@fuzdev/fuz_app 0.54.0 → 0.56.0

package/dist/auth/{permit_offer_notifications.d.ts → role_grant_offer_notifications.d.ts}

@@ -1,29 +1,29 @@
 /**
- * Permit offer WebSocket notification specs, builders, and the narrow
+ * Role grant offer WebSocket notification specs, builders, and the narrow
  * `NotificationSender` interface that decouples offer/revoke send sites
  * from `BackendWebsocketTransport`.
  *
- * Six `RemoteNotificationActionSpec`s cover the consentful-permits
+ * Six `RemoteNotificationActionSpec`s cover the consentful-role-grants
  * lifecycle events the server pushes to affected accounts:
  *
- * - `permit_offer_received` → recipient's sockets when an offer is created
- * - `permit_offer_retracted` → recipient's sockets when a grantor retracts
- * - `permit_offer_accepted` → grantor's sockets when the recipient accepts
- * - `permit_offer_declined` → grantor's sockets when the recipient declines
- * - `permit_offer_supersede` → grantor's sockets when a sibling accept,
- *   a revoke of the resulting permit, or destruction of the parent scope
+ * - `role_grant_offer_received` → recipient's sockets when an offer is created
+ * - `role_grant_offer_retracted` → recipient's sockets when a grantor retracts
+ * - `role_grant_offer_accepted` → grantor's sockets when the recipient accepts
+ * - `role_grant_offer_declined` → grantor's sockets when the recipient declines
+ * - `role_grant_offer_supersede` → grantor's sockets when a sibling accept,
+ *   a revoke of the resulting role_grant, or destruction of the parent scope
  *   row obsoletes their pending offer
- * - `permit_revoke` → revokee's sockets when one of their active permits
- *   is revoked (companion to the `permit_revoke` audit event)
+ * - `role_grant_revoke` → revokee's sockets when one of their active role_grants
+ *   is revoked (companion to the `role_grant_revoke` audit event)
  *
- * Payloads are flat and normalized — `PermitOfferJson` for the offer-lifecycle
+ * Payloads are flat and normalized — `RoleGrantOfferJson` for the offer-lifecycle
  * notifications (decline reason rides on `offer.decline_reason`, not a
- * sibling field), and `{permit_id, role, scope_id, reason?}` for `permit_revoke`. The
+ * sibling field), and `{role_grant_id, role, scope_id, reason?}` for `role_grant_revoke`. The
  * revokee/grantor/recipient account id travels via the send target (the
  * `NotificationSender.send_to_account` argument), not in the payload.
  *
  * The specs surface as `EventSpec`s via `create_action_event_spec` — callers
- * append `PERMIT_OFFER_NOTIFICATION_SPECS` to their `event_specs` on
+ * append `ROLE_GRANT_OFFER_NOTIFICATION_SPECS` to their `event_specs` on
  * `create_app_server` so the surface reflects them and DEV-mode broadcast
  * validation catches payload drift.
  *
@@ -50,19 +50,21 @@ import type { JsonrpcNotification } from '../http/jsonrpc.js';
 export interface NotificationSender {
     send_to_account: (account_id: Uuid, message: JsonrpcNotification) => number;
 }
-export declare const PERMIT_OFFER_RECEIVED_NOTIFICATION_METHOD = "permit_offer_received";
-export declare const PERMIT_OFFER_RETRACTED_NOTIFICATION_METHOD = "permit_offer_retracted";
-export declare const PERMIT_OFFER_ACCEPTED_NOTIFICATION_METHOD = "permit_offer_accepted";
-export declare const PERMIT_OFFER_DECLINED_NOTIFICATION_METHOD = "permit_offer_declined";
-export declare const PERMIT_OFFER_SUPERSEDE_NOTIFICATION_METHOD = "permit_offer_supersede";
-export declare const PERMIT_REVOKE_NOTIFICATION_METHOD = "permit_revoke";
-/** Params for `permit_offer_received` — offer delivered to its recipient. */
-export declare const PermitOfferReceivedParams: z.ZodObject<{
+export declare const ROLE_GRANT_OFFER_RECEIVED_NOTIFICATION_METHOD = "role_grant_offer_received";
+export declare const ROLE_GRANT_OFFER_RETRACTED_NOTIFICATION_METHOD = "role_grant_offer_retracted";
+export declare const ROLE_GRANT_OFFER_ACCEPTED_NOTIFICATION_METHOD = "role_grant_offer_accepted";
+export declare const ROLE_GRANT_OFFER_DECLINED_NOTIFICATION_METHOD = "role_grant_offer_declined";
+export declare const ROLE_GRANT_OFFER_SUPERSEDE_NOTIFICATION_METHOD = "role_grant_offer_supersede";
+export declare const ROLE_GRANT_REVOKE_NOTIFICATION_METHOD = "role_grant_revoke";
+/** Params for `role_grant_offer_received` — offer delivered to its recipient. */
+export declare const RoleGrantOfferReceivedParams: z.ZodObject<{
     offer: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
+        scope_kind: z.ZodNullable<z.ZodString>;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
         created_at: z.ZodString;
@@ -72,17 +74,19 @@ export declare const PermitOfferReceivedParams: z.ZodObject<{
         decline_reason: z.ZodNullable<z.ZodString>;
         retracted_at: z.ZodNullable<z.ZodString>;
         superseded_at: z.ZodNullable<z.ZodString>;
-        resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
 }, z.core.$strict>;
-export type PermitOfferReceivedParams = z.infer<typeof PermitOfferReceivedParams>;
-/** Params for `permit_offer_retracted` — grantor-side retraction. */
-export declare const PermitOfferRetractedParams: z.ZodObject<{
+export type RoleGrantOfferReceivedParams = z.infer<typeof RoleGrantOfferReceivedParams>;
+/** Params for `role_grant_offer_retracted` — grantor-side retraction. */
+export declare const RoleGrantOfferRetractedParams: z.ZodObject<{
     offer: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
+        scope_kind: z.ZodNullable<z.ZodString>;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
         created_at: z.ZodString;
@@ -92,17 +96,19 @@ export declare const PermitOfferRetractedParams: z.ZodObject<{
         decline_reason: z.ZodNullable<z.ZodString>;
         retracted_at: z.ZodNullable<z.ZodString>;
         superseded_at: z.ZodNullable<z.ZodString>;
-        resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
 }, z.core.$strict>;
-export type PermitOfferRetractedParams = z.infer<typeof PermitOfferRetractedParams>;
-/** Params for `permit_offer_accepted` — recipient accepted the offer. */
-export declare const PermitOfferAcceptedParams: z.ZodObject<{
+export type RoleGrantOfferRetractedParams = z.infer<typeof RoleGrantOfferRetractedParams>;
+/** Params for `role_grant_offer_accepted` — recipient accepted the offer. */
+export declare const RoleGrantOfferAcceptedParams: z.ZodObject<{
     offer: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
+        scope_kind: z.ZodNullable<z.ZodString>;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
         created_at: z.ZodString;
@@ -112,21 +118,23 @@ export declare const PermitOfferAcceptedParams: z.ZodObject<{
         decline_reason: z.ZodNullable<z.ZodString>;
         retracted_at: z.ZodNullable<z.ZodString>;
         superseded_at: z.ZodNullable<z.ZodString>;
-        resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
 }, z.core.$strict>;
-export type PermitOfferAcceptedParams = z.infer<typeof PermitOfferAcceptedParams>;
+export type RoleGrantOfferAcceptedParams = z.infer<typeof RoleGrantOfferAcceptedParams>;
 /**
- * Params for `permit_offer_declined`. The decline reason (if any) rides along
+ * Params for `role_grant_offer_declined`. The decline reason (if any) rides along
  * inside `offer.decline_reason` — the DB stamps it on the offer row during
  * decline, so a sibling `reason` field would just duplicate it.
  */
-export declare const PermitOfferDeclinedParams: z.ZodObject<{
+export declare const RoleGrantOfferDeclinedParams: z.ZodObject<{
     offer: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
+        scope_kind: z.ZodNullable<z.ZodString>;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
         created_at: z.ZodString;
@@ -136,25 +144,27 @@ export declare const PermitOfferDeclinedParams: z.ZodObject<{
         decline_reason: z.ZodNullable<z.ZodString>;
         retracted_at: z.ZodNullable<z.ZodString>;
         superseded_at: z.ZodNullable<z.ZodString>;
-        resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
 }, z.core.$strict>;
-export type PermitOfferDeclinedParams = z.infer<typeof PermitOfferDeclinedParams>;
+export type RoleGrantOfferDeclinedParams = z.infer<typeof RoleGrantOfferDeclinedParams>;
 /**
- * Params for `permit_offer_supersede`. Fires to the grantor's sockets when
+ * Params for `role_grant_offer_supersede`. Fires to the grantor's sockets when
  * their pending offer is obsoleted — either by a sibling accept
- * (`reason: 'sibling_accepted'`), by revoke of the resulting permit
- * (`reason: 'permit_revoked'`), or by deletion of the parent scope row
+ * (`reason: 'sibling_accepted'`), by revoke of the resulting role_grant
+ * (`reason: 'role_grant_revoked'`), or by deletion of the parent scope row
  * the offer was bound to (`reason: 'scope_destroyed'`). `cause_id` points
- * at the accepted offer id, the revoked permit id, or the destroyed scope
+ * at the accepted offer id, the revoked role_grant id, or the destroyed scope
  * row id respectively.
  */
-export declare const PermitOfferSupersedeParams: z.ZodObject<{
+export declare const RoleGrantOfferSupersedeParams: z.ZodObject<{
     offer: z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         role: z.ZodString;
+        scope_kind: z.ZodNullable<z.ZodString>;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         message: z.ZodNullable<z.ZodString>;
         created_at: z.ZodString;
@@ -164,31 +174,31 @@ export declare const PermitOfferSupersedeParams: z.ZodObject<{
         decline_reason: z.ZodNullable<z.ZodString>;
         retracted_at: z.ZodNullable<z.ZodString>;
         superseded_at: z.ZodNullable<z.ZodString>;
-        resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     }, z.core.$strict>;
     reason: z.ZodEnum<{
         sibling_accepted: "sibling_accepted";
-        permit_revoked: "permit_revoked";
+        role_grant_revoked: "role_grant_revoked";
         scope_destroyed: "scope_destroyed";
     }>;
     cause_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
 }, z.core.$strict>;
-export type PermitOfferSupersedeParams = z.infer<typeof PermitOfferSupersedeParams>;
+export type RoleGrantOfferSupersedeParams = z.infer<typeof RoleGrantOfferSupersedeParams>;
 /**
- * Params for `permit_revoke`. Delivered to the revokee's sockets when one
- * of their active permits is revoked. Flat wire shape — `revoked_by` is
+ * Params for `role_grant_revoke`. Delivered to the revokee's sockets when one
+ * of their active role_grants is revoked. Flat wire shape — `revoked_by` is
  * admin-UI-visible but deliberately omitted here (the revokee doesn't need
  * to learn the admin's identity). Target account is implicit in the send
  * target.
  */
-export declare const PermitRevokeParams: z.ZodObject<{
-    permit_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+export declare const RoleGrantRevokeParams: z.ZodObject<{
+    role_grant_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
     role: z.ZodString;
     scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
     reason: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>;
-export type PermitRevokeParams = z.infer<typeof PermitRevokeParams>;
-export declare const permit_offer_received_notification_spec: {
+export type RoleGrantRevokeParams = z.infer<typeof RoleGrantRevokeParams>;
+export declare const role_grant_offer_received_notification_spec: {
     method: string;
     kind: "remote_notification";
     initiator: "backend";
@@ -199,7 +209,9 @@ export declare const permit_offer_received_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
             created_at: z.ZodString;
@@ -209,14 +221,14 @@ export declare const permit_offer_received_notification_spec: {
             decline_reason: z.ZodNullable<z.ZodString>;
             retracted_at: z.ZodNullable<z.ZodString>;
             superseded_at: z.ZodNullable<z.ZodString>;
-            resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+            resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         }, z.core.$strict>;
     }, z.core.$strict>;
     output: z.ZodVoid;
     async: true;
     description: string;
 };
-export declare const permit_offer_retracted_notification_spec: {
+export declare const role_grant_offer_retracted_notification_spec: {
     method: string;
     kind: "remote_notification";
     initiator: "backend";
@@ -227,7 +239,9 @@ export declare const permit_offer_retracted_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
             created_at: z.ZodString;
@@ -237,14 +251,14 @@ export declare const permit_offer_retracted_notification_spec: {
             decline_reason: z.ZodNullable<z.ZodString>;
             retracted_at: z.ZodNullable<z.ZodString>;
             superseded_at: z.ZodNullable<z.ZodString>;
-            resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+            resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         }, z.core.$strict>;
     }, z.core.$strict>;
     output: z.ZodVoid;
     async: true;
     description: string;
 };
-export declare const permit_offer_accepted_notification_spec: {
+export declare const role_grant_offer_accepted_notification_spec: {
     method: string;
     kind: "remote_notification";
     initiator: "backend";
@@ -255,7 +269,9 @@ export declare const permit_offer_accepted_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
             created_at: z.ZodString;
@@ -265,14 +281,14 @@ export declare const permit_offer_accepted_notification_spec: {
             decline_reason: z.ZodNullable<z.ZodString>;
             retracted_at: z.ZodNullable<z.ZodString>;
             superseded_at: z.ZodNullable<z.ZodString>;
-            resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+            resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         }, z.core.$strict>;
     }, z.core.$strict>;
     output: z.ZodVoid;
     async: true;
     description: string;
 };
-export declare const permit_offer_declined_notification_spec: {
+export declare const role_grant_offer_declined_notification_spec: {
     method: string;
     kind: "remote_notification";
     initiator: "backend";
@@ -283,7 +299,9 @@ export declare const permit_offer_declined_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
             created_at: z.ZodString;
@@ -293,14 +311,14 @@ export declare const permit_offer_declined_notification_spec: {
             decline_reason: z.ZodNullable<z.ZodString>;
             retracted_at: z.ZodNullable<z.ZodString>;
             superseded_at: z.ZodNullable<z.ZodString>;
-            resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+            resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         }, z.core.$strict>;
     }, z.core.$strict>;
     output: z.ZodVoid;
     async: true;
     description: string;
 };
-export declare const permit_offer_supersede_notification_spec: {
+export declare const role_grant_offer_supersede_notification_spec: {
     method: string;
     kind: "remote_notification";
     initiator: "backend";
@@ -311,7 +329,9 @@ export declare const permit_offer_supersede_notification_spec: {
             id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             from_actor_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
             to_account_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+            to_actor_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             role: z.ZodString;
+            scope_kind: z.ZodNullable<z.ZodString>;
             scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
             message: z.ZodNullable<z.ZodString>;
             created_at: z.ZodString;
@@ -321,11 +341,11 @@ export declare const permit_offer_supersede_notification_spec: {
             decline_reason: z.ZodNullable<z.ZodString>;
             retracted_at: z.ZodNullable<z.ZodString>;
             superseded_at: z.ZodNullable<z.ZodString>;
-            resulting_permit_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+            resulting_role_grant_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         }, z.core.$strict>;
         reason: z.ZodEnum<{
             sibling_accepted: "sibling_accepted";
-            permit_revoked: "permit_revoked";
+            role_grant_revoked: "role_grant_revoked";
             scope_destroyed: "scope_destroyed";
         }>;
         cause_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
@@ -334,14 +354,14 @@ export declare const permit_offer_supersede_notification_spec: {
     async: true;
     description: string;
 };
-export declare const permit_revoke_notification_spec: {
+export declare const role_grant_revoke_notification_spec: {
     method: string;
     kind: "remote_notification";
     initiator: "backend";
     auth: null;
     side_effects: true;
     input: z.ZodObject<{
-        permit_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        role_grant_id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
         role: z.ZodString;
         scope_id: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
         reason: z.ZodNullable<z.ZodString>;
@@ -351,16 +371,16 @@ export declare const permit_revoke_notification_spec: {
     description: string;
 };
 /**
- * SSE/WS event specs for the consentful-permits notification surface.
+ * SSE/WS event specs for the consentful-role-grants notification surface.
  *
  * Pass to `create_app_server`'s `event_specs` so the attack surface reflects
  * them and DEV-mode `create_validated_broadcaster` catches payload drift.
  */
-export declare const PERMIT_OFFER_NOTIFICATION_SPECS: Array<EventSpec>;
-export declare const build_permit_offer_received_notification: (params: PermitOfferReceivedParams) => JsonrpcNotification;
-export declare const build_permit_offer_retracted_notification: (params: PermitOfferRetractedParams) => JsonrpcNotification;
-export declare const build_permit_offer_accepted_notification: (params: PermitOfferAcceptedParams) => JsonrpcNotification;
-export declare const build_permit_offer_declined_notification: (params: PermitOfferDeclinedParams) => JsonrpcNotification;
-export declare const build_permit_offer_supersede_notification: (params: PermitOfferSupersedeParams) => JsonrpcNotification;
-export declare const build_permit_revoke_notification: (params: PermitRevokeParams) => JsonrpcNotification;
-//# sourceMappingURL=permit_offer_notifications.d.ts.map
+export declare const ROLE_GRANT_OFFER_NOTIFICATION_SPECS: Array<EventSpec>;
+export declare const build_role_grant_offer_received_notification: (params: RoleGrantOfferReceivedParams) => JsonrpcNotification;
+export declare const build_role_grant_offer_retracted_notification: (params: RoleGrantOfferRetractedParams) => JsonrpcNotification;
+export declare const build_role_grant_offer_accepted_notification: (params: RoleGrantOfferAcceptedParams) => JsonrpcNotification;
+export declare const build_role_grant_offer_declined_notification: (params: RoleGrantOfferDeclinedParams) => JsonrpcNotification;
+export declare const build_role_grant_offer_supersede_notification: (params: RoleGrantOfferSupersedeParams) => JsonrpcNotification;
+export declare const build_role_grant_revoke_notification: (params: RoleGrantRevokeParams) => JsonrpcNotification;
+//# sourceMappingURL=role_grant_offer_notifications.d.ts.map

package/dist/auth/role_grant_offer_notifications.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role_grant_offer_notifications.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_grant_offer_notifications.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAqB,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAIrE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,oBAAoB,CAAC;AAM5D;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,kBAAkB;IAClC,eAAe,EAAE,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,KAAK,MAAM,CAAC;CAC5E;AAID,eAAO,MAAM,6CAA6C,8BAA8B,CAAC;AACzF,eAAO,MAAM,8CAA8C,+BAA+B,CAAC;AAC3F,eAAO,MAAM,6CAA6C,8BAA8B,CAAC;AACzF,eAAO,MAAM,6CAA6C,8BAA8B,CAAC;AACzF,eAAO,MAAM,8CAA8C,+BAA+B,CAAC;AAC3F,eAAO,MAAM,qCAAqC,sBAAsB,CAAC;AAIzE,iFAAiF;AACjF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;kBAEvC,CAAC;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAExF,yEAAyE;AACzE,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;kBAExC,CAAC;AACH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F,6EAA6E;AAC7E,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;kBAEvC,CAAC;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAExF;;;;GAIG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;kBAEvC,CAAC;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAExF;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;kBAIxC,CAAC;AACH,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB;;;;;kBAKhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,eAAO,MAAM,2CAA2C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUhB,CAAC;AAEzC,eAAO,MAAM,4CAA4C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUjB,CAAC;AAEzC,eAAO,MAAM,2CAA2C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUhB,CAAC;AAEzC,eAAO,MAAM,2CAA2C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUhB,CAAC;AAEzC,eAAO,MAAM,4CAA4C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWjB,CAAC;AAEzC,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;CAUR,CAAC;AAIzC;;;;;GAKG;AACH,eAAO,MAAM,mCAAmC,EAAE,KAAK,CAAC,SAAS,CAOhE,CAAC;AAIF,eAAO,MAAM,4CAA4C,GACxD,QAAQ,4BAA4B,KAClC,mBACgF,CAAC;AAEpF,eAAO,MAAM,6CAA6C,GACzD,QAAQ,6BAA6B,KACnC,mBACiF,CAAC;AAErF,eAAO,MAAM,4CAA4C,GACxD,QAAQ,4BAA4B,KAClC,mBACgF,CAAC;AAEpF,eAAO,MAAM,4CAA4C,GACxD,QAAQ,4BAA4B,KAClC,mBACgF,CAAC;AAEpF,eAAO,MAAM,6CAA6C,GACzD,QAAQ,6BAA6B,KACnC,mBACiF,CAAC;AAErF,eAAO,MAAM,oCAAoC,GAChD,QAAQ,qBAAqB,KAC3B,mBACwE,CAAC"}

package/dist/auth/role_grant_offer_notifications.js

@@ -0,0 +1,182 @@
+/**
+ * Role grant offer WebSocket notification specs, builders, and the narrow
+ * `NotificationSender` interface that decouples offer/revoke send sites
+ * from `BackendWebsocketTransport`.
+ *
+ * Six `RemoteNotificationActionSpec`s cover the consentful-role-grants
+ * lifecycle events the server pushes to affected accounts:
+ *
+ * - `role_grant_offer_received` → recipient's sockets when an offer is created
+ * - `role_grant_offer_retracted` → recipient's sockets when a grantor retracts
+ * - `role_grant_offer_accepted` → grantor's sockets when the recipient accepts
+ * - `role_grant_offer_declined` → grantor's sockets when the recipient declines
+ * - `role_grant_offer_supersede` → grantor's sockets when a sibling accept,
+ *   a revoke of the resulting role_grant, or destruction of the parent scope
+ *   row obsoletes their pending offer
+ * - `role_grant_revoke` → revokee's sockets when one of their active role_grants
+ *   is revoked (companion to the `role_grant_revoke` audit event)
+ *
+ * Payloads are flat and normalized — `RoleGrantOfferJson` for the offer-lifecycle
+ * notifications (decline reason rides on `offer.decline_reason`, not a
+ * sibling field), and `{role_grant_id, role, scope_id, reason?}` for `role_grant_revoke`. The
+ * revokee/grantor/recipient account id travels via the send target (the
+ * `NotificationSender.send_to_account` argument), not in the payload.
+ *
+ * The specs surface as `EventSpec`s via `create_action_event_spec` — callers
+ * append `ROLE_GRANT_OFFER_NOTIFICATION_SPECS` to their `event_specs` on
+ * `create_app_server` so the surface reflects them and DEV-mode broadcast
+ * validation catches payload drift.
+ *
+ * @module
+ */
+import { z } from 'zod';
+import { Uuid as UuidSchema } from '@fuzdev/fuz_util/id.js';
+import { create_action_event_spec } from '../actions/action_bridge.js';
+import { create_jsonrpc_notification } from '../http/jsonrpc_helpers.js';
+import { RoleName } from './role_schema.js';
+import { RoleGrantOfferJson } from './role_grant_offer_schema.js';
+import { ROLE_GRANT_REVOKED_REASON_LENGTH_MAX } from './account_schema.js';
+// -- Method constants -------------------------------------------------------
+export const ROLE_GRANT_OFFER_RECEIVED_NOTIFICATION_METHOD = 'role_grant_offer_received';
+export const ROLE_GRANT_OFFER_RETRACTED_NOTIFICATION_METHOD = 'role_grant_offer_retracted';
+export const ROLE_GRANT_OFFER_ACCEPTED_NOTIFICATION_METHOD = 'role_grant_offer_accepted';
+export const ROLE_GRANT_OFFER_DECLINED_NOTIFICATION_METHOD = 'role_grant_offer_declined';
+export const ROLE_GRANT_OFFER_SUPERSEDE_NOTIFICATION_METHOD = 'role_grant_offer_supersede';
+export const ROLE_GRANT_REVOKE_NOTIFICATION_METHOD = 'role_grant_revoke';
+// -- Params schemas ---------------------------------------------------------
+/** Params for `role_grant_offer_received` — offer delivered to its recipient. */
+export const RoleGrantOfferReceivedParams = z.strictObject({
+    offer: RoleGrantOfferJson,
+});
+/** Params for `role_grant_offer_retracted` — grantor-side retraction. */
+export const RoleGrantOfferRetractedParams = z.strictObject({
+    offer: RoleGrantOfferJson,
+});
+/** Params for `role_grant_offer_accepted` — recipient accepted the offer. */
+export const RoleGrantOfferAcceptedParams = z.strictObject({
+    offer: RoleGrantOfferJson,
+});
+/**
+ * Params for `role_grant_offer_declined`. The decline reason (if any) rides along
+ * inside `offer.decline_reason` — the DB stamps it on the offer row during
+ * decline, so a sibling `reason` field would just duplicate it.
+ */
+export const RoleGrantOfferDeclinedParams = z.strictObject({
+    offer: RoleGrantOfferJson,
+});
+/**
+ * Params for `role_grant_offer_supersede`. Fires to the grantor's sockets when
+ * their pending offer is obsoleted — either by a sibling accept
+ * (`reason: 'sibling_accepted'`), by revoke of the resulting role_grant
+ * (`reason: 'role_grant_revoked'`), or by deletion of the parent scope row
+ * the offer was bound to (`reason: 'scope_destroyed'`). `cause_id` points
+ * at the accepted offer id, the revoked role_grant id, or the destroyed scope
+ * row id respectively.
+ */
+export const RoleGrantOfferSupersedeParams = z.strictObject({
+    offer: RoleGrantOfferJson,
+    reason: z.enum(['sibling_accepted', 'role_grant_revoked', 'scope_destroyed']),
+    cause_id: UuidSchema,
+});
+/**
+ * Params for `role_grant_revoke`. Delivered to the revokee's sockets when one
+ * of their active role_grants is revoked. Flat wire shape — `revoked_by` is
+ * admin-UI-visible but deliberately omitted here (the revokee doesn't need
+ * to learn the admin's identity). Target account is implicit in the send
+ * target.
+ */
+export const RoleGrantRevokeParams = z.strictObject({
+    role_grant_id: UuidSchema,
+    role: RoleName,
+    scope_id: UuidSchema.nullable(),
+    reason: z.string().max(ROLE_GRANT_REVOKED_REASON_LENGTH_MAX).nullable(),
+});
+// -- Action specs -----------------------------------------------------------
+export const role_grant_offer_received_notification_spec = {
+    method: ROLE_GRANT_OFFER_RECEIVED_NOTIFICATION_METHOD,
+    kind: 'remote_notification',
+    initiator: 'backend',
+    auth: null,
+    side_effects: true,
+    input: RoleGrantOfferReceivedParams,
+    output: z.void(),
+    async: true,
+    description: 'A new role_grant offer arrived in the recipient’s inbox.',
+};
+export const role_grant_offer_retracted_notification_spec = {
+    method: ROLE_GRANT_OFFER_RETRACTED_NOTIFICATION_METHOD,
+    kind: 'remote_notification',
+    initiator: 'backend',
+    auth: null,
+    side_effects: true,
+    input: RoleGrantOfferRetractedParams,
+    output: z.void(),
+    async: true,
+    description: 'A pending role_grant offer was retracted by its grantor.',
+};
+export const role_grant_offer_accepted_notification_spec = {
+    method: ROLE_GRANT_OFFER_ACCEPTED_NOTIFICATION_METHOD,
+    kind: 'remote_notification',
+    initiator: 'backend',
+    auth: null,
+    side_effects: true,
+    input: RoleGrantOfferAcceptedParams,
+    output: z.void(),
+    async: true,
+    description: 'A pending role_grant offer was accepted by its recipient.',
+};
+export const role_grant_offer_declined_notification_spec = {
+    method: ROLE_GRANT_OFFER_DECLINED_NOTIFICATION_METHOD,
+    kind: 'remote_notification',
+    initiator: 'backend',
+    auth: null,
+    side_effects: true,
+    input: RoleGrantOfferDeclinedParams,
+    output: z.void(),
+    async: true,
+    description: 'A pending role_grant offer was declined by its recipient.',
+};
+export const role_grant_offer_supersede_notification_spec = {
+    method: ROLE_GRANT_OFFER_SUPERSEDE_NOTIFICATION_METHOD,
+    kind: 'remote_notification',
+    initiator: 'backend',
+    auth: null,
+    side_effects: true,
+    input: RoleGrantOfferSupersedeParams,
+    output: z.void(),
+    async: true,
+    description: 'A grantor’s pending role_grant offer was obsoleted by a sibling accept, by revoke of the resulting role_grant, or by destruction of the parent scope row.',
+};
+export const role_grant_revoke_notification_spec = {
+    method: ROLE_GRANT_REVOKE_NOTIFICATION_METHOD,
+    kind: 'remote_notification',
+    initiator: 'backend',
+    auth: null,
+    side_effects: true,
+    input: RoleGrantRevokeParams,
+    output: z.void(),
+    async: true,
+    description: 'An active role_grant on the revokee’s account was revoked.',
+};
+// -- EventSpec surface ------------------------------------------------------
+/**
+ * SSE/WS event specs for the consentful-role-grants notification surface.
+ *
+ * Pass to `create_app_server`'s `event_specs` so the attack surface reflects
+ * them and DEV-mode `create_validated_broadcaster` catches payload drift.
+ */
+export const ROLE_GRANT_OFFER_NOTIFICATION_SPECS = [
+    create_action_event_spec(role_grant_offer_received_notification_spec),
+    create_action_event_spec(role_grant_offer_retracted_notification_spec),
+    create_action_event_spec(role_grant_offer_accepted_notification_spec),
+    create_action_event_spec(role_grant_offer_declined_notification_spec),
+    create_action_event_spec(role_grant_offer_supersede_notification_spec),
+    create_action_event_spec(role_grant_revoke_notification_spec),
+];
+// -- Notification builders --------------------------------------------------
+export const build_role_grant_offer_received_notification = (params) => create_jsonrpc_notification(ROLE_GRANT_OFFER_RECEIVED_NOTIFICATION_METHOD, params);
+export const build_role_grant_offer_retracted_notification = (params) => create_jsonrpc_notification(ROLE_GRANT_OFFER_RETRACTED_NOTIFICATION_METHOD, params);
+export const build_role_grant_offer_accepted_notification = (params) => create_jsonrpc_notification(ROLE_GRANT_OFFER_ACCEPTED_NOTIFICATION_METHOD, params);
+export const build_role_grant_offer_declined_notification = (params) => create_jsonrpc_notification(ROLE_GRANT_OFFER_DECLINED_NOTIFICATION_METHOD, params);
+export const build_role_grant_offer_supersede_notification = (params) => create_jsonrpc_notification(ROLE_GRANT_OFFER_SUPERSEDE_NOTIFICATION_METHOD, params);
+export const build_role_grant_revoke_notification = (params) => create_jsonrpc_notification(ROLE_GRANT_REVOKE_NOTIFICATION_METHOD, params);