|
|
274
306
|
pending_offers: z.ZodArray<z.ZodObject<{
|
|
275
307
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
276
308
|
role: z.ZodString;
|
|
309
|
+
scope_kind: z.ZodNullable<z.ZodString>;
|
|
277
310
|
scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
278
311
|
from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
279
312
|
from_username: z.ZodString;
|
|
@@ -291,10 +324,14 @@ export declare const admin_session_list_action_spec: {
|
|
|
291
324
|
kind: "request_response";
|
|
292
325
|
initiator: "frontend";
|
|
293
326
|
auth: {
|
|
294
|
-
|
|
327
|
+
account: "required";
|
|
328
|
+
actor: "required";
|
|
329
|
+
roles: string[];
|
|
295
330
|
};
|
|
296
331
|
side_effects: false;
|
|
297
|
-
input: z.
|
|
332
|
+
input: z.ZodObject<{
|
|
333
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
334
|
+
}, z.core.$strict>;
|
|
298
335
|
output: z.ZodObject<{
|
|
299
336
|
sessions: z.ZodArray<z.ZodObject<{
|
|
300
337
|
id: z.ZodString;
|
|
@@ -313,11 +350,14 @@ export declare const admin_session_revoke_all_action_spec: {
|
|
|
313
350
|
kind: "request_response";
|
|
314
351
|
initiator: "frontend";
|
|
315
352
|
auth: {
|
|
316
|
-
|
|
353
|
+
account: "required";
|
|
354
|
+
actor: "required";
|
|
355
|
+
roles: string[];
|
|
317
356
|
};
|
|
318
357
|
side_effects: true;
|
|
319
358
|
input: z.ZodObject<{
|
|
320
359
|
account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
360
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
321
361
|
}, z.core.$strict>;
|
|
322
362
|
output: z.ZodObject<{
|
|
323
363
|
ok: z.ZodLiteral<true>;
|
|
@@ -332,11 +372,14 @@ export declare const admin_token_revoke_all_action_spec: {
|
|
|
332
372
|
kind: "request_response";
|
|
333
373
|
initiator: "frontend";
|
|
334
374
|
auth: {
|
|
335
|
-
|
|
375
|
+
account: "required";
|
|
376
|
+
actor: "required";
|
|
377
|
+
roles: string[];
|
|
336
378
|
};
|
|
337
379
|
side_effects: true;
|
|
338
380
|
input: z.ZodObject<{
|
|
339
381
|
account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
382
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
340
383
|
}, z.core.$strict>;
|
|
341
384
|
output: z.ZodObject<{
|
|
342
385
|
ok: z.ZodLiteral<true>;
|
|
@@ -351,7 +394,9 @@ export declare const audit_log_list_action_spec: {
|
|
|
351
394
|
kind: "request_response";
|
|
352
395
|
initiator: "frontend";
|
|
353
396
|
auth: {
|
|
354
|
-
|
|
397
|
+
account: "required";
|
|
398
|
+
actor: "required";
|
|
399
|
+
roles: string[];
|
|
355
400
|
};
|
|
356
401
|
side_effects: false;
|
|
357
402
|
input: z.ZodObject<{
|
|
@@ -364,6 +409,7 @@ export declare const audit_log_list_action_spec: {
|
|
|
364
409
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
365
410
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
366
411
|
since_seq: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
412
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
367
413
|
}, z.core.$strict>;
|
|
368
414
|
output: z.ZodObject<{
|
|
369
415
|
events: z.ZodArray<z.ZodObject<{
|
|
@@ -377,6 +423,7 @@ export declare const audit_log_list_action_spec: {
|
|
|
377
423
|
actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
378
424
|
account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
379
425
|
target_account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
426
|
+
target_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
380
427
|
ip: z.ZodNullable<z.ZodString>;
|
|
381
428
|
created_at: z.ZodString;
|
|
382
429
|
metadata: z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
@@ -387,17 +434,20 @@ export declare const audit_log_list_action_spec: {
|
|
|
387
434
|
async: true;
|
|
388
435
|
description: string;
|
|
389
436
|
};
|
|
390
|
-
export declare const
|
|
437
|
+
export declare const audit_log_role_grant_history_action_spec: {
|
|
391
438
|
method: string;
|
|
392
439
|
kind: "request_response";
|
|
393
440
|
initiator: "frontend";
|
|
394
441
|
auth: {
|
|
395
|
-
|
|
442
|
+
account: "required";
|
|
443
|
+
actor: "required";
|
|
444
|
+
roles: string[];
|
|
396
445
|
};
|
|
397
446
|
side_effects: false;
|
|
398
447
|
input: z.ZodObject<{
|
|
399
448
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
400
449
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
450
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
401
451
|
}, z.core.$strict>;
|
|
402
452
|
output: z.ZodObject<{
|
|
403
453
|
events: z.ZodArray<z.ZodObject<{
|
|
@@ -411,6 +461,7 @@ export declare const audit_log_permit_history_action_spec: {
|
|
|
411
461
|
actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
412
462
|
account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
413
463
|
target_account_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
464
|
+
target_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
414
465
|
ip: z.ZodNullable<z.ZodString>;
|
|
415
466
|
created_at: z.ZodString;
|
|
416
467
|
metadata: z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
@@ -426,12 +477,15 @@ export declare const invite_create_action_spec: {
|
|
|
426
477
|
kind: "request_response";
|
|
427
478
|
initiator: "frontend";
|
|
428
479
|
auth: {
|
|
429
|
-
|
|
480
|
+
account: "required";
|
|
481
|
+
actor: "required";
|
|
482
|
+
roles: string[];
|
|
430
483
|
};
|
|
431
484
|
side_effects: true;
|
|
432
485
|
input: z.ZodObject<{
|
|
433
486
|
email: z.ZodOptional<z.ZodNullable<z.ZodEmail>>;
|
|
434
487
|
username: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
488
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
435
489
|
}, z.core.$strict>;
|
|
436
490
|
output: z.ZodObject<{
|
|
437
491
|
ok: z.ZodLiteral<true>;
|
|
@@ -454,10 +508,14 @@ export declare const invite_list_action_spec: {
|
|
|
454
508
|
kind: "request_response";
|
|
455
509
|
initiator: "frontend";
|
|
456
510
|
auth: {
|
|
457
|
-
|
|
511
|
+
account: "required";
|
|
512
|
+
actor: "required";
|
|
513
|
+
roles: string[];
|
|
458
514
|
};
|
|
459
515
|
side_effects: false;
|
|
460
|
-
input: z.
|
|
516
|
+
input: z.ZodObject<{
|
|
517
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
518
|
+
}, z.core.$strict>;
|
|
461
519
|
output: z.ZodObject<{
|
|
462
520
|
invites: z.ZodArray<z.ZodObject<{
|
|
463
521
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
@@ -479,11 +537,14 @@ export declare const invite_delete_action_spec: {
|
|
|
479
537
|
kind: "request_response";
|
|
480
538
|
initiator: "frontend";
|
|
481
539
|
auth: {
|
|
482
|
-
|
|
540
|
+
account: "required";
|
|
541
|
+
actor: "required";
|
|
542
|
+
roles: string[];
|
|
483
543
|
};
|
|
484
544
|
side_effects: true;
|
|
485
545
|
input: z.ZodObject<{
|
|
486
546
|
invite_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
547
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
487
548
|
}, z.core.$strict>;
|
|
488
549
|
output: z.ZodObject<{
|
|
489
550
|
ok: z.ZodLiteral<true>;
|
|
@@ -497,10 +558,14 @@ export declare const app_settings_get_action_spec: {
|
|
|
497
558
|
kind: "request_response";
|
|
498
559
|
initiator: "frontend";
|
|
499
560
|
auth: {
|
|
500
|
-
|
|
561
|
+
account: "required";
|
|
562
|
+
actor: "required";
|
|
563
|
+
roles: string[];
|
|
501
564
|
};
|
|
502
565
|
side_effects: false;
|
|
503
|
-
input: z.
|
|
566
|
+
input: z.ZodObject<{
|
|
567
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
568
|
+
}, z.core.$strict>;
|
|
504
569
|
output: z.ZodObject<{
|
|
505
570
|
settings: z.ZodObject<{
|
|
506
571
|
open_signup: z.ZodBoolean;
|
|
@@ -517,11 +582,14 @@ export declare const app_settings_update_action_spec: {
|
|
|
517
582
|
kind: "request_response";
|
|
518
583
|
initiator: "frontend";
|
|
519
584
|
auth: {
|
|
520
|
-
|
|
585
|
+
account: "required";
|
|
586
|
+
actor: "required";
|
|
587
|
+
roles: string[];
|
|
521
588
|
};
|
|
522
589
|
side_effects: true;
|
|
523
590
|
input: z.ZodObject<{
|
|
524
591
|
open_signup: z.ZodBoolean;
|
|
592
|
+
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
525
593
|
}, z.core.$strict>;
|
|
526
594
|
output: z.ZodObject<{
|
|
527
595
|
ok: z.ZodLiteral<true>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAgBzE,+BAA+B;AAC/B,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,8CAA8C;AAC9C,eAAO,MAAM,gCAAgC,KAAK,CAAC;AACnD,0CAA0C;AAC1C,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAIhD,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;kBAYhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;kBAEhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;kBAGnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;kBAuB5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gDAAgD;AAChD,eAAO,MAAM,6BAA6B;;;;kBAYxC,CAAC;AACH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F,iDAAiD;AACjD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;kBAEzC,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAE5F,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;;kBAI5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe;;kBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,oCAAoC;AACpC,eAAO,MAAM,mBAAmB;;kBAE9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;CAWV,CAAC;AAEtC,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,wCAAwC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUhB,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUC,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;CAWP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}
|