@fuzdev/fuz_app 0.54.0 → 0.56.0

package/dist/ui/SurfaceExplorer.svelte

@@ -12,6 +12,12 @@
 
 	import type {AppSurface, AppSurfaceRoute, AppSurfaceDiagnostic} from '../http/surface.js';
 	import {surface_auth_summary, format_route_key} from '../http/surface_query.js';
+	import {
+		is_keeper_auth,
+		is_plain_authenticated_auth,
+		is_public_auth,
+		is_role_auth,
+	} from '../http/auth_shape.js';
 
 	const {surface}: {surface: AppSurface} = $props();
 
@@ -22,10 +28,26 @@
 
 	const summary = $derived(surface_auth_summary(surface));
 
+	const auth_matches_filter = (
+		auth: AppSurfaceRoute['auth'],
+		filter: (typeof auth_types)[number],
+	): boolean => {
+		switch (filter) {
+			case 'all':
+				return true;
+			case 'none':
+				return is_public_auth(auth);
+			case 'authenticated':
+				return is_plain_authenticated_auth(auth);
+			case 'role':
+				return is_role_auth(auth);
+			case 'keeper':
+				return is_keeper_auth(auth);
+		}
+	};
+
 	const filtered_routes: Array<AppSurfaceRoute> = $derived(
-		auth_filter === 'all'
-			? surface.routes
-			: surface.routes.filter((r) => r.auth.type === auth_filter),
+		surface.routes.filter((r) => auth_matches_filter(r.auth, auth_filter)),
 	);
 
 	let expanded_event: string | null = $state.raw(null);
@@ -39,21 +61,19 @@
 	};
 
 	const format_auth = (auth: AppSurfaceRoute['auth']): string => {
-		if (auth.type === 'role') return `role:${auth.role}`;
-		return auth.type;
+		if (is_public_auth(auth)) return 'none';
+		if (is_keeper_auth(auth)) return 'keeper';
+		if (is_role_auth(auth)) return `role:${auth.roles!.join('|')}`;
+		if (is_plain_authenticated_auth(auth)) return 'authenticated';
+		return 'other';
 	};
 
 	const auth_chip_class = (auth: AppSurfaceRoute['auth']): string => {
-		switch (auth.type) {
-			case 'none':
-				return 'chip color_b';
-			case 'authenticated':
-				return 'chip color_a';
-			case 'role':
-				return 'chip color_d';
-			case 'keeper':
-				return 'chip color_c';
-		}
+		if (is_public_auth(auth)) return 'chip color_b';
+		if (is_keeper_auth(auth)) return 'chip color_c';
+		if (is_role_auth(auth)) return 'chip color_d';
+		if (is_plain_authenticated_auth(auth)) return 'chip color_a';
+		return 'chip';
 	};
 
 	const role_count = $derived(Array.from(summary.role.values()).reduce((sum, n) => sum + n, 0));

package/dist/ui/SurfaceExplorer.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SurfaceExplorer.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/SurfaceExplorer.svelte"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAC,UAAU,EAAwC,MAAM,oBAAoB,CAAC;AAGzF,KAAK,gBAAgB,GAAI;IAAC,OAAO,EAAE,UAAU,CAAA;CAAC,CAAC;AAwRhD,QAAA,MAAM,eAAe,sDAAwC,CAAC;AAC9D,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;AAC1D,eAAe,eAAe,CAAC"}
+{"version":3,"file":"SurfaceExplorer.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/SurfaceExplorer.svelte"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAC,UAAU,EAAwC,MAAM,oBAAoB,CAAC;AASzF,KAAK,gBAAgB,GAAI;IAAC,OAAO,EAAE,UAAU,CAAA;CAAC,CAAC;AAuShD,QAAA,MAAM,eAAe,sDAAwC,CAAC;AAC9D,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;AAC1D,eAAe,eAAe,CAAC"}

package/dist/ui/account_sessions_state.svelte.d.ts

@@ -1,8 +1,7 @@
 /**
  * Reactive state for managing the authenticated account's auth sessions on a
- * settings page. Reads and mutations flow through a narrow RPC adapter; the
- * REST routes that backed this class moved to `auth/account_actions.ts` in the
- * 2026-04-23 RPC migration.
+ * settings page. Reads and mutations flow through a narrow RPC adapter
+ * backed by `auth/account_actions.ts`.
  *
  * @module
  */

package/dist/ui/account_sessions_state.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"account_sessions_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/account_sessions_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IACxD,MAAM,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAC,CAAC,CAAC;IAChF,UAAU,EAAE,MAAM,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CACrD;AAED;;;;GAIG;AACH,eAAO,MAAM,4BAA4B;qBAAwB,kBAAkB,GAAG,IAAI;yBAAzB,kBAAkB,GAAG,IAAI,wBAAzB,kBAAkB,GAAG,IAAI;CAEzF,CAAC;AAEF,MAAM,WAAW,2BAA2B;IAC3C;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,qBAAa,oBAAqB,SAAQ,QAAQ;;IAGjD,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAkB;IAElD,QAAQ,CAAC,YAAY,SAAkC;gBAE3C,OAAO,CAAC,EAAE,2BAA2B;IAKjD,6FAA6F;IAC7F,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAejC"}
+{"version":3,"file":"account_sessions_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/account_sessions_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAE/D;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IACxD,MAAM,EAAE,CAAC,MAAM,EAAE;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAC,CAAC,CAAC;IAChF,UAAU,EAAE,MAAM,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CACrD;AAED;;;;GAIG;AACH,eAAO,MAAM,4BAA4B;qBAAwB,kBAAkB,GAAG,IAAI;yBAAzB,kBAAkB,GAAG,IAAI,wBAAzB,kBAAkB,GAAG,IAAI;CAEzF,CAAC;AAEF,MAAM,WAAW,2BAA2B;IAC3C;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,kBAAkB,GAAG,IAAI,CAAC;CAC1C;AAED,qBAAa,oBAAqB,SAAQ,QAAQ;;IAGjD,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAkB;IAElD,QAAQ,CAAC,YAAY,SAAkC;gBAE3C,OAAO,CAAC,EAAE,2BAA2B;IAKjD,6FAA6F;IAC7F,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAYtB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAejC"}

package/dist/ui/account_sessions_state.svelte.js

@@ -1,8 +1,7 @@
 /**
  * Reactive state for managing the authenticated account's auth sessions on a
- * settings page. Reads and mutations flow through a narrow RPC adapter; the
- * REST routes that backed this class moved to `auth/account_actions.ts` in the
- * 2026-04-23 RPC migration.
+ * settings page. Reads and mutations flow through a narrow RPC adapter
+ * backed by `auth/account_actions.ts`.
  *
  * @module
  */

package/dist/ui/admin_accounts_state.svelte.d.ts

@@ -8,18 +8,18 @@ import type { Uuid } from '@fuzdev/fuz_util/id.js';
 import { Loadable } from './loadable.svelte.js';
 import type { AdminAccountEntryJson } from '../auth/account_schema.js';
 import type { RoleName } from '../auth/role_schema.js';
-import type { PermitOfferJson } from '../auth/permit_offer_schema.js';
+import type { RoleGrantOfferJson } from '../auth/role_grant_offer_schema.js';
 import type { AdminAccountListOutput, AdminSessionListOutput, AdminSessionRevokeAllInput, AdminSessionRevokeAllOutput, AdminTokenRevokeAllInput, AdminTokenRevokeAllOutput } from '../auth/admin_action_specs.js';
-import type { PermitOfferCreateInput, PermitOfferCreateOutput, PermitOfferOkOutput, PermitRevokeInput, PermitRevokeOutput } from '../auth/permit_offer_action_specs.js';
+import type { RoleGrantOfferCreateInput, RoleGrantOfferCreateOutput, RoleGrantOfferOkOutput, RoleGrantRevokeInput, RoleGrantRevokeOutput } from '../auth/role_grant_offer_action_specs.js';
 /**
  * Narrow RPC surface consumed by `AdminAccountsState`. Consumers adapt their
  * typed RPC client (e.g. a `create_rpc_client` Proxy) to this shape — the
  * state class stays decoupled from the client's `Result` return type so
- * tests can inject plain-function stubs. Mirrors the `PermitOffersRpc`
+ * tests can inject plain-function stubs. Mirrors the `RoleGrantOffersRpc`
  * pattern.
  *
  * Every operation flows through RPC: the listing reuses `admin_account_list`,
- * grant reuses `permit_offer_create`, revoke and retract have dedicated
+ * grant reuses `role_grant_offer_create`, revoke and retract have dedicated
  * actions, and the session / token revoke-all mutations reuse
  * `admin_session_revoke_all` and `admin_token_revoke_all`. Without the
  * adapter the state class cannot fetch, grant, revoke, retract, or
@@ -33,9 +33,9 @@ import type { PermitOfferCreateInput, PermitOfferCreateOutput, PermitOfferOkOutp
 export interface AdminAccountsRpc {
     list_accounts: () => Promise<AdminAccountListOutput>;
     list_sessions: () => Promise<AdminSessionListOutput>;
-    grant_permit: (params: PermitOfferCreateInput) => Promise<PermitOfferCreateOutput>;
-    revoke_permit: (params: PermitRevokeInput) => Promise<PermitRevokeOutput>;
-    retract_offer: (offer_id: Uuid) => Promise<PermitOfferOkOutput>;
+    create_role_grant: (params: RoleGrantOfferCreateInput) => Promise<RoleGrantOfferCreateOutput>;
+    revoke_role_grant: (params: RoleGrantRevokeInput) => Promise<RoleGrantRevokeOutput>;
+    retract_offer: (offer_id: Uuid) => Promise<RoleGrantOfferOkOutput>;
     session_revoke_all: (params: AdminSessionRevokeAllInput) => Promise<AdminSessionRevokeAllOutput>;
     token_revoke_all: (params: AdminTokenRevokeAllInput) => Promise<AdminTokenRevokeAllOutput>;
 }
@@ -56,7 +56,7 @@ export declare const admin_accounts_rpc_context: {
 export interface AdminAccountsStateOptions {
     /**
      * Reactive accessor for the RPC adapter; returns `null` when unwired.
-     * Matches `PermitOffersStateOptions.account_id` / `actor_id` pattern —
+     * Matches `RoleGrantOffersStateOptions.account_id` / `actor_id` pattern —
      * lets the component pass a `$props()`-sourced rpc without tripping
      * Svelte's `state_referenced_locally` warning.
      */
@@ -78,33 +78,40 @@ export declare class AdminAccountsState extends Loadable {
     get has_rpc(): boolean;
     fetch(): Promise<void>;
     /**
-     * Offer the role to the recipient via the `permit_offer_create` RPC.
+     * Offer the role to the recipient via the `role_grant_offer_create` RPC.
      * Server returns the pending offer; the recipient must accept before
-     * the permit materializes. Returns the offer payload on success so
-     * callers can drive follow-up UX (e.g. seed `PermitOffersState.outgoing`).
+     * the role_grant materializes. Returns the offer payload on success so
+     * callers can drive follow-up UX (e.g. seed `RoleGrantOffersState.outgoing`).
      *
      * A re-offer from the same admin to the same `(account, role)`
      * refreshes the existing pending row — the returned offer id is stable
      * across those calls.
      *
+     * `to_actor_id` (optional) narrows the offer to a specific actor on
+     * `account_id`; the in-flight `granting_keys` entry stays at
+     * `account_id:role` for the account-grain default (so existing
+     * consumers reading the 2-segment key keep working) and becomes
+     * `account_id:role:to_actor_id` when actor-targeted, so the two
+     * variants can be in flight without colliding on the per-row spinner.
+     *
      * No-op when the rpc adapter is absent; `error` is set to a descriptive
      * message so the UI surfaces the misconfiguration.
      */
-    grant_permit(account_id: Uuid, role: RoleName): Promise<PermitOfferJson | undefined>;
+    create_role_grant(account_id: Uuid, role: RoleName, to_actor_id?: Uuid | null): Promise<RoleGrantOfferJson | undefined>;
     /**
-     * Revoke an active permit via the `permit_revoke` RPC.
+     * Revoke an active role_grant via the `role_grant_revoke` RPC.
      *
-     * `actor_id` is the natural key — permits are actor-scoped, and the
+     * `actor_id` is the natural key — role_grants are actor-scoped, and the
      * admin UI reads `row.actor.id` straight from the listing, so the state
      * class takes it directly rather than deriving it from `account_id`.
-     * The optional `reason` is stamped on `permit.revoked_reason` and
+     * The optional `reason` is stamped on `role_grant.revoked_reason` and
      * surfaced on the revokee's WS notification.
      */
-    revoke_permit(actor_id: Uuid, permit_id: Uuid, reason?: string | null): Promise<void>;
+    revoke_role_grant(actor_id: Uuid, role_grant_id: Uuid, reason?: string | null): Promise<void>;
     /**
-     * Retract a pending offer the admin issued via the `permit_offer_retract`
+     * Retract a pending offer the admin issued via the `role_grant_offer_retract`
      * RPC. The action handles auth, audit, and the
-     * `permit_offer_retracted` WS notification.
+     * `role_grant_offer_retracted` WS notification.
      *
      * After success, refetches the listing so `pending_offers` drops the
      * row and the "+ {role}" button un-hides.

package/dist/ui/admin_accounts_state.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_accounts_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_accounts_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAE5C,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,wBAAwB,CAAC;AACrD,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,gCAAgC,CAAC;AACpE,OAAO,KAAK,EACX,sBAAsB,EACtB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EACX,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,sCAAsC,CAAC;AAE9C;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,gBAAgB;IAChC,aAAa,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,aAAa,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,YAAY,EAAE,CAAC,MAAM,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACnF,aAAa,EAAE,CAAC,MAAM,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC1E,aAAa,EAAE,CAAC,QAAQ,EAAE,IAAI,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAChE,kBAAkB,EAAE,CAAC,MAAM,EAAE,0BAA0B,KAAK,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACjG,gBAAgB,EAAE,CAAC,MAAM,EAAE,wBAAwB,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;CAC3F;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,0BAA0B;qBAAwB,gBAAgB,GAAG,IAAI;yBAAvB,gBAAgB,GAAG,IAAI,wBAAvB,gBAAgB,GAAG,IAAI;CAErF,CAAC;AAEF,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,gBAAgB,GAAG,IAAI,CAAC;CACxC;AAED,qBAAa,kBAAmB,SAAQ,QAAQ;;IAG/C,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAkB;IACxD,eAAe,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAkB;IAClD,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC5D,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC3D,QAAQ,CAAC,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE7D,QAAQ,CAAC,aAAa,SAAkC;gBAE5C,OAAO,CAAC,EAAE,yBAAyB;IAK/C;;;OAGG;IACH,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAa5B;;;;;;;;;;;;OAYG;IACG,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAqB1F;;;;;;;;OAQG;IACG,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB3F;;;;;;;OAOG;IACG,aAAa,CAAC,QAAQ,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBlD"}
+{"version":3,"file":"admin_accounts_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_accounts_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAC,SAAS,EAAC,MAAM,mBAAmB,CAAC;AAE5C,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,qBAAqB,EAAC,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,wBAAwB,CAAC;AACrD,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,oCAAoC,CAAC;AAC3E,OAAO,KAAK,EACX,sBAAsB,EACtB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EACX,yBAAyB,EACzB,0BAA0B,EAC1B,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,MAAM,0CAA0C,CAAC;AAElD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,gBAAgB;IAChC,aAAa,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,aAAa,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,iBAAiB,EAAE,CAAC,MAAM,EAAE,yBAAyB,KAAK,OAAO,CAAC,0BAA0B,CAAC,CAAC;IAC9F,iBAAiB,EAAE,CAAC,MAAM,EAAE,oBAAoB,KAAK,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACpF,aAAa,EAAE,CAAC,QAAQ,EAAE,IAAI,KAAK,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACnE,kBAAkB,EAAE,CAAC,MAAM,EAAE,0BAA0B,KAAK,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACjG,gBAAgB,EAAE,CAAC,MAAM,EAAE,wBAAwB,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;CAC3F;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,0BAA0B;qBAAwB,gBAAgB,GAAG,IAAI;yBAAvB,gBAAgB,GAAG,IAAI,wBAAvB,gBAAgB,GAAG,IAAI;CAErF,CAAC;AAEF,MAAM,WAAW,yBAAyB;IACzC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,gBAAgB,GAAG,IAAI,CAAC;CACxC;AAED,qBAAa,kBAAmB,SAAQ,QAAQ;;IAG/C,QAAQ,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAkB;IACxD,eAAe,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAkB;IAClD,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC5D,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAC3D,QAAQ,CAAC,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,CAAmB;IAE7D,QAAQ,CAAC,aAAa,SAAkC;gBAE5C,OAAO,CAAC,EAAE,yBAAyB;IAK/C;;;OAGG;IACH,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAa5B;;;;;;;;;;;;;;;;;;;OAmBG;IACG,iBAAiB,CACtB,UAAU,EAAE,IAAI,EAChB,IAAI,EAAE,QAAQ,EACd,WAAW,CAAC,EAAE,IAAI,GAAG,IAAI,GACvB,OAAO,CAAC,kBAAkB,GAAG,SAAS,CAAC;IAyB1C;;;;;;;;OAQG;IACG,iBAAiB,CACtB,QAAQ,EAAE,IAAI,EACd,aAAa,EAAE,IAAI,EACnB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GACpB,OAAO,CAAC,IAAI,CAAC;IAkBhB;;;;;;;OAOG;IACG,aAAa,CAAC,QAAQ,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAiBlD"}

package/dist/ui/admin_accounts_state.svelte.js

@@ -49,34 +49,45 @@ export class AdminAccountsState extends Loadable {
         });
     }
     /**
-     * Offer the role to the recipient via the `permit_offer_create` RPC.
+     * Offer the role to the recipient via the `role_grant_offer_create` RPC.
      * Server returns the pending offer; the recipient must accept before
-     * the permit materializes. Returns the offer payload on success so
-     * callers can drive follow-up UX (e.g. seed `PermitOffersState.outgoing`).
+     * the role_grant materializes. Returns the offer payload on success so
+     * callers can drive follow-up UX (e.g. seed `RoleGrantOffersState.outgoing`).
      *
      * A re-offer from the same admin to the same `(account, role)`
      * refreshes the existing pending row — the returned offer id is stable
      * across those calls.
      *
+     * `to_actor_id` (optional) narrows the offer to a specific actor on
+     * `account_id`; the in-flight `granting_keys` entry stays at
+     * `account_id:role` for the account-grain default (so existing
+     * consumers reading the 2-segment key keep working) and becomes
+     * `account_id:role:to_actor_id` when actor-targeted, so the two
+     * variants can be in flight without colliding on the per-row spinner.
+     *
      * No-op when the rpc adapter is absent; `error` is set to a descriptive
      * message so the UI surfaces the misconfiguration.
      */
-    async grant_permit(account_id, role) {
+    async create_role_grant(account_id, role, to_actor_id) {
         const rpc = this.#get_rpc();
         if (!rpc) {
             this.error = 'rpc adapter not wired';
             return undefined;
         }
-        const key = `${account_id}:${role}`;
+        const key = to_actor_id ? `${account_id}:${role}:${to_actor_id}` : `${account_id}:${role}`;
         this.granting_keys.add(key);
         try {
-            const { offer } = await rpc.grant_permit({ to_account_id: account_id, role });
+            const { offer } = await rpc.create_role_grant({
+                to_account_id: account_id,
+                role,
+                ...(to_actor_id ? { to_actor_id } : {}),
+            });
             this.error = null;
             await this.fetch();
             return offer;
         }
         catch (e) {
-            this.error = e instanceof Error ? e.message : 'Failed to grant permit';
+            this.error = e instanceof Error ? e.message : 'Failed to grant role_grant';
             return undefined;
         }
         finally {
@@ -84,37 +95,37 @@ export class AdminAccountsState extends Loadable {
         }
     }
     /**
-     * Revoke an active permit via the `permit_revoke` RPC.
+     * Revoke an active role_grant via the `role_grant_revoke` RPC.
      *
-     * `actor_id` is the natural key — permits are actor-scoped, and the
+     * `actor_id` is the natural key — role_grants are actor-scoped, and the
      * admin UI reads `row.actor.id` straight from the listing, so the state
      * class takes it directly rather than deriving it from `account_id`.
-     * The optional `reason` is stamped on `permit.revoked_reason` and
+     * The optional `reason` is stamped on `role_grant.revoked_reason` and
      * surfaced on the revokee's WS notification.
      */
-    async revoke_permit(actor_id, permit_id, reason) {
+    async revoke_role_grant(actor_id, role_grant_id, reason) {
         const rpc = this.#get_rpc();
         if (!rpc) {
             this.error = 'rpc adapter not wired';
             return;
         }
-        this.revoking_ids.add(permit_id);
+        this.revoking_ids.add(role_grant_id);
         try {
-            await rpc.revoke_permit({ actor_id, permit_id, reason: reason ?? null });
+            await rpc.revoke_role_grant({ actor_id, role_grant_id, reason: reason ?? null });
             this.error = null;
             await this.fetch();
         }
         catch (e) {
-            this.error = e instanceof Error ? e.message : 'Failed to revoke permit';
+            this.error = e instanceof Error ? e.message : 'Failed to revoke role_grant';
         }
         finally {
-            this.revoking_ids.delete(permit_id);
+            this.revoking_ids.delete(role_grant_id);
         }
     }
     /**
-     * Retract a pending offer the admin issued via the `permit_offer_retract`
+     * Retract a pending offer the admin issued via the `role_grant_offer_retract`
      * RPC. The action handles auth, audit, and the
-     * `permit_offer_retracted` WS notification.
+     * `role_grant_offer_retracted` WS notification.
      *
      * After success, refetches the listing so `pending_offers` drops the
      * row and the "+ {role}" button un-hides.

package/dist/ui/admin_rpc_adapters.d.ts

@@ -7,11 +7,11 @@
  * admin shell layout wire everything.
  *
  * Intentionally admin-only despite the backend-side
- * `create_standard_rpc_actions` rename (admin + permit-offer + account).
+ * `create_standard_rpc_actions` rename (admin + role-grant-offer + account).
  * Account-surface methods flow through `account_sessions_rpc_context`
- * (wired at the self-service layout), and permit-offer methods that
- * surface in the admin UI (`permit_offer_create`, `permit_revoke`,
- * `permit_offer_retract`) live inside the `AdminAccountsRpc` interface —
+ * (wired at the self-service layout), and role-grant-offer methods that
+ * surface in the admin UI (`role_grant_offer_create`, `role_grant_revoke`,
+ * `role_grant_offer_retract`) live inside the `AdminAccountsRpc` interface —
  * they belong to the admin UX, not a separate wire pairing. The UI side
  * and backend factory names diverge by design.
  *
@@ -21,8 +21,8 @@
  * ```
  *
  * The throwing Proxy spreads the JSON-RPC `{code, message, data?}` onto
- * the thrown `Error` so form components (e.g. `ui/PermitOfferForm.svelte`)
- * can match on `error.data?.reason` via `ERROR_OFFER_*` constants —
+ * the thrown `Error` so form components (e.g. `ui/RoleGrantOfferForm.svelte`)
+ * can match on `error.data?.reason` via `ERROR_ROLE_GRANT_OFFER_*` constants —
  * optional chaining is required because JSON-RPC `data` is spec-level
  * optional. Consumers that need a custom unwrap strategy can construct
  * their own object satisfying `AdminRpcApi` and pass it directly.
@@ -32,8 +32,8 @@
  *
  * @module
  */
-import type { AdminAccountListOutput, AdminSessionListOutput, AdminSessionRevokeAllInput, AdminSessionRevokeAllOutput, AdminTokenRevokeAllInput, AdminTokenRevokeAllOutput, AuditLogListInput, AuditLogListOutput, AuditLogPermitHistoryInput, AuditLogPermitHistoryOutput, InviteCreateInput, InviteCreateOutput, InviteDeleteInput, InviteDeleteOutput, InviteListOutput, AppSettingsGetOutput, AppSettingsUpdateInput, AppSettingsUpdateOutput } from '../auth/admin_action_specs.js';
-import type { PermitOfferCreateInput, PermitOfferCreateOutput, PermitOfferRetractInput, PermitOfferOkOutput, PermitRevokeInput, PermitRevokeOutput } from '../auth/permit_offer_action_specs.js';
+import type { AdminAccountListOutput, AdminSessionListOutput, AdminSessionRevokeAllInput, AdminSessionRevokeAllOutput, AdminTokenRevokeAllInput, AdminTokenRevokeAllOutput, AuditLogListInput, AuditLogListOutput, AuditLogRoleGrantHistoryInput, AuditLogRoleGrantHistoryOutput, InviteCreateInput, InviteCreateOutput, InviteDeleteInput, InviteDeleteOutput, InviteListOutput, AppSettingsGetOutput, AppSettingsUpdateInput, AppSettingsUpdateOutput } from '../auth/admin_action_specs.js';
+import type { RoleGrantOfferCreateInput, RoleGrantOfferCreateOutput, RoleGrantOfferRetractInput, RoleGrantOfferOkOutput, RoleGrantRevokeInput, RoleGrantRevokeOutput } from '../auth/role_grant_offer_action_specs.js';
 import { type AdminAccountsRpc } from './admin_accounts_state.svelte.js';
 import { type AdminInvitesRpc } from './admin_invites_state.svelte.js';
 import { type AuditLogRpc } from './audit_log_state.svelte.js';
@@ -56,15 +56,15 @@ export interface AdminRpcApi {
     admin_session_revoke_all: (input: AdminSessionRevokeAllInput) => Promise<AdminSessionRevokeAllOutput>;
     admin_token_revoke_all: (input: AdminTokenRevokeAllInput) => Promise<AdminTokenRevokeAllOutput>;
     audit_log_list: (input: AuditLogListInput) => Promise<AuditLogListOutput>;
-    audit_log_permit_history: (input: AuditLogPermitHistoryInput) => Promise<AuditLogPermitHistoryOutput>;
+    audit_log_role_grant_history: (input: AuditLogRoleGrantHistoryInput) => Promise<AuditLogRoleGrantHistoryOutput>;
     invite_list: () => Promise<InviteListOutput>;
     invite_create: (input: InviteCreateInput) => Promise<InviteCreateOutput>;
     invite_delete: (input: InviteDeleteInput) => Promise<InviteDeleteOutput>;
     app_settings_get: () => Promise<AppSettingsGetOutput>;
     app_settings_update: (input: AppSettingsUpdateInput) => Promise<AppSettingsUpdateOutput>;
-    permit_offer_create: (input: PermitOfferCreateInput) => Promise<PermitOfferCreateOutput>;
-    permit_offer_retract: (input: PermitOfferRetractInput) => Promise<PermitOfferOkOutput>;
-    permit_revoke: (input: PermitRevokeInput) => Promise<PermitRevokeOutput>;
+    role_grant_offer_create: (input: RoleGrantOfferCreateInput) => Promise<RoleGrantOfferCreateOutput>;
+    role_grant_offer_retract: (input: RoleGrantOfferRetractInput) => Promise<RoleGrantOfferOkOutput>;
+    role_grant_revoke: (input: RoleGrantRevokeInput) => Promise<RoleGrantRevokeOutput>;
 }
 /** The four admin RPC adapters assembled from a shared `api`. */
 export interface AdminRpcAdapters {
@@ -82,16 +82,16 @@ export interface AdminRpcAdapters {
  * | ----------------------------------- | ---------------------------- |
  * | `admin_accounts.list_accounts`      | `admin_account_list`         |
  * | `admin_accounts.list_sessions`      | `admin_session_list`         |
- * | `admin_accounts.grant_permit`       | `permit_offer_create`        |
- * | `admin_accounts.revoke_permit`      | `permit_revoke`              |
- * | `admin_accounts.retract_offer`      | `permit_offer_retract`       |
+ * | `admin_accounts.create_role_grant`       | `role_grant_offer_create`        |
+ * | `admin_accounts.revoke_role_grant`      | `role_grant_revoke`              |
+ * | `admin_accounts.retract_offer`      | `role_grant_offer_retract`       |
  * | `admin_accounts.session_revoke_all` | `admin_session_revoke_all`   |
  * | `admin_accounts.token_revoke_all`   | `admin_token_revoke_all`     |
  * | `admin_invites.list`                | `invite_list`                |
  * | `admin_invites.create`              | `invite_create`              |
  * | `admin_invites.delete`              | `invite_delete`              |
  * | `audit_log.list`                    | `audit_log_list`             |
- * | `audit_log.permit_history`          | `audit_log_permit_history`   |
+ * | `audit_log.role_grant_history`          | `audit_log_role_grant_history`   |
  * | `app_settings.get`                  | `app_settings_get`           |
  * | `app_settings.update`               | `app_settings_update`        |
  *
@@ -103,7 +103,7 @@ export declare const create_admin_rpc_adapters: (api: AdminRpcApi) => AdminRpcAd
 /** Optional knobs alongside the adapters when wiring admin contexts. */
 export interface ProvideAdminRpcContextsOptions {
     /**
-     * Render `{scope_id, role}` as a human label across permit-display
+     * Render `{scope_id, role}` as a human label across role-grant-display
      * components. Omit (or return `null`) to fall back to the raw uuid.
      */
     format_scope?: FormatScope;
@@ -120,9 +120,9 @@ export interface ProvideAdminRpcContextsOptions {
  * whole adapter set requires calling `provide_admin_rpc_contexts` again
  * during init — in practice this is one-shot at layout mount.
  *
- * Pass `options.format_scope` to render permit/offer `scope_id` values as
- * human labels across `AdminAccounts`, `AdminPermitHistory`,
- * `PermitOfferInbox`, `PermitOfferForm`, and `PermitOfferHistory`.
+ * Pass `options.format_scope` to render role_grant/offer `scope_id` values as
+ * human labels across `AdminAccounts`, `AdminRoleGrantHistory`,
+ * `RoleGrantOfferInbox`, `RoleGrantOfferForm`, and `RoleGrantOfferHistory`.
  * Components that accept a `format_scope` prop honor the prop first; the
  * context is the fallback.
  */

package/dist/ui/admin_rpc_adapters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EACX,sBAAsB,EACtB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,iBAAiB,EACjB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EACX,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAC7F,OAAO,EAAuB,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC3B,kBAAkB,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC1D,kBAAkB,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC1D,wBAAwB,EAAE,CACzB,KAAK,EAAE,0BAA0B,KAC7B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,sBAAsB,EAAE,CAAC,KAAK,EAAE,wBAAwB,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAChG,cAAc,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC1E,wBAAwB,EAAE,CACzB,KAAK,EAAE,0BAA0B,KAC7B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,WAAW,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7C,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzE,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzE,gBAAgB,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACtD,mBAAmB,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACzF,mBAAmB,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACzF,oBAAoB,EAAE,CAAC,KAAK,EAAE,uBAAuB,KAAK,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACvF,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACzE;AAED,iEAAiE;AACjE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,yBAAyB,GAAI,KAAK,WAAW,KAAG,gBAuB3D,CAAC;AAEH,wEAAwE;AACxE,MAAM,WAAW,8BAA8B;IAC9C;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,0BAA0B,GACtC,UAAU,gBAAgB,EAC1B,UAAU,8BAA8B,KACtC,IASF,CAAC"}
+{"version":3,"file":"admin_rpc_adapters.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/admin_rpc_adapters.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EACX,sBAAsB,EACtB,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,EAC3B,wBAAwB,EACxB,yBAAyB,EACzB,iBAAiB,EACjB,kBAAkB,EAClB,6BAA6B,EAC7B,8BAA8B,EAC9B,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EACX,yBAAyB,EACzB,0BAA0B,EAC1B,0BAA0B,EAC1B,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,MAAM,0CAA0C,CAAC;AAClD,OAAO,EAA6B,KAAK,gBAAgB,EAAC,MAAM,kCAAkC,CAAC;AACnG,OAAO,EAA4B,KAAK,eAAe,EAAC,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAwB,KAAK,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACpF,OAAO,EAA2B,KAAK,cAAc,EAAC,MAAM,gCAAgC,CAAC;AAC7F,OAAO,EAAuB,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAEzE;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC3B,kBAAkB,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC1D,kBAAkB,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC1D,wBAAwB,EAAE,CACzB,KAAK,EAAE,0BAA0B,KAC7B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,sBAAsB,EAAE,CAAC,KAAK,EAAE,wBAAwB,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAChG,cAAc,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC1E,4BAA4B,EAAE,CAC7B,KAAK,EAAE,6BAA6B,KAChC,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAC7C,WAAW,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7C,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzE,aAAa,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzE,gBAAgB,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACtD,mBAAmB,EAAE,CAAC,KAAK,EAAE,sBAAsB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACzF,uBAAuB,EAAE,CACxB,KAAK,EAAE,yBAAyB,KAC5B,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACzC,wBAAwB,EAAE,CAAC,KAAK,EAAE,0BAA0B,KAAK,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACjG,iBAAiB,EAAE,CAAC,KAAK,EAAE,oBAAoB,KAAK,OAAO,CAAC,qBAAqB,CAAC,CAAC;CACnF;AAED,iEAAiE;AACjE,MAAM,WAAW,gBAAgB;IAChC,cAAc,EAAE,gBAAgB,CAAC;IACjC,aAAa,EAAE,eAAe,CAAC;IAC/B,SAAS,EAAE,WAAW,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,yBAAyB,GAAI,KAAK,WAAW,KAAG,gBAuB3D,CAAC;AAEH,wEAAwE;AACxE,MAAM,WAAW,8BAA8B;IAC9C;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,0BAA0B,GACtC,UAAU,gBAAgB,EAC1B,UAAU,8BAA8B,KACtC,IASF,CAAC"}

package/dist/ui/admin_rpc_adapters.js

@@ -7,11 +7,11 @@
  * admin shell layout wire everything.
  *
  * Intentionally admin-only despite the backend-side
- * `create_standard_rpc_actions` rename (admin + permit-offer + account).
+ * `create_standard_rpc_actions` rename (admin + role-grant-offer + account).
  * Account-surface methods flow through `account_sessions_rpc_context`
- * (wired at the self-service layout), and permit-offer methods that
- * surface in the admin UI (`permit_offer_create`, `permit_revoke`,
- * `permit_offer_retract`) live inside the `AdminAccountsRpc` interface —
+ * (wired at the self-service layout), and role-grant-offer methods that
+ * surface in the admin UI (`role_grant_offer_create`, `role_grant_revoke`,
+ * `role_grant_offer_retract`) live inside the `AdminAccountsRpc` interface —
  * they belong to the admin UX, not a separate wire pairing. The UI side
  * and backend factory names diverge by design.
  *
@@ -21,8 +21,8 @@
  * ```
  *
  * The throwing Proxy spreads the JSON-RPC `{code, message, data?}` onto
- * the thrown `Error` so form components (e.g. `ui/PermitOfferForm.svelte`)
- * can match on `error.data?.reason` via `ERROR_OFFER_*` constants —
+ * the thrown `Error` so form components (e.g. `ui/RoleGrantOfferForm.svelte`)
+ * can match on `error.data?.reason` via `ERROR_ROLE_GRANT_OFFER_*` constants —
  * optional chaining is required because JSON-RPC `data` is spec-level
  * optional. Consumers that need a custom unwrap strategy can construct
  * their own object satisfying `AdminRpcApi` and pass it directly.
@@ -46,16 +46,16 @@ import { format_scope_context } from './format_scope.js';
  * | ----------------------------------- | ---------------------------- |
  * | `admin_accounts.list_accounts`      | `admin_account_list`         |
  * | `admin_accounts.list_sessions`      | `admin_session_list`         |
- * | `admin_accounts.grant_permit`       | `permit_offer_create`        |
- * | `admin_accounts.revoke_permit`      | `permit_revoke`              |
- * | `admin_accounts.retract_offer`      | `permit_offer_retract`       |
+ * | `admin_accounts.create_role_grant`       | `role_grant_offer_create`        |
+ * | `admin_accounts.revoke_role_grant`      | `role_grant_revoke`              |
+ * | `admin_accounts.retract_offer`      | `role_grant_offer_retract`       |
  * | `admin_accounts.session_revoke_all` | `admin_session_revoke_all`   |
  * | `admin_accounts.token_revoke_all`   | `admin_token_revoke_all`     |
  * | `admin_invites.list`                | `invite_list`                |
  * | `admin_invites.create`              | `invite_create`              |
  * | `admin_invites.delete`              | `invite_delete`              |
  * | `audit_log.list`                    | `audit_log_list`             |
- * | `audit_log.permit_history`          | `audit_log_permit_history`   |
+ * | `audit_log.role_grant_history`          | `audit_log_role_grant_history`   |
  * | `app_settings.get`                  | `app_settings_get`           |
  * | `app_settings.update`               | `app_settings_update`        |
  *
@@ -67,9 +67,9 @@ export const create_admin_rpc_adapters = (api) => ({
     admin_accounts: {
         list_accounts: () => api.admin_account_list(),
         list_sessions: () => api.admin_session_list(),
-        grant_permit: (params) => api.permit_offer_create(params),
-        revoke_permit: (params) => api.permit_revoke(params),
-        retract_offer: (offer_id) => api.permit_offer_retract({ offer_id }),
+        create_role_grant: (params) => api.role_grant_offer_create(params),
+        revoke_role_grant: (params) => api.role_grant_revoke(params),
+        retract_offer: (offer_id) => api.role_grant_offer_retract({ offer_id }),
         session_revoke_all: (params) => api.admin_session_revoke_all(params),
         token_revoke_all: (params) => api.admin_token_revoke_all(params),
     },
@@ -80,7 +80,7 @@ export const create_admin_rpc_adapters = (api) => ({
     },
     audit_log: {
         list: (options) => api.audit_log_list(options ?? {}),
-        permit_history: (params) => api.audit_log_permit_history(params ?? {}),
+        role_grant_history: (params) => api.audit_log_role_grant_history(params ?? {}),
     },
     app_settings: {
         get: () => api.app_settings_get(),
@@ -99,9 +99,9 @@ export const create_admin_rpc_adapters = (api) => ({
  * whole adapter set requires calling `provide_admin_rpc_contexts` again
  * during init — in practice this is one-shot at layout mount.
  *
- * Pass `options.format_scope` to render permit/offer `scope_id` values as
- * human labels across `AdminAccounts`, `AdminPermitHistory`,
- * `PermitOfferInbox`, `PermitOfferForm`, and `PermitOfferHistory`.
+ * Pass `options.format_scope` to render role_grant/offer `scope_id` values as
+ * human labels across `AdminAccounts`, `AdminRoleGrantHistory`,
+ * `RoleGrantOfferInbox`, `RoleGrantOfferForm`, and `RoleGrantOfferHistory`.
  * Components that accept a `format_scope` prop honor the prop first; the
  * context is the fallback.
  */

package/dist/ui/admin_sessions_state.svelte.d.ts

@@ -3,8 +3,8 @@
  *
  * Both the listing and the two revoke-all mutations flow through the shared
  * `AdminAccountsRpc` adapter (`list_sessions`, `session_revoke_all`,
- * `token_revoke_all`). The former REST `GET /api/admin/sessions` route moved
- * to the `admin_session_list` RPC method in the 2026-04-23 migration.
+ * `token_revoke_all`); the listing wraps the `admin_session_list` RPC
+ * method.
  *
  * @module
  */

package/dist/ui/admin_sessions_state.svelte.js

@@ -3,8 +3,8 @@
  *
  * Both the listing and the two revoke-all mutations flow through the shared
  * `AdminAccountsRpc` adapter (`list_sessions`, `session_revoke_all`,
- * `token_revoke_all`). The former REST `GET /api/admin/sessions` route moved
- * to the `admin_session_list` RPC method in the 2026-04-23 migration.
+ * `token_revoke_all`); the listing wraps the `admin_session_list` RPC
+ * method.
  *
  * @module
  */

package/dist/ui/audit_log_state.svelte.d.ts

@@ -1,7 +1,7 @@
 /**
  * Reactive state for the audit log viewer.
  *
- * Two fetch primitives (`fetch` for events, `fetch_permit_history` for the
+ * Two fetch primitives (`fetch` for events, `fetch_role_grant_history` for the
  * grant/revoke shortcut) flow through an injected RPC adapter; the SSE
  * stream continues to use `EventSource` directly — streams aren't an RPC
  * concern.
@@ -9,8 +9,8 @@
  * @module
  */
 import { Loadable } from './loadable.svelte.js';
-import type { AuditLogEventWithUsernamesJson, PermitHistoryEventJson } from '../auth/audit_log_schema.js';
-import type { AuditLogListInput, AuditLogListOutput, AuditLogPermitHistoryInput, AuditLogPermitHistoryOutput } from '../auth/admin_action_specs.js';
+import type { AuditLogEventWithUsernamesJson, RoleGrantHistoryEventJson } from '../auth/audit_log_schema.js';
+import type { AuditLogListInput, AuditLogListOutput, AuditLogRoleGrantHistoryInput, AuditLogRoleGrantHistoryOutput } from '../auth/admin_action_specs.js';
 /**
  * Narrow RPC surface consumed by `AuditLogState`. Consumers adapt their typed
  * RPC client to this shape. Mirrors `AdminAccountsRpc` / `AdminInvitesRpc`.
@@ -19,7 +19,7 @@ import type { AuditLogListInput, AuditLogListOutput, AuditLogPermitHistoryInput,
  */
 export interface AuditLogRpc {
     list: (input?: AuditLogListInput) => Promise<AuditLogListOutput>;
-    permit_history: (input?: AuditLogPermitHistoryInput) => Promise<AuditLogPermitHistoryOutput>;
+    role_grant_history: (input?: AuditLogRoleGrantHistoryInput) => Promise<AuditLogRoleGrantHistoryOutput>;
 }
 /**
  * Svelte context carrying the reactive `AuditLogRpc` accessor. Mirrors
@@ -41,15 +41,15 @@ export interface AuditLogStateOptions {
 export declare class AuditLogState extends Loadable {
     #private;
     events: Array<AuditLogEventWithUsernamesJson>;
-    permit_history_events: Array<PermitHistoryEventJson>;
+    role_grant_history_events: Array<RoleGrantHistoryEventJson>;
     readonly count: number;
     /** Whether the SSE stream is currently connected. */
     connected: boolean;
     constructor(options?: AuditLogStateOptions);
-    /** True when an RPC adapter is wired. `fetch`/`fetch_permit_history` no-op without it. */
+    /** True when an RPC adapter is wired. `fetch`/`fetch_role_grant_history` no-op without it. */
     get has_rpc(): boolean;
     fetch(options?: AuditLogListInput): Promise<void>;
-    fetch_permit_history(limit?: number, offset?: number): Promise<void>;
+    fetch_role_grant_history(limit?: number, offset?: number): Promise<void>;
     /**
      * Connect to the SSE stream for realtime audit events.
      *

package/dist/ui/audit_log_state.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit_log_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/audit_log_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAEX,8BAA8B,EAC9B,sBAAsB,EACtB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EACX,iBAAiB,EACjB,kBAAkB,EAClB,0BAA0B,EAC1B,2BAA2B,EAC3B,MAAM,+BAA+B,CAAC;AAGvC;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACjE,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,0BAA0B,KAAK,OAAO,CAAC,2BAA2B,CAAC,CAAC;CAC7F;AAED;;;GAGG;AACH,eAAO,MAAM,qBAAqB;qBAAwB,WAAW,GAAG,IAAI;yBAAlB,WAAW,GAAG,IAAI,wBAAlB,WAAW,GAAG,IAAI;CAAmB,CAAC;AAEhG,MAAM,WAAW,oBAAoB;IACpC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,WAAW,GAAG,IAAI,CAAC;IACnC,4EAA4E;IAC5E,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,aAAc,SAAQ,QAAQ;;IAG1C,MAAM,EAAE,KAAK,CAAC,8BAA8B,CAAC,CAAkB;IAC/D,qBAAqB,EAAE,KAAK,CAAC,sBAAsB,CAAC,CAAkB;IAEtE,QAAQ,CAAC,KAAK,SAAgC;IAE9C,qDAAqD;IACrD,SAAS,UAAqB;gBAWlB,OAAO,CAAC,EAAE,oBAAoB;IAM1C,0FAA0F;IAC1F,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAajD,oBAAoB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY1E;;;;;;;;OAQG;IACH,SAAS,IAAI,MAAM,IAAI;IA0CvB;;;;OAIG;IACH,UAAU,IAAI,IAAI;CAiClB"}
+{"version":3,"file":"audit_log_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/audit_log_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAEX,8BAA8B,EAC9B,yBAAyB,EACzB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EACX,iBAAiB,EACjB,kBAAkB,EAClB,6BAA6B,EAC7B,8BAA8B,EAC9B,MAAM,+BAA+B,CAAC;AAGvC;;;;;GAKG;AACH,MAAM,WAAW,WAAW;IAC3B,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACjE,kBAAkB,EAAE,CACnB,KAAK,CAAC,EAAE,6BAA6B,KACjC,OAAO,CAAC,8BAA8B,CAAC,CAAC;CAC7C;AAED;;;GAGG;AACH,eAAO,MAAM,qBAAqB;qBAAwB,WAAW,GAAG,IAAI;yBAAlB,WAAW,GAAG,IAAI,wBAAlB,WAAW,GAAG,IAAI;CAAmB,CAAC;AAEhG,MAAM,WAAW,oBAAoB;IACpC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,WAAW,GAAG,IAAI,CAAC;IACnC,4EAA4E;IAC5E,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,aAAc,SAAQ,QAAQ;;IAG1C,MAAM,EAAE,KAAK,CAAC,8BAA8B,CAAC,CAAkB;IAC/D,yBAAyB,EAAE,KAAK,CAAC,yBAAyB,CAAC,CAAkB;IAE7E,QAAQ,CAAC,KAAK,SAAgC;IAE9C,qDAAqD;IACrD,SAAS,UAAqB;gBAWlB,OAAO,CAAC,EAAE,oBAAoB;IAM1C,8FAA8F;IAC9F,IAAI,OAAO,IAAI,OAAO,CAErB;IAEK,KAAK,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAajD,wBAAwB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAY9E;;;;;;;;OAQG;IACH,SAAS,IAAI,MAAM,IAAI;IA0CvB;;;;OAIG;IACH,UAAU,IAAI,IAAI;CAiClB"}