@fuzdev/fuz_app 0.57.2 → 0.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions/CLAUDE.md +8 -3
- package/dist/auth/CLAUDE.md +70 -37
- package/dist/auth/account_action_specs.d.ts +9 -0
- package/dist/auth/account_action_specs.d.ts.map +1 -1
- package/dist/auth/account_action_specs.js +9 -0
- package/dist/auth/account_schema.d.ts +1 -1
- package/dist/auth/account_schema.js +1 -1
- package/dist/auth/admin_action_specs.d.ts +35 -0
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +35 -0
- package/dist/auth/audit_log_ddl.d.ts +24 -0
- package/dist/auth/audit_log_ddl.d.ts.map +1 -0
- package/dist/auth/audit_log_ddl.js +42 -0
- package/dist/auth/audit_log_schema.d.ts +3 -3
- package/dist/auth/audit_log_schema.d.ts.map +1 -1
- package/dist/auth/audit_log_schema.js +3 -34
- package/dist/auth/{ddl.d.ts → auth_ddl.d.ts} +7 -4
- package/dist/auth/auth_ddl.d.ts.map +1 -0
- package/dist/auth/{ddl.js → auth_ddl.js} +6 -3
- package/dist/auth/migrations.js +4 -4
- package/dist/auth/role_grant_offer_action_specs.d.ts +17 -0
- package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -1
- package/dist/auth/role_grant_offer_action_specs.js +17 -0
- package/dist/auth/role_grant_offer_ddl.d.ts +43 -0
- package/dist/auth/role_grant_offer_ddl.d.ts.map +1 -0
- package/dist/auth/role_grant_offer_ddl.js +99 -0
- package/dist/auth/role_grant_offer_queries.d.ts +1 -1
- package/dist/auth/role_grant_offer_queries.d.ts.map +1 -1
- package/dist/auth/role_grant_offer_queries.js +1 -1
- package/dist/auth/role_grant_offer_schema.d.ts +3 -28
- package/dist/auth/role_grant_offer_schema.d.ts.map +1 -1
- package/dist/auth/role_grant_offer_schema.js +3 -80
- package/dist/auth/role_grant_queries.d.ts +1 -1
- package/dist/auth/role_grant_queries.d.ts.map +1 -1
- package/dist/auth/role_grant_queries.js +1 -1
- package/dist/auth/self_service_role_action_specs.d.ts +8 -0
- package/dist/auth/self_service_role_action_specs.d.ts.map +1 -1
- package/dist/auth/self_service_role_action_specs.js +8 -0
- package/package.json +1 -1
- package/dist/auth/ddl.d.ts.map +0 -1
package/dist/actions/CLAUDE.md
CHANGED
|
@@ -71,9 +71,14 @@ resolved) and is rejected at registration when paired with
|
|
|
71
71
|
`auth.account !== 'required'` (no account to key on); `'both'` runs
|
|
72
72
|
both checks. **Throttle-requests semantics** — every invocation records,
|
|
73
73
|
regardless of outcome (different from REST login's throttle-failures
|
|
74
|
-
that resets on success). The motivating threat is admin
|
|
75
|
-
(`invite_create` account-existence probe) where the
|
|
76
|
-
invocation is the threat
|
|
74
|
+
that resets on success). The originally motivating threat is admin
|
|
75
|
+
mutation oracles (`invite_create` account-existence probe) where the
|
|
76
|
+
_successful_ invocation is the threat; the same shape extends to
|
|
77
|
+
authed-spam oracles (`role_grant_offer_create` iterating
|
|
78
|
+
`to_account_id` to probe `ERROR_ACCOUNT_NOT_FOUND`) and to paginated
|
|
79
|
+
cross-account reads (`admin_account_list`, `audit_log_list`,
|
|
80
|
+
`audit_log_role_grant_history`) where every successful page is an
|
|
81
|
+
enumeration step. Limiters are configured at server-assembly
|
|
77
82
|
time via `AppServerOptions.action_ip_rate_limiter` /
|
|
78
83
|
`action_account_rate_limiter` and threaded into both dispatchers
|
|
79
84
|
automatically; consumers wiring `register_action_ws` directly forward
|
package/dist/auth/CLAUDE.md
CHANGED
|
@@ -76,15 +76,20 @@ Design notes:
|
|
|
76
76
|
|
|
77
77
|
## Schemas, types, and DDL
|
|
78
78
|
|
|
79
|
+
Convention — `*_schema.ts` is Zod-only; `*_ddl.ts` holds DDL constants and
|
|
80
|
+
index strings. Mixed modules split into a `_schema` + `_ddl` pair.
|
|
81
|
+
|
|
79
82
|
| Module | What's inside |
|
|
80
83
|
| ----------------------------------- | ----------------------------------------------------------------------------------------- |
|
|
81
84
|
| `account_schema.ts` | Runtime types + client-safe Zod schemas for identity entities |
|
|
82
85
|
| `role_schema.ts` | Role vocabulary and extensibility |
|
|
83
|
-
| `
|
|
86
|
+
| `auth_ddl.ts` | Raw `CREATE TABLE` / index / seed SQL strings for the core identity tables |
|
|
84
87
|
| `invite_schema.ts` | `Invite`, `InviteJson`, `InviteWithUsernamesJson`, `CreateInviteInput` |
|
|
85
88
|
| `app_settings_schema.ts` | `AppSettings`, `AppSettingsJson`, `AppSettingsWithUsernameJson`, `UpdateAppSettingsInput` |
|
|
86
|
-
| `audit_log_schema.ts` | Event-type enum, per-type metadata schemas,
|
|
87
|
-
| `
|
|
89
|
+
| `audit_log_schema.ts` | Event-type enum, per-type metadata schemas, client-safe Zod |
|
|
90
|
+
| `audit_log_ddl.ts` | `audit_log` table DDL + index strings |
|
|
91
|
+
| `role_grant_offer_schema.ts` | Role grant offer types and client-safe Zod |
|
|
92
|
+
| `role_grant_offer_ddl.ts` | `role_grant_offer` table DDL, indexes, and the index-side sentinel constants |
|
|
88
93
|
| `role_grant_offer_notifications.ts` | WS notification specs for the consentful-role-grant lifecycle |
|
|
89
94
|
|
|
90
95
|
### Identity entities (`account_schema.ts`)
|
|
@@ -237,7 +242,7 @@ against the corresponding open registries at construction time.
|
|
|
237
242
|
filter helpers used by `admin_actions` and
|
|
238
243
|
`self_service_role_actions` to derive their default eligibility.
|
|
239
244
|
|
|
240
|
-
### Raw DDL (`
|
|
245
|
+
### Raw DDL (`auth_ddl.ts`)
|
|
241
246
|
|
|
242
247
|
Separated from runtime types to isolate DDL concerns. Consumed by
|
|
243
248
|
`migrations.ts`:
|
|
@@ -262,7 +267,7 @@ Separated from runtime types to isolate DDL concerns. Consumed by
|
|
|
262
267
|
- `APP_SETTINGS_SCHEMA`, `APP_SETTINGS_SEED` — single-row via
|
|
263
268
|
`CHECK (id = 1)` constraint; seed is `ON CONFLICT DO NOTHING`.
|
|
264
269
|
|
|
265
|
-
### Audit log (`audit_log_schema.ts`)
|
|
270
|
+
### Audit log (`audit_log_schema.ts` + `audit_log_ddl.ts`)
|
|
266
271
|
|
|
267
272
|
#### Audit event types
|
|
268
273
|
|
|
@@ -396,7 +401,7 @@ Zod enum; `AuditOutcome` is `'success' | 'failure'`.
|
|
|
396
401
|
accidental mutation (bugs, test cross-contamination, cast escapes)
|
|
397
402
|
into loud TypeErrors — not a security boundary.
|
|
398
403
|
|
|
399
|
-
### Role grant offer (`role_grant_offer_schema.ts`)
|
|
404
|
+
### Role grant offer (`role_grant_offer_schema.ts` + `role_grant_offer_ddl.ts`)
|
|
400
405
|
|
|
401
406
|
The consentful-role-grants surface. Key constants:
|
|
402
407
|
|
|
@@ -1227,26 +1232,30 @@ acting?: ActingActor` biconditional).
|
|
|
1227
1232
|
|
|
1228
1233
|
| Spec | Side effects | Rate limit | Input | Output |
|
|
1229
1234
|
| ------------------------------------------ | ------------ | ----------- | --------------------------------------------------------- | ----------------------------- |
|
|
1230
|
-
| `admin_account_list_action_spec` | false |
|
|
1231
|
-
| `admin_session_list_action_spec` | false |
|
|
1235
|
+
| `admin_account_list_action_spec` | false | `'account'` | `{limit?, offset?}` | `{accounts, grantable_roles}` |
|
|
1236
|
+
| `admin_session_list_action_spec` | false | `'account'` | `z.void()` | `{sessions}` |
|
|
1232
1237
|
| `admin_session_revoke_all_action_spec` | true | `'account'` | `{account_id}` | `{ok, count}` |
|
|
1233
1238
|
| `admin_token_revoke_all_action_spec` | true | `'account'` | `{account_id}` | `{ok, count}` |
|
|
1234
|
-
| `audit_log_list_action_spec` | false |
|
|
1235
|
-
| `audit_log_role_grant_history_action_spec` | false |
|
|
1239
|
+
| `audit_log_list_action_spec` | false | `'account'` | `{event_type?, account_id?, limit?, offset?, since_seq?}` | `{events}` |
|
|
1240
|
+
| `audit_log_role_grant_history_action_spec` | false | `'account'` | `{limit?, offset?}` | `{events}` |
|
|
1236
1241
|
| `invite_create_action_spec` | true | `'account'` | `{email?, username?}` | `{ok, invite}` |
|
|
1237
|
-
| `invite_list_action_spec` | false |
|
|
1242
|
+
| `invite_list_action_spec` | false | `'account'` | `z.void()` | `{invites}` |
|
|
1238
1243
|
| `invite_delete_action_spec` | true | `'account'` | `{invite_id}` | `{ok}` |
|
|
1239
1244
|
| `app_settings_get_action_spec` | false | | `z.void()` | `{settings}` |
|
|
1240
1245
|
| `app_settings_update_action_spec` | true | `'account'` | `{open_signup}` | `{ok, settings}` |
|
|
1241
1246
|
|
|
1242
|
-
|
|
1243
|
-
admin's `request_context.actor.id`.
|
|
1244
|
-
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
|
|
1248
|
-
|
|
1249
|
-
|
|
1247
|
+
Every admin spec declares `rate_limit: 'account'` — keyed on the
|
|
1248
|
+
admin's `request_context.actor.id`. Mutations cap the
|
|
1249
|
+
`invite_create`-style account-existence oracle (`LOWER()` lookup in
|
|
1250
|
+
`query_account_by_username/_by_email`); reads cap admin-side scraping
|
|
1251
|
+
of paginated cross-account listings (`admin_account_list`,
|
|
1252
|
+
`audit_log_list`, `audit_log_role_grant_history`) and unbounded
|
|
1253
|
+
cross-account reads (`admin_session_list`, `invite_list`). The
|
|
1254
|
+
dispatcher's per-action hook (shared by HTTP RPC + WS) records every
|
|
1255
|
+
invocation regardless of outcome so successful probes consume budget.
|
|
1256
|
+
Default `DEFAULT_ACTION_ACCOUNT_RATE_LIMIT` is 1200/15min per actor —
|
|
1257
|
+
permissive enough for any human admin workflow, slow enough that
|
|
1258
|
+
scripted oracles surface in audit. Tighten downstream via
|
|
1250
1259
|
`AppServerOptions.action_account_rate_limiter`.
|
|
1251
1260
|
|
|
1252
1261
|
`AUDIT_LOG_LIST_LIMIT_MAX = 200` — page size clamp. `ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT = 50` / `ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200` — same shape on `admin_account_list`.
|
|
@@ -1339,15 +1348,25 @@ Every input row below also carries the shared `acting?: ActingActor`
|
|
|
1339
1348
|
field that the dispatcher's authorization phase reads off the raw
|
|
1340
1349
|
params (omitted from the table for brevity).
|
|
1341
1350
|
|
|
1342
|
-
| Spec | Input | Output |
|
|
1343
|
-
| -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------- |
|
|
1344
|
-
| `role_grant_offer_create_action_spec` | `{to_account_id, to_actor_id?, role, scope_id?, message?}` | `{offer}` |
|
|
1345
|
-
| `role_grant_offer_accept_action_spec` | `{offer_id}` | `{role_grant_id, offer, superseded_offer_ids}` |
|
|
1346
|
-
| `role_grant_offer_decline_action_spec` | `{offer_id, reason?}` | `{ok}` |
|
|
1347
|
-
| `role_grant_offer_retract_action_spec` | `{offer_id}` | `{ok}` |
|
|
1348
|
-
| `role_grant_offer_list_action_spec` | `{account_id?}` | `{offers}` |
|
|
1349
|
-
| `role_grant_offer_history_action_spec` | `{account_id?, limit?, offset?}` | `{offers}` |
|
|
1350
|
-
| `role_grant_revoke_action_spec` | `{actor_id, role_grant_id, reason?}` | `{ok, revoked}` |
|
|
1351
|
+
| Spec | Rate limit | Input | Output |
|
|
1352
|
+
| -------------------------------------- | ----------- | ---------------------------------------------------------- | ---------------------------------------------- |
|
|
1353
|
+
| `role_grant_offer_create_action_spec` | `'account'` | `{to_account_id, to_actor_id?, role, scope_id?, message?}` | `{offer}` |
|
|
1354
|
+
| `role_grant_offer_accept_action_spec` | | `{offer_id}` | `{role_grant_id, offer, superseded_offer_ids}` |
|
|
1355
|
+
| `role_grant_offer_decline_action_spec` | | `{offer_id, reason?}` | `{ok}` |
|
|
1356
|
+
| `role_grant_offer_retract_action_spec` | | `{offer_id}` | `{ok}` |
|
|
1357
|
+
| `role_grant_offer_list_action_spec` | | `{account_id?}` | `{offers}` |
|
|
1358
|
+
| `role_grant_offer_history_action_spec` | | `{account_id?, limit?, offset?}` | `{offers}` |
|
|
1359
|
+
| `role_grant_revoke_action_spec` | `'account'` | `{actor_id, role_grant_id, reason?}` | `{ok, revoked}` |
|
|
1360
|
+
|
|
1361
|
+
`role_grant_offer_create` carries the same shape as `invite_create` —
|
|
1362
|
+
hostile authed callers can iterate `to_account_id` to spam offers and
|
|
1363
|
+
probe `ERROR_ACCOUNT_NOT_FOUND` /
|
|
1364
|
+
`ERROR_ROLE_GRANT_OFFER_ACTOR_ACCOUNT_MISMATCH` as account-existence
|
|
1365
|
+
oracles, so the rate cap fires on the same threat model the admin
|
|
1366
|
+
`invite_create` spec addresses upstream. `role_grant_revoke` keeps its
|
|
1367
|
+
cap because it's an admin mutation. The accept / decline / retract /
|
|
1368
|
+
list / history specs are recipient-side or caller-own-data — no
|
|
1369
|
+
enumeration vector, no rate cap.
|
|
1351
1370
|
|
|
1352
1371
|
Error reason constants (exported as `as const` literals):
|
|
1353
1372
|
|
|
@@ -1495,15 +1514,23 @@ operations are account-scoped via `query_session_revoke_for_account` /
|
|
|
1495
1514
|
or token id returns `revoked: false` rather than revealing whether the id
|
|
1496
1515
|
exists.
|
|
1497
1516
|
|
|
1498
|
-
| Spec | Side effects | Input | Output |
|
|
1499
|
-
| ---------------------------------------- | ------------ | -------------- | ----------------------- |
|
|
1500
|
-
| `account_verify_action_spec` | false | `z.void()` | `SessionAccountJson` |
|
|
1501
|
-
| `account_session_list_action_spec` | false | `z.void()` | `{sessions}` |
|
|
1502
|
-
| `account_session_revoke_action_spec` | true | `{session_id}` | `{ok, revoked}` |
|
|
1503
|
-
| `account_session_revoke_all_action_spec` | true | `z.void()` | `{ok, count}` |
|
|
1504
|
-
| `account_token_create_action_spec` | true | `{name?}` | `{ok, token, id, name}` |
|
|
1505
|
-
| `account_token_list_action_spec` | false | `z.void()` | `{tokens}` |
|
|
1506
|
-
| `account_token_revoke_action_spec` | true | `{token_id}` | `{ok, revoked}` |
|
|
1517
|
+
| Spec | Side effects | Rate limit | Input | Output |
|
|
1518
|
+
| ---------------------------------------- | ------------ | ----------- | -------------- | ----------------------- |
|
|
1519
|
+
| `account_verify_action_spec` | false | | `z.void()` | `SessionAccountJson` |
|
|
1520
|
+
| `account_session_list_action_spec` | false | | `z.void()` | `{sessions}` |
|
|
1521
|
+
| `account_session_revoke_action_spec` | true | | `{session_id}` | `{ok, revoked}` |
|
|
1522
|
+
| `account_session_revoke_all_action_spec` | true | | `z.void()` | `{ok, count}` |
|
|
1523
|
+
| `account_token_create_action_spec` | true | `'account'` | `{name?}` | `{ok, token, id, name}` |
|
|
1524
|
+
| `account_token_list_action_spec` | false | | `z.void()` | `{tokens}` |
|
|
1525
|
+
| `account_token_revoke_action_spec` | true | | `{token_id}` | `{ok, revoked}` |
|
|
1526
|
+
|
|
1527
|
+
`account_token_create` declares `rate_limit: 'account'` to bound the
|
|
1528
|
+
_rate_ of token churn. The outstanding-token count is already capped by
|
|
1529
|
+
`max_tokens` via `query_api_token_enforce_limit`, but the per-account
|
|
1530
|
+
burn rate is not — without this cap a caller could rotate tokens in a
|
|
1531
|
+
tight loop to amplify `token_create` audit churn. The other six specs
|
|
1532
|
+
are IDOR-guarded reads/revokes of caller-own state with no enumeration
|
|
1533
|
+
vector, so rate caps are symmetry-only and skipped.
|
|
1507
1534
|
|
|
1508
1535
|
`session_id` validates as `Blake3Hash`; `token_id` validates as
|
|
1509
1536
|
`ApiTokenId` (`tok_[A-Za-z0-9_-]{12}`).
|
|
@@ -1541,6 +1568,12 @@ distinguish self-toggled role_grants from admin grants/offers. The
|
|
|
1541
1568
|
part of the documented surface rather than riding on `z.looseObject`
|
|
1542
1569
|
permissiveness.
|
|
1543
1570
|
|
|
1571
|
+
Declares `rate_limit: 'account'` — every call writes a
|
|
1572
|
+
`role_grant_create` / `role_grant_revoke` audit row regardless of
|
|
1573
|
+
`changed`, so a flapping loop could inflate the log and obscure
|
|
1574
|
+
unrelated activity. The toggle's idempotency doesn't bound the burn
|
|
1575
|
+
rate; the dispatcher's per-action hook does.
|
|
1576
|
+
|
|
1544
1577
|
Method name is static — `role` lives in the input, not the method
|
|
1545
1578
|
name. Mirrors the `role_grant_offer_create({role})` precedent. Per-role
|
|
1546
1579
|
parameterized methods would break the `satisfies RequestResponseActionSpec`
|
|
@@ -164,6 +164,14 @@ export declare const account_session_revoke_all_action_spec: {
|
|
|
164
164
|
async: true;
|
|
165
165
|
description: string;
|
|
166
166
|
};
|
|
167
|
+
/**
|
|
168
|
+
* `rate_limit: 'account'` bounds the burn rate of API-token creates. The
|
|
169
|
+
* outstanding-token count is already capped by `max_tokens` (via
|
|
170
|
+
* `query_api_token_enforce_limit`), but the per-account *rate* of churn
|
|
171
|
+
* is not — without this cap, a caller could rotate tokens in a tight
|
|
172
|
+
* loop to amplify `token_create` audit churn or attempt to provoke
|
|
173
|
+
* downstream rate-limit hot spots.
|
|
174
|
+
*/
|
|
167
175
|
export declare const account_token_create_action_spec: {
|
|
168
176
|
method: string;
|
|
169
177
|
kind: "request_response";
|
|
@@ -184,6 +192,7 @@ export declare const account_token_create_action_spec: {
|
|
|
184
192
|
}, z.core.$strict>;
|
|
185
193
|
async: true;
|
|
186
194
|
description: string;
|
|
195
|
+
rate_limit: "account";
|
|
187
196
|
};
|
|
188
197
|
export declare const account_token_list_action_spec: {
|
|
189
198
|
method: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAMzE,6EAA6E;AAC7E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,yCAAyC;AACzC,eAAO,MAAM,iBAAiB;;;;;;;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,iFAAiF;AACjF,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,6DAA6D;AAC7D,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,+CAA+C;AAC/C,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;mBAOf,CAAC;AACf,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,2EAA2E;AAC3E,eAAO,MAAM,iBAAiB;;;;;kBAK5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,qDAAqD;AACrD,eAAO,MAAM,cAAc,WAAW,CAAC;AACvC,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,4DAA4D;AAC5D,eAAO,MAAM,eAAe;;;;;;;;;;kBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,+EAA+E;AAC/E,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAIlE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;CAUR,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;CAUV,CAAC;AAEtC,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;CAUd,CAAC;AAEtC,eAAO,MAAM,gCAAgC
|
|
1
|
+
{"version":3,"file":"account_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAMzE,6EAA6E;AAC7E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,yCAAyC;AACzC,eAAO,MAAM,iBAAiB;;;;;;;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,iFAAiF;AACjF,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,6DAA6D;AAC7D,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,+CAA+C;AAC/C,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;mBAOf,CAAC;AACf,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,2EAA2E;AAC3E,eAAO,MAAM,iBAAiB;;;;;kBAK5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,qDAAqD;AACrD,eAAO,MAAM,cAAc,WAAW,CAAC;AACvC,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,4DAA4D;AAC5D,eAAO,MAAM,eAAe;;;;;;;;;;kBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,+EAA+E;AAC/E,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAIlE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;CAUR,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;CAUV,CAAC;AAEtC,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;CAUd,CAAC;AAEtC;;;;;;;GAOG;AACH,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;CAUR,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,EAAE,KAAK,CAAC,yBAAyB,CAQrE,CAAC"}
|
|
@@ -112,6 +112,14 @@ export const account_session_revoke_all_action_spec = {
|
|
|
112
112
|
async: true,
|
|
113
113
|
description: 'Revoke every auth session for the current account.',
|
|
114
114
|
};
|
|
115
|
+
/**
|
|
116
|
+
* `rate_limit: 'account'` bounds the burn rate of API-token creates. The
|
|
117
|
+
* outstanding-token count is already capped by `max_tokens` (via
|
|
118
|
+
* `query_api_token_enforce_limit`), but the per-account *rate* of churn
|
|
119
|
+
* is not — without this cap, a caller could rotate tokens in a tight
|
|
120
|
+
* loop to amplify `token_create` audit churn or attempt to provoke
|
|
121
|
+
* downstream rate-limit hot spots.
|
|
122
|
+
*/
|
|
115
123
|
export const account_token_create_action_spec = {
|
|
116
124
|
method: 'account_token_create',
|
|
117
125
|
kind: 'request_response',
|
|
@@ -122,6 +130,7 @@ export const account_token_create_action_spec = {
|
|
|
122
130
|
output: TokenCreateOutput,
|
|
123
131
|
async: true,
|
|
124
132
|
description: 'Create an API token for the current account. Raw token is returned once.',
|
|
133
|
+
rate_limit: 'account',
|
|
125
134
|
};
|
|
126
135
|
export const account_token_list_action_spec = {
|
|
127
136
|
method: 'account_token_list',
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* `RouteAuth` (the two pair: `auth.actor !== 'none'` ⟺ input declares
|
|
12
12
|
* `acting?: ActingActor`).
|
|
13
13
|
*
|
|
14
|
-
* DDL lives in `auth/
|
|
14
|
+
* DDL lives in `auth/auth_ddl.ts`; role system in `auth/role_schema.ts`.
|
|
15
15
|
* See docs/identity.md for design rationale.
|
|
16
16
|
*
|
|
17
17
|
* @module
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* `RouteAuth` (the two pair: `auth.actor !== 'none'` ⟺ input declares
|
|
12
12
|
* `acting?: ActingActor`).
|
|
13
13
|
*
|
|
14
|
-
* DDL lives in `auth/
|
|
14
|
+
* DDL lives in `auth/auth_ddl.ts`; role system in `auth/role_schema.ts`.
|
|
15
15
|
* See docs/identity.md for design rationale.
|
|
16
16
|
*
|
|
17
17
|
* @module
|
|
@@ -264,6 +264,12 @@ export declare const AppSettingsUpdateOutput: z.ZodObject<{
|
|
|
264
264
|
}, z.core.$strict>;
|
|
265
265
|
}, z.core.$strict>;
|
|
266
266
|
export type AppSettingsUpdateOutput = z.infer<typeof AppSettingsUpdateOutput>;
|
|
267
|
+
/**
|
|
268
|
+
* `rate_limit: 'account'` bounds admin-side scraping of the account table
|
|
269
|
+
* via `(limit, offset)` walking — admin trust is not a substitute for a
|
|
270
|
+
* read-rate cap when the listing is paginated and cross-account (yields
|
|
271
|
+
* every account + actor + active role_grant in the system).
|
|
272
|
+
*/
|
|
267
273
|
export declare const admin_account_list_action_spec: {
|
|
268
274
|
method: string;
|
|
269
275
|
kind: "request_response";
|
|
@@ -318,7 +324,13 @@ export declare const admin_account_list_action_spec: {
|
|
|
318
324
|
}, z.core.$strict>;
|
|
319
325
|
async: true;
|
|
320
326
|
description: string;
|
|
327
|
+
rate_limit: "account";
|
|
321
328
|
};
|
|
329
|
+
/**
|
|
330
|
+
* `rate_limit: 'account'` bounds cross-account scraping of every active
|
|
331
|
+
* `auth_session` row — no pagination, but the read is unbounded across
|
|
332
|
+
* accounts and reveals one row per live cookie globally.
|
|
333
|
+
*/
|
|
322
334
|
export declare const admin_session_list_action_spec: {
|
|
323
335
|
method: string;
|
|
324
336
|
kind: "request_response";
|
|
@@ -344,6 +356,7 @@ export declare const admin_session_list_action_spec: {
|
|
|
344
356
|
}, z.core.$strict>;
|
|
345
357
|
async: true;
|
|
346
358
|
description: string;
|
|
359
|
+
rate_limit: "account";
|
|
347
360
|
};
|
|
348
361
|
export declare const admin_session_revoke_all_action_spec: {
|
|
349
362
|
method: string;
|
|
@@ -389,6 +402,14 @@ export declare const admin_token_revoke_all_action_spec: {
|
|
|
389
402
|
description: string;
|
|
390
403
|
rate_limit: "account";
|
|
391
404
|
};
|
|
405
|
+
/**
|
|
406
|
+
* `rate_limit: 'account'` bounds admin-side enumeration of the entire
|
|
407
|
+
* audit log via `(limit, offset)` walking — same shape as
|
|
408
|
+
* `admin_account_list_action_spec`. The listing carries cross-account
|
|
409
|
+
* forensic detail (target ids, IPs, metadata), so the read-rate cap is
|
|
410
|
+
* the only check that distinguishes a human reviewer from a scraping
|
|
411
|
+
* script.
|
|
412
|
+
*/
|
|
392
413
|
export declare const audit_log_list_action_spec: {
|
|
393
414
|
method: string;
|
|
394
415
|
kind: "request_response";
|
|
@@ -433,7 +454,13 @@ export declare const audit_log_list_action_spec: {
|
|
|
433
454
|
}, z.core.$strict>;
|
|
434
455
|
async: true;
|
|
435
456
|
description: string;
|
|
457
|
+
rate_limit: "account";
|
|
436
458
|
};
|
|
459
|
+
/**
|
|
460
|
+
* `rate_limit: 'account'` bounds admin-side enumeration of the role_grant
|
|
461
|
+
* history via `(limit, offset)` walking — same shape as `audit_log_list`,
|
|
462
|
+
* narrower projection but identical scraping vector.
|
|
463
|
+
*/
|
|
437
464
|
export declare const audit_log_role_grant_history_action_spec: {
|
|
438
465
|
method: string;
|
|
439
466
|
kind: "request_response";
|
|
@@ -471,6 +498,7 @@ export declare const audit_log_role_grant_history_action_spec: {
|
|
|
471
498
|
}, z.core.$strict>;
|
|
472
499
|
async: true;
|
|
473
500
|
description: string;
|
|
501
|
+
rate_limit: "account";
|
|
474
502
|
};
|
|
475
503
|
export declare const invite_create_action_spec: {
|
|
476
504
|
method: string;
|
|
@@ -503,6 +531,12 @@ export declare const invite_create_action_spec: {
|
|
|
503
531
|
description: string;
|
|
504
532
|
rate_limit: "account";
|
|
505
533
|
};
|
|
534
|
+
/**
|
|
535
|
+
* `rate_limit: 'account'` bounds admin-side scraping of the invite table —
|
|
536
|
+
* bounded by table size, but every row carries email + username +
|
|
537
|
+
* creator/claimer identifiers worth defense-in-depth against an admin
|
|
538
|
+
* mutation oracle running scripted reads alongside `invite_create`.
|
|
539
|
+
*/
|
|
506
540
|
export declare const invite_list_action_spec: {
|
|
507
541
|
method: string;
|
|
508
542
|
kind: "request_response";
|
|
@@ -531,6 +565,7 @@ export declare const invite_list_action_spec: {
|
|
|
531
565
|
}, z.core.$strict>;
|
|
532
566
|
async: true;
|
|
533
567
|
description: string;
|
|
568
|
+
rate_limit: "account";
|
|
534
569
|
};
|
|
535
570
|
export declare const invite_delete_action_spec: {
|
|
536
571
|
method: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAgBzE,+BAA+B;AAC/B,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,8CAA8C;AAC9C,eAAO,MAAM,gCAAgC,KAAK,CAAC;AACnD,0CAA0C;AAC1C,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAIhD,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;mBAcrB,CAAC;AACd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;mBAIrB,CAAC;AACd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;kBAGnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;mBAyBjB,CAAC;AACd,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gDAAgD;AAChD,eAAO,MAAM,6BAA6B;;;;mBAc7B,CAAC;AACd,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F,iDAAiD;AACjD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;kBAEzC,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAE5F,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;;kBAS3B,CAAC;AACJ,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe;;mBAIf,CAAC;AACd,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,oCAAoC;AACpC,eAAO,MAAM,mBAAmB;;mBAInB,CAAC;AACd,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B
|
|
1
|
+
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAgBzE,+BAA+B;AAC/B,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,8CAA8C;AAC9C,eAAO,MAAM,gCAAgC,KAAK,CAAC;AACnD,0CAA0C;AAC1C,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAIhD,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;mBAcrB,CAAC;AACd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;mBAIrB,CAAC;AACd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;kBAGnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;mBAyBjB,CAAC;AACd,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gDAAgD;AAChD,eAAO,MAAM,6BAA6B;;;;mBAc7B,CAAC;AACd,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F,iDAAiD;AACjD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;kBAEzC,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAE5F,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;;kBAS3B,CAAC;AACJ,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe;;mBAIf,CAAC;AACd,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,oCAAoC;AACpC,eAAO,MAAM,mBAAmB;;mBAInB,CAAC;AACd,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E;;;;;GAKG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWN,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;CAWN,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;CAWV,CAAC;AAEtC;;;;;;;GAOG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWF,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,wCAAwC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWhB,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWC,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;CAWP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}
|
|
@@ -193,6 +193,12 @@ export const AppSettingsUpdateOutput = z.strictObject({
|
|
|
193
193
|
settings: AppSettingsWithUsernameJson,
|
|
194
194
|
});
|
|
195
195
|
// -- Action specs -----------------------------------------------------------
|
|
196
|
+
/**
|
|
197
|
+
* `rate_limit: 'account'` bounds admin-side scraping of the account table
|
|
198
|
+
* via `(limit, offset)` walking — admin trust is not a substitute for a
|
|
199
|
+
* read-rate cap when the listing is paginated and cross-account (yields
|
|
200
|
+
* every account + actor + active role_grant in the system).
|
|
201
|
+
*/
|
|
196
202
|
export const admin_account_list_action_spec = {
|
|
197
203
|
method: 'admin_account_list',
|
|
198
204
|
kind: 'request_response',
|
|
@@ -203,7 +209,13 @@ export const admin_account_list_action_spec = {
|
|
|
203
209
|
output: AdminAccountListOutput,
|
|
204
210
|
async: true,
|
|
205
211
|
description: 'List all accounts with their actors, role_grants, and pending offers. Admin-only.',
|
|
212
|
+
rate_limit: 'account',
|
|
206
213
|
};
|
|
214
|
+
/**
|
|
215
|
+
* `rate_limit: 'account'` bounds cross-account scraping of every active
|
|
216
|
+
* `auth_session` row — no pagination, but the read is unbounded across
|
|
217
|
+
* accounts and reveals one row per live cookie globally.
|
|
218
|
+
*/
|
|
207
219
|
export const admin_session_list_action_spec = {
|
|
208
220
|
method: 'admin_session_list',
|
|
209
221
|
kind: 'request_response',
|
|
@@ -214,6 +226,7 @@ export const admin_session_list_action_spec = {
|
|
|
214
226
|
output: AdminSessionListOutput,
|
|
215
227
|
async: true,
|
|
216
228
|
description: 'List every active auth session across all accounts. Admin-only.',
|
|
229
|
+
rate_limit: 'account',
|
|
217
230
|
};
|
|
218
231
|
export const admin_session_revoke_all_action_spec = {
|
|
219
232
|
method: 'admin_session_revoke_all',
|
|
@@ -239,6 +252,14 @@ export const admin_token_revoke_all_action_spec = {
|
|
|
239
252
|
description: 'Revoke all API tokens for an account. Admin-only.',
|
|
240
253
|
rate_limit: 'account',
|
|
241
254
|
};
|
|
255
|
+
/**
|
|
256
|
+
* `rate_limit: 'account'` bounds admin-side enumeration of the entire
|
|
257
|
+
* audit log via `(limit, offset)` walking — same shape as
|
|
258
|
+
* `admin_account_list_action_spec`. The listing carries cross-account
|
|
259
|
+
* forensic detail (target ids, IPs, metadata), so the read-rate cap is
|
|
260
|
+
* the only check that distinguishes a human reviewer from a scraping
|
|
261
|
+
* script.
|
|
262
|
+
*/
|
|
242
263
|
export const audit_log_list_action_spec = {
|
|
243
264
|
method: 'audit_log_list',
|
|
244
265
|
kind: 'request_response',
|
|
@@ -249,7 +270,13 @@ export const audit_log_list_action_spec = {
|
|
|
249
270
|
output: AuditLogListOutput,
|
|
250
271
|
async: true,
|
|
251
272
|
description: 'List audit log events with optional filters. Admin-only.',
|
|
273
|
+
rate_limit: 'account',
|
|
252
274
|
};
|
|
275
|
+
/**
|
|
276
|
+
* `rate_limit: 'account'` bounds admin-side enumeration of the role_grant
|
|
277
|
+
* history via `(limit, offset)` walking — same shape as `audit_log_list`,
|
|
278
|
+
* narrower projection but identical scraping vector.
|
|
279
|
+
*/
|
|
253
280
|
export const audit_log_role_grant_history_action_spec = {
|
|
254
281
|
method: 'audit_log_role_grant_history',
|
|
255
282
|
kind: 'request_response',
|
|
@@ -260,6 +287,7 @@ export const audit_log_role_grant_history_action_spec = {
|
|
|
260
287
|
output: AuditLogRoleGrantHistoryOutput,
|
|
261
288
|
async: true,
|
|
262
289
|
description: 'List role_grant grant and revoke events with usernames. Admin-only.',
|
|
290
|
+
rate_limit: 'account',
|
|
263
291
|
};
|
|
264
292
|
export const invite_create_action_spec = {
|
|
265
293
|
method: 'invite_create',
|
|
@@ -273,6 +301,12 @@ export const invite_create_action_spec = {
|
|
|
273
301
|
description: 'Create an invite addressed to an email, username, or both. Admin-only.',
|
|
274
302
|
rate_limit: 'account',
|
|
275
303
|
};
|
|
304
|
+
/**
|
|
305
|
+
* `rate_limit: 'account'` bounds admin-side scraping of the invite table —
|
|
306
|
+
* bounded by table size, but every row carries email + username +
|
|
307
|
+
* creator/claimer identifiers worth defense-in-depth against an admin
|
|
308
|
+
* mutation oracle running scripted reads alongside `invite_create`.
|
|
309
|
+
*/
|
|
276
310
|
export const invite_list_action_spec = {
|
|
277
311
|
method: 'invite_list',
|
|
278
312
|
kind: 'request_response',
|
|
@@ -283,6 +317,7 @@ export const invite_list_action_spec = {
|
|
|
283
317
|
output: InviteListOutput,
|
|
284
318
|
async: true,
|
|
285
319
|
description: 'List all invites with creator and claimer usernames. Admin-only.',
|
|
320
|
+
rate_limit: 'account',
|
|
286
321
|
};
|
|
287
322
|
export const invite_delete_action_spec = {
|
|
288
323
|
method: 'invite_delete',
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit log DDL — `CREATE TABLE` + index statements for the `audit_log` table.
|
|
3
|
+
*
|
|
4
|
+
* Consumed by `auth/migrations.ts`. Separated from `auth/audit_log_schema.ts`
|
|
5
|
+
* so the schema module stays Zod-only (paired with `auth/auth_ddl.ts` and
|
|
6
|
+
* `auth/role_grant_offer_ddl.ts`).
|
|
7
|
+
*
|
|
8
|
+
* Multi-actor invariants the envelope columns assume:
|
|
9
|
+
*
|
|
10
|
+
* - `actor_id` + `account_id`, when both populated, refer to the same
|
|
11
|
+
* account (derivable via `actor.account_id`). Denormalized for indexed
|
|
12
|
+
* audit queries; do not let them disagree.
|
|
13
|
+
* - `target_actor_id` + `target_account_id`, same rule when both populated.
|
|
14
|
+
* - `target_account_id` is the SSE/WS socket-close key — sessions stay
|
|
15
|
+
* account-grain after multi-actor lands, so this column carries the
|
|
16
|
+
* routing identity even on actor-bound events.
|
|
17
|
+
* - `target_actor_id` is populated iff the event subject is actor-bound
|
|
18
|
+
* (see `AuditLogEvent.target_actor_id` doc-comment for the rule).
|
|
19
|
+
*
|
|
20
|
+
* @module
|
|
21
|
+
*/
|
|
22
|
+
export declare const AUDIT_LOG_SCHEMA = "\nCREATE TABLE IF NOT EXISTS audit_log (\n id UUID PRIMARY KEY DEFAULT gen_random_uuid(),\n seq SERIAL NOT NULL,\n event_type TEXT NOT NULL,\n outcome TEXT NOT NULL DEFAULT 'success',\n actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n target_account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n target_actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n ip TEXT,\n created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),\n metadata JSONB\n)";
|
|
23
|
+
export declare const AUDIT_LOG_INDEXES: string[];
|
|
24
|
+
//# sourceMappingURL=audit_log_ddl.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit_log_ddl.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_ddl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,eAAO,MAAM,gBAAgB,ihBAa3B,CAAC;AAEH,eAAO,MAAM,iBAAiB,UAM7B,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Audit log DDL — `CREATE TABLE` + index statements for the `audit_log` table.
|
|
3
|
+
*
|
|
4
|
+
* Consumed by `auth/migrations.ts`. Separated from `auth/audit_log_schema.ts`
|
|
5
|
+
* so the schema module stays Zod-only (paired with `auth/auth_ddl.ts` and
|
|
6
|
+
* `auth/role_grant_offer_ddl.ts`).
|
|
7
|
+
*
|
|
8
|
+
* Multi-actor invariants the envelope columns assume:
|
|
9
|
+
*
|
|
10
|
+
* - `actor_id` + `account_id`, when both populated, refer to the same
|
|
11
|
+
* account (derivable via `actor.account_id`). Denormalized for indexed
|
|
12
|
+
* audit queries; do not let them disagree.
|
|
13
|
+
* - `target_actor_id` + `target_account_id`, same rule when both populated.
|
|
14
|
+
* - `target_account_id` is the SSE/WS socket-close key — sessions stay
|
|
15
|
+
* account-grain after multi-actor lands, so this column carries the
|
|
16
|
+
* routing identity even on actor-bound events.
|
|
17
|
+
* - `target_actor_id` is populated iff the event subject is actor-bound
|
|
18
|
+
* (see `AuditLogEvent.target_actor_id` doc-comment for the rule).
|
|
19
|
+
*
|
|
20
|
+
* @module
|
|
21
|
+
*/
|
|
22
|
+
export const AUDIT_LOG_SCHEMA = `
|
|
23
|
+
CREATE TABLE IF NOT EXISTS audit_log (
|
|
24
|
+
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
25
|
+
seq SERIAL NOT NULL,
|
|
26
|
+
event_type TEXT NOT NULL,
|
|
27
|
+
outcome TEXT NOT NULL DEFAULT 'success',
|
|
28
|
+
actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,
|
|
29
|
+
account_id UUID REFERENCES account(id) ON DELETE SET NULL,
|
|
30
|
+
target_account_id UUID REFERENCES account(id) ON DELETE SET NULL,
|
|
31
|
+
target_actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,
|
|
32
|
+
ip TEXT,
|
|
33
|
+
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
34
|
+
metadata JSONB
|
|
35
|
+
)`;
|
|
36
|
+
export const AUDIT_LOG_INDEXES = [
|
|
37
|
+
`CREATE INDEX IF NOT EXISTS idx_audit_log_seq ON audit_log(seq DESC)`,
|
|
38
|
+
`CREATE INDEX IF NOT EXISTS idx_audit_log_account ON audit_log(account_id)`,
|
|
39
|
+
`CREATE INDEX IF NOT EXISTS idx_audit_log_event_type ON audit_log(event_type)`,
|
|
40
|
+
`CREATE INDEX IF NOT EXISTS idx_audit_log_target_account ON audit_log(target_account_id)`,
|
|
41
|
+
`CREATE INDEX IF NOT EXISTS idx_audit_log_target_actor ON audit_log(target_actor_id)`,
|
|
42
|
+
];
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Audit log
|
|
2
|
+
* Audit log types and client-safe Zod schemas.
|
|
3
3
|
*
|
|
4
4
|
* Records auth mutations (login, logout, grant, revoke, etc.) for
|
|
5
5
|
* security monitoring and operational visibility.
|
|
6
6
|
*
|
|
7
|
+
* Table DDL and indexes live in `auth/audit_log_ddl.ts`.
|
|
8
|
+
*
|
|
7
9
|
* @module
|
|
8
10
|
*/
|
|
9
11
|
import { z } from 'zod';
|
|
@@ -411,6 +413,4 @@ export declare const AdminSessionJson: z.ZodObject<{
|
|
|
411
413
|
username: z.ZodString;
|
|
412
414
|
}, z.core.$strict>;
|
|
413
415
|
export type AdminSessionJson = z.infer<typeof AdminSessionJson>;
|
|
414
|
-
export declare const AUDIT_LOG_SCHEMA = "\nCREATE TABLE IF NOT EXISTS audit_log (\n id UUID PRIMARY KEY DEFAULT gen_random_uuid(),\n seq SERIAL NOT NULL,\n event_type TEXT NOT NULL,\n outcome TEXT NOT NULL DEFAULT 'success',\n actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n target_account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n target_actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n ip TEXT,\n created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),\n metadata JSONB\n)";
|
|
415
|
-
export declare const AUDIT_LOG_INDEXES: string[];
|
|
416
416
|
//# sourceMappingURL=audit_log_schema.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit_log_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_schema.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"audit_log_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAO5C;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,8aAsBnB,CAAC;AAEZ,wCAAwC;AACxC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;EAA4B,CAAC;AACxD,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,QAA+B,CAAC;AAExE,0DAA0D;AAC1D,eAAO,MAAM,kBAAkB,aAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,2CAA2C;AAC3C,eAAO,MAAM,YAAY;;;EAAiC,CAAC;AAC3D,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6MW,CAAC;AAE/C,+EAA+E;AAC/E,MAAM,MAAM,gBAAgB,GAAG;KAC7B,CAAC,IAAI,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,oGAAoG;AACpG,MAAM,WAAW,aAAa;IAC7B,EAAE,EAAE,IAAI,CAAC;IACT,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,kBAAkB,CAAC;IAC/B,OAAO,EAAE,YAAY,CAAC;IACtB;;;;;;;;;;;;;OAaG;IACH,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,iBAAiB,EAAE,IAAI,GAAG,IAAI,CAAC;IAC/B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACH,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CACzC;AAED;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,SAAS,cAAc,EAC1D,OAAO,aAAa,GAAG;IAAC,UAAU,EAAE,CAAC,CAAA;CAAC,KACpC,gBAAgB,CAAC,CAAC,CAAC,GAAG,IAExB,CAAC;AAEF,6CAA6C;AAC7C,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,GAAG,cAAc;IAC/D,UAAU,EAAE,CAAC,CAAC;IACd,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,QAAQ,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,iBAAiB,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAChC,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAC9B,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,CAAC,SAAS,cAAc,GAChC,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI,GACtD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAClC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC9B,iFAAiF;IACjF,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC5C;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;CAC/D;AAED,4FAA4F;AAC5F,eAAO,MAAM,wBAAwB,EAAE,cAGrC,CAAC;AAEH,6CAA6C;AAC7C,MAAM,WAAW,2BAA2B;IAC3C;;;;;;;;OAQG;IACH,YAAY,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC;CAC1D;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB,GAAI,UAAU,2BAA2B,KAAG,cA2B/E,CAAC;AAEF,gDAAgD;AAChD,eAAO,MAAM,uBAAuB,KAAK,CAAC;AAE1C,6CAA6C;AAC7C,MAAM,WAAW,mBAAmB;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,0GAA0G;IAC1G,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;kBAY5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,+DAA+D;AAC/D,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;kBAGzC,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAE5F,wEAAwE;AACxE,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,iEAAiE;AACjE,eAAO,MAAM,gBAAgB;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC"}
|