@fuzdev/fuz_app 0.55.0 → 0.56.0

package/dist/ui/auth_state.svelte.d.ts

@@ -31,7 +31,7 @@
  *
  * @module
  */
-import { type ActorSummaryJson, type PermitSummaryJson, type SessionAccount } from '../auth/account_schema.js';
+import { type ActorSummaryJson, type RoleGrantSummaryJson, type SessionAccount } from '../auth/account_schema.js';
 /**
  * Svelte context for `AuthState`.
  * Use `auth_state_context.set(state)` in the provider and `auth_state_context.get()` to access.
@@ -47,8 +47,8 @@ export declare class AuthState {
     verify_error: string | null;
     account: SessionAccount | null;
     actor: ActorSummaryJson | null;
-    permits: Array<PermitSummaryJson>;
-    readonly active_permits: Array<PermitSummaryJson>;
+    role_grants: Array<RoleGrantSummaryJson>;
+    readonly active_role_grants: Array<RoleGrantSummaryJson>;
     readonly roles: Array<string>;
     /** True when bootstrap is available (no accounts exist yet). */
     needs_bootstrap: boolean;

package/dist/ui/auth_state.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/auth_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAKH,OAAO,EACN,KAAK,gBAAgB,EAErB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,MAAM,2BAA2B,CAAC;AAEnC;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;CAA8B,CAAC;AAE9D,qBAAa,SAAS;IACrB,SAAS,UAAqB;IAC9B,QAAQ,UAAqB;IAC7B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAoB;IAC/C,OAAO,EAAE,cAAc,GAAG,IAAI,CAAoB;IAClD,KAAK,EAAE,gBAAgB,GAAG,IAAI,CAAoB;IAClD,OAAO,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAkB;IACnD,QAAQ,CAAC,cAAc,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAE/C;IACF,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAoD;IAEjF,gEAAgE;IAChE,eAAe,UAAqB;IAEpC;;;;;;;;OAQG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IA6BpC;;;;;;;OAOG;IACG,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAwCjE;;;;;OAKG;IACG,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiCpF;;;;;;;OAOG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4ClF;;;;;OAKG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAW7B"}
+{"version":3,"file":"auth_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/auth_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAKH,OAAO,EACN,KAAK,gBAAgB,EAErB,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,MAAM,2BAA2B,CAAC;AAEnC;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;CAA8B,CAAC;AAE9D,qBAAa,SAAS;IACrB,SAAS,UAAqB;IAC9B,QAAQ,UAAqB;IAC7B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAoB;IAC/C,OAAO,EAAE,cAAc,GAAG,IAAI,CAAoB;IAClD,KAAK,EAAE,gBAAgB,GAAG,IAAI,CAAoB;IAClD,WAAW,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAAkB;IAC1D,QAAQ,CAAC,kBAAkB,EAAE,KAAK,CAAC,oBAAoB,CAAC,CAEtD;IACF,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAwD;IAErF,gEAAgE;IAChE,eAAe,UAAqB;IAEpC;;;;;;;;OAQG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IA6BpC;;;;;;;OAOG;IACG,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAwCjE;;;;;OAKG;IACG,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiCpF;;;;;;;OAOG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA4ClF;;;;;OAKG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAW7B"}

package/dist/ui/auth_state.svelte.js

@@ -33,7 +33,7 @@
  */
 import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
 import { ui_fetch } from './ui_fetch.js';
-import { is_permit_active, } from '../auth/account_schema.js';
+import { is_role_grant_active, } from '../auth/account_schema.js';
 /**
  * Svelte context for `AuthState`.
  * Use `auth_state_context.set(state)` in the provider and `auth_state_context.get()` to access.
@@ -45,9 +45,9 @@ export class AuthState {
     verify_error = $state.raw(null);
     account = $state.raw(null);
     actor = $state.raw(null);
-    permits = $state.raw([]);
-    active_permits = $derived(this.permits.filter((p) => is_permit_active(p)));
-    roles = $derived(this.active_permits.map((p) => p.role));
+    role_grants = $state.raw([]);
+    active_role_grants = $derived(this.role_grants.filter((p) => is_role_grant_active(p)));
+    roles = $derived(this.active_role_grants.map((p) => p.role));
     /** True when bootstrap is available (no accounts exist yet). */
     needs_bootstrap = $state.raw(false);
     /**
@@ -68,7 +68,7 @@ export class AuthState {
                 this.verified = true;
                 this.account = data.account ?? null;
                 this.actor = data.actor ?? null;
-                this.permits = data.permits ?? [];
+                this.role_grants = data.role_grants ?? [];
                 this.needs_bootstrap = false;
             }
             else {
@@ -248,6 +248,6 @@ export class AuthState {
         this.verified = false;
         this.account = null;
         this.actor = null;
-        this.permits = [];
+        this.role_grants = [];
     }
 }

package/dist/ui/format_scope.d.ts

@@ -1,7 +1,7 @@
 /**
- * Shared `format_scope` callback contract for permit-display components.
+ * Shared `format_scope` callback contract for role-grant-display components.
  *
- * Permits and offers carry a `scope_id` that names a consumer-owned resource
+ * Role grants and offers carry a `scope_id` that names a consumer-owned resource
  * (e.g. a classroom uuid). The default render is the raw uuid. Consumers wire
  * a `FormatScope` via context to render a human label without per-page
  * lookup or forking the components.

package/dist/ui/format_scope.js

@@ -1,7 +1,7 @@
 /**
- * Shared `format_scope` callback contract for permit-display components.
+ * Shared `format_scope` callback contract for role-grant-display components.
  *
- * Permits and offers carry a `scope_id` that names a consumer-owned resource
+ * Role grants and offers carry a `scope_id` that names a consumer-owned resource
  * (e.g. a classroom uuid). The default render is the raw uuid. Consumers wire
  * a `FormatScope` via context to render a human label without per-page
  * lookup or forking the components.

package/dist/ui/{permit_offers_state.svelte.d.ts → role_grant_offers_state.svelte.d.ts}

@@ -1,8 +1,8 @@
 /**
- * Reactive state for the consentful-permits offer flow.
+ * Reactive state for the consentful-role-grants offer flow.
  *
  * Maintains one offer cache keyed by id, seeded by the RPC list/history
- * actions and kept live by the six permit-offer WebSocket notifications.
+ * actions and kept live by the six role-grant-offer WebSocket notifications.
  * `incoming` (recipient-side pending) and `outgoing` (grantor-side pending)
  * are derived views; `history` is the full cache ordered newest-first for
  * the grantor/admin history view.
@@ -16,32 +16,32 @@
  * @module
  */
 import { Loadable } from './loadable.svelte.js';
-import type { PermitOfferJson } from '../auth/permit_offer_schema.js';
+import type { RoleGrantOfferJson } from '../auth/role_grant_offer_schema.js';
 /**
- * Svelte context for `PermitOffersState`.
- * Use `permit_offers_state_context.set(state)` in the provider and
- * `permit_offers_state_context.get()` to access.
+ * Svelte context for `RoleGrantOffersState`.
+ * Use `role_grant_offers_state_context.set(state)` in the provider and
+ * `role_grant_offers_state_context.get()` to access.
  */
-export declare const permit_offers_state_context: {
-    get: (error_message?: string) => PermitOffersState;
-    get_maybe: () => PermitOffersState | undefined;
-    set: (value: PermitOffersState) => PermitOffersState;
+export declare const role_grant_offers_state_context: {
+    get: (error_message?: string) => RoleGrantOffersState;
+    get_maybe: () => RoleGrantOffersState | undefined;
+    set: (value: RoleGrantOffersState) => RoleGrantOffersState;
 };
 /**
- * Narrow RPC surface consumed by `PermitOffersState`. Consumers adapt their
+ * Narrow RPC surface consumed by `RoleGrantOffersState`. Consumers adapt their
  * typed client (e.g. a `create_rpc_client` Proxy) to this shape — the state
  * class stays decoupled from the client's `Result` return type so tests can
  * inject plain-function stubs.
  */
-export interface PermitOffersRpc {
+export interface RoleGrantOffersRpc {
     list: () => Promise<{
-        offers: Array<PermitOfferJson>;
+        offers: Array<RoleGrantOfferJson>;
     }>;
     history: (options?: {
         limit?: number;
         offset?: number;
     }) => Promise<{
-        offers: Array<PermitOfferJson>;
+        offers: Array<RoleGrantOfferJson>;
     }>;
     create: (params: {
         to_account_id: string;
@@ -50,11 +50,11 @@ export interface PermitOffersRpc {
         scope_id?: string | null;
         message?: string | null;
     }) => Promise<{
-        offer: PermitOfferJson;
+        offer: RoleGrantOfferJson;
     }>;
     accept: (offer_id: string) => Promise<{
-        permit_id: string;
-        offer: PermitOfferJson;
+        role_grant_id: string;
+        offer: RoleGrantOfferJson;
         superseded_offer_ids: Array<string>;
     }>;
     decline: (offer_id: string, reason?: string | null) => Promise<{
@@ -65,14 +65,14 @@ export interface PermitOffersRpc {
     }>;
 }
 /** Narrow WS notification envelope — method + params, matching `JsonrpcNotification`. */
-export interface PermitOfferNotification {
+export interface RoleGrantOfferNotification {
     method: string;
     params: unknown;
 }
 /** Subscription primitive — consumer wires their WS receiver; returns a disposer. */
-export type PermitOfferSubscribe = (handler: (notification: PermitOfferNotification) => void) => () => void;
-export interface PermitOffersStateOptions {
-    rpc: PermitOffersRpc;
+export type RoleGrantOfferSubscribe = (handler: (notification: RoleGrantOfferNotification) => void) => () => void;
+export interface RoleGrantOffersStateOptions {
+    rpc: RoleGrantOffersRpc;
     /** Reactive accessor for the current account id; returns `null` when logged out. */
     account_id: () => string | null;
     /**
@@ -81,16 +81,16 @@ export interface PermitOffersStateOptions {
      */
     actor_id: () => string | null;
 }
-export declare class PermitOffersState extends Loadable {
+export declare class RoleGrantOffersState extends Loadable {
     #private;
     /** Pending offers for the current account, soonest-expiring first. */
-    readonly incoming: Array<PermitOfferJson>;
+    readonly incoming: Array<RoleGrantOfferJson>;
     /** Pending offers from the current actor, newest-created first. */
-    readonly outgoing: Array<PermitOfferJson>;
+    readonly outgoing: Array<RoleGrantOfferJson>;
     /** Every offer known to this state, newest-created first. Feeds the history view. */
-    readonly history: Array<PermitOfferJson>;
+    readonly history: Array<RoleGrantOfferJson>;
     readonly incoming_count: number;
-    constructor(options: PermitOffersStateOptions);
+    constructor(options: RoleGrantOffersStateOptions);
     /** Seed the cache with the recipient-side pending inbox. */
     fetch(): Promise<void>;
     /** Seed both-directions history (includes terminal rows). */
@@ -111,7 +111,7 @@ export declare class PermitOffersState extends Loadable {
         role: string;
         scope_id?: string | null;
         message?: string | null;
-    }): Promise<PermitOfferJson | undefined>;
+    }): Promise<RoleGrantOfferJson | undefined>;
     /** Accept an offer; stamps it terminal in the cache and drops any siblings the server superseded. */
     accept(offer_id: string): Promise<void>;
     decline(offer_id: string, reason?: string | null): Promise<void>;
@@ -120,7 +120,7 @@ export declare class PermitOffersState extends Loadable {
      * Wire a notification subscription. The handler dispatches each matching
      * notification into `apply_notification`; the returned disposer unwires.
      */
-    subscribe(subscribe_fn: PermitOfferSubscribe): () => void;
+    subscribe(subscribe_fn: RoleGrantOfferSubscribe): () => void;
     /**
      * Reduce a single WS notification into the cache. Exposed so consumers
      * wiring their WS receiver directly (without `subscribe`) and tests can
@@ -128,8 +128,8 @@ export declare class PermitOffersState extends Loadable {
      *
      * @mutates `this`
      */
-    apply_notification(notification: PermitOfferNotification): void;
+    apply_notification(notification: RoleGrantOfferNotification): void;
     /** Clear the cache and reset loading/error state. */
     reset(): void;
 }
-//# sourceMappingURL=permit_offers_state.svelte.d.ts.map
+//# sourceMappingURL=role_grant_offers_state.svelte.d.ts.map

package/dist/ui/role_grant_offers_state.svelte.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role_grant_offers_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/role_grant_offers_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,oCAAoC,CAAC;AAU3E;;;;GAIG;AACH,eAAO,MAAM,+BAA+B;;;;CAAyC,CAAC;AAEtF;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,MAAM,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;KAAC,CAAC,CAAC;IACzD,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KAChB,KAAK,OAAO,CAAC;QAAC,MAAM,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;KAAC,CAAC,CAAC;IACnD,MAAM,EAAE,CAAC,MAAM,EAAE;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,KAAK,OAAO,CAAC;QAAC,KAAK,EAAE,kBAAkB,CAAA;KAAC,CAAC,CAAC;IAC3C,MAAM,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,aAAa,EAAE,MAAM,CAAC;QACtB,KAAK,EAAE,kBAAkB,CAAC;QAC1B,oBAAoB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACpC,CAAC,CAAC;IACH,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IAC3E,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;CACnD;AAED,yFAAyF;AACzF,MAAM,WAAW,0BAA0B;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,CAAC;CAChB;AAED,qFAAqF;AACrF,MAAM,MAAM,uBAAuB,GAAG,CACrC,OAAO,EAAE,CAAC,YAAY,EAAE,0BAA0B,KAAK,IAAI,KACvD,MAAM,IAAI,CAAC;AAEhB,MAAM,WAAW,2BAA2B;IAC3C,GAAG,EAAE,kBAAkB,CAAC;IACxB,oFAAoF;IACpF,UAAU,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAChC;;;OAGG;IACH,QAAQ,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;CAC9B;AAQD,qBAAa,oBAAqB,SAAQ,QAAQ;;IAOjD,sEAAsE;IACtE,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAazC;IAEH,mEAAmE;IACnE,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAazC;IAEH,qFAAqF;IACrF,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAIxC;IAEH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAkC;gBAErD,OAAO,EAAE,2BAA2B;IAOhD,4DAA4D;IACtD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAO5B,6DAA6D;IACvD,aAAa,CAAC,OAAO,CAAC,EAAE;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/E;;;;;;OAMG;IACG,MAAM,CAAC,MAAM,EAAE;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,GAAG,OAAO,CAAC,kBAAkB,GAAG,SAAS,CAAC;IAQ3C,qGAAqG;IAC/F,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAavC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAOhE,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9C;;;OAGG;IACH,SAAS,CAAC,YAAY,EAAE,uBAAuB,GAAG,MAAM,IAAI;IAM5D;;;;;;OAMG;IACH,kBAAkB,CAAC,YAAY,EAAE,0BAA0B,GAAG,IAAI;IAwBlE,qDAAqD;IAC5C,KAAK,IAAI,IAAI;CAmBtB"}

package/dist/ui/{permit_offers_state.svelte.js → role_grant_offers_state.svelte.js}

@@ -1,8 +1,8 @@
 /**
- * Reactive state for the consentful-permits offer flow.
+ * Reactive state for the consentful-role-grants offer flow.
  *
  * Maintains one offer cache keyed by id, seeded by the RPC list/history
- * actions and kept live by the six permit-offer WebSocket notifications.
+ * actions and kept live by the six role-grant-offer WebSocket notifications.
  * `incoming` (recipient-side pending) and `outgoing` (grantor-side pending)
  * are derived views; `history` is the full cache ordered newest-first for
  * the grantor/admin history view.
@@ -17,18 +17,18 @@
  */
 import { create_context } from '@fuzdev/fuz_ui/context_helpers.js';
 import { Loadable } from './loadable.svelte.js';
-import { PERMIT_OFFER_ACCEPTED_NOTIFICATION_METHOD, PERMIT_OFFER_DECLINED_NOTIFICATION_METHOD, PERMIT_OFFER_RECEIVED_NOTIFICATION_METHOD, PERMIT_OFFER_RETRACTED_NOTIFICATION_METHOD, PERMIT_OFFER_SUPERSEDE_NOTIFICATION_METHOD, PERMIT_REVOKE_NOTIFICATION_METHOD, } from '../auth/permit_offer_notifications.js';
+import { ROLE_GRANT_OFFER_ACCEPTED_NOTIFICATION_METHOD, ROLE_GRANT_OFFER_DECLINED_NOTIFICATION_METHOD, ROLE_GRANT_OFFER_RECEIVED_NOTIFICATION_METHOD, ROLE_GRANT_OFFER_RETRACTED_NOTIFICATION_METHOD, ROLE_GRANT_OFFER_SUPERSEDE_NOTIFICATION_METHOD, ROLE_GRANT_REVOKE_NOTIFICATION_METHOD, } from '../auth/role_grant_offer_notifications.js';
 /**
- * Svelte context for `PermitOffersState`.
- * Use `permit_offers_state_context.set(state)` in the provider and
- * `permit_offers_state_context.get()` to access.
+ * Svelte context for `RoleGrantOffersState`.
+ * Use `role_grant_offers_state_context.set(state)` in the provider and
+ * `role_grant_offers_state_context.get()` to access.
  */
-export const permit_offers_state_context = create_context();
+export const role_grant_offers_state_context = create_context();
 const is_terminal = (o) => o.accepted_at !== null ||
     o.declined_at !== null ||
     o.retracted_at !== null ||
     o.superseded_at !== null;
-export class PermitOffersState extends Loadable {
+export class RoleGrantOffersState extends Loadable {
     #rpc;
     #get_account_id;
     #get_actor_id;
@@ -155,23 +155,23 @@ export class PermitOffersState extends Loadable {
      */
     apply_notification(notification) {
         switch (notification.method) {
-            case PERMIT_OFFER_RECEIVED_NOTIFICATION_METHOD:
-            case PERMIT_OFFER_RETRACTED_NOTIFICATION_METHOD:
-            case PERMIT_OFFER_ACCEPTED_NOTIFICATION_METHOD:
-            case PERMIT_OFFER_DECLINED_NOTIFICATION_METHOD:
-            case PERMIT_OFFER_SUPERSEDE_NOTIFICATION_METHOD: {
+            case ROLE_GRANT_OFFER_RECEIVED_NOTIFICATION_METHOD:
+            case ROLE_GRANT_OFFER_RETRACTED_NOTIFICATION_METHOD:
+            case ROLE_GRANT_OFFER_ACCEPTED_NOTIFICATION_METHOD:
+            case ROLE_GRANT_OFFER_DECLINED_NOTIFICATION_METHOD:
+            case ROLE_GRANT_OFFER_SUPERSEDE_NOTIFICATION_METHOD: {
                 const params = notification.params;
                 if (!params || typeof params !== 'object' || !('offer' in params))
                     return;
                 const offer = params.offer;
-                if (!is_permit_offer_like(offer))
+                if (!is_role_grant_offer_like(offer))
                     return;
                 this.#merge_offers([offer]);
                 return;
             }
-            case PERMIT_REVOKE_NOTIFICATION_METHOD:
-                // permit_revoke is a permit-lifecycle event — the offer cache
-                // is unaffected. Consumers handle it in an auth/permits state.
+            case ROLE_GRANT_REVOKE_NOTIFICATION_METHOD:
+                // role_grant_revoke is a role-grant-lifecycle event — the offer cache
+                // is unaffected. Consumers handle it in an auth/role_grants state.
                 return;
             default:
                 // unrelated notifications — ignore silently.
@@ -198,7 +198,7 @@ export class PermitOffersState extends Loadable {
         this.#offers = next;
     }
 }
-const is_permit_offer_like = (value) => !!value &&
+const is_role_grant_offer_like = (value) => !!value &&
     typeof value === 'object' &&
     typeof value.id === 'string' &&
     typeof value.to_account_id === 'string' &&

package/dist/ui/ui_format.js

@@ -159,9 +159,9 @@ export const format_audit_metadata = (event_type, metadata) => {
             return metadata.token_id ? `token: ${truncate_middle(metadata.token_id, 12)}` : '';
         case 'token_revoke_all':
             return metadata.count != null ? `${metadata.count} tokens` : '';
-        case 'permit_grant':
+        case 'role_grant_create':
             return metadata.role ? `role: ${metadata.role}` : '';
-        case 'permit_revoke':
+        case 'role_grant_revoke':
             return metadata.role ? `role: ${metadata.role}` : '';
         case 'invite_create':
             return [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fuzdev/fuz_app",
-  "version": "0.55.0",
+  "version": "0.56.0",
   "description": "fullstack app library",
   "glyph": "🗝",
   "logo": "logo.svg",
@@ -22,7 +22,7 @@
     "node": ">=24.14"
   },
   "peerDependencies": {
-    "@electric-sql/pglite": ">=0.3",
+    "@electric-sql/pglite": ">=0.4",
     "@fuzdev/blake3_wasm": ">=0.1.0",
     "@fuzdev/fuz_util": ">=0.53.4",
     "@node-rs/argon2": ">=2",
@@ -41,7 +41,7 @@
     }
   },
   "devDependencies": {
-    "@electric-sql/pglite": "^0.3.16",
+    "@electric-sql/pglite": "^0.4.5",
     "@fuzdev/blake3_wasm": "^0.1.0",
     "@fuzdev/fuz_code": "^0.45.1",
     "@fuzdev/fuz_css": "^0.59.0",

package/dist/auth/permit_offer_action_specs.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"permit_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAMzE,gEAAgE;AAChE,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,kEAAkE;AAClE,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAC9D,sDAAsD;AACtD,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAC5D,wGAAwG;AACxG,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAChE,qGAAqG;AACrG,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,gKAAgK;AAChK,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAC1E,6FAA6F;AAC7F,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAC1E,oHAAoH;AACpH,eAAO,MAAM,kCAAkC,EAAG,8BAAuC,CAAC;AAI1F;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB;;;;;;;kBAgBjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;kBAQlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,mGAAmG;AACnG,eAAO,MAAM,oBAAoB;;;kBAK/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB;;;;;kBAQ5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE;;;;GAIG;AACH,eAAO,MAAM,uBAAuB;;;;;kBAWlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;kBAIlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,kEAAkE;AAClE,eAAO,MAAM,mBAAmB;;kBAAwC,CAAC;AACzE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AACxF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,yCAAyC;AACzC,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AAC3F,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiBP,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiBP,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWL,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;CAaD,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,EAAE,KAAK,CAAC,yBAAyB,CAQ1E,CAAC"}

package/dist/auth/permit_offer_action_specs.js

@@ -1,258 +0,0 @@
-/**
- * Permit offer RPC action specs — declarative contract for the
- * consentful-permits surface (offer lifecycle + admin revoke).
- *
- * Import this module for the specs, Input/Output schemas, `ERROR_OFFER_*`
- * reason constants, and the `all_permit_offer_action_specs` registry.
- * Handlers live in `auth/permit_offer_actions.ts`.
- *
- * Authorization enforcement: offer-lifecycle specs declare
- * `auth: 'authenticated'` and rely on `query_*` IDOR guards or in-handler
- * policy checks (e.g. `permit_offer_list`/`_history` elevate to admin only
- * when inspecting another account — an input-dependent check that can't be
- * expressed at the spec level). `permit_revoke` declares
- * `auth: {role: 'admin'}` — the RPC dispatcher's per-spec post-authorization
- * auth gate (`check_action_auth_post_authorization`) rejects non-admin
- * callers before the handler runs even though the endpoint hosts non-admin
- * methods alongside.
- *
- * @module
- */
-import { z } from 'zod';
-import { Uuid } from '@fuzdev/fuz_util/id.js';
-import { ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE } from '../http/error_schemas.js';
-import { RoleName } from './role_schema.js';
-import { PERMIT_OFFER_MESSAGE_LENGTH_MAX, PermitOfferJson } from './permit_offer_schema.js';
-import { ActingActor, PERMIT_REVOKED_REASON_LENGTH_MAX } from './account_schema.js';
-/** Error reason — caller tried to offer themselves a permit. */
-export const ERROR_OFFER_SELF_TARGET = 'offer_self_target';
-/** Error reason — offer is declined, retracted, or superseded. */
-export const ERROR_OFFER_TERMINAL = 'offer_terminal';
-/** Error reason — offer's `expires_at` has passed. */
-export const ERROR_OFFER_EXPIRED = 'offer_expired';
-/** Error reason — offer does not exist or belongs to a different recipient (404-over-403 IDOR mask). */
-export const ERROR_OFFER_NOT_FOUND = 'offer_not_found';
-/** Error reason — the offered role is not `web_grantable` (nobody may offer it via this surface). */
-export const ERROR_OFFER_ROLE_NOT_GRANTABLE = 'offer_role_not_grantable';
-/** Error reason — caller is not authorized to offer this role (default policy: caller lacks the role; consumer `authorize` callback may add further policy). */
-export const ERROR_OFFER_NOT_AUTHORIZED = 'offer_not_authorized';
-/** Error reason — actor-targeted offer was accepted by an actor other than `to_actor_id`. */
-export const ERROR_OFFER_ACTOR_MISMATCH = 'offer_actor_mismatch';
-/** Error reason — `permit_offer_create` was called with a `to_actor_id` that does not belong to `to_account_id`. */
-export const ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH = 'offer_actor_account_mismatch';
-// -- Input/output schemas ---------------------------------------------------
-/**
- * Input for `permit_offer_create`.
- *
- * `to_actor_id` (optional) narrows the offer to a specific actor on the
- * recipient account. When supplied, `permit_offer_accept` will only admit
- * the named actor — wrong-actor accepts reject with
- * `offer_actor_mismatch`. The audit envelope's `target_actor_id` is
- * stamped from this column on the create / supersede / expire / retract
- * events. Omit (or pass null) for the account-grain default — any actor
- * on `to_account_id` may accept.
- */
-export const PermitOfferCreateInput = z.strictObject({
-    to_account_id: Uuid.meta({ description: 'Account id of the recipient.' }),
-    to_actor_id: Uuid.nullish().meta({
-        description: 'Optional actor-grain target on the recipient account. When set, only this actor may accept and the audit envelope carries it on offer-shape events. Must belong to `to_account_id`.',
-    }),
-    role: RoleName.meta({ description: 'Role being offered.' }),
-    scope_id: Uuid.nullish().meta({
-        description: 'Scope id for resource-scoped grants (e.g. classroom id). `null` for global.',
-    }),
-    message: z
-        .string()
-        .max(PERMIT_OFFER_MESSAGE_LENGTH_MAX)
-        .nullish()
-        .meta({ description: 'Optional free-form note from the grantor.' }),
-    acting: ActingActor,
-});
-/** Input for `permit_offer_accept`. */
-export const PermitOfferAcceptInput = z.strictObject({
-    offer_id: Uuid.meta({ description: 'The offer to accept.' }),
-    acting: ActingActor,
-});
-/** Input for `permit_offer_decline`. */
-export const PermitOfferDeclineInput = z.strictObject({
-    offer_id: Uuid.meta({ description: 'The offer to decline.' }),
-    reason: z
-        .string()
-        .max(PERMIT_OFFER_MESSAGE_LENGTH_MAX)
-        .nullish()
-        .meta({ description: 'Optional free-form reason given on decline.' }),
-    acting: ActingActor,
-});
-/** Input for `permit_offer_retract`. */
-export const PermitOfferRetractInput = z.strictObject({
-    offer_id: Uuid.meta({ description: 'The offer to retract.' }),
-    acting: ActingActor,
-});
-/** Input for `permit_offer_list`. `account_id` is admin-only (inspect another account's inbox). */
-export const PermitOfferListInput = z.strictObject({
-    account_id: Uuid.nullish().meta({
-        description: 'Admin-only — list offers for another account. Defaults to the caller.',
-    }),
-    acting: ActingActor,
-});
-/**
- * Input for `permit_revoke`. Admin-only mutation that revokes an active
- * permit on a target actor. `actor_id` is the natural key — permits are
- * actor-scoped, and the admin UI reads `row.actor.id` straight from the
- * listing. Deriving `actor_id` from `account_id` would collapse under
- * multi-actor accounts.
- */
-export const PermitRevokeInput = z.strictObject({
-    actor_id: Uuid.meta({ description: 'Actor whose permit to revoke.' }),
-    permit_id: Uuid.meta({ description: 'The permit to revoke.' }),
-    reason: z.string().max(PERMIT_REVOKED_REASON_LENGTH_MAX).nullish().meta({
-        description: 'Optional free-form reason; stamped on `permit.revoked_reason` and surfaced on the revokee WS notification.',
-    }),
-    acting: ActingActor,
-});
-/**
- * Input for `permit_offer_history`. Returns every offer involving the account
- * in either direction (recipient or grantor), including terminal rows, newest
- * first. `account_id` is admin-only.
- */
-export const PermitOfferHistoryInput = z.strictObject({
-    account_id: Uuid.nullish().meta({
-        description: 'Admin-only — history for another account. Defaults to the caller.',
-    }),
-    limit: z.number().int().min(1).max(500).nullish().meta({
-        description: 'Max rows to return (default 100).',
-    }),
-    offset: z.number().int().min(0).nullish().meta({
-        description: 'Pagination offset (default 0).',
-    }),
-    acting: ActingActor,
-});
-/** Output for `permit_offer_create`. */
-export const PermitOfferCreateOutput = z.strictObject({
-    offer: PermitOfferJson,
-});
-/** Output for `permit_offer_accept`. */
-export const PermitOfferAcceptOutput = z.strictObject({
-    permit_id: Uuid,
-    offer: PermitOfferJson,
-    superseded_offer_ids: z.array(Uuid),
-});
-/** Output for `permit_offer_decline` / `permit_offer_retract`. */
-export const PermitOfferOkOutput = z.strictObject({ ok: z.literal(true) });
-/** Output for `permit_offer_list`. */
-export const PermitOfferListOutput = z.strictObject({ offers: z.array(PermitOfferJson) });
-/** Output for `permit_offer_history`. */
-export const PermitOfferHistoryOutput = z.strictObject({ offers: z.array(PermitOfferJson) });
-/** Output for `permit_revoke`. */
-export const PermitRevokeOutput = z.strictObject({
-    ok: z.literal(true),
-    revoked: z.literal(true),
-});
-// -- Action specs -----------------------------------------------------------
-export const permit_offer_create_action_spec = {
-    method: 'permit_offer_create',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: 'authenticated',
-    side_effects: true,
-    input: PermitOfferCreateInput,
-    output: PermitOfferCreateOutput,
-    async: true,
-    description: 'Offer a permit to another account. Grantor must hold the offered role (or pass a consumer authorize callback); role must be web_grantable.',
-    error_reasons: [
-        ERROR_OFFER_SELF_TARGET,
-        ERROR_OFFER_ROLE_NOT_GRANTABLE,
-        ERROR_OFFER_NOT_AUTHORIZED,
-        ERROR_OFFER_ACTOR_ACCOUNT_MISMATCH,
-    ],
-};
-export const permit_offer_accept_action_spec = {
-    method: 'permit_offer_accept',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: 'authenticated',
-    side_effects: true,
-    input: PermitOfferAcceptInput,
-    output: PermitOfferAcceptOutput,
-    async: true,
-    description: 'Accept an offer. Atomically marks the offer accepted, inserts the permit, and supersedes sibling pending offers for the same (account, role, scope).',
-    error_reasons: [
-        ERROR_OFFER_NOT_FOUND,
-        ERROR_OFFER_TERMINAL,
-        ERROR_OFFER_EXPIRED,
-        ERROR_OFFER_ACTOR_MISMATCH,
-    ],
-};
-export const permit_offer_decline_action_spec = {
-    method: 'permit_offer_decline',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: 'authenticated',
-    side_effects: true,
-    input: PermitOfferDeclineInput,
-    output: PermitOfferOkOutput,
-    async: true,
-    description: 'Decline an offer. Recipient-only.',
-    error_reasons: [ERROR_OFFER_NOT_FOUND, ERROR_OFFER_TERMINAL],
-};
-export const permit_offer_retract_action_spec = {
-    method: 'permit_offer_retract',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: 'authenticated',
-    side_effects: true,
-    input: PermitOfferRetractInput,
-    output: PermitOfferOkOutput,
-    async: true,
-    description: 'Retract an offer. Grantor-only, pre-decision.',
-    error_reasons: [ERROR_OFFER_NOT_FOUND, ERROR_OFFER_TERMINAL],
-};
-export const permit_offer_list_action_spec = {
-    method: 'permit_offer_list',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: 'authenticated',
-    side_effects: false,
-    input: PermitOfferListInput,
-    output: PermitOfferListOutput,
-    async: true,
-    description: 'List pending, non-expired offers for the caller. Admins may pass `account_id` to inspect another account.',
-};
-export const permit_offer_history_action_spec = {
-    method: 'permit_offer_history',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: 'authenticated',
-    side_effects: false,
-    input: PermitOfferHistoryInput,
-    output: PermitOfferHistoryOutput,
-    async: true,
-    description: 'List every offer involving the caller (either direction), including terminal rows, newest first. Admins may pass `account_id` to inspect another account.',
-};
-export const permit_revoke_action_spec = {
-    method: 'permit_revoke',
-    kind: 'request_response',
-    initiator: 'frontend',
-    auth: { role: 'admin' },
-    side_effects: true,
-    input: PermitRevokeInput,
-    output: PermitRevokeOutput,
-    async: true,
-    description: 'Revoke an active permit on a target actor. Admin-only. Supersedes any pending offers for the same (account, role, scope). Fires permit_revoke + permit_offer_supersede notifications.',
-    error_reasons: [ERROR_PERMIT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE],
-    rate_limit: 'account',
-};
-/**
- * All permit-offer action specs — a codegen-ready registry. Consumers spread
- * this into their own action-spec array to include offer lifecycle + revoke
- * methods in a typed client surface.
- */
-export const all_permit_offer_action_specs = [
-    permit_offer_create_action_spec,
-    permit_offer_accept_action_spec,
-    permit_offer_decline_action_spec,
-    permit_offer_retract_action_spec,
-    permit_offer_list_action_spec,
-    permit_offer_history_action_spec,
-    permit_revoke_action_spec,
-];