npm - @fuzdev/fuz_app - Versions diffs - 0.54.0 → 0.56.0 - Mend

@fuzdev/fuz_app 0.54.0 → 0.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/dist/actions/CLAUDE.md +214 -103
package/dist/actions/action_bridge.d.ts +8 -5
package/dist/actions/action_bridge.d.ts.map +1 -1
package/dist/actions/action_bridge.js +1 -11
package/dist/actions/action_codegen.d.ts +32 -0
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +35 -15
package/dist/actions/action_registry.d.ts.map +1 -1
package/dist/actions/action_registry.js +5 -2
package/dist/actions/action_rpc.d.ts +141 -22
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +106 -187
package/dist/actions/action_spec.d.ts +55 -16
package/dist/actions/action_spec.d.ts.map +1 -1
package/dist/actions/action_spec.js +16 -11
package/dist/actions/action_types.d.ts +28 -60
package/dist/actions/action_types.d.ts.map +1 -1
package/dist/actions/action_types.js +13 -5
package/dist/actions/broadcast_api.d.ts +2 -2
package/dist/actions/broadcast_api.js +2 -2
package/dist/actions/compile_action_registry.d.ts +50 -0
package/dist/actions/compile_action_registry.d.ts.map +1 -0
package/dist/actions/compile_action_registry.js +69 -0
package/dist/actions/heartbeat.d.ts +8 -4
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -4
package/dist/actions/perform_action.d.ts +145 -0
package/dist/actions/perform_action.d.ts.map +1 -0
package/dist/actions/perform_action.js +258 -0
package/dist/actions/register_action_ws.d.ts +46 -40
package/dist/actions/register_action_ws.d.ts.map +1 -1
package/dist/actions/register_action_ws.js +101 -159
package/dist/actions/register_ws_endpoint.d.ts +15 -10
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +54 -7
package/dist/actions/transports.d.ts.map +1 -1
package/dist/actions/transports.js +0 -4
package/dist/actions/transports_ws_auth_guard.d.ts +1 -1
package/dist/actions/transports_ws_auth_guard.js +1 -1
package/dist/actions/transports_ws_backend.d.ts +1 -1
package/dist/actions/transports_ws_backend.js +1 -1
package/dist/auth/CLAUDE.md +794 -410
package/dist/auth/account_action_specs.d.ts +28 -7
package/dist/auth/account_action_specs.d.ts.map +1 -1
package/dist/auth/account_action_specs.js +7 -7
package/dist/auth/account_actions.d.ts +7 -13
package/dist/auth/account_actions.d.ts.map +1 -1
package/dist/auth/account_actions.js +26 -35
package/dist/auth/account_queries.d.ts +52 -16
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +87 -38
package/dist/auth/account_routes.d.ts +9 -11
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +118 -46
package/dist/auth/account_schema.d.ts +46 -35
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +21 -28
package/dist/auth/admin_action_specs.d.ts +100 -32
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +64 -33
package/dist/auth/admin_actions.d.ts +13 -19
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +37 -41
package/dist/auth/audit_emitter.d.ts +160 -0
package/dist/auth/audit_emitter.d.ts.map +1 -0
package/dist/auth/audit_emitter.js +83 -0
package/dist/auth/audit_log_queries.d.ts +17 -48
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +20 -56
package/dist/auth/audit_log_routes.d.ts +1 -1
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +7 -3
package/dist/auth/audit_log_schema.d.ts +92 -32
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +75 -46
package/dist/auth/auth_guard_resolver.d.ts +44 -0
package/dist/auth/auth_guard_resolver.d.ts.map +1 -0
package/dist/auth/auth_guard_resolver.js +56 -0
package/dist/auth/bearer_auth.d.ts +9 -7
package/dist/auth/bearer_auth.d.ts.map +1 -1
package/dist/auth/bearer_auth.js +13 -21
package/dist/auth/bootstrap_account.d.ts +7 -7
package/dist/auth/bootstrap_account.d.ts.map +1 -1
package/dist/auth/bootstrap_account.js +7 -7
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +11 -10
package/dist/auth/cleanup.d.ts +20 -26
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +33 -42
package/dist/auth/credential_type_schema.d.ts +115 -0
package/dist/auth/credential_type_schema.d.ts.map +1 -0
package/dist/auth/credential_type_schema.js +127 -0
package/dist/auth/daemon_token_middleware.d.ts +23 -11
package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
package/dist/auth/daemon_token_middleware.js +28 -22
package/dist/auth/ddl.d.ts +2 -2
package/dist/auth/ddl.d.ts.map +1 -1
package/dist/auth/ddl.js +6 -6
package/dist/auth/deps.d.ts +7 -18
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/grant_path_schema.d.ts +117 -0
package/dist/auth/grant_path_schema.d.ts.map +1 -0
package/dist/auth/grant_path_schema.js +137 -0
package/dist/auth/invite_queries.d.ts +12 -1
package/dist/auth/invite_queries.d.ts.map +1 -1
package/dist/auth/invite_queries.js +12 -1
package/dist/auth/invite_schema.d.ts +1 -1
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +1 -1
package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +9 -4
package/dist/auth/migrations.d.ts +37 -14
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +79 -32
package/dist/auth/request_context.d.ts +331 -61
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +378 -95
package/dist/auth/{permit_offer_action_specs.d.ts → role_grant_offer_action_specs.d.ts} +163 -94
package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -0
package/dist/auth/role_grant_offer_action_specs.js +262 -0
package/dist/auth/role_grant_offer_actions.d.ts +104 -0
package/dist/auth/role_grant_offer_actions.d.ts.map +1 -0
package/dist/auth/role_grant_offer_actions.js +473 -0
package/dist/auth/{permit_offer_notifications.d.ts → role_grant_offer_notifications.d.ts} +90 -70
package/dist/auth/role_grant_offer_notifications.d.ts.map +1 -0
package/dist/auth/role_grant_offer_notifications.js +182 -0
package/dist/auth/role_grant_offer_queries.d.ts +242 -0
package/dist/auth/role_grant_offer_queries.d.ts.map +1 -0
package/dist/auth/role_grant_offer_queries.js +533 -0
package/dist/auth/role_grant_offer_schema.d.ts +150 -0
package/dist/auth/role_grant_offer_schema.d.ts.map +1 -0
package/dist/auth/{permit_offer_schema.js → role_grant_offer_schema.js} +60 -36
package/dist/auth/role_grant_queries.d.ts +231 -0
package/dist/auth/role_grant_queries.d.ts.map +1 -0
package/dist/auth/role_grant_queries.js +320 -0
package/dist/auth/role_schema.d.ts +150 -40
package/dist/auth/role_schema.d.ts.map +1 -1
package/dist/auth/role_schema.js +144 -45
package/dist/auth/scope_kind_schema.d.ts +96 -0
package/dist/auth/scope_kind_schema.d.ts.map +1 -0
package/dist/auth/scope_kind_schema.js +94 -0
package/dist/auth/self_service_role_action_specs.d.ts +6 -1
package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
package/dist/auth/self_service_role_action_specs.js +3 -1
package/dist/auth/self_service_role_actions.d.ts +34 -27
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +68 -48
package/dist/auth/session_cookie.d.ts +43 -6
package/dist/auth/session_cookie.d.ts.map +1 -1
package/dist/auth/session_cookie.js +31 -5
package/dist/auth/session_middleware.d.ts +37 -3
package/dist/auth/session_middleware.d.ts.map +1 -1
package/dist/auth/session_middleware.js +33 -7
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +48 -19
package/dist/auth/standard_action_specs.d.ts +2 -2
package/dist/auth/standard_action_specs.js +4 -4
package/dist/auth/standard_rpc_actions.d.ts +23 -19
package/dist/auth/standard_rpc_actions.d.ts.map +1 -1
package/dist/auth/standard_rpc_actions.js +12 -12
package/dist/db/migrate.d.ts +12 -8
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +10 -7
package/dist/dev/setup.d.ts +2 -2
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +9 -7
package/dist/env/load.d.ts +1 -1
package/dist/env/load.js +1 -1
package/dist/hono_context.d.ts +64 -5
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +38 -2
package/dist/http/CLAUDE.md +264 -87
package/dist/http/auth_shape.d.ts +191 -0
package/dist/http/auth_shape.d.ts.map +1 -0
package/dist/http/auth_shape.js +237 -0
package/dist/http/common_routes.js +3 -3
package/dist/http/db_routes.d.ts +4 -0
package/dist/http/db_routes.d.ts.map +1 -1
package/dist/http/db_routes.js +44 -7
package/dist/http/error_schemas.d.ts +132 -19
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +132 -40
package/dist/http/jsonrpc_errors.d.ts +27 -2
package/dist/http/jsonrpc_errors.d.ts.map +1 -1
package/dist/http/jsonrpc_errors.js +26 -2
package/dist/http/pending_effects.d.ts +71 -18
package/dist/http/pending_effects.d.ts.map +1 -1
package/dist/http/pending_effects.js +87 -18
package/dist/http/proxy.d.ts +52 -5
package/dist/http/proxy.d.ts.map +1 -1
package/dist/http/proxy.js +92 -14
package/dist/http/route_spec.d.ts +113 -41
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +130 -52
package/dist/http/schema_helpers.d.ts +3 -2
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +9 -2
package/dist/http/surface.d.ts +2 -1
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +1 -2
package/dist/http/surface_query.d.ts +39 -35
package/dist/http/surface_query.d.ts.map +1 -1
package/dist/http/surface_query.js +79 -36
package/dist/primitive_schemas.d.ts +39 -0
package/dist/primitive_schemas.d.ts.map +1 -0
package/dist/primitive_schemas.js +40 -0
package/dist/realtime/sse_auth_guard.d.ts +5 -5
package/dist/realtime/sse_auth_guard.js +9 -9
package/dist/runtime/mock.d.ts +1 -1
package/dist/runtime/mock.js +1 -1
package/dist/server/app_backend.d.ts +14 -11
package/dist/server/app_backend.d.ts.map +1 -1
package/dist/server/app_backend.js +12 -8
package/dist/server/app_server.d.ts +7 -7
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +36 -31
package/dist/server/validate_nginx.d.ts +1 -1
package/dist/server/validate_nginx.js +1 -1
package/dist/testing/CLAUDE.md +73 -55
package/dist/testing/admin_integration.d.ts +5 -6
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +100 -96
package/dist/testing/adversarial_headers.js +1 -1
package/dist/testing/app_server.d.ts +11 -14
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +18 -17
package/dist/testing/assertions.d.ts.map +1 -1
package/dist/testing/assertions.js +2 -1
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +15 -9
package/dist/testing/audit_completeness.d.ts +2 -2
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +53 -39
package/dist/testing/auth_apps.d.ts +5 -4
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +28 -22
package/dist/testing/data_exposure.d.ts.map +1 -1
package/dist/testing/data_exposure.js +5 -5
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +4 -4
package/dist/testing/db_entities.d.ts +22 -0
package/dist/testing/db_entities.d.ts.map +1 -0
package/dist/testing/db_entities.js +28 -0
package/dist/testing/entities.d.ts +10 -8
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +22 -18
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +13 -14
package/dist/testing/integration_helpers.d.ts +8 -6
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +29 -23
package/dist/testing/middleware.d.ts +15 -11
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +75 -32
package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
package/dist/testing/rpc_attack_surface.js +40 -24
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +3 -1
package/dist/testing/rpc_round_trip.d.ts +1 -1
package/dist/testing/rpc_round_trip.d.ts.map +1 -1
package/dist/testing/rpc_round_trip.js +14 -13
package/dist/testing/sse_round_trip.d.ts +3 -4
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +7 -11
package/dist/testing/standard.d.ts +1 -1
package/dist/testing/stubs.d.ts +25 -0
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +43 -2
package/dist/testing/surface_invariants.d.ts +2 -2
package/dist/testing/ws_round_trip.d.ts +12 -13
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +24 -12
package/dist/ui/AdminAccounts.svelte +23 -20
package/dist/ui/AdminOverview.svelte +15 -13
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/{AdminPermitHistory.svelte → AdminRoleGrantHistory.svelte} +12 -12
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts +4 -0
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +1 -1
package/dist/ui/CLAUDE.md +65 -59
package/dist/ui/{PermitOfferForm.svelte → RoleGrantOfferForm.svelte} +37 -22
package/dist/ui/RoleGrantOfferForm.svelte.d.ts +20 -0
package/dist/ui/RoleGrantOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferHistory.svelte → RoleGrantOfferHistory.svelte} +12 -12
package/dist/ui/{PermitOfferHistory.svelte.d.ts → RoleGrantOfferHistory.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferInbox.svelte → RoleGrantOfferInbox.svelte} +14 -14
package/dist/ui/{PermitOfferInbox.svelte.d.ts → RoleGrantOfferInbox.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +1 -1
package/dist/ui/SurfaceExplorer.svelte +35 -15
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +2 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +2 -3
package/dist/ui/admin_accounts_state.svelte.d.ts +25 -18
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +28 -17
package/dist/ui/admin_rpc_adapters.d.ts +20 -20
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -1
package/dist/ui/admin_rpc_adapters.js +17 -17
package/dist/ui/admin_sessions_state.svelte.d.ts +2 -2
package/dist/ui/admin_sessions_state.svelte.js +2 -2
package/dist/ui/audit_log_state.svelte.d.ts +7 -7
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +6 -6
package/dist/ui/auth_state.svelte.d.ts +3 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +6 -6
package/dist/ui/format_scope.d.ts +2 -2
package/dist/ui/format_scope.js +2 -2
package/dist/ui/{permit_offers_state.svelte.d.ts → role_grant_offers_state.svelte.d.ts} +39 -31
package/dist/ui/role_grant_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/{permit_offers_state.svelte.js → role_grant_offers_state.svelte.js} +25 -19
package/dist/ui/ui_format.js +2 -2
package/package.json +3 -3
package/dist/auth/permit_offer_action_specs.d.ts.map +0 -1
package/dist/auth/permit_offer_action_specs.js +0 -227
package/dist/auth/permit_offer_actions.d.ts +0 -110
package/dist/auth/permit_offer_actions.d.ts.map +0 -1
package/dist/auth/permit_offer_actions.js +0 -452
package/dist/auth/permit_offer_notifications.d.ts.map +0 -1
package/dist/auth/permit_offer_notifications.js +0 -182
package/dist/auth/permit_offer_queries.d.ts +0 -183
package/dist/auth/permit_offer_queries.d.ts.map +0 -1
package/dist/auth/permit_offer_queries.js +0 -408
package/dist/auth/permit_offer_schema.d.ts +0 -103
package/dist/auth/permit_offer_schema.d.ts.map +0 -1
package/dist/auth/permit_queries.d.ts +0 -210
package/dist/auth/permit_queries.d.ts.map +0 -1
package/dist/auth/permit_queries.js +0 -294
package/dist/auth/require_keeper.d.ts +0 -20
package/dist/auth/require_keeper.d.ts.map +0 -1
package/dist/auth/require_keeper.js +0 -35
package/dist/auth/route_guards.d.ts +0 -21
package/dist/auth/route_guards.d.ts.map +0 -1
package/dist/auth/route_guards.js +0 -32
package/dist/auth/session_lifecycle.d.ts +0 -37
package/dist/auth/session_lifecycle.d.ts.map +0 -1
package/dist/auth/session_lifecycle.js +0 -29
package/dist/ui/AdminPermitHistory.svelte.d.ts +0 -4
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferForm.svelte.d.ts +0 -14
package/dist/ui/PermitOfferForm.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +0 -1
package/dist/ui/permit_offers_state.svelte.d.ts.map +0 -1

package/dist/testing/admin_integration.js CHANGED Viewed

@@ -3,14 +3,14 @@ import './assert_dev_env.js';
  * Standard admin integration test suite for fuz_app admin routes.
  *
  * `describe_standard_admin_integration_tests` creates a composable test suite
- * that exercises admin account listing, permit grant/revoke (via the RPC
- * surface — see `permit_offer_create` / `permit_revoke`), session/token
+ * that exercises admin account listing, role_grant grant/revoke (via the RPC
+ * surface — see `role_grant_offer_create` / `role_grant_revoke`), session/token
  * management, and audit log routes against a real PGlite database.
  *
  * Consumers call it with their route factory, session config, role schema,
  * and RPC endpoint specs — all admin route tests come for free.
  *
- * Scope: admin *semantics* — cross-admin isolation, permit grant/revoke
+ * Scope: admin *semantics* — cross-admin isolation, role_grant grant/revoke
  * flow, session/token revoke-all, audit writes. Output-schema conformance
  * for admin methods is **not** the concern of this suite; it lives in:
  *
@@ -27,6 +27,7 @@ import './assert_dev_env.js';
  */
 import { describe, test, assert, afterAll } from 'vitest';
 import { ROLE_KEEPER, ROLE_ADMIN } from '../auth/role_schema.js';
+import { GRANT_PATH_ADMIN } from '../auth/grant_path_schema.js';
 import { AUTH_MIGRATION_NS } from '../auth/migrations.js';
 import { create_test_app } from './app_server.js';
 import { create_pglite_factory, create_describe_db, AUTH_INTEGRATION_TRUNCATE_TABLES, } from './db.js';
@@ -34,18 +35,20 @@ import { find_auth_route } from './integration_helpers.js';
 import { run_migrations } from '../db/migrate.js';
 import { ErrorCoverageCollector, assert_error_coverage, DEFAULT_INTEGRATION_ERROR_COVERAGE, } from './error_coverage.js';
 import { rpc_call_for_spec, require_rpc_endpoint_path, resolve_rpc_endpoints_for_setup, } from './rpc_helpers.js';
-import { permit_offer_create_action_spec, permit_revoke_action_spec, } from '../auth/permit_offer_action_specs.js';
-import { admin_account_list_action_spec, admin_session_list_action_spec, admin_session_revoke_all_action_spec, admin_token_revoke_all_action_spec, audit_log_list_action_spec, audit_log_permit_history_action_spec, } from '../auth/admin_action_specs.js';
+import { role_grant_offer_create_action_spec, role_grant_revoke_action_spec, } from '../auth/role_grant_offer_action_specs.js';
+import { admin_account_list_action_spec, admin_session_list_action_spec, admin_session_revoke_all_action_spec, admin_token_revoke_all_action_spec, audit_log_list_action_spec, audit_log_role_grant_history_action_spec, } from '../auth/admin_action_specs.js';
 import { account_token_create_action_spec, account_verify_action_spec, } from '../auth/account_action_specs.js';
-import { query_grant_permit } from '../auth/permit_queries.js';
-import { query_actor_by_account } from '../auth/account_queries.js';
-import { query_accept_offer } from '../auth/permit_offer_queries.js';
+import { query_create_role_grant } from '../auth/role_grant_queries.js';
+import { query_accept_offer } from '../auth/role_grant_offer_queries.js';
 /**
- * Pick a web-grantable role for testing, preferring a non-admin app-defined role.
+ * Pick a role for admin-grant testing, preferring a non-admin app-defined
+ * role whose `RoleSpec.grant_paths` includes `'admin'` (the
+ * `GRANT_PATH_ADMIN` constant). Falls back to `ROLE_ADMIN` when no
+ * app-defined admin-grant-path role is registered.
  */
-const pick_grantable_role = (role_options) => {
-    for (const [name, opts] of role_options) {
-        if (opts.web_grantable && name !== ROLE_ADMIN)
+const pick_grantable_role = (role_specs) => {
+    for (const [name, spec] of role_specs) {
+        if (spec.grant_paths?.includes(GRANT_PATH_ADMIN) && name !== ROLE_ADMIN)
             return name;
     }
     return ROLE_ADMIN; // fallback
@@ -66,17 +69,16 @@ const build_admin_test_app_options = (options, db, roles) => ({
 /**
  * Standard admin integration test suite for fuz_app admin routes.
  *
- * Exercises account listing, permit grant/revoke (via RPC), session
+ * Exercises account listing, role_grant grant/revoke (via RPC), session
  * management, token management, audit log reads, admin-to-admin
  * isolation, and 401/403 error-coverage on the admin REST surface.
  * Output-schema conformance is not in scope — see the module docstring
  * for the suites that cover it.
  *
  * @throws Error at setup time when `options.rpc_endpoints` is empty — admin
- *   permit grant/revoke, session/token revoke-all, and audit-log reads are
- *   all RPC-only since the 2026-04-22 migration. Hard-fails via
- *   `require_rpc_endpoint_path` so consumers see a clear setup error rather
- *   than `method not found` mid-suite.
+ *   role_grant grant/revoke, session/token revoke-all, and audit-log reads
+ *   are RPC-only. Hard-fails via `require_rpc_endpoint_path` so consumers
+ *   see a clear setup error rather than `method not found` mid-suite.
  */
 export const describe_standard_admin_integration_tests = (options) => {
     // Hard-fail early so consumers see a clear setup error instead of a
@@ -92,30 +94,30 @@ export const describe_standard_admin_integration_tests = (options) => {
     const describe_db = create_describe_db(factories, AUTH_INTEGRATION_TRUNCATE_TABLES);
     describe_db('standard_admin_integration', (get_db) => {
         const { cookie_name } = options.session_options;
-        const { role_options } = options.roles;
-        const grantable_role = pick_grantable_role(role_options);
+        const { role_specs } = options.roles;
+        const grantable_role = pick_grantable_role(role_specs);
         // Error coverage tracking across test groups
         const error_collector = new ErrorCoverageCollector();
         let captured_route_specs = null;
         afterAll(() => {
             if (captured_route_specs) {
-                // Scope coverage to admin auth-related routes. Post-2026-04-23
-                // RPC migration: account listing, session/token revoke-all,
-                // audit-log reads, and invite CRUD are RPC-only. The only
-                // admin REST route remaining is the optional
-                // `GET /audit/stream` SSE, plus the shared RPC endpoint
-                // path itself (admin methods live behind spec-level role auth).
+                // Scope coverage to admin auth-related routes. Account listing,
+                // session/token revoke-all, audit-log reads, and invite CRUD all
+                // live on the RPC surface; the only admin REST route remaining
+                // is the optional `GET /audit/stream` SSE (admin RPC methods
+                // live behind spec-level role auth on the shared endpoint path).
                 // The `/audit/stream` suffix tracks the hardcoded path in
                 // `auth/audit_log_routes.ts` — if consumers ever need to mount
                 // the audit SSE at a different suffix, promote this to an
                 // `audit_log_path_suffix` option on
                 // `StandardAdminIntegrationTestOptions`.
-                const admin_routes = captured_route_specs.filter((s) => s.path.endsWith('/audit/stream') && s.auth.type === 'role' && s.auth.role === 'admin');
+                const admin_routes = captured_route_specs.filter((s) => s.path.endsWith('/audit/stream') && (s.auth.roles?.includes('admin') ?? false));
                 // Adaptive threshold: when the scoped admin REST surface is
-                // effectively empty (0–1 routes, typical post-RPC-migration),
-                // the 20% baseline is meaningless — a single SSE route that
-                // can't be exercised against an error schema drops the ratio
-                // to 0.0%. Log an informational skip instead of asserting.
+                // effectively empty (0–1 routes — typical for the RPC-first
+                // admin surface), the 20% baseline is meaningless — a single
+                // SSE route that can't be exercised against an error schema
+                // drops the ratio to 0.0%. Log an informational skip instead
+                // of asserting.
                 // The admin RPC surface is covered by
                 // `describe_rpc_round_trip_tests`, not this collector.
                 if (admin_routes.length <= 1) {
@@ -138,7 +140,7 @@ export const describe_standard_admin_integration_tests = (options) => {
         });
         /**
          * Drive the full consent flow (admin offer → recipient accept) and
-         * return the materialized permit id. Accept is a direct transactional
+         * return the materialized role_grant id. Accept is a direct transactional
          * `query_accept_offer` call because the suite focuses on the admin
          * side; exercising the recipient's UI-wired accept path is covered by
          * `describe_rpc_round_trip_tests` + fuz_app's own action suite.
@@ -147,14 +149,19 @@ export const describe_standard_admin_integration_tests = (options) => {
             const res = await rpc_call_for_spec({
                 app: args.app,
                 path: rpc_path,
-                spec: permit_offer_create_action_spec,
+                spec: role_grant_offer_create_action_spec,
                 params: { to_account_id: args.to_account_id, role: args.role },
                 headers: args.admin_headers,
             });
-            assert.ok(res.ok, `permit_offer_create failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
+            assert.ok(res.ok, `role_grant_offer_create failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
             const { offer } = res.result;
-            const accept_result = await get_db().transaction(async (tx) => query_accept_offer({ db: tx }, { offer_id: offer.id, to_account_id: args.to_account_id, ip: null }));
-            return { offer_id: offer.id, permit_id: accept_result.permit.id };
+            const accept_result = await get_db().transaction(async (tx) => query_accept_offer({ db: tx }, {
+                offer_id: offer.id,
+                to_account_id: args.to_account_id,
+                actor_id: args.to_actor_id,
+                ip: null,
+            }));
+            return { offer_id: offer.id, role_grant_id: accept_result.role_grant.id };
         };
         // --- 1. Admin account listing (RPC) ---
         describe('admin account listing', () => {
@@ -165,7 +172,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_account_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(res.ok, `admin_account_list failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
@@ -183,19 +190,19 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_account_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(!res.ok, 'Expected admin_account_list to fail for non-admin');
                 assert.strictEqual(res.status, 403);
             });
         });
-        // --- 2. Permit grant/revoke lifecycle ---
-        // Permit grant/revoke are RPC-only (see `permit_offer_create` /
-        // `permit_revoke`). End-to-end coverage lives in
+        // --- 2. Role grant create/revoke lifecycle ---
+        // Role grant create/revoke are RPC-only (see `role_grant_offer_create` /
+        // `role_grant_revoke`). End-to-end coverage lives in
         // `describe_rpc_round_trip_tests` + fuz_app's own
-        // `permit_offer_actions.db.test.ts` /
-        // `permit_offer_actions.notifications.revoke.db.test.ts`. The
+        // `role_grant_offer_actions.db.test.ts` /
+        // `role_grant_offer_actions.notifications.revoke.db.test.ts`. The
         // audit/isolation groups below exercise them as preconditions for
         // cross-cutting checks (event emission, admin-to-admin isolation).
         // --- 3. Admin session management ---
@@ -207,7 +214,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_session_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(res.ok, `admin_session_list failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
@@ -325,61 +332,60 @@ export const describe_standard_admin_integration_tests = (options) => {
             });
             test('audit log supports event_type filter', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
-                // Admin offer emits `permit_offer_create`. The downstream
-                // `permit_grant` only fires on accept — out of scope for this test.
+                // Admin offer emits `role_grant_offer_create`. The downstream
+                // `role_grant_create` only fires on accept — out of scope for this test.
                 const user_two = await test_app.create_account({ username: 'user_two' });
                 const offer_res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
-                    spec: permit_offer_create_action_spec,
+                    spec: role_grant_offer_create_action_spec,
                     params: { to_account_id: user_two.account.id, role: grantable_role },
                     headers: test_app.create_session_headers(),
                 });
-                assert.ok(offer_res.ok, 'permit_offer_create should succeed');
+                assert.ok(offer_res.ok, 'role_grant_offer_create should succeed');
                 const res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
                     spec: audit_log_list_action_spec,
-                    params: { event_type: 'permit_offer_create' },
+                    params: { event_type: 'role_grant_offer_create' },
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(res.ok, `audit_log_list failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
-                assert.ok(res.result.events.length >= 1, 'Expected at least 1 permit_offer_create event');
+                assert.ok(res.result.events.length >= 1, 'Expected at least 1 role_grant_offer_create event');
                 for (const event of res.result.events) {
-                    assert.strictEqual(event.event_type, 'permit_offer_create');
+                    assert.strictEqual(event.event_type, 'role_grant_offer_create');
                 }
             });
-            test('admin can view permit history', async () => {
+            test('admin can view role_grant history', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
-                // Drive the full consent flow so `permit_grant` lands in the audit log
-                // — `query_audit_log_list_permit_history` filters to (permit_grant, permit_revoke).
+                // Drive the full consent flow so `role_grant_create` lands in the audit log
+                // — `query_audit_log_list_role_grant_history` filters to (role_grant_create, role_grant_revoke).
                 const user_two = await test_app.create_account({ username: 'user_two' });
                 await offer_and_accept({
                     app: test_app.app,
                     admin_headers: test_app.create_session_headers(),
                     to_account_id: user_two.account.id,
+                    to_actor_id: user_two.actor.id,
                     role: grantable_role,
                 });
                 const res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
-                    spec: audit_log_permit_history_action_spec,
+                    spec: audit_log_role_grant_history_action_spec,
                     params: {},
                     headers: test_app.create_session_headers(),
                 });
-                assert.ok(res.ok, `audit_log_permit_history failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
-                assert.ok(res.result.events.length >= 1, 'Expected at least 1 permit history event');
+                assert.ok(res.ok, `audit_log_role_grant_history failed: ${res.ok ? '' : JSON.stringify(res.error)}`);
+                assert.ok(res.result.events.length >= 1, 'Expected at least 1 role_grant history event');
             });
         });
         // --- 6. Admin audit trail ---
         describe('admin audit trail', () => {
-            test('permit revoke creates audit event', async () => {
+            test('role_grant revoke creates audit event', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
                 const user_two = await test_app.create_account({ username: 'user_two' });
-                const target_actor = await query_actor_by_account({ db: get_db() }, user_two.account.id);
-                assert.ok(target_actor);
-                const permit = await query_grant_permit({ db: get_db() }, {
-                    actor_id: target_actor.id,
+                const role_grant = await query_create_role_grant({ db: get_db() }, {
+                    actor_id: user_two.actor.id,
                     role: grantable_role,
                     granted_by: test_app.backend.actor.id,
                 });
@@ -387,22 +393,22 @@ export const describe_standard_admin_integration_tests = (options) => {
                 const revoke_res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
-                    spec: permit_revoke_action_spec,
-                    params: { actor_id: target_actor.id, permit_id: permit.id },
+                    spec: role_grant_revoke_action_spec,
+                    params: { actor_id: user_two.actor.id, role_grant_id: role_grant.id },
                     headers: test_app.create_session_headers(),
                 });
-                assert.ok(revoke_res.ok, `permit_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
-                // Check audit log for permit_revoke event
+                assert.ok(revoke_res.ok, `role_grant_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
+                // Check audit log for role_grant_revoke event
                 const audit_res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
                     spec: audit_log_list_action_spec,
-                    params: { event_type: 'permit_revoke' },
+                    params: { event_type: 'role_grant_revoke' },
                     headers: test_app.create_session_headers(),
                 });
                 assert.ok(audit_res.ok, `audit_log_list failed: ${audit_res.ok ? '' : JSON.stringify(audit_res.error)}`);
-                assert.ok(audit_res.result.events.length >= 1, 'Expected permit_revoke audit event');
-                assert.strictEqual(audit_res.result.events[0].event_type, 'permit_revoke');
+                assert.ok(audit_res.result.events.length >= 1, 'Expected role_grant_revoke audit event');
+                assert.strictEqual(audit_res.result.events[0].event_type, 'role_grant_revoke');
             });
             test('admin session revoke-all creates audit event', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
@@ -553,26 +559,25 @@ export const describe_standard_admin_integration_tests = (options) => {
                         },
                     });
                 }
-                // 3. offer permit (admin offers grantable_role to user_two) — full
-                // consentful flow: offer + accept so both `permit_offer_create` and
-                // `permit_grant` audit events land.
-                const { permit_id } = await offer_and_accept({
+                // 3. offer role_grant (admin offers grantable_role to user_two) — full
+                // consentful flow: offer + accept so both `role_grant_offer_create` and
+                // `role_grant_create` audit events land.
+                const { role_grant_id } = await offer_and_accept({
                     app: test_app.app,
                     admin_headers: test_app.create_session_headers(),
                     to_account_id: user_two.account.id,
+                    to_actor_id: user_two.actor.id,
                     role: grantable_role,
                 });
-                // 4. revoke permit (RPC)
-                const target_actor = await query_actor_by_account({ db: get_db() }, user_two.account.id);
-                assert.ok(target_actor);
+                // 4. revoke role_grant (RPC)
                 const revoke_res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
-                    spec: permit_revoke_action_spec,
-                    params: { actor_id: target_actor.id, permit_id },
+                    spec: role_grant_revoke_action_spec,
+                    params: { actor_id: user_two.actor.id, role_grant_id },
                     headers: test_app.create_session_headers(),
                 });
-                assert.ok(revoke_res.ok, `permit_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
+                assert.ok(revoke_res.ok, `role_grant_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
                 // 5. create token (RPC)
                 const token_res = await rpc_call_for_spec({
                     app: test_app.app,
@@ -626,28 +631,28 @@ export const describe_standard_admin_integration_tests = (options) => {
                 assert.ok(audit_res.ok, `audit_log_list failed: ${audit_res.ok ? '' : JSON.stringify(audit_res.error)}`);
                 const events = audit_res.result.events;
                 // check that each operation produced at least one event.
-                // `permit_offer_create` fires on the admin RPC; `permit_grant`
+                // `role_grant_offer_create` fires on the admin RPC; `role_grant_create`
                 // fires when the recipient accepts (driven by offer_and_accept).
                 const expected_types = [
                     'login',
                     'logout',
-                    'permit_offer_create',
-                    'permit_offer_accept',
-                    'permit_grant',
-                    'permit_revoke',
+                    'role_grant_offer_create',
+                    'role_grant_offer_accept',
+                    'role_grant_create',
+                    'role_grant_revoke',
                     'token_create',
                     'password_change',
                 ];
                 for (const event_type of expected_types) {
                     const found = events.filter((e) => e.event_type === event_type);
                     assert.ok(found.length >= 1, `Expected at least 1 '${event_type}' audit event, found ${found.length}. ` +
-                        `This may indicate audit_log_fire_and_forget was removed from a handler.`);
+                        `This may indicate a deps.audit.emit call was removed from a handler.`);
                 }
             });
         });
         // --- 8. Admin-to-admin isolation ---
         describe('admin-to-admin isolation', () => {
-            test('admin B revoking own permit via RPC succeeds', async () => {
+            test('admin B revoking own role_grant via RPC succeeds', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
                 captured_route_specs ??= test_app.route_specs;
                 // Bootstrap user is admin A. Create admin B.
@@ -655,22 +660,22 @@ export const describe_standard_admin_integration_tests = (options) => {
                     username: 'admin_b_iso',
                     roles: ['admin'],
                 });
-                // Seed an active permit directly — the revoke IDOR check is the
+                // Seed an active role_grant directly — the revoke IDOR check is the
                 // subject of this test, not the grant→accept cycle.
-                const permit = await query_grant_permit({ db: get_db() }, {
+                const role_grant = await query_create_role_grant({ db: get_db() }, {
                     actor_id: admin_b.actor.id,
                     role: grantable_role,
                     granted_by: test_app.backend.actor.id,
                 });
-                // Admin B revokes their own permit via RPC — should succeed
+                // Admin B revokes their own role_grant via RPC — should succeed
                 const revoke_res = await rpc_call_for_spec({
                     app: test_app.app,
                     path: rpc_path,
-                    spec: permit_revoke_action_spec,
-                    params: { actor_id: admin_b.actor.id, permit_id: permit.id },
+                    spec: role_grant_revoke_action_spec,
+                    params: { actor_id: admin_b.actor.id, role_grant_id: role_grant.id },
                     headers: create_headers(admin_b.session_cookie),
                 });
-                assert.ok(revoke_res.ok, `permit_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
+                assert.ok(revoke_res.ok, `role_grant_revoke failed: ${revoke_res.ok ? '' : JSON.stringify(revoke_res.error)}`);
                 assert.strictEqual(revoke_res.result.revoked, true);
             });
             test('admin revoke-all sessions for another admin works', async () => {
@@ -727,7 +732,7 @@ export const describe_standard_admin_integration_tests = (options) => {
                     app: test_app.app,
                     path: rpc_path,
                     spec: admin_account_list_action_spec,
-                    params: undefined,
+                    params: {},
                     headers: create_headers(regular_user.session_cookie),
                 });
                 assert.ok(!res.ok, 'Expected admin_account_list to fail for non-admin');
@@ -739,14 +744,13 @@ export const describe_standard_admin_integration_tests = (options) => {
             test('exercises 401/403 on admin routes for error coverage', async () => {
                 const test_app = await create_test_app(build_admin_test_app_options(options, get_db()));
                 captured_route_specs ??= test_app.route_specs;
-                // Post-RPC migration, `/api/admin` is nearly empty — admin reads
-                // and mutations live on the RPC endpoint behind spec-level role
-                // auth. The path-prefix carve is still the right scope here
+                // `/api/admin` is nearly empty — admin reads and mutations live
+                // on the RPC endpoint behind spec-level role auth. The path-prefix carve is still the right scope here
                 // because error coverage is tracked against REST `RouteSpec`s,
                 // not RPC method specs (`describe_rpc_round_trip_tests` covers
                 // the admin RPC surface separately).
                 const prefix = options.admin_prefix ?? '/api/admin';
-                const admin_routes = test_app.route_specs.filter((s) => s.path.startsWith(prefix) && s.auth.type === 'role' && s.auth.role === 'admin');
+                const admin_routes = test_app.route_specs.filter((s) => s.path.startsWith(prefix) && (s.auth.roles?.includes('admin') ?? false));
                 // Hit admin routes without auth to exercise 401 error schemas.
                 for (const route of admin_routes) {
                     const res = await test_app.app.request(route.path, {

package/dist/testing/adversarial_headers.js CHANGED Viewed

@@ -112,7 +112,7 @@ export const describe_standard_adversarial_headers = (suite_name, options, allow
                 }
                 if (tc.expected_status === 200) {
                     assert.strictEqual(body.ok, true, 'expected ok to be true for 200 response');
-                    assert.strictEqual(body.has_context, false, 'expected has_context to be false (no auth)');
+                    assert.strictEqual(body.account_id, null, 'expected account_id to be null (no auth)');
                 }
                 if (tc.validate_expectation === 'not_called') {
                     assert.strictEqual(mock_validate.mock.calls.length, 0, 'validate should not have been called — middleware should short-circuit');

package/dist/testing/app_server.d.ts CHANGED Viewed

@@ -53,7 +53,7 @@ export interface BootstrapTestAccountOptions {
  * `create_test_app_server` and `TestApp.create_account`.
  *
  * @mutates the underlying `options.db` — inserts rows into `account`, `actor`,
- *   `permit` (one per role), `api_token`, and `auth_session`.
+ *   `role_grant` (one per role), `api_token`, and `auth_session`.
  */
 export declare const bootstrap_test_account: (options: BootstrapTestAccountOptions) => Promise<{
     account: {
@@ -107,17 +107,16 @@ export interface TestAppServerOptions {
     /** Roles to grant. Default: `[ROLE_KEEPER]`. */
     roles?: Array<string>;
     /**
-     * Backend audit event callback — wired into `backend.deps.on_audit_event`.
-     * When `audit_log_sse: true` is passed to `create_app_server`, this runs
-     * after the audit SSE broadcast (composed downstream by app_server).
-     * Use to wire consumer SSE auth guards in tests.
-     * Default: no-op.
+     * Backend audit event callback — threaded into `create_audit_emitter` so
+     * it becomes the first listener on `backend.deps.audit.on_event_chain`.
+     * When `audit_log_sse: true` is passed to `create_app_server`, the SSE
+     * listener is appended after this one. Use to wire consumer SSE auth
+     * guards in tests. Default: no-op.
      */
     on_audit_event?: (event: AuditLogEvent) => void;
     /**
-     * Optional audit log config — written onto `backend.deps.audit_log_config`
-     * before return so it lands in time for `create_app_server`'s shallow
-     * spread of `backend.deps` (SSE branch) and the no-SSE alias branch alike.
+     * Optional audit log config — threaded into `create_audit_emitter` and
+     * captured inside `backend.deps.audit`'s closure.
      *
      * Use when the consumer registers extra event types via
      * `create_audit_log_config({extra_events})` — without this, emits for
@@ -132,7 +131,7 @@ export interface TestAppServerOptions {
  * Sets up:
  * - Auth tables (via cached PGlite factory, or reuses existing `db`)
  * - A keeper account with hashed password
- * - Role permits for each role in `options.roles`
+ * - Role role_grants for each role in `options.roles`
  * - An API token for Bearer auth
  * - A session with a signed cookie value
  *
@@ -143,10 +142,8 @@ export interface TestAppServerOptions {
  * @returns a `TestAppServer` ready for HTTP testing
  * @mutates the underlying database — when `db` is supplied, resets singleton
  *   state (`bootstrap_lock.bootstrapped`, `app_settings.open_signup`) before
- *   bootstrapping; in either branch inserts an account, actor, role permits,
- *   API token, and session row. When `audit_log_config` is provided, also
- *   sets `backend.deps.audit_log_config` so `create_app_server`'s shallow
- *   spread picks it up.
+ *   bootstrapping; in either branch inserts an account, actor, role role_grants,
+ *   API token, and session row.
  */
 export declare const create_test_app_server: (options: TestAppServerOptions) => Promise<TestAppServer>;
 /**

package/dist/testing/app_server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/app_server.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG/B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAGjD,OAAO,EAA2B,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAU1D,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG3F,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;~~AAC~~/E,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAEN,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,kBAAkB,CAAC;AAI9D;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAIhC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AASjD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC3C,EAAE,EAAE,EAAE,CAAC;IACP,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,2BAA2B,KAClC,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAyCA,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,UAAU;IAChD,gCAAgC;IAChC,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,uCAAuC;IACvC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,mDAAmD;IACnD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kGAAkG;IAClG,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,0FAA0F;IAC1F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yHAAyH;IACzH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD~~;;;;;;;;;OASG~~;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;CAClC;AAKD~~;;;;;;;;;;;;;;;;;;;;;GAqBG~~;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,oBAAoB,KAC3B,OAAO,CAAC,aAAa,~~CA8FvB~~,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IACjE,yEAAyE;IACzE,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IACpE;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,gHAAgH;IAChH,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,CACpC,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,eAAe,CAAC,CAC9F,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,8DAA8D;IAC9D,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClF;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,IAAI,CAAC;IACV,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,kEAAkE;IAClE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,gEAAgE;IAChE,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClF,iEAAiE;IACjE,2BAA2B,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxF,qDAAqD;IACrD,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACtB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3B,8DAA8D;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,GAAU,SAAS,oBAAoB,KAAG,OAAO,CAAC,OAAO,CAyGpF,CAAC"}
1	+ {"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/app_server.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG/B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAGjD,OAAO,EAA2B,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAU1D,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG3F,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAE/E,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAEN,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,kBAAkB,CAAC;AAI9D;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAIhC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AASjD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC3C,EAAE,EAAE,EAAE,CAAC;IACP,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,2BAA2B,KAClC,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAyCA,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,UAAU;IAChD,gCAAgC;IAChC,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,uCAAuC;IACvC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,mDAAmD;IACnD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kGAAkG;IAClG,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,0FAA0F;IAC1F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yHAAyH;IACzH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;;;OAQG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;CAClC;AAKD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,oBAAoB,KAC3B,OAAO,CAAC,aAAa,CA+FvB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IACjE,yEAAyE;IACzE,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IACpE;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,gHAAgH;IAChH,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,CACpC,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,eAAe,CAAC,CAC9F,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,8DAA8D;IAC9D,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClF;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,IAAI,CAAC;IACV,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,kEAAkE;IAClE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,gEAAgE;IAChE,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClF,iEAAiE;IACjE,2BAA2B,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxF,qDAAqD;IACrD,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACtB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3B,8DAA8D;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,GAAU,SAAS,oBAAoB,KAAG,OAAO,CAAC,OAAO,CAyGpF,CAAC"}