npm - @fuzdev/fuz_app - Versions diffs - 0.54.0 → 0.56.0 - Mend

@fuzdev/fuz_app 0.54.0 → 0.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/dist/actions/CLAUDE.md +214 -103
package/dist/actions/action_bridge.d.ts +8 -5
package/dist/actions/action_bridge.d.ts.map +1 -1
package/dist/actions/action_bridge.js +1 -11
package/dist/actions/action_codegen.d.ts +32 -0
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +35 -15
package/dist/actions/action_registry.d.ts.map +1 -1
package/dist/actions/action_registry.js +5 -2
package/dist/actions/action_rpc.d.ts +141 -22
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +106 -187
package/dist/actions/action_spec.d.ts +55 -16
package/dist/actions/action_spec.d.ts.map +1 -1
package/dist/actions/action_spec.js +16 -11
package/dist/actions/action_types.d.ts +28 -60
package/dist/actions/action_types.d.ts.map +1 -1
package/dist/actions/action_types.js +13 -5
package/dist/actions/broadcast_api.d.ts +2 -2
package/dist/actions/broadcast_api.js +2 -2
package/dist/actions/compile_action_registry.d.ts +50 -0
package/dist/actions/compile_action_registry.d.ts.map +1 -0
package/dist/actions/compile_action_registry.js +69 -0
package/dist/actions/heartbeat.d.ts +8 -4
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -4
package/dist/actions/perform_action.d.ts +145 -0
package/dist/actions/perform_action.d.ts.map +1 -0
package/dist/actions/perform_action.js +258 -0
package/dist/actions/register_action_ws.d.ts +46 -40
package/dist/actions/register_action_ws.d.ts.map +1 -1
package/dist/actions/register_action_ws.js +101 -159
package/dist/actions/register_ws_endpoint.d.ts +15 -10
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +54 -7
package/dist/actions/transports.d.ts.map +1 -1
package/dist/actions/transports.js +0 -4
package/dist/actions/transports_ws_auth_guard.d.ts +1 -1
package/dist/actions/transports_ws_auth_guard.js +1 -1
package/dist/actions/transports_ws_backend.d.ts +1 -1
package/dist/actions/transports_ws_backend.js +1 -1
package/dist/auth/CLAUDE.md +794 -410
package/dist/auth/account_action_specs.d.ts +28 -7
package/dist/auth/account_action_specs.d.ts.map +1 -1
package/dist/auth/account_action_specs.js +7 -7
package/dist/auth/account_actions.d.ts +7 -13
package/dist/auth/account_actions.d.ts.map +1 -1
package/dist/auth/account_actions.js +26 -35
package/dist/auth/account_queries.d.ts +52 -16
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +87 -38
package/dist/auth/account_routes.d.ts +9 -11
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +118 -46
package/dist/auth/account_schema.d.ts +46 -35
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +21 -28
package/dist/auth/admin_action_specs.d.ts +100 -32
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +64 -33
package/dist/auth/admin_actions.d.ts +13 -19
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +37 -41
package/dist/auth/audit_emitter.d.ts +160 -0
package/dist/auth/audit_emitter.d.ts.map +1 -0
package/dist/auth/audit_emitter.js +83 -0
package/dist/auth/audit_log_queries.d.ts +17 -48
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +20 -56
package/dist/auth/audit_log_routes.d.ts +1 -1
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +7 -3
package/dist/auth/audit_log_schema.d.ts +92 -32
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +75 -46
package/dist/auth/auth_guard_resolver.d.ts +44 -0
package/dist/auth/auth_guard_resolver.d.ts.map +1 -0
package/dist/auth/auth_guard_resolver.js +56 -0
package/dist/auth/bearer_auth.d.ts +9 -7
package/dist/auth/bearer_auth.d.ts.map +1 -1
package/dist/auth/bearer_auth.js +13 -21
package/dist/auth/bootstrap_account.d.ts +7 -7
package/dist/auth/bootstrap_account.d.ts.map +1 -1
package/dist/auth/bootstrap_account.js +7 -7
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +11 -10
package/dist/auth/cleanup.d.ts +20 -26
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +33 -42
package/dist/auth/credential_type_schema.d.ts +115 -0
package/dist/auth/credential_type_schema.d.ts.map +1 -0
package/dist/auth/credential_type_schema.js +127 -0
package/dist/auth/daemon_token_middleware.d.ts +23 -11
package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
package/dist/auth/daemon_token_middleware.js +28 -22
package/dist/auth/ddl.d.ts +2 -2
package/dist/auth/ddl.d.ts.map +1 -1
package/dist/auth/ddl.js +6 -6
package/dist/auth/deps.d.ts +7 -18
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/grant_path_schema.d.ts +117 -0
package/dist/auth/grant_path_schema.d.ts.map +1 -0
package/dist/auth/grant_path_schema.js +137 -0
package/dist/auth/invite_queries.d.ts +12 -1
package/dist/auth/invite_queries.d.ts.map +1 -1
package/dist/auth/invite_queries.js +12 -1
package/dist/auth/invite_schema.d.ts +1 -1
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +1 -1
package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +9 -4
package/dist/auth/migrations.d.ts +37 -14
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +79 -32
package/dist/auth/request_context.d.ts +331 -61
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +378 -95
package/dist/auth/{permit_offer_action_specs.d.ts → role_grant_offer_action_specs.d.ts} +163 -94
package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -0
package/dist/auth/role_grant_offer_action_specs.js +262 -0
package/dist/auth/role_grant_offer_actions.d.ts +104 -0
package/dist/auth/role_grant_offer_actions.d.ts.map +1 -0
package/dist/auth/role_grant_offer_actions.js +473 -0
package/dist/auth/{permit_offer_notifications.d.ts → role_grant_offer_notifications.d.ts} +90 -70
package/dist/auth/role_grant_offer_notifications.d.ts.map +1 -0
package/dist/auth/role_grant_offer_notifications.js +182 -0
package/dist/auth/role_grant_offer_queries.d.ts +242 -0
package/dist/auth/role_grant_offer_queries.d.ts.map +1 -0
package/dist/auth/role_grant_offer_queries.js +533 -0
package/dist/auth/role_grant_offer_schema.d.ts +150 -0
package/dist/auth/role_grant_offer_schema.d.ts.map +1 -0
package/dist/auth/{permit_offer_schema.js → role_grant_offer_schema.js} +60 -36
package/dist/auth/role_grant_queries.d.ts +231 -0
package/dist/auth/role_grant_queries.d.ts.map +1 -0
package/dist/auth/role_grant_queries.js +320 -0
package/dist/auth/role_schema.d.ts +150 -40
package/dist/auth/role_schema.d.ts.map +1 -1
package/dist/auth/role_schema.js +144 -45
package/dist/auth/scope_kind_schema.d.ts +96 -0
package/dist/auth/scope_kind_schema.d.ts.map +1 -0
package/dist/auth/scope_kind_schema.js +94 -0
package/dist/auth/self_service_role_action_specs.d.ts +6 -1
package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
package/dist/auth/self_service_role_action_specs.js +3 -1
package/dist/auth/self_service_role_actions.d.ts +34 -27
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +68 -48
package/dist/auth/session_cookie.d.ts +43 -6
package/dist/auth/session_cookie.d.ts.map +1 -1
package/dist/auth/session_cookie.js +31 -5
package/dist/auth/session_middleware.d.ts +37 -3
package/dist/auth/session_middleware.d.ts.map +1 -1
package/dist/auth/session_middleware.js +33 -7
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +48 -19
package/dist/auth/standard_action_specs.d.ts +2 -2
package/dist/auth/standard_action_specs.js +4 -4
package/dist/auth/standard_rpc_actions.d.ts +23 -19
package/dist/auth/standard_rpc_actions.d.ts.map +1 -1
package/dist/auth/standard_rpc_actions.js +12 -12
package/dist/db/migrate.d.ts +12 -8
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +10 -7
package/dist/dev/setup.d.ts +2 -2
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +9 -7
package/dist/env/load.d.ts +1 -1
package/dist/env/load.js +1 -1
package/dist/hono_context.d.ts +64 -5
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +38 -2
package/dist/http/CLAUDE.md +264 -87
package/dist/http/auth_shape.d.ts +191 -0
package/dist/http/auth_shape.d.ts.map +1 -0
package/dist/http/auth_shape.js +237 -0
package/dist/http/common_routes.js +3 -3
package/dist/http/db_routes.d.ts +4 -0
package/dist/http/db_routes.d.ts.map +1 -1
package/dist/http/db_routes.js +44 -7
package/dist/http/error_schemas.d.ts +132 -19
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +132 -40
package/dist/http/jsonrpc_errors.d.ts +27 -2
package/dist/http/jsonrpc_errors.d.ts.map +1 -1
package/dist/http/jsonrpc_errors.js +26 -2
package/dist/http/pending_effects.d.ts +71 -18
package/dist/http/pending_effects.d.ts.map +1 -1
package/dist/http/pending_effects.js +87 -18
package/dist/http/proxy.d.ts +52 -5
package/dist/http/proxy.d.ts.map +1 -1
package/dist/http/proxy.js +92 -14
package/dist/http/route_spec.d.ts +113 -41
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +130 -52
package/dist/http/schema_helpers.d.ts +3 -2
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +9 -2
package/dist/http/surface.d.ts +2 -1
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +1 -2
package/dist/http/surface_query.d.ts +39 -35
package/dist/http/surface_query.d.ts.map +1 -1
package/dist/http/surface_query.js +79 -36
package/dist/primitive_schemas.d.ts +39 -0
package/dist/primitive_schemas.d.ts.map +1 -0
package/dist/primitive_schemas.js +40 -0
package/dist/realtime/sse_auth_guard.d.ts +5 -5
package/dist/realtime/sse_auth_guard.js +9 -9
package/dist/runtime/mock.d.ts +1 -1
package/dist/runtime/mock.js +1 -1
package/dist/server/app_backend.d.ts +14 -11
package/dist/server/app_backend.d.ts.map +1 -1
package/dist/server/app_backend.js +12 -8
package/dist/server/app_server.d.ts +7 -7
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +36 -31
package/dist/server/validate_nginx.d.ts +1 -1
package/dist/server/validate_nginx.js +1 -1
package/dist/testing/CLAUDE.md +73 -55
package/dist/testing/admin_integration.d.ts +5 -6
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +100 -96
package/dist/testing/adversarial_headers.js +1 -1
package/dist/testing/app_server.d.ts +11 -14
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +18 -17
package/dist/testing/assertions.d.ts.map +1 -1
package/dist/testing/assertions.js +2 -1
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +15 -9
package/dist/testing/audit_completeness.d.ts +2 -2
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +53 -39
package/dist/testing/auth_apps.d.ts +5 -4
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +28 -22
package/dist/testing/data_exposure.d.ts.map +1 -1
package/dist/testing/data_exposure.js +5 -5
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +4 -4
package/dist/testing/db_entities.d.ts +22 -0
package/dist/testing/db_entities.d.ts.map +1 -0
package/dist/testing/db_entities.js +28 -0
package/dist/testing/entities.d.ts +10 -8
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +22 -18
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +13 -14
package/dist/testing/integration_helpers.d.ts +8 -6
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +29 -23
package/dist/testing/middleware.d.ts +15 -11
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +75 -32
package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
package/dist/testing/rpc_attack_surface.js +40 -24
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +3 -1
package/dist/testing/rpc_round_trip.d.ts +1 -1
package/dist/testing/rpc_round_trip.d.ts.map +1 -1
package/dist/testing/rpc_round_trip.js +14 -13
package/dist/testing/sse_round_trip.d.ts +3 -4
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +7 -11
package/dist/testing/standard.d.ts +1 -1
package/dist/testing/stubs.d.ts +25 -0
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +43 -2
package/dist/testing/surface_invariants.d.ts +2 -2
package/dist/testing/ws_round_trip.d.ts +12 -13
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +24 -12
package/dist/ui/AdminAccounts.svelte +23 -20
package/dist/ui/AdminOverview.svelte +15 -13
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/{AdminPermitHistory.svelte → AdminRoleGrantHistory.svelte} +12 -12
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts +4 -0
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +1 -1
package/dist/ui/CLAUDE.md +65 -59
package/dist/ui/{PermitOfferForm.svelte → RoleGrantOfferForm.svelte} +37 -22
package/dist/ui/RoleGrantOfferForm.svelte.d.ts +20 -0
package/dist/ui/RoleGrantOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferHistory.svelte → RoleGrantOfferHistory.svelte} +12 -12
package/dist/ui/{PermitOfferHistory.svelte.d.ts → RoleGrantOfferHistory.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferInbox.svelte → RoleGrantOfferInbox.svelte} +14 -14
package/dist/ui/{PermitOfferInbox.svelte.d.ts → RoleGrantOfferInbox.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +1 -1
package/dist/ui/SurfaceExplorer.svelte +35 -15
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +2 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +2 -3
package/dist/ui/admin_accounts_state.svelte.d.ts +25 -18
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +28 -17
package/dist/ui/admin_rpc_adapters.d.ts +20 -20
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -1
package/dist/ui/admin_rpc_adapters.js +17 -17
package/dist/ui/admin_sessions_state.svelte.d.ts +2 -2
package/dist/ui/admin_sessions_state.svelte.js +2 -2
package/dist/ui/audit_log_state.svelte.d.ts +7 -7
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +6 -6
package/dist/ui/auth_state.svelte.d.ts +3 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +6 -6
package/dist/ui/format_scope.d.ts +2 -2
package/dist/ui/format_scope.js +2 -2
package/dist/ui/{permit_offers_state.svelte.d.ts → role_grant_offers_state.svelte.d.ts} +39 -31
package/dist/ui/role_grant_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/{permit_offers_state.svelte.js → role_grant_offers_state.svelte.js} +25 -19
package/dist/ui/ui_format.js +2 -2
package/package.json +3 -3
package/dist/auth/permit_offer_action_specs.d.ts.map +0 -1
package/dist/auth/permit_offer_action_specs.js +0 -227
package/dist/auth/permit_offer_actions.d.ts +0 -110
package/dist/auth/permit_offer_actions.d.ts.map +0 -1
package/dist/auth/permit_offer_actions.js +0 -452
package/dist/auth/permit_offer_notifications.d.ts.map +0 -1
package/dist/auth/permit_offer_notifications.js +0 -182
package/dist/auth/permit_offer_queries.d.ts +0 -183
package/dist/auth/permit_offer_queries.d.ts.map +0 -1
package/dist/auth/permit_offer_queries.js +0 -408
package/dist/auth/permit_offer_schema.d.ts +0 -103
package/dist/auth/permit_offer_schema.d.ts.map +0 -1
package/dist/auth/permit_queries.d.ts +0 -210
package/dist/auth/permit_queries.d.ts.map +0 -1
package/dist/auth/permit_queries.js +0 -294
package/dist/auth/require_keeper.d.ts +0 -20
package/dist/auth/require_keeper.d.ts.map +0 -1
package/dist/auth/require_keeper.js +0 -35
package/dist/auth/route_guards.d.ts +0 -21
package/dist/auth/route_guards.d.ts.map +0 -1
package/dist/auth/route_guards.js +0 -32
package/dist/auth/session_lifecycle.d.ts +0 -37
package/dist/auth/session_lifecycle.d.ts.map +0 -1
package/dist/auth/session_lifecycle.js +0 -29
package/dist/ui/AdminPermitHistory.svelte.d.ts +0 -4
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferForm.svelte.d.ts +0 -14
package/dist/ui/PermitOfferForm.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +0 -1
package/dist/ui/permit_offers_state.svelte.d.ts.map +0 -1

package/dist/ui/CLAUDE.md CHANGED Viewed

@@ -7,7 +7,7 @@ hold `$state` fields exclusively via runes. Shared dependencies flow
 through Svelte context, never through props — RPC adapters in particular
 are provisioned once at the admin shell and read by every `Admin*.svelte`.
-See ../../docs/usage.md for end-to-end wiring examples (sections "Permit
+See ../../docs/usage.md for end-to-end wiring examples (sections "Role grant
 offer UI" and "Admin UI"). This file is a reference, not a tutorial.
 ## Key patterns
@@ -19,8 +19,8 @@ Five narrow RPC adapter contexts — `admin_accounts_rpc_context`,
 `app_settings_rpc_context`, `account_sessions_rpc_context` — carry a
 reactive `() => Rpc | null` accessor. All five declare a `() => () => null`
 default so components mounted without a provisioner render the "rpc adapter
-not wired" state instead of crashing. (`permit_offers_state_context` carries
-a `PermitOffersState` directly, not an RPC accessor, and isn't counted
+not wired" state instead of crashing. (`role_grant_offers_state_context` carries
+a `RoleGrantOffersState` directly, not an RPC accessor, and isn't counted
 here.) The standard consumer shape:
 ```ts
@@ -43,14 +43,13 @@ context — RPC adapters are never threaded through props.
 Every state class backed by a narrow RPC interface exposes a `has_rpc`
 getter. When `false`, `fetch()`, mutations, and `subscribe` no-op and
-set `error` to `'rpc adapter not wired'`. Post-2026-04-23 RPC migration
-this applies uniformly — `AdminSessionsState`'s listing + mutations all
-run through the shared `AdminAccountsRpc`, so `has_rpc` gates the whole
-surface.
+set `error` to `'rpc adapter not wired'`. `AdminSessionsState`'s listing
+plus mutations all run through the shared `AdminAccountsRpc`, so
+`has_rpc` gates the whole surface.
 ### `$state.raw` Map keyed by id + `$derived` views
-`PermitOffersState` maintains a single `Map<string, PermitOfferJson>` in
+`RoleGrantOffersState` maintains a single `Map<string, RoleGrantOfferJson>` in
 `$state.raw`, keyed by offer id, and exposes `incoming` / `outgoing` /
 `history` as `$derived.by` arrays. Writes go through `#merge_offers`
 (clone-and-replace) / `#remove_offer` — never mutate the Map in place
@@ -58,13 +57,13 @@ because `$state.raw` expects reference swaps.
 ### Reducer pattern for WS notifications
-`PermitOffersState.apply_notification(notification)` is the single
+`RoleGrantOffersState.apply_notification(notification)` is the single
 reducer — `subscribe(subscribe_fn)` is a thin subscription adapter over
-it. Six methods land on the reducer: `permit_offer_received` /
+it. Six methods land on the reducer: `role_grant_offer_received` /
 `_retracted` / `_accepted` / `_declined` / `_supersede` all merge a
-`{offer}` payload; `permit_revoke` is ignored at this layer (permit
-lifecycle lives in auth/permits state). The six notification specs and
-their payload shapes are defined in `../auth/permit_offer_notifications.ts`
+`{offer}` payload; `role_grant_revoke` is ignored at this layer (role_grant
+lifecycle lives in auth/role_grants state). The six notification specs and
+their payload shapes are defined in `../auth/role_grant_offer_notifications.ts`
 (see `../auth/CLAUDE.md` §WS notifications).
 ### Svelte 5 inline `$props` shape
@@ -76,7 +75,7 @@ conventions.
 ### Context over props for shared deps
-Auth, RPC adapters, sidebar, and permit offers all flow through
+Auth, RPC adapters, sidebar, and role_grant offers all flow through
 `create_context` from `@fuzdev/fuz_ui/context_helpers.js`. Components
 consume with `const x = x_context.get()` (or a `get_rpc`/`$derived`
 pair when the value may change reactively). New shared state joins the
@@ -126,9 +125,9 @@ Every admin component below consumes its RPC adapter via the matching
 context and delegates rendering to `Datatable` + `ConfirmButton` for
 destructive actions.
-- `AdminAccounts.svelte` — accounts + permits + pending offers.
+- `AdminAccounts.svelte` — accounts + role_grants + pending offers.
   Consumes `admin_accounts_rpc_context`. Per-row actions: grant (+role
-  chip with `ConfirmButton`), revoke (`actor_id` + `permit_id`),
+  chip with `ConfirmButton`), revoke (`actor_id` + `role_grant_id`),
   retract pending offer. Tracks `granting_keys` / `revoking_ids` /
   `retracting_ids` for per-action spinners.
 - `AdminAuditLog.svelte` — audit event stream. Consumes
@@ -140,11 +139,11 @@ destructive actions.
 - `AdminOverview.svelte` — dashboard panels (accounts / sessions /
   invites / recent activity / security / system). Consumes all four
   RPC contexts plus `auth_state_context`; fetches in parallel on mount.
-  Derives `role_counts`, `failed_logins`, `permit_changes` from
+  Derives `role_counts`, `failed_logins`, `role_grant_changes` from
   the audit log.
-- `AdminPermitHistory.svelte` — permit-grant/revoke history table.
+- `AdminRoleGrantHistory.svelte` — role-grant-create/revoke history table.
   Consumes `audit_log_rpc_context`, calls
-  `audit_log.fetch_permit_history()` once on mount.
+  `audit_log.fetch_role_grant_history()` once on mount.
 - `AdminSessions.svelte` — cross-account active sessions.
   Both listing (`admin_session_list` RPC) and the two revoke-all
   mutations go through `admin_accounts_rpc_context` (reused).
@@ -161,37 +160,42 @@ destructive actions.
   dump `params`/`query`/`input`/`output`/`errors` schemas as JSON.
   Also tables middleware, env, events, and diagnostics.
-## Permit offers
+## Role grant offers
-- `PermitOfferInbox.svelte` — recipient-side pending inbox; renders
-  `PermitOffersState.incoming`. Props: `format_actor?`, `format_scope?`,
+- `RoleGrantOfferInbox.svelte` — recipient-side pending inbox; renders
+  `RoleGrantOffersState.incoming`. Props: `format_actor?`, `format_scope?`,
   `format_role?` — consumers plug in display names for actor/scope ids.
   Accept is a `PendingButton`; decline is a `ConfirmButton` whose
-  popover contains a textarea (max `PERMIT_OFFER_MESSAGE_LENGTH_MAX`).
-- `PermitOfferForm.svelte` — grantor-side create form. Props:
-  `to_account_id`, `roles: Array<string>` (pre-filtered upstream by
-  `web_grantable`), `scope_id = null`, `on_created?`, `format_role?`.
-  Surfaces three reason codes with friendly copy:
-  `ERROR_OFFER_SELF_TARGET`, `ERROR_OFFER_ROLE_NOT_GRANTABLE`,
-  `ERROR_OFFER_NOT_AUTHORIZED` — imported from `../auth/permit_offer_action_specs.js`
-  (see `../auth/CLAUDE.md` for `permit_offer_action_specs.ts` + `permit_offer_actions.ts`).
-- `PermitOfferHistory.svelte` — both-directions history (recipient +
+  popover contains a textarea (max `ROLE_GRANT_OFFER_MESSAGE_LENGTH_MAX`).
+- `RoleGrantOfferForm.svelte` — grantor-side create form. Props:
+  `to_account_id`, `to_actor_id = null` (optional — narrows the offer
+  to a specific actor on the recipient account; default account-grain),
+  `roles: Array<string>` (pre-filtered upstream by admin-grant-path —
+  `RoleSpec.grant_paths` includes `'admin'`),
+  `scope_id = null`, `on_created?`, `format_role?`. Surfaces five
+  reason codes with friendly copy: `ERROR_ROLE_GRANT_OFFER_SELF_TARGET`,
+  `ERROR_ROLE_GRANT_OFFER_ROLE_NOT_GRANTABLE`, `ERROR_ROLE_GRANT_OFFER_NOT_AUTHORIZED`,
+  `ERROR_ROLE_GRANT_OFFER_ACTOR_ACCOUNT_MISMATCH`, `ERROR_ROLE_GRANT_OFFER_ACTOR_MISMATCH`
+  — imported from `../auth/role_grant_offer_action_specs.js` (see
+  `../auth/CLAUDE.md` for `role_grant_offer_action_specs.ts` +
+  `role_grant_offer_actions.ts`).
+- `RoleGrantOfferHistory.svelte` — both-directions history (recipient +
   grantor, including terminal). Props: `current_actor_id: string | null`
   (classifies row as "sent" vs "received"), `format_actor?`,
   `format_scope?`, `format_role?`. Consumes
-  `permit_offers_state_context`; caller seeds via
-  `PermitOffersState.fetch_history()`.
-- `permit_offers_state.svelte.ts` — `PermitOffersState` (extends
-  `Loadable`) + `permit_offers_state_context`. Options:
-  `rpc: PermitOffersRpc`, `account_id: () => string | null`,
-  `actor_id: () => string | null`. The narrow `PermitOffersRpc`
+  `role_grant_offers_state_context`; caller seeds via
+  `RoleGrantOffersState.fetch_history()`.
+- `role_grant_offers_state.svelte.ts` — `RoleGrantOffersState` (extends
+  `Loadable`) + `role_grant_offers_state_context`. Options:
+  `rpc: RoleGrantOffersRpc`, `account_id: () => string | null`,
+  `actor_id: () => string | null`. The narrow `RoleGrantOffersRpc`
   interface has six methods: `list`, `history`, `create`, `accept`,
   `decline`, `retract`. `$state.raw` Map keyed by offer id;
   `$derived.by` views: `incoming` (recipient-side pending, soonest-
   expiry first), `outgoing` (grantor-side pending, newest-created
   first), `history` (all known, newest-created first). Reducer
-  `apply_notification` handles the six permit-offer notification
-  methods; `permit_revoke` is deliberately ignored here (auth/permits
+  `apply_notification` handles the six role-grant-offer notification
+  methods; `role_grant_revoke` is deliberately ignored here (auth/role_grants
   concern). `reset()` clears the Map.
 ## State primitives
@@ -205,8 +209,8 @@ destructive actions.
 - `auth_state.svelte.ts` — `AuthState`, `auth_state_context`.
   Fields: `verifying`, `verified`, `verify_error`, `account`, `actor`
   (the caller's own `ActorSummaryJson` — surfaced directly so consumers
-  don't derive `actor_id` from the permit list), `permits`,
-  `active_permits` (derived via `is_permit_active`), `roles` (derived),
+  don't derive `actor_id` from the role_grant list), `role_grants`,
+  `active_role_grants` (derived via `is_role_grant_active`), `roles` (derived),
   `needs_bootstrap`. Methods: `check_session()`
   (GET `/api/account/status`), `login`, `bootstrap`, `signup`,
   `logout`. Handles 401/403/409/429 translations inline.
@@ -234,23 +238,25 @@ destructive actions.
   `account_session_revoke_all` RPC actions. Derived `active_count`.
 - `audit_log_state.svelte.ts` — `AuditLogState` extends `Loadable`
   - `audit_log_rpc_context` + narrow `AuditLogRpc` (`list` +
-    `permit_history`). Fields: `events`, `permit_history_events`,
+    `role_grant_history`). Fields: `events`, `role_grant_history_events`,
     `connected`. Internal `#last_seq` for SSE gap fill on reconnect.
-    Methods: `fetch(options?)` (RPC), `fetch_permit_history`,
+    Methods: `fetch(options?)` (RPC), `fetch_role_grant_history`,
     `subscribe()` (opens `EventSource` at `#stream_url`, default
     `/api/admin/audit/stream`; prepends new events; refills gap
     via `since_seq`), `disconnect()`. SSE stays on `EventSource` —
     streaming is not an RPC concern.
 - `admin_accounts_state.svelte.ts` — `AdminAccountsState` extends
   `Loadable` + `admin_accounts_rpc_context` + narrow
-  `AdminAccountsRpc` (six methods: `list_accounts`, `grant_permit`,
-  `revoke_permit`, `retract_offer`, `session_revoke_all`,
+  `AdminAccountsRpc` (six methods: `list_accounts`, `create_role_grant`,
+  `revoke_role_grant`, `retract_offer`, `session_revoke_all`,
   `token_revoke_all` — the last two are also reused by
   `AdminSessionsState`). `SvelteSet`s for in-flight tracking:
-  `granting_keys` (`${account_id}:${role}`), `revoking_ids`
-  (permit id), `retracting_ids` (offer id). `revoke_permit` keys on
-  `actor_id` (permits are actor-scoped — matches `row.actor.id`
-  straight from the listing) with optional `reason`.
+  `granting_keys` (`${account_id}:${role}` for the account-grain
+  default; `${account_id}:${role}:${to_actor_id}` when `create_role_grant`
+  is called with an actor-targeted offer), `revoking_ids` (role_grant id),
+  `retracting_ids` (offer id). `revoke_role_grant` keys on `actor_id`
+  (role_grants are actor-scoped — matches `row.actor.id` straight from the
+  listing) with optional `reason`.
 - `admin_invites_state.svelte.ts` — `AdminInvitesState` extends
   `Loadable` + `admin_invites_rpc_context` + narrow
   `AdminInvitesRpc` (`list`, `create`, `delete`). Fields:
@@ -274,8 +280,8 @@ destructive actions.
   objects. `provide_admin_rpc_contexts(adapters)` calls `set` on all
   four contexts in one shot. One line at the admin shell layout:
   `provide_admin_rpc_contexts(create_admin_rpc_adapters(api))`.
-  Method-name mapping is in the module TSDoc (`grant_permit` →
-  `permit_offer_create`, `retract_offer` → `permit_offer_retract`, etc.)
+  Method-name mapping is in the module TSDoc (`create_role_grant` →
+  `role_grant_offer_create`, `retract_offer` → `role_grant_offer_retract`, etc.)
   and the `admin_rpc_adapters.test.ts` fixtures.
 ## RPC adapter contexts
@@ -293,24 +299,24 @@ provisioner pattern.
 - `admin_invites_rpc_context` — `() => AdminInvitesRpc | null`.
   Consumed by `AdminInvites`, `AdminOverview`.
 - `audit_log_rpc_context` — `() => AuditLogRpc | null`. Consumed by
-  `AdminAuditLog`, `AdminPermitHistory`, `AdminOverview`.
+  `AdminAuditLog`, `AdminRoleGrantHistory`, `AdminOverview`.
 - `app_settings_rpc_context` — `() => AppSettingsRpc | null`.
   Consumed by `OpenSignupToggle`, `AdminOverview`.
 - `account_sessions_rpc_context` — `() => AccountSessionsRpc | null`.
   Consumed by `AccountSessions`.
-- `permit_offers_state_context` — carries `PermitOffersState`
-  directly. Consumed by `PermitOfferInbox`, `PermitOfferForm`,
-  `PermitOfferHistory`. Wiring is ctor-bound (RPC + account/actor
-  getters), so there's no separate `permit_offers_rpc_context`.
+- `role_grant_offers_state_context` — carries `RoleGrantOffersState`
+  directly. Consumed by `RoleGrantOfferInbox`, `RoleGrantOfferForm`,
+  `RoleGrantOfferHistory`. Wiring is ctor-bound (RPC + account/actor
+  getters), so there's no separate `role_grant_offers_rpc_context`.
 - `format_scope_context` — `() => FormatScope` (getter shape, matching
   the RPC contexts above). `FormatScope = ({scope_id, role}) => string |
 null`; default returns `null` so callers fall back to the raw uuid.
   Provisioned by `provide_admin_rpc_contexts(adapters, {format_scope})`.
-  Consumed by `AdminAccounts`, `AdminPermitHistory`, `PermitOfferInbox`,
-  `PermitOfferHistory` via the `resolve_scope_label(scope_id, role,
+  Consumed by `AdminAccounts`, `AdminRoleGrantHistory`, `RoleGrantOfferInbox`,
+  `RoleGrantOfferHistory` via the `resolve_scope_label(scope_id, role,
 format_scope, global_label)` helper — `global_label = null` renders no
   chip (admin tables); `'global'` renders an explicit label (offer
-  surfaces). `PermitOfferInbox` / `PermitOfferHistory` accept a
+  surfaces). `RoleGrantOfferInbox` / `RoleGrantOfferHistory` accept a
   `format_scope?: FormatScope` prop — same shape as the context, prop
   wins when supplied.
 - `sidebar_state_context` — `() => SidebarState`. Provisioned by

package/dist/ui/{PermitOfferForm.svelte → RoleGrantOfferForm.svelte} RENAMED Viewed

@@ -1,9 +1,10 @@
 <script lang="ts">
 	/**
-	 * Grantor-side permit offer form.
+	 * Grantor-side role_grant offer form.
 	 *
 	 * Caller supplies `to_account_id`, the subset of roles the grantor may
-	 * offer (typically filtered by `web_grantable`), an optional `scope_id`,
+	 * offer (typically filtered by admin-grant-path — `RoleSpec.grant_paths`
+	 * includes `'admin'`), an optional `scope_id`,
 	 * and an optional `on_created` callback for post-submit UX. Errors from
 	 * the RPC surface the three distinct reason codes — self-target,
 	 * role-not-grantable, not-authorized — so consumers can render them
@@ -12,35 +13,44 @@
 	import PendingButton from '@fuzdev/fuz_ui/PendingButton.svelte';
-	import {permit_offers_state_context} from './permit_offers_state.svelte.js';
+	import {role_grant_offers_state_context} from './role_grant_offers_state.svelte.js';
 	import {FormState} from './form_state.svelte.js';
 	import {
-		PERMIT_OFFER_MESSAGE_LENGTH_MAX,
-		type PermitOfferJson,
-	} from '../auth/permit_offer_schema.js';
+		ROLE_GRANT_OFFER_MESSAGE_LENGTH_MAX,
+		type RoleGrantOfferJson,
+	} from '../auth/role_grant_offer_schema.js';
 	import {
-		ERROR_OFFER_NOT_AUTHORIZED,
-		ERROR_OFFER_ROLE_NOT_GRANTABLE,
-		ERROR_OFFER_SELF_TARGET,
-	} from '../auth/permit_offer_action_specs.js';
+		ERROR_ROLE_GRANT_OFFER_ACTOR_ACCOUNT_MISMATCH,
+		ERROR_ROLE_GRANT_OFFER_ACTOR_MISMATCH,
+		ERROR_ROLE_GRANT_OFFER_NOT_AUTHORIZED,
+		ERROR_ROLE_GRANT_OFFER_ROLE_NOT_GRANTABLE,
+		ERROR_ROLE_GRANT_OFFER_SELF_TARGET,
+	} from '../auth/role_grant_offer_action_specs.js';
 	const {
 		to_account_id,
+		to_actor_id = null,
 		roles,
 		scope_id = null,
 		on_created,
 		format_role = (role: string) => role,
 	}: {
 		to_account_id: string;
-		/** Roles the caller may offer — caller filters by `web_grantable` upstream. */
+		/**
+		 * Narrow the offer to a specific actor on `to_account_id`. Omit
+		 * (or `null`, the default) for the account-grain default — any
+		 * actor on the recipient account may accept.
+		 */
+		to_actor_id?: string | null;
+		/** Roles the caller may offer — caller filters upstream (default: admin-grant-path). */
 		roles: Array<string>;
 		/** Resource scope for the offer; `null` (default) yields a global offer. */
 		scope_id?: string | null;
-		on_created?: (offer: PermitOfferJson) => void;
+		on_created?: (offer: RoleGrantOfferJson) => void;
 		format_role?: (role: string) => string;
 	} = $props();
-	const permit_offers = permit_offers_state_context.get();
+	const role_grant_offers = role_grant_offers_state_context.get();
 	const form_state = new FormState();
 	let role: string | undefined = $state.raw();
@@ -48,16 +58,20 @@
 	let message = $state.raw('');
 	let local_error: string | null = $state.raw(null);
-	const submitting = $derived(permit_offers.loading);
+	const submitting = $derived(role_grant_offers.loading);
 	const surface_error = (reason: string | null): string | null => {
 		switch (reason) {
-			case ERROR_OFFER_SELF_TARGET:
-				return 'You cannot offer a permit to yourself.';
-			case ERROR_OFFER_ROLE_NOT_GRANTABLE:
+			case ERROR_ROLE_GRANT_OFFER_SELF_TARGET:
+				return 'You cannot offer a role_grant to yourself.';
+			case ERROR_ROLE_GRANT_OFFER_ROLE_NOT_GRANTABLE:
 				return 'That role cannot be offered through this form.';
-			case ERROR_OFFER_NOT_AUTHORIZED:
+			case ERROR_ROLE_GRANT_OFFER_NOT_AUTHORIZED:
 				return 'You are not authorized to offer that role.';
+			case ERROR_ROLE_GRANT_OFFER_ACTOR_ACCOUNT_MISMATCH:
+				return 'That actor is not on the recipient account.';
+			case ERROR_ROLE_GRANT_OFFER_ACTOR_MISMATCH:
+				return 'This offer is for a different actor on the recipient account.';
 			default:
 				return null;
 		}
@@ -70,8 +84,9 @@
 			form_state.focus('role');
 			return;
 		}
-		const offer = await permit_offers.create({
+		const offer = await role_grant_offers.create({
 			to_account_id,
+			to_actor_id,
 			role: selected_role,
 			scope_id,
 			message: message.trim() || null,
@@ -83,12 +98,12 @@
 			return;
 		}
 		// Structured error data carries the reason; fall back to raw error string.
-		const data = permit_offers.error_data as
+		const data = role_grant_offers.error_data as
 			| {data?: {reason?: string}; reason?: string}
 			| null
 			| undefined;
 		const reason = data?.data?.reason ?? data?.reason ?? null;
-		local_error = surface_error(reason) ?? permit_offers.error;
+		local_error = surface_error(reason) ?? role_grant_offers.error;
 	};
 </script>
@@ -119,7 +134,7 @@
 		<textarea
 			name="message"
 			bind:value={message}
-			maxlength={PERMIT_OFFER_MESSAGE_LENGTH_MAX}
+			maxlength={ROLE_GRANT_OFFER_MESSAGE_LENGTH_MAX}
 			placeholder="optional note for the recipient"
 			disabled={submitting}
 		></textarea>

package/dist/ui/RoleGrantOfferForm.svelte.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { type RoleGrantOfferJson } from '../auth/role_grant_offer_schema.js';
+type $$ComponentProps = {
+    to_account_id: string;
+    /**
+     * Narrow the offer to a specific actor on `to_account_id`. Omit
+     * (or `null`, the default) for the account-grain default — any
+     * actor on the recipient account may accept.
+     */
+    to_actor_id?: string | null;
+    /** Roles the caller may offer — caller filters upstream (default: admin-grant-path). */
+    roles: Array<string>;
+    /** Resource scope for the offer; `null` (default) yields a global offer. */
+    scope_id?: string | null;
+    on_created?: (offer: RoleGrantOfferJson) => void;
+    format_role?: (role: string) => string;
+};
+declare const RoleGrantOfferForm: import("svelte").Component<$$ComponentProps, {}, "">;
+type RoleGrantOfferForm = ReturnType<typeof RoleGrantOfferForm>;
+export default RoleGrantOfferForm;
+//# sourceMappingURL=RoleGrantOfferForm.svelte.d.ts.map

package/dist/ui/RoleGrantOfferForm.svelte.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"RoleGrantOfferForm.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/RoleGrantOfferForm.svelte"],"names":[],"mappings":"AAkBA,OAAO,EAEL,KAAK,kBAAkB,EACvB,MAAM,oCAAoC,CAAC;AAS5C,KAAK,gBAAgB,GAAI;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,wFAAwF;IACxF,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,kBAAkB,KAAK,IAAI,CAAC;IACjD,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA4GH,QAAA,MAAM,kBAAkB,sDAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/{PermitOfferHistory.svelte → RoleGrantOfferHistory.svelte} RENAMED Viewed

@@ -1,21 +1,21 @@
 <script lang="ts">
 	/**
-	 * Both-directions permit offer history table.
+	 * Both-directions role_grant offer history table.
 	 *
 	 * Shows every offer involving the current account — recipient or grantor
 	 * — including terminal rows (accepted, declined, retracted, superseded,
-	 * expired). Backed by `permit_offer_history` (new RPC action); seeded
-	 * via `PermitOffersState.fetch_history()`.
+	 * expired). Backed by `role_grant_offer_history` (new RPC action); seeded
+	 * via `RoleGrantOffersState.fetch_history()`.
 	 *
 	 * Consumers plug in optional `format_actor` / `format_scope` callbacks
 	 * for display names.
 	 */
-	import {permit_offers_state_context} from './permit_offers_state.svelte.js';
+	import {role_grant_offers_state_context} from './role_grant_offers_state.svelte.js';
 	import Datatable from './Datatable.svelte';
 	import type {DatatableColumn} from './datatable.js';
 	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
-	import type {PermitOfferJson} from '../auth/permit_offer_schema.js';
+	import type {RoleGrantOfferJson} from '../auth/role_grant_offer_schema.js';
 	import {format_scope_context, resolve_scope_label, type FormatScope} from './format_scope.js';
 	const {
@@ -36,13 +36,13 @@
 		format_role?: (role: string) => string;
 	} = $props();
-	const permit_offers = permit_offers_state_context.get();
+	const role_grant_offers = role_grant_offers_state_context.get();
 	const get_format_scope = format_scope_context.get();
 	const format_scope_from_context = $derived(get_format_scope());
 	const now = $state.raw(Date.now());
-	const status_of = (offer: PermitOfferJson): string => {
+	const status_of = (offer: RoleGrantOfferJson): string => {
 		if (offer.accepted_at) return 'accepted';
 		if (offer.declined_at) return 'declined';
 		if (offer.retracted_at) return 'retracted';
@@ -70,7 +70,7 @@
 	const scope_label = (scope_id: string | null, role: string): string =>
 		resolve_scope_label(scope_id, role, format_scope ?? format_scope_from_context, 'global');
-	const columns: Array<DatatableColumn<PermitOfferJson>> = [
+	const columns: Array<DatatableColumn<RoleGrantOfferJson>> = [
 		{key: 'from_actor_id', label: 'direction', width: 110},
 		{key: 'role', label: 'role', width: 140},
 		{key: 'scope_id', label: 'scope', width: 160},
@@ -82,12 +82,12 @@
 <section>
 	<h2>offer history</h2>
-	{#if permit_offers.loading}
+	{#if role_grant_offers.loading}
 		<p class="text_50">loading history...</p>
-	{:else if permit_offers.error}
-		<p class="color_c_50">{permit_offers.error}</p>
+	{:else if role_grant_offers.error}
+		<p class="color_c_50">{role_grant_offers.error}</p>
 	{:else}
-		<Datatable {columns} rows={permit_offers.history} height="400px" row_key="id">
+		<Datatable {columns} rows={role_grant_offers.history} height="400px" row_key="id">
 			{#snippet cell(column, row)}
 				{#if column.key === 'from_actor_id'}
 					{#if current_actor_id && row.from_actor_id === current_actor_id}

package/dist/ui/{PermitOfferHistory.svelte.d.ts → RoleGrantOfferHistory.svelte.d.ts} RENAMED Viewed

@@ -11,7 +11,7 @@ type $$ComponentProps = {
     format_scope?: FormatScope;
     format_role?: (role: string) => string;
 };
-declare const PermitOfferHistory: import("svelte").Component<$$ComponentProps, {}, "">;
-type PermitOfferHistory = ReturnType<typeof PermitOfferHistory>;
-export default PermitOfferHistory;
-//# sourceMappingURL=PermitOfferHistory.svelte.d.ts.map
+declare const RoleGrantOfferHistory: import("svelte").Component<$$ComponentProps, {}, "">;
+type RoleGrantOfferHistory = ReturnType<typeof RoleGrantOfferHistory>;
+export default RoleGrantOfferHistory;
+//# sourceMappingURL=RoleGrantOfferHistory.svelte.d.ts.map

package/dist/ui/RoleGrantOfferHistory.svelte.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"RoleGrantOfferHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/RoleGrantOfferHistory.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,oFAAoF;IACpF,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAkGH,QAAA,MAAM,qBAAqB,sDAAwC,CAAC;AACpE,KAAK,qBAAqB,GAAG,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACtE,eAAe,qBAAqB,CAAC"}

package/dist/ui/{PermitOfferInbox.svelte → RoleGrantOfferInbox.svelte} RENAMED Viewed

@@ -2,7 +2,7 @@
 	/**
 	 * Recipient-side pending offer inbox.
 	 *
-	 * Renders `PermitOffersState.incoming` (pending, soonest-expiry first)
+	 * Renders `RoleGrantOffersState.incoming` (pending, soonest-expiry first)
 	 * with accept + decline-with-reason controls. Grantor and scope rendering
 	 * are delegated via optional callback props — consumers plug in display
 	 * names once they know what a `from_actor_id` / `scope_id` represents
@@ -12,10 +12,10 @@
 	import PendingButton from '@fuzdev/fuz_ui/PendingButton.svelte';
 	import {SvelteMap} from 'svelte/reactivity';
-	import {permit_offers_state_context} from './permit_offers_state.svelte.js';
+	import {role_grant_offers_state_context} from './role_grant_offers_state.svelte.js';
 	import ConfirmButton from './ConfirmButton.svelte';
 	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
-	import {PERMIT_OFFER_MESSAGE_LENGTH_MAX} from '../auth/permit_offer_schema.js';
+	import {ROLE_GRANT_OFFER_MESSAGE_LENGTH_MAX} from '../auth/role_grant_offer_schema.js';
 	import {format_scope_context, resolve_scope_label, type FormatScope} from './format_scope.js';
 	const {
@@ -35,7 +35,7 @@
 		format_role?: (role: string) => string;
 	} = $props();
-	const permit_offers = permit_offers_state_context.get();
+	const role_grant_offers = role_grant_offers_state_context.get();
 	const get_format_scope = format_scope_context.get();
 	const format_scope_from_context = $derived(get_format_scope());
@@ -45,18 +45,18 @@
 	const decline_reasons: SvelteMap<string, string> = new SvelteMap();
 </script>
-<section class="permit-offer-inbox">
+<section class="role-grant-offer-inbox">
 	<h2>pending offers</h2>
-	{#if permit_offers.error}
-		<p class="color_c_50">{permit_offers.error}</p>
+	{#if role_grant_offers.error}
+		<p class="color_c_50">{role_grant_offers.error}</p>
 	{/if}
-	{#if permit_offers.incoming.length === 0}
+	{#if role_grant_offers.incoming.length === 0}
 		<p class="text_50">No pending offers.</p>
 	{:else}
 		<ul class="column gap_md">
-			{#each permit_offers.incoming as offer (offer.id)}
+			{#each role_grant_offers.incoming as offer (offer.id)}
 				<li class="box p_md column gap_sm">
 					<div class="row gap_sm align_center">
 						<span class="chip color_a">{format_role(offer.role)}</span>
@@ -76,9 +76,9 @@
 					<div class="row gap_sm">
 						<PendingButton
-							pending={permit_offers.loading}
-							disabled={permit_offers.loading}
-							onclick={() => permit_offers.accept(offer.id)}
+							pending={role_grant_offers.loading}
+							disabled={role_grant_offers.loading}
+							onclick={() => role_grant_offers.accept(offer.id)}
 							class="color_b"
 						>
 							accept
@@ -89,7 +89,7 @@
 							position="bottom"
 							onconfirm={() => {
 								const reason = decline_reasons.get(offer.id) ?? '';
-								void permit_offers.decline(offer.id, reason || null);
+								void role_grant_offers.decline(offer.id, reason || null);
 								decline_reasons.delete(offer.id);
 							}}
 						>
@@ -102,7 +102,7 @@
 										<div class="title">reason (optional)</div>
 										<textarea
 											name="decline-reason"
-											maxlength={PERMIT_OFFER_MESSAGE_LENGTH_MAX}
+											maxlength={ROLE_GRANT_OFFER_MESSAGE_LENGTH_MAX}
 											placeholder="optional reason"
 											value={decline_reasons.get(offer.id) ?? ''}
 											oninput={(e) =>

package/dist/ui/{PermitOfferInbox.svelte.d.ts → RoleGrantOfferInbox.svelte.d.ts} RENAMED Viewed

@@ -11,7 +11,7 @@ type $$ComponentProps = {
     /** Display label for a role constant. Defaults to identity. */
     format_role?: (role: string) => string;
 };
-declare const PermitOfferInbox: import("svelte").Component<$$ComponentProps, {}, "">;
-type PermitOfferInbox = ReturnType<typeof PermitOfferInbox>;
-export default PermitOfferInbox;
-//# sourceMappingURL=PermitOfferInbox.svelte.d.ts.map
+declare const RoleGrantOfferInbox: import("svelte").Component<$$ComponentProps, {}, "">;
+type RoleGrantOfferInbox = ReturnType<typeof RoleGrantOfferInbox>;
+export default RoleGrantOfferInbox;
+//# sourceMappingURL=RoleGrantOfferInbox.svelte.d.ts.map

package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"RoleGrantOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/RoleGrantOfferInbox.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA2FH,QAAA,MAAM,mBAAmB,sDAAwC,CAAC;AAClE,KAAK,mBAAmB,GAAG,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAClE,eAAe,mBAAmB,CAAC"}

package/dist/ui/SignupForm.svelte CHANGED Viewed

@@ -16,7 +16,7 @@
 	import PendingButton from '@fuzdev/fuz_ui/PendingButton.svelte';
 	import {autofocus} from '@fuzdev/fuz_ui/autofocus.svelte.js';
-	import {Username} from '../auth/account_schema.js';
+	import {Username} from '../primitive_schemas.js';
 	import {PASSWORD_LENGTH_MIN} from '../auth/password.js';
 	import {auth_state_context} from './auth_state.svelte.js';
 	import {FormState} from './form_state.svelte.js';