npm - @fuzdev/fuz_app - Versions diffs - 0.55.0 → 0.56.0 - Mend

@fuzdev/fuz_app 0.55.0 → 0.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (331) hide show

package/dist/actions/CLAUDE.md +211 -155
package/dist/actions/action_bridge.d.ts +8 -5
package/dist/actions/action_bridge.d.ts.map +1 -1
package/dist/actions/action_bridge.js +1 -11
package/dist/actions/action_codegen.d.ts +19 -0
package/dist/actions/action_codegen.d.ts.map +1 -1
package/dist/actions/action_codegen.js +20 -14
package/dist/actions/action_registry.d.ts.map +1 -1
package/dist/actions/action_registry.js +5 -2
package/dist/actions/action_rpc.d.ts +110 -44
package/dist/actions/action_rpc.d.ts.map +1 -1
package/dist/actions/action_rpc.js +92 -287
package/dist/actions/action_spec.d.ts +55 -16
package/dist/actions/action_spec.d.ts.map +1 -1
package/dist/actions/action_spec.js +16 -11
package/dist/actions/action_types.d.ts +28 -60
package/dist/actions/action_types.d.ts.map +1 -1
package/dist/actions/action_types.js +13 -5
package/dist/actions/broadcast_api.d.ts +2 -2
package/dist/actions/broadcast_api.js +2 -2
package/dist/actions/compile_action_registry.d.ts +50 -0
package/dist/actions/compile_action_registry.d.ts.map +1 -0
package/dist/actions/compile_action_registry.js +69 -0
package/dist/actions/heartbeat.d.ts +8 -4
package/dist/actions/heartbeat.d.ts.map +1 -1
package/dist/actions/heartbeat.js +5 -4
package/dist/actions/perform_action.d.ts +145 -0
package/dist/actions/perform_action.d.ts.map +1 -0
package/dist/actions/perform_action.js +258 -0
package/dist/actions/register_action_ws.d.ts +44 -38
package/dist/actions/register_action_ws.d.ts.map +1 -1
package/dist/actions/register_action_ws.js +101 -159
package/dist/actions/register_ws_endpoint.d.ts +2 -10
package/dist/actions/register_ws_endpoint.d.ts.map +1 -1
package/dist/actions/register_ws_endpoint.js +32 -10
package/dist/actions/transports_ws_auth_guard.d.ts +1 -1
package/dist/actions/transports_ws_auth_guard.js +1 -1
package/dist/actions/transports_ws_backend.d.ts +1 -1
package/dist/actions/transports_ws_backend.js +1 -1
package/dist/auth/CLAUDE.md +673 -442
package/dist/auth/account_action_specs.d.ts +28 -7
package/dist/auth/account_action_specs.d.ts.map +1 -1
package/dist/auth/account_action_specs.js +7 -7
package/dist/auth/account_actions.d.ts +8 -14
package/dist/auth/account_actions.d.ts.map +1 -1
package/dist/auth/account_actions.js +26 -32
package/dist/auth/account_queries.d.ts +46 -13
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +73 -33
package/dist/auth/account_routes.d.ts +4 -3
package/dist/auth/account_routes.d.ts.map +1 -1
package/dist/auth/account_routes.js +58 -33
package/dist/auth/account_schema.d.ts +46 -54
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +21 -48
package/dist/auth/admin_action_specs.d.ts +55 -21
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +42 -26
package/dist/auth/admin_actions.d.ts +14 -21
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +47 -44
package/dist/auth/audit_emitter.d.ts +160 -0
package/dist/auth/audit_emitter.d.ts.map +1 -0
package/dist/auth/audit_emitter.js +83 -0
package/dist/auth/audit_log_queries.d.ts +17 -87
package/dist/auth/audit_log_queries.d.ts.map +1 -1
package/dist/auth/audit_log_queries.js +17 -96
package/dist/auth/audit_log_routes.d.ts +1 -1
package/dist/auth/audit_log_routes.d.ts.map +1 -1
package/dist/auth/audit_log_routes.js +7 -3
package/dist/auth/audit_log_schema.d.ts +48 -42
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +56 -43
package/dist/auth/auth_guard_resolver.d.ts +44 -0
package/dist/auth/auth_guard_resolver.d.ts.map +1 -0
package/dist/auth/auth_guard_resolver.js +56 -0
package/dist/auth/bootstrap_account.d.ts +7 -7
package/dist/auth/bootstrap_account.d.ts.map +1 -1
package/dist/auth/bootstrap_account.js +7 -7
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +11 -10
package/dist/auth/cleanup.d.ts +20 -26
package/dist/auth/cleanup.d.ts.map +1 -1
package/dist/auth/cleanup.js +33 -47
package/dist/auth/credential_type_schema.d.ts +115 -0
package/dist/auth/credential_type_schema.d.ts.map +1 -0
package/dist/auth/credential_type_schema.js +127 -0
package/dist/auth/daemon_token_middleware.d.ts +1 -1
package/dist/auth/daemon_token_middleware.js +3 -3
package/dist/auth/ddl.d.ts +2 -2
package/dist/auth/ddl.d.ts.map +1 -1
package/dist/auth/ddl.js +6 -6
package/dist/auth/deps.d.ts +7 -32
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/grant_path_schema.d.ts +117 -0
package/dist/auth/grant_path_schema.d.ts.map +1 -0
package/dist/auth/grant_path_schema.js +137 -0
package/dist/auth/invite_queries.d.ts +12 -1
package/dist/auth/invite_queries.d.ts.map +1 -1
package/dist/auth/invite_queries.js +12 -1
package/dist/auth/invite_schema.d.ts +1 -1
package/dist/auth/invite_schema.d.ts.map +1 -1
package/dist/auth/invite_schema.js +1 -1
package/dist/auth/middleware.d.ts.map +1 -1
package/dist/auth/middleware.js +5 -2
package/dist/auth/migrations.d.ts +22 -7
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +64 -25
package/dist/auth/request_context.d.ts +157 -170
package/dist/auth/request_context.d.ts.map +1 -1
package/dist/auth/request_context.js +224 -268
package/dist/auth/{permit_offer_action_specs.d.ts → role_grant_offer_action_specs.d.ts} +130 -100
package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -0
package/dist/auth/role_grant_offer_action_specs.js +262 -0
package/dist/auth/role_grant_offer_actions.d.ts +104 -0
package/dist/auth/role_grant_offer_actions.d.ts.map +1 -0
package/dist/auth/{permit_offer_actions.js → role_grant_offer_actions.js} +153 -140
package/dist/auth/{permit_offer_notifications.d.ts → role_grant_offer_notifications.d.ts} +80 -70
package/dist/auth/role_grant_offer_notifications.d.ts.map +1 -0
package/dist/auth/role_grant_offer_notifications.js +182 -0
package/dist/auth/{permit_offer_queries.d.ts → role_grant_offer_queries.d.ts} +64 -64
package/dist/auth/role_grant_offer_queries.d.ts.map +1 -0
package/dist/auth/{permit_offer_queries.js → role_grant_offer_queries.js} +136 -123
package/dist/auth/role_grant_offer_schema.d.ts +150 -0
package/dist/auth/role_grant_offer_schema.d.ts.map +1 -0
package/dist/auth/{permit_offer_schema.js → role_grant_offer_schema.js} +55 -36
package/dist/auth/role_grant_queries.d.ts +231 -0
package/dist/auth/role_grant_queries.d.ts.map +1 -0
package/dist/auth/role_grant_queries.js +320 -0
package/dist/auth/role_schema.d.ts +150 -40
package/dist/auth/role_schema.d.ts.map +1 -1
package/dist/auth/role_schema.js +144 -45
package/dist/auth/scope_kind_schema.d.ts +96 -0
package/dist/auth/scope_kind_schema.d.ts.map +1 -0
package/dist/auth/scope_kind_schema.js +94 -0
package/dist/auth/self_service_role_action_specs.d.ts +4 -1
package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
package/dist/auth/self_service_role_action_specs.js +2 -2
package/dist/auth/self_service_role_actions.d.ts +35 -29
package/dist/auth/self_service_role_actions.d.ts.map +1 -1
package/dist/auth/self_service_role_actions.js +58 -48
package/dist/auth/session_cookie.d.ts +43 -6
package/dist/auth/session_cookie.d.ts.map +1 -1
package/dist/auth/session_cookie.js +31 -5
package/dist/auth/session_middleware.d.ts +37 -3
package/dist/auth/session_middleware.d.ts.map +1 -1
package/dist/auth/session_middleware.js +33 -7
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +48 -19
package/dist/auth/standard_action_specs.d.ts +2 -2
package/dist/auth/standard_action_specs.js +4 -4
package/dist/auth/standard_rpc_actions.d.ts +23 -19
package/dist/auth/standard_rpc_actions.d.ts.map +1 -1
package/dist/auth/standard_rpc_actions.js +12 -12
package/dist/db/migrate.d.ts +1 -1
package/dist/db/migrate.js +1 -1
package/dist/dev/setup.d.ts +2 -2
package/dist/dev/setup.d.ts.map +1 -1
package/dist/dev/setup.js +4 -4
package/dist/env/load.d.ts +1 -1
package/dist/env/load.js +1 -1
package/dist/hono_context.d.ts +27 -45
package/dist/hono_context.d.ts.map +1 -1
package/dist/hono_context.js +14 -28
package/dist/http/CLAUDE.md +235 -121
package/dist/http/auth_shape.d.ts +191 -0
package/dist/http/auth_shape.d.ts.map +1 -0
package/dist/http/auth_shape.js +237 -0
package/dist/http/common_routes.js +3 -3
package/dist/http/db_routes.d.ts +4 -0
package/dist/http/db_routes.d.ts.map +1 -1
package/dist/http/db_routes.js +44 -7
package/dist/http/error_schemas.d.ts +56 -34
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +63 -28
package/dist/http/pending_effects.d.ts +71 -18
package/dist/http/pending_effects.d.ts.map +1 -1
package/dist/http/pending_effects.js +87 -18
package/dist/http/proxy.d.ts +52 -5
package/dist/http/proxy.d.ts.map +1 -1
package/dist/http/proxy.js +92 -14
package/dist/http/route_spec.d.ts +89 -75
package/dist/http/route_spec.d.ts.map +1 -1
package/dist/http/route_spec.js +54 -72
package/dist/http/schema_helpers.d.ts +3 -14
package/dist/http/schema_helpers.d.ts.map +1 -1
package/dist/http/schema_helpers.js +2 -14
package/dist/http/surface.d.ts +2 -10
package/dist/http/surface.d.ts.map +1 -1
package/dist/http/surface.js +3 -4
package/dist/http/surface_query.d.ts +39 -35
package/dist/http/surface_query.d.ts.map +1 -1
package/dist/http/surface_query.js +79 -36
package/dist/primitive_schemas.d.ts +39 -0
package/dist/primitive_schemas.d.ts.map +1 -0
package/dist/primitive_schemas.js +40 -0
package/dist/realtime/sse_auth_guard.d.ts +5 -5
package/dist/realtime/sse_auth_guard.js +9 -9
package/dist/runtime/mock.d.ts +1 -1
package/dist/runtime/mock.js +1 -1
package/dist/server/app_backend.d.ts +14 -11
package/dist/server/app_backend.d.ts.map +1 -1
package/dist/server/app_backend.js +12 -8
package/dist/server/app_server.d.ts +7 -7
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +35 -40
package/dist/server/validate_nginx.d.ts +1 -1
package/dist/server/validate_nginx.js +1 -1
package/dist/testing/CLAUDE.md +50 -38
package/dist/testing/admin_integration.d.ts +5 -6
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +87 -85
package/dist/testing/app_server.d.ts +11 -14
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +16 -15
package/dist/testing/assertions.d.ts.map +1 -1
package/dist/testing/assertions.js +2 -1
package/dist/testing/attack_surface.d.ts.map +1 -1
package/dist/testing/attack_surface.js +15 -9
package/dist/testing/audit_completeness.d.ts +2 -2
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +36 -36
package/dist/testing/auth_apps.d.ts +5 -4
package/dist/testing/auth_apps.d.ts.map +1 -1
package/dist/testing/auth_apps.js +22 -19
package/dist/testing/data_exposure.d.ts.map +1 -1
package/dist/testing/data_exposure.js +5 -5
package/dist/testing/db.d.ts +1 -1
package/dist/testing/db.d.ts.map +1 -1
package/dist/testing/db.js +4 -4
package/dist/testing/db_entities.d.ts +22 -0
package/dist/testing/db_entities.d.ts.map +1 -0
package/dist/testing/db_entities.js +28 -0
package/dist/testing/entities.d.ts +8 -7
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +21 -18
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +13 -14
package/dist/testing/integration_helpers.d.ts +4 -4
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +20 -18
package/dist/testing/middleware.d.ts +4 -4
package/dist/testing/middleware.d.ts.map +1 -1
package/dist/testing/middleware.js +12 -11
package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
package/dist/testing/rpc_attack_surface.js +40 -24
package/dist/testing/rpc_round_trip.d.ts +1 -1
package/dist/testing/rpc_round_trip.d.ts.map +1 -1
package/dist/testing/rpc_round_trip.js +14 -13
package/dist/testing/sse_round_trip.d.ts +3 -4
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +7 -11
package/dist/testing/standard.d.ts +1 -1
package/dist/testing/stubs.d.ts +25 -0
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +43 -2
package/dist/testing/surface_invariants.d.ts +2 -2
package/dist/testing/ws_round_trip.d.ts +12 -13
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +19 -11
package/dist/ui/AdminAccounts.svelte +23 -20
package/dist/ui/AdminOverview.svelte +15 -13
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/{AdminPermitHistory.svelte → AdminRoleGrantHistory.svelte} +12 -12
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts +4 -0
package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map +1 -0
package/dist/ui/BootstrapForm.svelte +1 -1
package/dist/ui/CLAUDE.md +60 -60
package/dist/ui/{PermitOfferForm.svelte → RoleGrantOfferForm.svelte} +27 -26
package/dist/ui/{PermitOfferForm.svelte.d.ts → RoleGrantOfferForm.svelte.d.ts} +7 -7
package/dist/ui/RoleGrantOfferForm.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferHistory.svelte → RoleGrantOfferHistory.svelte} +12 -12
package/dist/ui/{PermitOfferHistory.svelte.d.ts → RoleGrantOfferHistory.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferHistory.svelte.d.ts.map +1 -0
package/dist/ui/{PermitOfferInbox.svelte → RoleGrantOfferInbox.svelte} +14 -14
package/dist/ui/{PermitOfferInbox.svelte.d.ts → RoleGrantOfferInbox.svelte.d.ts} +4 -4
package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map +1 -0
package/dist/ui/SignupForm.svelte +1 -1
package/dist/ui/SurfaceExplorer.svelte +35 -15
package/dist/ui/SurfaceExplorer.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +2 -3
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +2 -3
package/dist/ui/admin_accounts_state.svelte.d.ts +18 -18
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +16 -16
package/dist/ui/admin_rpc_adapters.d.ts +20 -20
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -1
package/dist/ui/admin_rpc_adapters.js +17 -17
package/dist/ui/admin_sessions_state.svelte.d.ts +2 -2
package/dist/ui/admin_sessions_state.svelte.js +2 -2
package/dist/ui/audit_log_state.svelte.d.ts +7 -7
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +6 -6
package/dist/ui/auth_state.svelte.d.ts +3 -3
package/dist/ui/auth_state.svelte.d.ts.map +1 -1
package/dist/ui/auth_state.svelte.js +6 -6
package/dist/ui/format_scope.d.ts +2 -2
package/dist/ui/format_scope.js +2 -2
package/dist/ui/{permit_offers_state.svelte.d.ts → role_grant_offers_state.svelte.d.ts} +30 -30
package/dist/ui/role_grant_offers_state.svelte.d.ts.map +1 -0
package/dist/ui/{permit_offers_state.svelte.js → role_grant_offers_state.svelte.js} +18 -18
package/dist/ui/ui_format.js +2 -2
package/package.json +3 -3
package/dist/auth/permit_offer_action_specs.d.ts.map +0 -1
package/dist/auth/permit_offer_action_specs.js +0 -258
package/dist/auth/permit_offer_actions.d.ts +0 -110
package/dist/auth/permit_offer_actions.d.ts.map +0 -1
package/dist/auth/permit_offer_notifications.d.ts.map +0 -1
package/dist/auth/permit_offer_notifications.js +0 -182
package/dist/auth/permit_offer_queries.d.ts.map +0 -1
package/dist/auth/permit_offer_schema.d.ts +0 -125
package/dist/auth/permit_offer_schema.d.ts.map +0 -1
package/dist/auth/permit_queries.d.ts +0 -222
package/dist/auth/permit_queries.d.ts.map +0 -1
package/dist/auth/permit_queries.js +0 -305
package/dist/auth/require_keeper.d.ts +0 -20
package/dist/auth/require_keeper.d.ts.map +0 -1
package/dist/auth/require_keeper.js +0 -35
package/dist/auth/route_guards.d.ts +0 -27
package/dist/auth/route_guards.d.ts.map +0 -1
package/dist/auth/route_guards.js +0 -38
package/dist/auth/session_lifecycle.d.ts +0 -37
package/dist/auth/session_lifecycle.d.ts.map +0 -1
package/dist/auth/session_lifecycle.js +0 -29
package/dist/ui/AdminPermitHistory.svelte.d.ts +0 -4
package/dist/ui/AdminPermitHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferForm.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferHistory.svelte.d.ts.map +0 -1
package/dist/ui/PermitOfferInbox.svelte.d.ts.map +0 -1
package/dist/ui/permit_offers_state.svelte.d.ts.map +0 -1

package/dist/testing/stubs.js CHANGED Viewed

@@ -14,6 +14,8 @@ import { prefix_route_specs } from '../http/route_spec.js';
 import { create_bootstrap_route_specs } from '../auth/bootstrap_routes.js';
 import { create_rpc_endpoint } from '../actions/action_rpc.js';
 import { create_app_surface_spec, } from '../http/surface.js';
+import { AUDIT_LOG_SSE_MAX_PER_SCOPE } from '../realtime/sse_auth_guard.js';
+import { SubscriberRegistry } from '../realtime/subscriber_registry.js';
 import { BaseServerEnv } from '../server/env.js';
 /* eslint-disable @typescript-eslint/require-await */
 /**
@@ -88,6 +90,45 @@ export const stub_handler = () => new Response('stub');
 /** Stub middleware that passes through. */
 export const stub_mw = async (_c, next) => next();
 const stub_db = create_noop_stub('stub_db');
+/**
+ * Build a no-op `AuditEmitter` for tests that don't assert on audit fan-out.
+ *
+ * `emit` / `emit_role_grant_target` are no-ops; `emit_pool` resolves
+ * immediately; `notify` is a no-op; `on_event_chain` is a frozen empty
+ * array — pushing onto it throws at runtime, so a test that wires a
+ * listener fails loudly instead of silently never firing. Tests asserting
+ * on real audit-row persistence (or on listener fan-out) build a real
+ * emitter via `create_audit_emitter` against a stub or real DB —
+ * `create_test_app` already does this on the test backend.
+ */
+export const create_test_audit_emitter = () => ({
+    emit: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    emit_role_grant_target: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    emit_pool: async () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    notify: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    on_event_chain: Object.freeze([]),
+});
+/**
+ * Build a no-op `AuditLogSse` for tests that wire `audit_sse` into the
+ * surface helper but don't assert on SSE fan-out or subscriber state.
+ *
+ * `subscribe` returns a no-op cleanup; `on_audit_event` is a no-op; the
+ * `registry` is a fresh `SubscriberRegistry` instance (call sites that
+ * inspect `.size` or call `.close_*` see a real registry, so writes are
+ * isolated per test). Tests that need real SSE plumbing build it via
+ * `create_audit_log_sse` against `create_test_app`.
+ */
+export const create_stub_audit_sse = () => {
+    const registry = new SubscriberRegistry({
+        max_per_scope: AUDIT_LOG_SSE_MAX_PER_SCOPE,
+    });
+    return {
+        subscribe: () => () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+        log: new Logger('test:audit_sse', { level: 'off' }),
+        on_audit_event: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+        registry,
+    };
+};
 /** Stub `AppDeps` for auth surface tests — throws on any method access. */
 export const stub_app_deps = {
     stat: create_throwing_stub('stat'),
@@ -97,7 +138,7 @@ export const stub_app_deps = {
     password: create_throwing_stub('password'),
     db: create_throwing_stub('db'),
     log: create_throwing_stub('log'),
-    on_audit_event: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    audit: create_test_audit_emitter(),
 };
 /**
  * Create no-op `AppDeps` for auth surface testing.
@@ -110,7 +151,7 @@ export const create_stub_app_deps = () => ({
     password: create_noop_stub('password'),
     db: stub_db,
     log: new Logger('test', { level: 'off' }),
-    on_audit_event: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    audit: create_test_audit_emitter(),
 });
 /** Create the API middleware stub array matching `create_auth_middleware_specs` output. */
 export const create_stub_api_middleware = (options) => {

package/dist/testing/surface_invariants.d.ts CHANGED Viewed

@@ -97,8 +97,8 @@ export interface SurfaceSecurityPolicyOptions {
     /**
      * Path patterns for routes that should be rate-limited.
      * Default: common sensitive REST patterns (login, password, bootstrap).
-     * `account_token_create` became RPC-only in the 2026-04-23 migration;
-     * per-method RPC rate limiting is a separate invariant if consumers want it.
+     * `account_token_create` lives on the RPC surface; per-method RPC rate
+     * limiting is a separate invariant if consumers want it.
      */
     sensitive_route_patterns?: Array<string | RegExp>;
     /**

package/dist/testing/ws_round_trip.d.ts CHANGED Viewed

@@ -43,7 +43,7 @@ import { type Uuid } from '@fuzdev/fuz_util/id.js';
 import type { ActionSpecUnion } from '../actions/action_spec.js';
 import type { Action } from '../actions/action_types.js';
 import type { ActionEventEnvironment } from '../actions/action_event_types.js';
-import { type BaseHandlerContext, type RegisterActionWsOptions } from '../actions/register_action_ws.js';
+import { type RegisterActionWsOptions } from '../actions/register_action_ws.js';
 import { BackendWebsocketTransport } from '../actions/transports_ws_backend.js';
 import { type RequestContext } from '../auth/request_context.js';
 import { type CredentialType } from '../hono_context.js';
@@ -124,7 +124,7 @@ export interface WsConnectIdentity {
     session_id?: string;
     /** Api token id; set for bearer connections, null otherwise. */
     api_token_id?: string | null;
-    /** Roles to grant via active permits. Pass `[ROLE_KEEPER]` for keeper actions. */
+    /** Roles to grant via active role_grants. Pass `[ROLE_KEEPER]` for keeper actions. */
     roles?: Array<string>;
 }
 /** A mock WS client: send requests, inspect/await incoming messages. */
@@ -214,15 +214,14 @@ export declare const is_notification_with: <P>(method: string, match: (params: P
 /** Predicate matching a JSON-RPC response frame (success or error) for the given request id. */
 export declare const is_response_for: (id: number | string) => (msg: unknown) => boolean;
 /** Options for `create_ws_test_harness`. */
-export interface CreateWsTestHarnessOptions<TCtx extends BaseHandlerContext> {
+export interface CreateWsTestHarnessOptions {
     /**
      * The actions registered on this endpoint — matches the shape
      * `register_action_ws` accepts. Each entry is a `{spec, handler?}` tuple;
      * shared fuz_app primitives (like `heartbeat_action`) can be spread in
      * alongside consumer-specific actions.
      */
-    actions: ReadonlyArray<Action<TCtx>>;
-    extend_context?: RegisterActionWsOptions<TCtx>['extend_context'];
+    actions: ReadonlyArray<Action>;
     /** Pass a pre-created transport to share with a broadcast API. */
     transport?: BackendWebsocketTransport;
     /**
@@ -230,13 +229,13 @@ export interface CreateWsTestHarnessOptions<TCtx extends BaseHandlerContext> {
      * fake timers + receive-silence detection need explicit opt-in and per-
      * test tuning to avoid spurious closes.
      */
-    heartbeat?: RegisterActionWsOptions<TCtx>['heartbeat'];
+    heartbeat?: RegisterActionWsOptions['heartbeat'];
     /** Optional logger. Defaults to a silent `[ws-test]` logger. */
     log?: Logger;
     /** Threaded straight through to `register_action_ws`. */
-    on_socket_open?: RegisterActionWsOptions<TCtx>['on_socket_open'];
+    on_socket_open?: RegisterActionWsOptions['on_socket_open'];
     /** Threaded straight through to `register_action_ws`. */
-    on_socket_close?: RegisterActionWsOptions<TCtx>['on_socket_close'];
+    on_socket_close?: RegisterActionWsOptions['on_socket_close'];
 }
 /** A harness instance — transport handle + connection factory. */
 export interface WsTestHarness {
@@ -259,24 +258,24 @@ export interface WsTestHarness {
  * auth identity. Returned clients drive the real
  * `onOpen`/`onMessage`/`onClose` path against a real `WSContext`.
  */
-export declare const create_ws_test_harness: <TCtx extends BaseHandlerContext>(options: CreateWsTestHarnessOptions<TCtx>) => WsTestHarness;
+export declare const create_ws_test_harness: (options: CreateWsTestHarnessOptions) => WsTestHarness;
 /** Convenience: default identity for keeper-authenticated connections. */
 export declare const keeper_identity: () => WsConnectIdentity;
 /**
  * Wire a typed broadcast API against the harness's transport, matching
  * how a consumer's real backend composes the stack. Returns the typed
- * API so tests can call `.tx_run_created(...)` / `.workspace_changed(...)`
+ * API so tests can call `.zap_run_created(...)` / `.workspace_changed(...)`
  * etc. directly.
  *
  * ```ts
- * const harness = create_ws_test_harness<BaseHandlerContext>({specs, handlers});
+ * const harness = create_ws_test_harness({actions});
  * const broadcast = build_broadcast_api<MyBackendActionsApi>({
  *   harness,
  *   specs: my_broadcast_action_specs,
  * });
  * const client = await harness.connect(keeper_identity());
- * await broadcast.tx_run_created({run_id: '...', ...});
- * await client.wait_for(is_notification('tx_run_created'));
+ * await broadcast.zap_run_created({run_id: '...', ...});
+ * await client.wait_for(is_notification('zap_run_created'));
  * ```
  */
 export declare const build_broadcast_api: <TApi extends object>(options: {

package/dist/testing/ws_round_trip.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ws_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/ws_round_trip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAO,MAAM,MAAM,CAAC;AACxC,OAAO,EACN,SAAS,EAET,KAAK,gBAAgB,EAErB,KAAK,QAAQ,EACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAc,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,4BAA4B,CAAC;AAEvD,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,kCAAkC,CAAC;AAE7E,OAAO,~~EAEN~~,KAAK,~~kBAAkB,EACvB,KAAK,~~uBAAuB,~~EAC5B~~,MAAM,kCAAkC,CAAC;~~AAC1C~~,OAAO,EAAC,yBAAyB,EAAC,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAEpF,OAAO,EAKN,KAAK,cAAc,EACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAanD;;;GAGG;AACH,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,SAAS,CAAC;IACd,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,MAAM,EAAE,KAAK,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAAO,MAajC,CAAC;AAEF,8CAA8C;AAC9C,MAAM,WAAW,sBAAsB;IACtC,eAAe,EAAE,cAAc,CAAC;IAChC,gEAAgE;IAChE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;OAGG;IACH,eAAe,CAAC,EAAE,cAAc,CAAC;CACjC;AAED;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GAAI,MAAM,sBAAsB,KAAG,OAavE,CAAC;AAEF,uFAAuF;AACvF,MAAM,WAAW,WAAW;IAC3B,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtE;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAAO,WAatC,CAAC;AAEF;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,sBAAsB;;IACtE,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAa;gBAEjC,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC;IAGjD,qBAAqB,IAAI,SAAS;IAGlC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;CAG/D;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAC/B,YAAY,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAC9C,OAAO,YAAY,EACnB,IAAI,SAAS,KACX,OAAO,CAAC,IAAI,CAId,CAAC;AAMF,2CAA2C;AAC3C,MAAM,WAAW,iBAAiB;IACjC,wEAAwE;IACxE,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,yFAAyF;IACzF,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,~~kFAAkF~~;~~IAClF~~,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED,wEAAwE;AACxE,MAAM,WAAW,YAAY;IAC5B;;;;;OAKG;IACH,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,CAAC,CAAC,GAAG,OAAO,EACpB,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,EACf,UAAU,CAAC,EAAE,MAAM,KACf,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,2DAA2D;IAC3D,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C;;;;;;;;;;;;OAYG;IACH,QAAQ,EAAE;QACT,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,GAAG,IAAI,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE5E,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;KACrF,CAAC;CACF;AAkBD,MAAM,WAAW,wBAAwB,CAAC,CAAC,GAAG,OAAO;IACpD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,2BAA2B,CAAC,CAAC,GAAG,OAAO;IACvD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,yBAAyB,CAAC,CAAC,GAAG,OAAO;IACrD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAAC,CAAC;CACjD;AAED,6EAA6E;AAC7E,eAAO,MAAM,eAAe,GAC1B,QAAQ,MAAM,MACd,KAAK,OAAO,KAAG,OACsC,CAAC;AAExD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAC/B,CAAC,EAAE,QAAQ,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,OAAO,MAChD,KAAK,OAAO,KAAG,GAAG,IAAI,wBAAwB,CAAC,CAAC,CAGE,CAAC;AAErD,gGAAgG;AAChG,eAAO,MAAM,eAAe,GAC1B,IAAI,MAAM,GAAG,MAAM,MACnB,KAAK,OAAO,KAAG,OAC8D,CAAC;AAEhF,4CAA4C;AAC5C,MAAM,WAAW,0BAA0B~~,CAAC,IAAI,SAAS,kBAAkB~~;~~IAC1E~~;;;;;OAKG;IACH,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,~~IAAI,~~CAAC~~,CAAC,CAAC~~;~~IACrC~~,~~cAAc,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,gBAAgB,CAAC,CAAC;IACjE,~~kEAAkE;IAClE,SAAS,CAAC,EAAE,yBAAyB,CAAC;IACtC;;;;OAIG;IACH,SAAS,CAAC,EAAE,uBAAuB,CAAC,~~IAAI,CAAC,CAAC,~~WAAW,CAAC,CAAC;~~IACvD~~,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,cAAc,CAAC,EAAE,uBAAuB,CAAC,~~IAAI,CAAC,CAAC,~~gBAAgB,CAAC,CAAC;~~IACjE~~,yDAAyD;IACzD,eAAe,CAAC,EAAE,uBAAuB,CAAC,~~IAAI,CAAC,CAAC,~~iBAAiB,CAAC,CAAC;~~CACnE~~;AAED,kEAAkE;AAClE,MAAM,WAAW,aAAa;IAC7B,SAAS,EAAE,yBAAyB,CAAC;IACrC;;;;;;OAMG;IACH,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;CACjE;~~AA8DD~~;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GAAI,~~IAAI,~~SAAS,~~kBAAkB,EACrE,SAAS,~~0BAA0B,~~CAAC~~,~~IAAI~~,CAAC~~,KACvC,aA+KF,CAAC~~;AAEF,0EAA0E;AAC1E,eAAO,MAAM,eAAe,QAAO,iBAGjC,CAAC;AAYH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mBAAmB,GAAI,IAAI,SAAS,MAAM,EAAE,SAAS;IACjE,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;CACtC,KAAG,IAIH,CAAC"}
1	+ {"version":3,"file":"ws_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/ws_round_trip.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAO,MAAM,MAAM,CAAC;AACxC,OAAO,EACN,SAAS,EAET,KAAK,gBAAgB,EAErB,KAAK,QAAQ,EACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAc,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,4BAA4B,CAAC;AAEvD,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,kCAAkC,CAAC;AAE7E,OAAO,EAAqB,KAAK,uBAAuB,EAAC,MAAM,kCAAkC,CAAC;AAElG,OAAO,EAAC,yBAAyB,EAAC,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAEpF,OAAO,EAKN,KAAK,cAAc,EACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAanD;;;GAGG;AACH,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,SAAS,CAAC;IACd,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,MAAM,EAAE,KAAK,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;CAChD;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAAO,MAajC,CAAC;AAEF,8CAA8C;AAC9C,MAAM,WAAW,sBAAsB;IACtC,eAAe,EAAE,cAAc,CAAC;IAChC,gEAAgE;IAChE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;OAGG;IACH,eAAe,CAAC,EAAE,cAAc,CAAC;CACjC;AAED;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GAAI,MAAM,sBAAsB,KAAG,OAavE,CAAC;AAEF,uFAAuF;AACvF,MAAM,WAAW,WAAW;IAC3B,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC,CAAC,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACtE;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAAO,WAatC,CAAC;AAEF;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,sBAAsB;;IACtE,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAa;gBAEjC,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC;IAGjD,qBAAqB,IAAI,SAAS;IAGlC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;CAG/D;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAC/B,YAAY,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAC9C,OAAO,YAAY,EACnB,IAAI,SAAS,KACX,OAAO,CAAC,IAAI,CAId,CAAC;AAMF,2CAA2C;AAC3C,MAAM,WAAW,iBAAiB;IACjC,wEAAwE;IACxE,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,yFAAyF;IACzF,eAAe,CAAC,EAAE,cAAc,CAAC;IACjC,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,sFAAsF;IACtF,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED,wEAAwE;AACxE,MAAM,WAAW,YAAY;IAC5B;;;;;OAKG;IACH,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C;;;;;;;;;;;OAWG;IACH,OAAO,EAAE,CAAC,CAAC,GAAG,OAAO,EACpB,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,EACf,UAAU,CAAC,EAAE,MAAM,KACf,OAAO,CAAC,CAAC,CAAC,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,2DAA2D;IAC3D,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C;;;;;;;;;;;;OAYG;IACH,QAAQ,EAAE;QACT,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,GAAG,IAAI,CAAC,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE5E,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;KACrF,CAAC;CACF;AAkBD,MAAM,WAAW,wBAAwB,CAAC,CAAC,GAAG,OAAO;IACpD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,2BAA2B,CAAC,CAAC,GAAG,OAAO;IACvD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,MAAM,EAAE,CAAC,CAAC;CACV;AAED,MAAM,WAAW,yBAAyB,CAAC,CAAC,GAAG,OAAO;IACrD,OAAO,EAAE,OAAO,eAAe,CAAC;IAChC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAAC,CAAC;CACjD;AAED,6EAA6E;AAC7E,eAAO,MAAM,eAAe,GAC1B,QAAQ,MAAM,MACd,KAAK,OAAO,KAAG,OACsC,CAAC;AAExD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAC/B,CAAC,EAAE,QAAQ,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,OAAO,MAChD,KAAK,OAAO,KAAG,GAAG,IAAI,wBAAwB,CAAC,CAAC,CAGE,CAAC;AAErD,gGAAgG;AAChG,eAAO,MAAM,eAAe,GAC1B,IAAI,MAAM,GAAG,MAAM,MACnB,KAAK,OAAO,KAAG,OAC8D,CAAC;AAEhF,4CAA4C;AAC5C,MAAM,WAAW,0BAA0B;IAC1C;;;;;OAKG;IACH,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,kEAAkE;IAClE,SAAS,CAAC,EAAE,yBAAyB,CAAC;IACtC;;;;OAIG;IACH,SAAS,CAAC,EAAE,uBAAuB,CAAC,WAAW,CAAC,CAAC;IACjD,gEAAgE;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,cAAc,CAAC,EAAE,uBAAuB,CAAC,gBAAgB,CAAC,CAAC;IAC3D,yDAAyD;IACzD,eAAe,CAAC,EAAE,uBAAuB,CAAC,iBAAiB,CAAC,CAAC;CAC7D;AAED,kEAAkE;AAClE,MAAM,WAAW,aAAa;IAC7B,SAAS,EAAE,yBAAyB,CAAC;IACrC;;;;;;OAMG;IACH,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC;CACjE;AA+DD;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GAAI,SAAS,0BAA0B,KAAG,aAqL5E,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,eAAe,QAAO,iBAGjC,CAAC;AAYH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mBAAmB,GAAI,IAAI,SAAS,MAAM,EAAE,SAAS;IACjE,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;CACtC,KAAG,IAIH,CAAC"}

package/dist/testing/ws_round_trip.js CHANGED Viewed

@@ -41,14 +41,15 @@ import { Logger } from '@fuzdev/fuz_util/log.js';
 import { create_uuid } from '@fuzdev/fuz_util/id.js';
 import { ActionPeer } from '../actions/action_peer.js';
 import { create_broadcast_api } from '../actions/broadcast_api.js';
-import { register_action_ws, } from '../actions/register_action_ws.js';
+import { register_action_ws } from '../actions/register_action_ws.js';
+import { create_stub_db } from './stubs.js';
 import { BackendWebsocketTransport } from '../actions/transports_ws_backend.js';
 import { REQUEST_CONTEXT_KEY } from '../auth/request_context.js';
 import { ROLE_KEEPER } from '../auth/role_schema.js';
 import { ACCOUNT_ID_KEY, AUTH_API_TOKEN_ID_KEY, CREDENTIAL_TYPE_KEY, TEST_CONTEXT_PRESET_KEY, } from '../hono_context.js';
 import { JSONRPC_VERSION } from '../http/jsonrpc.js';
 import { create_jsonrpc_request, is_jsonrpc_error_response, is_jsonrpc_notification, is_jsonrpc_response, } from '../http/jsonrpc_helpers.js';
-import { create_test_account, create_test_actor, create_test_permit } from './entities.js';
+import { create_test_account, create_test_actor, create_test_role_grant } from './entities.js';
 /**
  * Build a real `WSContext` backed by in-memory `send`/`close` capture.
  * Parsing of outgoing frames is left to the caller — `sends` holds the
@@ -160,7 +161,7 @@ export const is_notification_with = (method, match) => (msg) => is_jsonrpc_notif
 export const is_response_for = (id) => (msg) => (is_jsonrpc_response(msg) || is_jsonrpc_error_response(msg)) && msg.id === id;
 const DEFAULT_TIMEOUT_MS = 1000;
 /**
- * Build a `RequestContext` with a fresh UUID account/actor and permits
+ * Build a `RequestContext` with a fresh UUID account/actor and role_grants
  * for the supplied roles. Used by the high-level harness so callers can
  * pass `roles: [ROLE_KEEPER, 'admin']`.
  */
@@ -187,10 +188,11 @@ const build_multi_role_request_context = (account_id, roles) => {
             updated_at: null,
             updated_by: null,
         },
-        permits: roles.map((role) => ({
+        role_grants: roles.map((role) => ({
             id: create_uuid(),
             actor_id,
             role,
+            scope_kind: null,
             scope_id: null,
             created_at: now,
             expires_at: null,
@@ -210,7 +212,7 @@ const build_multi_role_request_context = (account_id, roles) => {
 const build_simple_request_context = (role) => ({
     account: create_test_account({ id: 'acc_1', username: 'testuser' }),
     actor: create_test_actor({ id: 'act_1', account_id: 'acc_1', name: 'testuser' }),
-    permits: role ? [create_test_permit({ id: 'perm_1', actor_id: 'act_1', role })] : [],
+    role_grants: role ? [create_test_role_grant({ id: 'perm_1', actor_id: 'act_1', role })] : [],
 });
 /**
  * Create a WebSocket test harness for the given specs + handlers.
@@ -222,16 +224,22 @@ const build_simple_request_context = (role) => ({
  * `onOpen`/`onMessage`/`onClose` path against a real `WSContext`.
  */
 export const create_ws_test_harness = (options) => {
-    const { actions, extend_context = (base) => base, transport = new BackendWebsocketTransport(), heartbeat = false, log = new Logger('[ws-test]', { level: 'off' }), on_socket_open, on_socket_close, } = options;
+    const { actions, transport = new BackendWebsocketTransport(), heartbeat = false, log = new Logger('[ws-test]', { level: 'off' }), on_socket_open, on_socket_close, } = options;
     const stub = create_stub_upgrade();
     // Minimal Hono stub — `register_action_ws` only needs `.get(path, handler)`.
     const stub_app = { get: () => stub_app };
+    // Stub DB — the harness pre-bakes `RequestContext` via the test-preset
+    // escape hatch so `perform_action` skips the live authorization phase.
+    // `db.transaction(fn)` synchronously calls `fn(stub_db)` so handlers
+    // declaring `side_effects: true` execute under the same shape they
+    // would in production.
+    const stub_db = create_stub_db();
     register_action_ws({
         path: '/test/ws',
         app: stub_app,
         upgradeWebSocket: stub.upgradeWebSocket,
         actions,
-        extend_context,
+        db: stub_db,
         transport,
         heartbeat,
         log,
@@ -383,18 +391,18 @@ const make_peer = () => new ActionPeer({ environment: new MinimalActionEnvironme
 /**
  * Wire a typed broadcast API against the harness's transport, matching
  * how a consumer's real backend composes the stack. Returns the typed
- * API so tests can call `.tx_run_created(...)` / `.workspace_changed(...)`
+ * API so tests can call `.zap_run_created(...)` / `.workspace_changed(...)`
  * etc. directly.
  *
  * ```ts
- * const harness = create_ws_test_harness<BaseHandlerContext>({specs, handlers});
+ * const harness = create_ws_test_harness({actions});
  * const broadcast = build_broadcast_api<MyBackendActionsApi>({
  *   harness,
  *   specs: my_broadcast_action_specs,
  * });
  * const client = await harness.connect(keeper_identity());
- * await broadcast.tx_run_created({run_id: '...', ...});
- * await client.wait_for(is_notification('tx_run_created'));
+ * await broadcast.zap_run_created({run_id: '...', ...});
+ * await client.wait_for(is_notification('zap_run_created'));
  * ```
  */
 export const build_broadcast_api = (options) => {

package/dist/ui/AdminAccounts.svelte CHANGED Viewed

@@ -1,10 +1,10 @@
 <script lang="ts">
 	/**
-	 * Admin accounts table — users with their permits and pending offers.
+	 * Admin accounts table — users with their role_grants and pending offers.
 	 * Consumes `admin_accounts_rpc_context` (read via `AdminAccountsState`)
 	 * and `format_scope_context` for label rendering. Per-row actions:
-	 * grant role (`permit_offer_create`), revoke permit (`permit_revoke`,
-	 * keyed by `actor_id`), retract pending offer (`permit_offer_retract`).
+	 * grant role (`role_grant_offer_create`), revoke role_grant (`role_grant_revoke`,
+	 * keyed by `actor_id`), retract pending offer (`role_grant_offer_retract`).
 	 *
 	 * @module
 	 */
@@ -22,7 +22,7 @@
 	const get_format_scope = format_scope_context.get();
 	const format_scope = $derived(get_format_scope());
-	// `null` global label: global permits render no scope chip — the implicit default in admin tables.
+	// `null` global label: global role_grants render no scope chip — the implicit default in admin tables.
 	const scope_label = (scope_id: string | null, role: string): string | null =>
 		resolve_scope_label(scope_id, role, format_scope, null);
@@ -30,7 +30,7 @@
 	const columns: Array<DatatableColumn<AdminAccountEntryJson>> = [
 		{key: 'account', label: 'username', width: 180},
-		{key: 'permits', label: 'permits', width: 240},
+		{key: 'role_grants', label: 'role_grants', width: 240},
 		{key: 'actor', label: 'grant', width: 200},
 	];
 </script>
@@ -72,31 +72,34 @@
 							updated {format_relative_time(row.account.updated_at)}
 						</div>
 					{/if}
-				{:else if column.key === 'permits'}
-					{#each row.permits as permit (permit.id)}
-						{@const scope = scope_label(permit.scope_id, permit.role)}
+				{:else if column.key === 'role_grants'}
+					{#each row.role_grants as role_grant (role_grant.id)}
+						{@const scope = scope_label(role_grant.scope_id, role_grant.role)}
 						<div class="row">
-							<span class="chip color_b">{permit.role}</span>
+							<span class="chip color_b">{role_grant.role}</span>
 							{#if scope !== null}
-								<span class="text_50 font_size_sm" title={permit.scope_id ?? undefined}>
+								<span class="text_50 font_size_sm" title={role_grant.scope_id ?? undefined}>
 									{scope}
 								</span>
 							{/if}
-							{#if permit.expires_at}
-								<span class="text_50 font_size_sm" title={format_datetime_local(permit.expires_at)}>
-									expires {format_relative_time(permit.expires_at)}
+							{#if role_grant.expires_at}
+								<span
+									class="text_50 font_size_sm"
+									title={format_datetime_local(role_grant.expires_at)}
+								>
+									expires {format_relative_time(role_grant.expires_at)}
 								</span>
 							{/if}
 							{#if admin_accounts.has_rpc && row.actor}
 								{@const actor_id = row.actor.id}
 								<ConfirmButton
-									onconfirm={() => admin_accounts.revoke_permit(actor_id, permit.id)}
-									title="revoke {permit.role}"
+									onconfirm={() => admin_accounts.revoke_role_grant(actor_id, role_grant.id)}
+									title="revoke {role_grant.role}"
 									class="sm"
-									disabled={admin_accounts.revoking_ids.has(permit.id)}
+									disabled={admin_accounts.revoking_ids.has(role_grant.id)}
 								>
 									{#snippet children(_popover, _confirm)}
-										{admin_accounts.revoking_ids.has(permit.id) ? 'revoking…' : 'revoke'}
+										{admin_accounts.revoking_ids.has(role_grant.id) ? 'revoking…' : 'revoke'}
 									{/snippet}
 								</ConfirmButton>
 							{/if}
@@ -130,15 +133,15 @@
 							{/if}
 						</div>
 					{/each}
-					{#if row.permits.length === 0 && row.pending_offers.length === 0}
+					{#if row.role_grants.length === 0 && row.pending_offers.length === 0}
 						<span class="text_50">none</span>
 					{/if}
 				{:else if column.key === 'actor'}
 					{#if admin_accounts.has_rpc}
 						{#each admin_accounts.grantable_roles as role (role)}
-							{#if !row.permits.some((p) => p.role === role) && !row.pending_offers.some((o) => o.role === role)}
+							{#if !row.role_grants.some((p) => p.role === role) && !row.pending_offers.some((o) => o.role === role)}
 								<ConfirmButton
-									onconfirm={() => admin_accounts.grant_permit(row.account.id, role)}
+									onconfirm={() => admin_accounts.create_role_grant(row.account.id, role)}
 									title="offer {role}"
 									class="sm"
 									disabled={admin_accounts.granting_keys.has(`${row.account.id}:${role}`)}

package/dist/ui/AdminOverview.svelte CHANGED Viewed

@@ -3,7 +3,7 @@
 	 * Admin dashboard — six summary panels (accounts, sessions, invites,
 	 * recent activity, security, system) fed by parallel `fetch()` calls
 	 * on mount. Consumes all four admin RPC contexts plus `auth_state_context`;
-	 * derives `role_counts`, `failed_logins`, and `permit_changes` from the
+	 * derives `role_counts`, `failed_logins`, and `role_grant_changes` from the
 	 * audit log slice.
 	 *
 	 * @module
@@ -39,14 +39,16 @@
 		// eslint-disable-next-line svelte/prefer-svelte-reactivity
 		const counts = new Map<string, number>();
 		for (const entry of accounts.accounts) {
-			const roles = new Set(entry.permits.map((p) => p.role));
+			const roles = new Set(entry.role_grants.map((p) => p.role));
 			for (const role of roles) {
 				counts.set(role, (counts.get(role) || 0) + 1);
 			}
 		}
 		return Array.from(counts.entries());
 	});
-	const unroled_count = $derived(accounts.accounts.filter((a) => a.permits.length === 0).length);
+	const unroled_count = $derived(
+		accounts.accounts.filter((a) => a.role_grants.length === 0).length,
+	);
 	// sessions
 	const unique_users = $derived(new Set(sessions.sessions.map((s) => s.username)).size);
@@ -63,9 +65,9 @@
 	const failed_logins = $derived(
 		audit_log.events.filter((e) => e.event_type === 'login' && e.outcome === 'failure'),
 	);
-	const permit_changes = $derived(
+	const role_grant_changes = $derived(
 		audit_log.events.filter(
-			(e) => e.event_type === 'permit_grant' || e.event_type === 'permit_revoke',
+			(e) => e.event_type === 'role_grant_create' || e.event_type === 'role_grant_revoke',
 		),
 	);
@@ -108,10 +110,10 @@
 					{#each accounts.accounts.slice(0, 6) as entry (entry)}
 						<li>
 							<strong>{entry.account.username}</strong>
-							{#each entry.permits as permit (permit.id)}
-								<span class="chip font_size_sm">{permit.role}</span>
+							{#each entry.role_grants as role_grant (role_grant.id)}
+								<span class="chip font_size_sm">{role_grant.role}</span>
 							{/each}
-							{#if entry.permits.length === 0}
+							{#if entry.role_grants.length === 0}
 								<span class="text_50 font_size_sm">no roles</span>
 							{/if}
 						</li>
@@ -244,17 +246,17 @@
 				<span class="text_50">failed logins</span>
 			</div>
 			<div class="baseline-row gap_xs">
-				<strong class="font_size_lg">{permit_changes.length}</strong>
-				<span class="text_50">permit changes</span>
+				<strong class="font_size_lg">{role_grant_changes.length}</strong>
+				<span class="text_50">role_grant changes</span>
 			</div>
-			{#if permit_changes.length > 0}
+			{#if role_grant_changes.length > 0}
 				<ul class="compact-list">
-					{#each permit_changes.slice(0, 4) as event (event.id)}
+					{#each role_grant_changes.slice(0, 4) as event (event.id)}
 						<li class="font_size_sm">
 							<span class="text_50" title={format_datetime_local(event.created_at)}
 								>{format_relative_time(event.created_at)}</span
 							>
-							<code>{event.event_type === 'permit_grant' ? 'grant' : 'revoke'}</code>
+							<code>{event.event_type === 'role_grant_create' ? 'grant' : 'revoke'}</code>
 							{#if event.metadata?.role}
 								<span class="chip font_size_sm">{event.metadata.role}</span>
 							{/if}

package/dist/ui/AdminOverview.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AdminOverview.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminOverview.svelte"],"names":[],"mappings":"~~AA0UA~~,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}
1	+ {"version":3,"file":"AdminOverview.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminOverview.svelte"],"names":[],"mappings":"AA4UA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}

package/dist/ui/{AdminPermitHistory.svelte → AdminRoleGrantHistory.svelte} RENAMED Viewed

@@ -1,8 +1,8 @@
 <script lang="ts">
 	/**
-	 * Permit grant/revoke history table. Consumes `audit_log_rpc_context`,
-	 * calls `audit_log.fetch_permit_history()` once on mount (the
-	 * `audit_log_permit_history` RPC). Uses `format_scope_context` to render
+	 * Role grant create/revoke history table. Consumes `audit_log_rpc_context`,
+	 * calls `audit_log.fetch_role_grant_history()` once on mount (the
+	 * `audit_log_role_grant_history` RPC). Uses `format_scope_context` to render
 	 * scope ids as human labels.
 	 *
 	 * @module
@@ -12,7 +12,7 @@
 	import {format_relative_time, format_datetime_local, truncate_uuid} from './ui_format.js';
 	import Datatable from './Datatable.svelte';
 	import type {DatatableColumn} from './datatable.js';
-	import type {PermitHistoryEventJson} from '../auth/audit_log_schema.js';
+	import type {RoleGrantHistoryEventJson} from '../auth/audit_log_schema.js';
 	import {format_scope_context, resolve_scope_label} from './format_scope.js';
 	const get_rpc = audit_log_rpc_context.get();
@@ -20,9 +20,9 @@
 	const get_format_scope = format_scope_context.get();
 	const format_scope = $derived(get_format_scope());
-	void audit_log.fetch_permit_history();
+	void audit_log.fetch_role_grant_history();
-	const columns: Array<DatatableColumn<PermitHistoryEventJson>> = [
+	const columns: Array<DatatableColumn<RoleGrantHistoryEventJson>> = [
 		{key: 'event_type', label: 'action', width: 100},
 		{key: 'metadata', label: 'role', width: 160},
 		{key: 'username', label: 'by', width: 140},
@@ -38,22 +38,22 @@
 </script>
 <section>
-	<h1>permit history</h1>
+	<h1>role_grant history</h1>
 	{#if audit_log.loading}
-		<p class="text_50">loading permit history...</p>
+		<p class="text_50">loading role_grant history...</p>
 	{:else if audit_log.error}
 		<p class="color_c_50">{audit_log.error}</p>
 	{:else}
-		<Datatable {columns} rows={audit_log.permit_history_events} height="400px" row_key="id">
+		<Datatable {columns} rows={audit_log.role_grant_history_events} height="400px" row_key="id">
 			{#snippet cell(column, row)}
 				{#if column.key === 'event_type'}
 					<span
 						class="chip"
-						class:color_b={row.event_type === 'permit_grant'}
-						class:color_c={row.event_type === 'permit_revoke'}
+						class:color_b={row.event_type === 'role_grant_create'}
+						class:color_c={row.event_type === 'role_grant_revoke'}
 					>
-						{row.event_type === 'permit_grant' ? 'grant' : 'revoke'}
+						{row.event_type === 'role_grant_create' ? 'grant' : 'revoke'}
 					</span>
 				{:else if column.key === 'metadata'}
 					{#if row.metadata}

package/dist/ui/AdminRoleGrantHistory.svelte.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+declare const AdminRoleGrantHistory: import("svelte").Component<Record<string, never>, {}, "">;
+type AdminRoleGrantHistory = ReturnType<typeof AdminRoleGrantHistory>;
+export default AdminRoleGrantHistory;
+//# sourceMappingURL=AdminRoleGrantHistory.svelte.d.ts.map

package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"AdminRoleGrantHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminRoleGrantHistory.svelte"],"names":[],"mappings":"AAiGA,QAAA,MAAM,qBAAqB,2DAAwC,CAAC;AACpE,KAAK,qBAAqB,GAAG,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACtE,eAAe,qBAAqB,CAAC"}

package/dist/ui/BootstrapForm.svelte CHANGED Viewed

@@ -17,7 +17,7 @@
 	import PendingButton from '@fuzdev/fuz_ui/PendingButton.svelte';
 	import {autofocus} from '@fuzdev/fuz_ui/autofocus.svelte.js';
-	import {Username} from '../auth/account_schema.js';
+	import {Username} from '../primitive_schemas.js';
 	import {PASSWORD_LENGTH_MIN} from '../auth/password.js';
 	import {auth_state_context} from './auth_state.svelte.js';
 	import {FormState} from './form_state.svelte.js';