@fuzdev/fuz_app 0.54.0 → 0.56.0

package/dist/http/error_schemas.d.ts

@@ -12,7 +12,7 @@
  * @module
  */
 import { z } from 'zod';
-import type { RouteAuth } from './route_spec.js';
+import { type RouteAuth } from './auth_shape.js';
 /** Request body failed Zod validation. */
 export declare const ERROR_INVALID_REQUEST_BODY: "invalid_request_body";
 /** Request body is not valid JSON or not an object. */
@@ -25,6 +25,16 @@ export declare const ERROR_INVALID_QUERY_PARAMS: "invalid_query_params";
 export declare const ERROR_AUTHENTICATION_REQUIRED: "authentication_required";
 /** Authenticated but missing required role. */
 export declare const ERROR_INSUFFICIENT_PERMISSIONS: "insufficient_permissions";
+/**
+ * Route requires a credential type the request didn't arrive on.
+ * Symmetric with `ERROR_INSUFFICIENT_PERMISSIONS` + `required_roles`:
+ * the body carries `required_credential_types: ReadonlyArray<string>`
+ * — what the route demanded, not what arrived. Today the only
+ * credential gate is keeper (`['daemon_token']`); future gates
+ * (`agent_token`, `group_actor_token`) reuse the same literal and
+ * label themselves through the array.
+ */
+export declare const ERROR_CREDENTIAL_TYPE_REQUIRED: "credential_type_required";
 /** Rate limiter rejected the request. */
 export declare const ERROR_RATE_LIMIT_EXCEEDED: "rate_limit_exceeded";
 /** Username or password is wrong (intentionally vague for enumeration prevention). */
@@ -41,8 +51,39 @@ export declare const ERROR_BEARER_REJECTED_BROWSER: "bearer_token_rejected_in_br
 export declare const ERROR_INVALID_TOKEN: "invalid_token";
 /** Token references a deleted account. */
 export declare const ERROR_ACCOUNT_NOT_FOUND: "account_not_found";
-/** Keeper routes require daemon_token credential type. */
-export declare const ERROR_KEEPER_REQUIRES_DAEMON_TOKEN: "keeper_requires_daemon_token";
+/**
+ * Multi-actor account requires the request to carry an explicit `acting`
+ * field naming the actor the request is acting as, so the dispatcher's
+ * authorization phase doesn't pick a default actor silently. Returned
+ * with the available actors so the client can prompt.
+ */
+export declare const ERROR_ACTOR_REQUIRED: "actor_required";
+/**
+ * Supplied `acting` field does not name an actor on the authenticated
+ * account.
+ */
+export declare const ERROR_ACTOR_NOT_ON_ACCOUNT: "actor_not_on_account";
+/**
+ * Authenticated account exists but has no actors. Server invariant
+ * violation — signup / bootstrap always create an actor in the same
+ * transaction. Surfaced from the dispatcher's authorization phase as a
+ * 500 so the operator sees the corruption signal rather than a confusing
+ * 4xx. Distinct from `ERROR_ACCOUNT_VANISHED`: the actor list was
+ * enumerated successfully and came back empty.
+ */
+export declare const ERROR_NO_ACTORS_ON_ACCOUNT: "no_actors_on_account";
+/**
+ * Authentication validated an account, but a follow-up read in the
+ * authorization phase came back null — the account or its named actor
+ * row was deleted between the credential check and the dispatcher's
+ * `build_request_context` / `build_account_context` step. Torn read,
+ * not a missing-actor invariant violation. Surfaced as 500 so the
+ * operator sees the race signal; clients can retry. Distinct from
+ * `ERROR_ACCOUNT_NOT_FOUND` (stale token referencing a long-deleted
+ * account, raised at credential validation) and
+ * `ERROR_NO_ACTORS_ON_ACCOUNT` (the actor list enumerated empty).
+ */
+export declare const ERROR_ACCOUNT_VANISHED: "account_vanished";
 /** Daemon token header present but malformed or not matching current/previous token. */
 export declare const ERROR_INVALID_DAEMON_TOKEN: "invalid_daemon_token";
 /** Daemon token valid but keeper account not yet resolved (pre-bootstrap). */
@@ -71,8 +112,8 @@ export declare const ERROR_INVITE_ACCOUNT_EXISTS_USERNAME: "invite_account_exist
 export declare const ERROR_INVITE_ACCOUNT_EXISTS_EMAIL: "invite_account_exists_email";
 /** Admin tried to grant a role that is not web-grantable. */
 export declare const ERROR_ROLE_NOT_WEB_GRANTABLE: "role_not_web_grantable";
-/** Permit ID not found or not owned by the target actor. */
-export declare const ERROR_PERMIT_NOT_FOUND: "permit_not_found";
+/** Role grant ID not found or not owned by the target actor. */
+export declare const ERROR_ROLE_GRANT_NOT_FOUND: "role_grant_not_found";
 /** Query parameter `event_type` is not a valid audit event type. */
 export declare const ERROR_INVALID_EVENT_TYPE: "invalid_event_type";
 /** DELETE blocked by a foreign key constraint. */
@@ -104,18 +145,37 @@ export declare const ValidationError: z.ZodObject<{
     }, z.core.$loose>>;
 }, z.core.$loose>;
 export type ValidationError = z.infer<typeof ValidationError>;
-/** Permission error — returned by `require_role()` when the required role is missing. */
+/**
+ * Permission error — returned by `require_role()` and the dispatcher's
+ * post-authorization role gate when the actor's role_grants don't include any
+ * of the route's `auth.roles`.
+ *
+ * `required_roles` carries the full disjunction the route declared
+ * (`auth.roles` from the new flat-record shape). Single-role specs surface
+ * as a one-element array; multi-role disjunctions show every admittable
+ * role so clients can render targeted copy ("requires admin or steward").
+ */
 export declare const PermissionError: z.ZodObject<{
     error: z.ZodLiteral<"insufficient_permissions">;
-    required_role: z.ZodString;
+    required_roles: z.ZodReadonly<z.ZodArray<z.ZodString>>;
 }, z.core.$loose>;
 export type PermissionError = z.infer<typeof PermissionError>;
-/** Keeper credential error — returned by `require_keeper` when credential type is wrong. */
-export declare const KeeperError: z.ZodObject<{
-    error: z.ZodLiteral<"keeper_requires_daemon_token">;
-    credential_type: z.ZodString;
+/**
+ * Credential-type error — returned by the dispatcher's post-authorization
+ * credential gate (and the `require_credential_types` REST middleware) when
+ * the request's credential type isn't in the route's
+ * `auth.credential_types` allowlist.
+ *
+ * `required_credential_types` carries what the route declared
+ * (`['daemon_token']` for keeper; future gates carry their own labels).
+ * Symmetric with `PermissionError`'s `required_roles`: clients see what
+ * the route demanded, not what their credential is.
+ */
+export declare const CredentialTypeRequiredError: z.ZodObject<{
+    error: z.ZodLiteral<"credential_type_required">;
+    required_credential_types: z.ZodReadonly<z.ZodArray<z.ZodString>>;
 }, z.core.$loose>;
-export type KeeperError = z.infer<typeof KeeperError>;
+export type CredentialTypeRequiredError = z.infer<typeof CredentialTypeRequiredError>;
 /** Rate limit error — returned when a rate limiter rejects the request. */
 export declare const RateLimitError: z.ZodObject<{
     error: z.ZodLiteral<"rate_limit_exceeded">;
@@ -132,6 +192,44 @@ export declare const ForeignKeyError: z.ZodObject<{
     error: z.ZodLiteral<"foreign_key_violation">;
 }, z.core.$loose>;
 export type ForeignKeyError = z.infer<typeof ForeignKeyError>;
+/**
+ * Authorization-phase failure shapes. Surfaced when the dispatcher's
+ * `apply_authorization_phase` rejects a request before the handler runs —
+ * the route is acting-aware (input declares `acting?: ActingActor` or
+ * auth requires role_grants), but actor resolution failed.
+ *
+ * 400: `actor_required` (with `available[]`) for unspecified-actor on
+ * a multi-actor account; `actor_not_on_account` for a supplied actor
+ * id that doesn't belong to the authenticated account.
+ *
+ * 500: `no_actors_on_account` for a signup-invariant violation (the
+ * actor list enumerated empty); `account_vanished` for a torn-read
+ * race (account/actor row deleted between credential validation and
+ * the dispatcher's follow-up read).
+ *
+ * Used by `derive_error_schemas` when `auth.actor !== 'none'` so the
+ * merged error surface matches what the dispatcher actually emits.
+ */
+export declare const ActorRequiredError: z.ZodObject<{
+    error: z.ZodLiteral<"actor_required">;
+    available: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+    }, z.core.$loose>>;
+}, z.core.$loose>;
+export type ActorRequiredError = z.infer<typeof ActorRequiredError>;
+export declare const ActorNotOnAccountError: z.ZodObject<{
+    error: z.ZodLiteral<"actor_not_on_account">;
+}, z.core.$loose>;
+export type ActorNotOnAccountError = z.infer<typeof ActorNotOnAccountError>;
+export declare const NoActorsOnAccountError: z.ZodObject<{
+    error: z.ZodLiteral<"no_actors_on_account">;
+}, z.core.$loose>;
+export type NoActorsOnAccountError = z.infer<typeof NoActorsOnAccountError>;
+export declare const AccountVanishedError: z.ZodObject<{
+    error: z.ZodLiteral<"account_vanished">;
+}, z.core.$loose>;
+export type AccountVanishedError = z.infer<typeof AccountVanishedError>;
 /**
  * Error schema map — maps HTTP status codes to Zod schemas.
  *
@@ -161,12 +259,27 @@ export type RateLimitKey = z.infer<typeof RateLimitKey>;
  * Route handlers can declare additional error schemas via `RouteSpec.errors`;
  * explicit entries override auto-derived ones for the same status code.
  *
- * Derivation rules:
- * - **Has input schema** (non-null) or **has params schema** or **has query schema**: 400 (validation error with issues)
- * - **auth: authenticated**: 401
- * - **auth: role**: 401 + 403 (with `required_role`)
- * - **auth: keeper**: 401 + 403 (keeper-specific)
- * - **rate_limit**: 429 (rate limit exceeded with `retry_after`)
+ * Derivation rules under the new flat-record auth shape:
+ * - **Has input / params / query schema**: 400 (`ValidationError`).
+ * - **`auth.account === 'required'`** or **`auth.actor === 'required'`**: 401
+ *   (`ApiError`) — pre-validation 401 fires when the credential isn't there.
+ *   `'optional'` does not derive 401.
+ * - **`auth.roles?.length`**: 403 (`PermissionError` carrying `required_roles`).
+ * - **`auth.credential_types?.length`**: 403 (`CredentialTypeRequiredError`
+ *   carrying `required_credential_types` — symmetric with `PermissionError`).
+ *   Today the only credential gate is keeper; future gates reuse the literal.
+ * - **`auth.actor !== 'none'`** (`'optional'` or `'required'`): extends 400
+ *   with `ActorRequiredError` / `ActorNotOnAccountError` and adds 500 union
+ *   of `NoActorsOnAccountError` / `AccountVanishedError`. The dispatcher's
+ *   authorization phase emits these whenever it tries to resolve an actor.
+ * - **rate_limit**: 429 (`RateLimitError` with `retry_after`).
  */
-export declare const derive_error_schemas: (auth: RouteAuth, has_input: boolean, has_params?: boolean, has_query?: boolean, rate_limit?: RateLimitKey) => RouteErrorSchemas;
+export interface DeriveErrorSchemasOptions {
+    auth: RouteAuth;
+    has_input?: boolean;
+    has_params?: boolean;
+    has_query?: boolean;
+    rate_limit?: RateLimitKey;
+}
+export declare const derive_error_schemas: ({ auth, has_input, has_params, has_query, rate_limit, }: DeriveErrorSchemasOptions) => RouteErrorSchemas;
 //# sourceMappingURL=error_schemas.d.ts.map

package/dist/http/error_schemas.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error_schemas.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/error_schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAI/C,0CAA0C;AAC1C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,uDAAuD;AACvD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,6CAA6C;AAC7C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAI1E,wCAAwC;AACxC,eAAO,MAAM,6BAA6B,EAAG,yBAAkC,CAAC;AAEhF,+CAA+C;AAC/C,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF,yCAAyC;AACzC,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,sFAAsF;AACtF,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,qDAAqD;AACrD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAIpE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,wCAAwC;AACxC,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,sEAAsE;AACtE,eAAO,MAAM,6BAA6B,EAAG,0CAAmD,CAAC;AAEjG,uEAAuE;AACvE,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,0CAA0C;AAC1C,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAIpE,0DAA0D;AAC1D,eAAO,MAAM,kCAAkC,EAAG,8BAAuC,CAAC;AAE1F,wFAAwF;AACxF,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8EAA8E;AAC9E,eAAO,MAAM,mCAAmC,EAAG,+BAAwC,CAAC;AAE5F,uDAAuD;AACvD,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,qEAAqE;AACrE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,8DAA8D;AAC9D,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,0GAA0G;AAC1G,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,gDAAgD;AAChD,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,sDAAsD;AACtD,eAAO,MAAM,+BAA+B,EAAG,2BAAoC,CAAC;AAEpF,qEAAqE;AACrE,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,6DAA6D;AAC7D,eAAO,MAAM,oCAAoC,EAAG,gCAAyC,CAAC;AAE9F,0DAA0D;AAC1D,eAAO,MAAM,iCAAiC,EAAG,6BAAsC,CAAC;AAIxF,6DAA6D;AAC7D,eAAO,MAAM,4BAA4B,EAAG,wBAAiC,CAAC;AAE9E,4DAA4D;AAC5D,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,oEAAoE;AACpE,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAItE,kDAAkD;AAClD,eAAO,MAAM,2BAA2B,EAAG,uBAAgC,CAAC;AAE5E,oDAAoD;AACpD,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,iEAAiE;AACjE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,6CAA6C;AAC7C,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,wEAAwE;AACxE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AAKtF,iFAAiF;AACjF,eAAO,MAAM,QAAQ;;iBAAqC,CAAC;AAC3D,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAEhD;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;;;;;iBAS1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,yFAAyF;AACzF,eAAO,MAAM,eAAe;;;iBAG1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4FAA4F;AAC5F,eAAO,MAAM,WAAW;;;iBAGtB,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,2EAA2E;AAC3E,eAAO,MAAM,cAAc;;;iBAGzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,uFAAuF;AACvF,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,qFAAqF;AACrF,eAAO,MAAM,eAAe;;iBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAEnE;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY;;;;EAAoC,CAAC;AAC9D,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,WAAW,OAAO,EAClB,oBAAkB,EAClB,mBAAiB,EACjB,aAAa,YAAY,KACvB,iBA4BF,CAAC"}
+{"version":3,"file":"error_schemas.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/error_schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAc,KAAK,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAI5D,0CAA0C;AAC1C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,uDAAuD;AACvD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,6CAA6C;AAC7C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAI1E,wCAAwC;AACxC,eAAO,MAAM,6BAA6B,EAAG,yBAAkC,CAAC;AAEhF,+CAA+C;AAC/C,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF,yCAAyC;AACzC,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,sFAAsF;AACtF,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,qDAAqD;AACrD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAIpE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,wCAAwC;AACxC,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,sEAAsE;AACtE,eAAO,MAAM,6BAA6B,EAAG,0CAAmD,CAAC;AAEjG,uEAAuE;AACvE,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,0CAA0C;AAC1C,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAE9D;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E;;;;;;;GAOG;AACH,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAIlE,wFAAwF;AACxF,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8EAA8E;AAC9E,eAAO,MAAM,mCAAmC,EAAG,+BAAwC,CAAC;AAE5F,uDAAuD;AACvD,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,qEAAqE;AACrE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,8DAA8D;AAC9D,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,0GAA0G;AAC1G,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,gDAAgD;AAChD,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,sDAAsD;AACtD,eAAO,MAAM,+BAA+B,EAAG,2BAAoC,CAAC;AAEpF,qEAAqE;AACrE,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,6DAA6D;AAC7D,eAAO,MAAM,oCAAoC,EAAG,gCAAyC,CAAC;AAE9F,0DAA0D;AAC1D,eAAO,MAAM,iCAAiC,EAAG,6BAAsC,CAAC;AAIxF,6DAA6D;AAC7D,eAAO,MAAM,4BAA4B,EAAG,wBAAiC,CAAC;AAE9E,gEAAgE;AAChE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,oEAAoE;AACpE,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAItE,kDAAkD;AAClD,eAAO,MAAM,2BAA2B,EAAG,uBAAgC,CAAC;AAE5E,oDAAoD;AACpD,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,iEAAiE;AACjE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,6CAA6C;AAC7C,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,wEAAwE;AACxE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AAKtF,iFAAiF;AACjF,eAAO,MAAM,QAAQ;;iBAAqC,CAAC;AAC3D,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAEhD;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;;;;;iBAS1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe;;;iBAG1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;;;;;;;GAUG;AACH,eAAO,MAAM,2BAA2B;;;iBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,2EAA2E;AAC3E,eAAO,MAAM,cAAc;;;iBAGzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,uFAAuF;AACvF,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,qFAAqF;AACrF,eAAO,MAAM,eAAe;;iBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,kBAAkB;;;;;;iBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAEnE;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY;;;;EAAoC,CAAC;AAC9D,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,WAAW,yBAAyB;IACzC,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;CAC1B;AAED,eAAO,MAAM,oBAAoB,GAAI,yDAMlC,yBAAyB,KAAG,iBAwC9B,CAAC"}

package/dist/http/error_schemas.js

@@ -12,6 +12,7 @@
  * @module
  */
 import { z } from 'zod';
+import { needs_actor } from './auth_shape.js';
 // --- Core: Validation (auto-derived by route spec middleware) ---
 /** Request body failed Zod validation. */
 export const ERROR_INVALID_REQUEST_BODY = 'invalid_request_body';
@@ -26,6 +27,16 @@ export const ERROR_INVALID_QUERY_PARAMS = 'invalid_query_params';
 export const ERROR_AUTHENTICATION_REQUIRED = 'authentication_required';
 /** Authenticated but missing required role. */
 export const ERROR_INSUFFICIENT_PERMISSIONS = 'insufficient_permissions';
+/**
+ * Route requires a credential type the request didn't arrive on.
+ * Symmetric with `ERROR_INSUFFICIENT_PERMISSIONS` + `required_roles`:
+ * the body carries `required_credential_types: ReadonlyArray<string>`
+ * — what the route demanded, not what arrived. Today the only
+ * credential gate is keeper (`['daemon_token']`); future gates
+ * (`agent_token`, `group_actor_token`) reuse the same literal and
+ * label themselves through the array.
+ */
+export const ERROR_CREDENTIAL_TYPE_REQUIRED = 'credential_type_required';
 /** Rate limiter rejected the request. */
 export const ERROR_RATE_LIMIT_EXCEEDED = 'rate_limit_exceeded';
 /** Username or password is wrong (intentionally vague for enumeration prevention). */
@@ -43,9 +54,40 @@ export const ERROR_BEARER_REJECTED_BROWSER = 'bearer_token_rejected_in_browser_c
 export const ERROR_INVALID_TOKEN = 'invalid_token';
 /** Token references a deleted account. */
 export const ERROR_ACCOUNT_NOT_FOUND = 'account_not_found';
+/**
+ * Multi-actor account requires the request to carry an explicit `acting`
+ * field naming the actor the request is acting as, so the dispatcher's
+ * authorization phase doesn't pick a default actor silently. Returned
+ * with the available actors so the client can prompt.
+ */
+export const ERROR_ACTOR_REQUIRED = 'actor_required';
+/**
+ * Supplied `acting` field does not name an actor on the authenticated
+ * account.
+ */
+export const ERROR_ACTOR_NOT_ON_ACCOUNT = 'actor_not_on_account';
+/**
+ * Authenticated account exists but has no actors. Server invariant
+ * violation — signup / bootstrap always create an actor in the same
+ * transaction. Surfaced from the dispatcher's authorization phase as a
+ * 500 so the operator sees the corruption signal rather than a confusing
+ * 4xx. Distinct from `ERROR_ACCOUNT_VANISHED`: the actor list was
+ * enumerated successfully and came back empty.
+ */
+export const ERROR_NO_ACTORS_ON_ACCOUNT = 'no_actors_on_account';
+/**
+ * Authentication validated an account, but a follow-up read in the
+ * authorization phase came back null — the account or its named actor
+ * row was deleted between the credential check and the dispatcher's
+ * `build_request_context` / `build_account_context` step. Torn read,
+ * not a missing-actor invariant violation. Surfaced as 500 so the
+ * operator sees the race signal; clients can retry. Distinct from
+ * `ERROR_ACCOUNT_NOT_FOUND` (stale token referencing a long-deleted
+ * account, raised at credential validation) and
+ * `ERROR_NO_ACTORS_ON_ACCOUNT` (the actor list enumerated empty).
+ */
+export const ERROR_ACCOUNT_VANISHED = 'account_vanished';
 // --- Keeper / daemon token ---
-/** Keeper routes require daemon_token credential type. */
-export const ERROR_KEEPER_REQUIRES_DAEMON_TOKEN = 'keeper_requires_daemon_token';
 /** Daemon token header present but malformed or not matching current/previous token. */
 export const ERROR_INVALID_DAEMON_TOKEN = 'invalid_daemon_token';
 /** Daemon token valid but keeper account not yet resolved (pre-bootstrap). */
@@ -77,8 +119,8 @@ export const ERROR_INVITE_ACCOUNT_EXISTS_EMAIL = 'invite_account_exists_email';
 // --- Admin routes ---
 /** Admin tried to grant a role that is not web-grantable. */
 export const ERROR_ROLE_NOT_WEB_GRANTABLE = 'role_not_web_grantable';
-/** Permit ID not found or not owned by the target actor. */
-export const ERROR_PERMIT_NOT_FOUND = 'permit_not_found';
+/** Role grant ID not found or not owned by the target actor. */
+export const ERROR_ROLE_GRANT_NOT_FOUND = 'role_grant_not_found';
 /** Query parameter `event_type` is not a valid audit event type. */
 export const ERROR_INVALID_EVENT_TYPE = 'invalid_event_type';
 // --- DB table browser ---
@@ -109,15 +151,34 @@ export const ValidationError = z.looseObject({
         path: z.array(z.union([z.string(), z.number()])),
     })),
 });
-/** Permission error — returned by `require_role()` when the required role is missing. */
+/**
+ * Permission error — returned by `require_role()` and the dispatcher's
+ * post-authorization role gate when the actor's role_grants don't include any
+ * of the route's `auth.roles`.
+ *
+ * `required_roles` carries the full disjunction the route declared
+ * (`auth.roles` from the new flat-record shape). Single-role specs surface
+ * as a one-element array; multi-role disjunctions show every admittable
+ * role so clients can render targeted copy ("requires admin or steward").
+ */
 export const PermissionError = z.looseObject({
     error: z.literal(ERROR_INSUFFICIENT_PERMISSIONS),
-    required_role: z.string(),
+    required_roles: z.array(z.string()).readonly(),
 });
-/** Keeper credential error — returned by `require_keeper` when credential type is wrong. */
-export const KeeperError = z.looseObject({
-    error: z.literal(ERROR_KEEPER_REQUIRES_DAEMON_TOKEN),
-    credential_type: z.string(),
+/**
+ * Credential-type error — returned by the dispatcher's post-authorization
+ * credential gate (and the `require_credential_types` REST middleware) when
+ * the request's credential type isn't in the route's
+ * `auth.credential_types` allowlist.
+ *
+ * `required_credential_types` carries what the route declared
+ * (`['daemon_token']` for keeper; future gates carry their own labels).
+ * Symmetric with `PermissionError`'s `required_roles`: clients see what
+ * the route demanded, not what their credential is.
+ */
+export const CredentialTypeRequiredError = z.looseObject({
+    error: z.literal(ERROR_CREDENTIAL_TYPE_REQUIRED),
+    required_credential_types: z.array(z.string()).readonly(),
 });
 /** Rate limit error — returned when a rate limiter rejects the request. */
 export const RateLimitError = z.looseObject({
@@ -132,6 +193,37 @@ export const PayloadTooLargeError = z.looseObject({
 export const ForeignKeyError = z.looseObject({
     error: z.literal(ERROR_FOREIGN_KEY_VIOLATION),
 });
+/**
+ * Authorization-phase failure shapes. Surfaced when the dispatcher's
+ * `apply_authorization_phase` rejects a request before the handler runs —
+ * the route is acting-aware (input declares `acting?: ActingActor` or
+ * auth requires role_grants), but actor resolution failed.
+ *
+ * 400: `actor_required` (with `available[]`) for unspecified-actor on
+ * a multi-actor account; `actor_not_on_account` for a supplied actor
+ * id that doesn't belong to the authenticated account.
+ *
+ * 500: `no_actors_on_account` for a signup-invariant violation (the
+ * actor list enumerated empty); `account_vanished` for a torn-read
+ * race (account/actor row deleted between credential validation and
+ * the dispatcher's follow-up read).
+ *
+ * Used by `derive_error_schemas` when `auth.actor !== 'none'` so the
+ * merged error surface matches what the dispatcher actually emits.
+ */
+export const ActorRequiredError = z.looseObject({
+    error: z.literal(ERROR_ACTOR_REQUIRED),
+    available: z.array(z.looseObject({ id: z.string(), name: z.string() })),
+});
+export const ActorNotOnAccountError = z.looseObject({
+    error: z.literal(ERROR_ACTOR_NOT_ON_ACCOUNT),
+});
+export const NoActorsOnAccountError = z.looseObject({
+    error: z.literal(ERROR_NO_ACTORS_ON_ACCOUNT),
+});
+export const AccountVanishedError = z.looseObject({
+    error: z.literal(ERROR_ACCOUNT_VANISHED),
+});
 /**
  * Rate limit key type — declares what a route or RPC action's rate limiter
  * is keyed on.
@@ -143,39 +235,39 @@ export const ForeignKeyError = z.looseObject({
  * - `'both'` — both keys.
  */
 export const RateLimitKey = z.enum(['ip', 'account', 'both']);
-/**
- * Derive error schemas from a route's auth requirement, input schema, and rate limit config.
- *
- * Returns the error schemas that middleware will auto-produce for this route.
- * Route handlers can declare additional error schemas via `RouteSpec.errors`;
- * explicit entries override auto-derived ones for the same status code.
- *
- * Derivation rules:
- * - **Has input schema** (non-null) or **has params schema** or **has query schema**: 400 (validation error with issues)
- * - **auth: authenticated**: 401
- * - **auth: role**: 401 + 403 (with `required_role`)
- * - **auth: keeper**: 401 + 403 (keeper-specific)
- * - **rate_limit**: 429 (rate limit exceeded with `retry_after`)
- */
-export const derive_error_schemas = (auth, has_input, has_params = false, has_query = false, rate_limit) => {
+export const derive_error_schemas = ({ auth, has_input = false, has_params = false, has_query = false, rate_limit, }) => {
     const errors = {};
-    if (has_input || has_params || has_query) {
+    const has_validation = has_input || has_params || has_query;
+    if (needs_actor(auth)) {
+        errors[400] = has_validation
+            ? z.union([ValidationError, ActorRequiredError, ActorNotOnAccountError])
+            : z.union([ActorRequiredError, ActorNotOnAccountError]);
+        errors[500] = z.union([NoActorsOnAccountError, AccountVanishedError]);
+    }
+    else if (has_validation) {
         errors[400] = ValidationError;
     }
-    switch (auth.type) {
-        case 'none':
-            break;
-        case 'authenticated':
-            errors[401] = ApiError;
-            break;
-        case 'role':
-            errors[401] = ApiError;
-            errors[403] = PermissionError;
-            break;
-        case 'keeper':
-            errors[401] = ApiError;
-            errors[403] = KeeperError;
-            break;
+    // 401 fires when the dispatcher's pre-validation gate rejects an
+    // unauthenticated caller — `account === 'required'` (no credential) or
+    // `actor === 'required'` (no credential to resolve an actor against,
+    // per registry-time invariant 3 forbidding accountless actors in v1).
+    if (auth.account === 'required' || auth.actor === 'required') {
+        errors[401] = ApiError;
+    }
+    // 403 fires when `auth.roles` or `auth.credential_types` rejects a
+    // resolved request context. With both axes set, the 403 body could be
+    // either shape — emit the union so DEV-mode error-schema validation
+    // accepts whichever the dispatcher produced.
+    const has_role_gate = !!auth.roles?.length;
+    const has_credential_gate = !!auth.credential_types?.length;
+    if (has_role_gate && has_credential_gate) {
+        errors[403] = z.union([PermissionError, CredentialTypeRequiredError]);
+    }
+    else if (has_role_gate) {
+        errors[403] = PermissionError;
+    }
+    else if (has_credential_gate) {
+        errors[403] = CredentialTypeRequiredError;
     }
     if (rate_limit) {
         errors[429] = RateLimitError;

package/dist/http/jsonrpc_errors.d.ts

@@ -16,6 +16,7 @@
  *
  * @module
  */
+import type { ContentfulStatusCode } from 'hono/utils/http-status';
 import { type JsonrpcErrorCode, type JsonrpcErrorObject } from './jsonrpc.js';
 /** Default message for unknown errors. */
 export declare const UNKNOWN_ERROR_MESSAGE = "unknown error";
@@ -97,13 +98,37 @@ export declare const HTTP_STATUS_TO_JSONRPC_ERROR_CODE: Record<number, JsonrpcEr
  * Map a JSON-RPC error code to an HTTP status code.
  *
  * Returns 500 for unrecognized codes (consumer-defined codes
- * without a mapping default to internal server error).
+ * without a mapping default to internal server error). The return
+ * is narrowed to Hono's `ContentfulStatusCode` so call sites can
+ * pass the result to `c.json(body, status)` without `as any` —
+ * 499 (nginx "client closed request") is non-standard and gets
+ * absorbed by the cast here rather than at every dispatcher branch.
  */
-export declare const jsonrpc_error_code_to_http_status: (code: JsonrpcErrorCode) => number;
+export declare const jsonrpc_error_code_to_http_status: (code: JsonrpcErrorCode) => ContentfulStatusCode;
 /**
  * Map an HTTP status code to a JSON-RPC error code.
  *
  * Returns `internal_error` (-32603) for unrecognized status codes.
  */
 export declare const http_status_to_jsonrpc_error_code: (status: number) => JsonrpcErrorCode;
+/**
+ * Reverse map of `JSONRPC_ERROR_CODES` — JSON-RPC error code → name.
+ *
+ * Used by REST emitters that need a stable string identifier for the
+ * code in their flat-shape error body (`{error: '<name>', ...}`)
+ * without inventing a separate vocabulary. Built once at module load
+ * from the canonical `JSONRPC_ERROR_CODES` map so the two cannot drift.
+ *
+ * Consumer-defined codes outside the standard taxonomy are not present;
+ * `jsonrpc_error_code_to_name` falls back to `'internal_error'` so the
+ * REST shape always carries some reason rather than `undefined`.
+ */
+export declare const JSONRPC_ERROR_CODE_TO_NAME: Readonly<Record<number, JsonrpcErrorName>>;
+/**
+ * Map a JSON-RPC error code to its canonical name (`'not_found'`,
+ * `'forbidden'`, etc.). Falls back to `'internal_error'` for codes
+ * outside the standard taxonomy so REST emitters that read this for
+ * their `error` field always have a stable string to emit.
+ */
+export declare const jsonrpc_error_code_to_name: (code: JsonrpcErrorCode) => JsonrpcErrorName;
 //# sourceMappingURL=jsonrpc_errors.d.ts.map

package/dist/http/jsonrpc_errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jsonrpc_errors.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/jsonrpc_errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAMN,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,MAAM,cAAc,CAAC;AAEtB,0CAA0C;AAC1C,eAAO,MAAM,qBAAqB,kBAAkB,CAAC;AAErD,sEAAsE;AACtE,MAAM,MAAM,gBAAgB,GACzB,aAAa,GACb,iBAAiB,GACjB,kBAAkB,GAClB,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,WAAW,GACX,WAAW,GACX,UAAU,GACV,kBAAkB,GAClB,cAAc,GACd,qBAAqB,GACrB,SAAS,GACT,gBAAgB,GAChB,mBAAmB,CAAC;AAEvB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,mBAAmB,EA0C1B,QAAQ,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAE3D;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,EAmG7B,QAAQ,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC;AAEtF;;;;;GAKG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;IAC5C,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,CAAC,EAAE,OAAO,CAAC;gBAEH,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY;CAK3F;AAWD;;;;GAIG;AACH,eAAO,MAAM,cAAc;8CAXQ,kBAAkB;kDAAlB,kBAAkB;mDAAlB,kBAAkB;iDAAlB,kBAAkB;iDAAlB,kBAAkB;kDAAlB,kBAAkB;4CAAlB,kBAAkB;4CAAlB,kBAAkB;2CAAlB,kBAAkB;mDAAlB,kBAAkB;+CAAlB,kBAAkB;sDAAlB,kBAAkB;0CAAlB,kBAAkB;iDAAlB,kBAAkB;oDAAlB,kBAAkB;CA2BqC,CAAC;AAI3F;;;;;;;GAOG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAkBpE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAMzC,CAAC;AAEvC;;;;;GAKG;AACH,eAAO,MAAM,iCAAiC,GAAI,MAAM,gBAAgB,KAAG,MAClB,CAAC;AAE1D;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,GAAI,QAAQ,MAAM,KAAG,gBACa,CAAC"}
+{"version":3,"file":"jsonrpc_errors.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/jsonrpc_errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAC,oBAAoB,EAAC,MAAM,wBAAwB,CAAC;AAEjE,OAAO,EAMN,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,MAAM,cAAc,CAAC;AAEtB,0CAA0C;AAC1C,eAAO,MAAM,qBAAqB,kBAAkB,CAAC;AAErD,sEAAsE;AACtE,MAAM,MAAM,gBAAgB,GACzB,aAAa,GACb,iBAAiB,GACjB,kBAAkB,GAClB,gBAAgB,GAChB,gBAAgB,GAChB,iBAAiB,GACjB,WAAW,GACX,WAAW,GACX,UAAU,GACV,kBAAkB,GAClB,cAAc,GACd,qBAAqB,GACrB,SAAS,GACT,gBAAgB,GAChB,mBAAmB,CAAC;AAEvB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,mBAAmB,EA0C1B,QAAQ,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAE3D;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,EAmG7B,QAAQ,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC;AAEtF;;;;;GAKG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;IAC5C,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,CAAC,EAAE,OAAO,CAAC;gBAEH,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY;CAK3F;AAWD;;;;GAIG;AACH,eAAO,MAAM,cAAc;8CAXQ,kBAAkB;kDAAlB,kBAAkB;mDAAlB,kBAAkB;iDAAlB,kBAAkB;iDAAlB,kBAAkB;kDAAlB,kBAAkB;4CAAlB,kBAAkB;4CAAlB,kBAAkB;2CAAlB,kBAAkB;mDAAlB,kBAAkB;+CAAlB,kBAAkB;sDAAlB,kBAAkB;0CAAlB,kBAAkB;iDAAlB,kBAAkB;oDAAlB,kBAAkB;CA2BqC,CAAC;AAI3F;;;;;;;GAOG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAkBpE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,iCAAiC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAMzC,CAAC;AAEvC;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,GAAI,MAAM,gBAAgB,KAAG,oBACQ,CAAC;AAEpF;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,GAAI,QAAQ,MAAM,KAAG,gBACa,CAAC;AAEjF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,0BAA0B,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAMjF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B,GAAI,MAAM,gBAAgB,KAAG,gBACL,CAAC"}

package/dist/http/jsonrpc_errors.js

@@ -242,12 +242,36 @@ export const HTTP_STATUS_TO_JSONRPC_ERROR_CODE = Object.fromEntries(Object.entri
  * Map a JSON-RPC error code to an HTTP status code.
  *
  * Returns 500 for unrecognized codes (consumer-defined codes
- * without a mapping default to internal server error).
+ * without a mapping default to internal server error). The return
+ * is narrowed to Hono's `ContentfulStatusCode` so call sites can
+ * pass the result to `c.json(body, status)` without `as any` —
+ * 499 (nginx "client closed request") is non-standard and gets
+ * absorbed by the cast here rather than at every dispatcher branch.
  */
-export const jsonrpc_error_code_to_http_status = (code) => JSONRPC_ERROR_CODE_TO_HTTP_STATUS[code] ?? 500;
+export const jsonrpc_error_code_to_http_status = (code) => (JSONRPC_ERROR_CODE_TO_HTTP_STATUS[code] ?? 500);
 /**
  * Map an HTTP status code to a JSON-RPC error code.
  *
  * Returns `internal_error` (-32603) for unrecognized status codes.
  */
 export const http_status_to_jsonrpc_error_code = (status) => HTTP_STATUS_TO_JSONRPC_ERROR_CODE[status] ?? JSONRPC_ERROR_CODES.internal_error;
+/**
+ * Reverse map of `JSONRPC_ERROR_CODES` — JSON-RPC error code → name.
+ *
+ * Used by REST emitters that need a stable string identifier for the
+ * code in their flat-shape error body (`{error: '<name>', ...}`)
+ * without inventing a separate vocabulary. Built once at module load
+ * from the canonical `JSONRPC_ERROR_CODES` map so the two cannot drift.
+ *
+ * Consumer-defined codes outside the standard taxonomy are not present;
+ * `jsonrpc_error_code_to_name` falls back to `'internal_error'` so the
+ * REST shape always carries some reason rather than `undefined`.
+ */
+export const JSONRPC_ERROR_CODE_TO_NAME = Object.freeze(Object.fromEntries(Object.entries(JSONRPC_ERROR_CODES).map(([name, code]) => [code, name])));
+/**
+ * Map a JSON-RPC error code to its canonical name (`'not_found'`,
+ * `'forbidden'`, etc.). Falls back to `'internal_error'` for codes
+ * outside the standard taxonomy so REST emitters that read this for
+ * their `error` field always have a stable string to emit.
+ */
+export const jsonrpc_error_code_to_name = (code) => JSONRPC_ERROR_CODE_TO_NAME[code] ?? 'internal_error';