@fuzdev/fuz_app 0.59.0 → 0.61.0

package/dist/testing/schema_generators.js

@@ -158,8 +158,29 @@ export const generate_valid_value = (field, field_schema) => {
             return 1;
         case 'boolean':
             return true;
-        case 'array':
-            return [];
+        case 'array': {
+            let min_items = 0;
+            try {
+                const json = z.toJSONSchema(field_schema);
+                if (typeof json.minItems === 'number')
+                    min_items = json.minItems;
+            }
+            catch {
+                // no constraint
+            }
+            if (min_items === 0)
+                return [];
+            const def = zod_unwrap_def(field_schema);
+            const element_schema = def.element;
+            if (!element_schema)
+                return [];
+            const element_field = {
+                ...field,
+                base_type: zod_get_base_type(element_schema),
+            };
+            const item = generate_valid_value(element_field, element_schema);
+            return Array.from({ length: min_items }, () => item);
+        }
         case 'object': {
             // Recursively generate valid nested objects
             const nested_schema = zod_unwrap_to_object(field_schema);

package/dist/testing/sse_round_trip.js

@@ -21,7 +21,7 @@ import { create_pglite_factory } from './db.js';
 import { find_route_spec, pick_auth_headers } from './integration_helpers.js';
 import { rpc_call, require_rpc_endpoint_path, resolve_rpc_endpoints_for_setup, } from './rpc_helpers.js';
 import { run_migrations } from '../db/migrate.js';
-import { AUTH_MIGRATION_NS } from '../auth/migrations.js';
+import { auth_migration_ns } from '../auth/migrations.js';
 import { account_session_revoke_all_action_spec } from '../auth/account_action_specs.js';
 /**
  * Read one complete SSE frame (up to `\n\n`) from a stream reader.
@@ -138,7 +138,7 @@ export const describe_sse_route_tests = (options) => {
     const rpc_endpoints_for_setup = resolve_rpc_endpoints_for_setup(options.rpc_endpoints, options.session_options);
     const rpc_path = require_rpc_endpoint_path(rpc_endpoints_for_setup);
     const init_schema = async (db) => {
-        await run_migrations(db, [AUTH_MIGRATION_NS]);
+        await run_migrations(db, [auth_migration_ns]);
     };
     const factories = options.db_factories ?? [create_pglite_factory(init_schema)];
     for (const factory of factories) {

package/dist/testing/surface_invariants.d.ts

@@ -178,13 +178,13 @@ export interface ErrorSchemaTightnessOptions {
  * them here instead of forcing every consumer to hand-maintain the entry.
  *
  * Paths assume the standard `/api/account` + `/api/db` prefixes used by every
- * fuz_app consumer. Merged into `DEFAULT_ERROR_SCHEMA_TIGHTNESS.allowlist` so
+ * fuz_app consumer. Merged into `default_error_schema_tightness.allowlist` so
  * consumers calling `assert_error_schema_tightness` directly inherit the
  * exemptions; the standard attack-surface suite also prepends these entries
  * underneath any consumer-supplied allowlist so project-specific entries are
  * additive.
  */
-export declare const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST: ReadonlyArray<string>;
+export declare const fuz_app_stock_route_tightness_allowlist: ReadonlyArray<string>;
 /**
  * Baseline error schema tightness applied by
  * `describe_standard_attack_surface_tests` when no config is passed.
@@ -192,13 +192,13 @@ export declare const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST: ReadonlyArray<stri
  * Uses `min_specificity: 'enum'` (the assertion default) with `ignore_statuses`
  * for middleware-derived status codes that are commonly generic (auth middleware
  * produces multiple error codes at 401/403, and 429 comes from rate limiters),
- * and `allowlist` seeded with `FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST` so
+ * and `allowlist` seeded with `fuz_app_stock_route_tightness_allowlist` so
  * fuz_app-shipped routes with heterogeneous generic schemas don't force every
  * consumer to hand-maintain an identical allowlist. Consumers can pass a
  * narrower config with project-specific `allowlist` entries, or pass `null`
  * to skip the assertion entirely.
  */
-export declare const DEFAULT_ERROR_SCHEMA_TIGHTNESS: ErrorSchemaTightnessOptions;
+export declare const default_error_schema_tightness: ErrorSchemaTightnessOptions;
 /**
  * Assert that all error schemas meet a minimum specificity threshold.
  *

package/dist/testing/surface_invariants.js

@@ -467,13 +467,13 @@ const SPECIFICITY_ORDER = {
  * them here instead of forcing every consumer to hand-maintain the entry.
  *
  * Paths assume the standard `/api/account` + `/api/db` prefixes used by every
- * fuz_app consumer. Merged into `DEFAULT_ERROR_SCHEMA_TIGHTNESS.allowlist` so
+ * fuz_app consumer. Merged into `default_error_schema_tightness.allowlist` so
  * consumers calling `assert_error_schema_tightness` directly inherit the
  * exemptions; the standard attack-surface suite also prepends these entries
  * underneath any consumer-supplied allowlist so project-specific entries are
  * additive.
  */
-export const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST = [];
+export const fuz_app_stock_route_tightness_allowlist = [];
 /**
  * Baseline error schema tightness applied by
  * `describe_standard_attack_surface_tests` when no config is passed.
@@ -481,15 +481,15 @@ export const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST = [];
  * Uses `min_specificity: 'enum'` (the assertion default) with `ignore_statuses`
  * for middleware-derived status codes that are commonly generic (auth middleware
  * produces multiple error codes at 401/403, and 429 comes from rate limiters),
- * and `allowlist` seeded with `FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST` so
+ * and `allowlist` seeded with `fuz_app_stock_route_tightness_allowlist` so
  * fuz_app-shipped routes with heterogeneous generic schemas don't force every
  * consumer to hand-maintain an identical allowlist. Consumers can pass a
  * narrower config with project-specific `allowlist` entries, or pass `null`
  * to skip the assertion entirely.
  */
-export const DEFAULT_ERROR_SCHEMA_TIGHTNESS = {
+export const default_error_schema_tightness = {
     ignore_statuses: [401, 403, 429],
-    allowlist: [...FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST],
+    allowlist: [...fuz_app_stock_route_tightness_allowlist],
 };
 /**
  * Assert that all error schemas meet a minimum specificity threshold.

package/dist/ui/AccountSessions.svelte

@@ -25,8 +25,8 @@
 	void account_sessions.fetch();
 
 	const handle_revoke_all = async (): Promise<void> => {
-		await account_sessions.revoke_all();
-		if (!account_sessions.error) {
+		await account_sessions.submit_revoke_all();
+		if (!account_sessions.revoke_all.error) {
 			auth_state.verified = false;
 		}
 	};
@@ -48,11 +48,15 @@
 		{/if}
 	</h2>
 
-	{#if account_sessions.loading}
+	{#if account_sessions.list.loading}
 		<p class="text_50">loading sessions...</p>
-	{:else if account_sessions.error}
-		<p class="color_c_50">{account_sessions.error}</p>
+	{:else if account_sessions.list.error}
+		<p class="color_c_50">{account_sessions.list.error}</p>
 	{:else}
+		{@const revoke_all_error = account_sessions.revoke_all.error}
+		{#if revoke_all_error}
+			<p class="color_c_50">{revoke_all_error}</p>
+		{/if}
 		{#if account_sessions.active_count > 1}
 			<div class="mb_md">
 				<button type="button" onclick={() => handle_revoke_all()}>revoke all</button>
@@ -76,7 +80,18 @@
 						{format_relative_time(row.expires_at)}
 					</span>
 				{:else if column.key === 'account_id'}
-					<button type="button" onclick={() => account_sessions.revoke(row.id)}>revoke</button>
+					{@const revoking = account_sessions.revoke.loading(row.id)}
+					{@const revoke_error = account_sessions.revoke.error(row.id)}
+					<button
+						type="button"
+						disabled={revoking}
+						onclick={() => account_sessions.submit_revoke(row.id)}
+					>
+						{revoking ? 'revoking…' : 'revoke'}
+					</button>
+					{#if revoke_error}
+						<span class="color_c_50 font_size_sm">{revoke_error}</span>
+					{/if}
 				{:else if column.format}
 					{column.format(row[column.key], row)}
 				{:else}

package/dist/ui/AccountSessions.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AccountSessions.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AccountSessions.svelte"],"names":[],"mappings":"AAsGA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,eAAe;;kBAA+E,CAAC;AACnF,KAAK,eAAe,GAAG,YAAY,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAe,eAAe,CAAC"}
+{"version":3,"file":"AccountSessions.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AccountSessions.svelte"],"names":[],"mappings":"AAiHA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,eAAe;;kBAA+E,CAAC;AACnF,KAAK,eAAe,GAAG,YAAY,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAe,eAAe,CAAC"}

package/dist/ui/AdminAccounts.svelte

@@ -9,7 +9,11 @@
 	 * @module
 	 */
 
-	import {AdminAccountsState, admin_accounts_rpc_context} from './admin_accounts_state.svelte.js';
+	import {
+		AdminAccountsState,
+		admin_accounts_rpc_context,
+		grant_key,
+	} from './admin_accounts_state.svelte.js';
 	import ConfirmButton from './ConfirmButton.svelte';
 	import Datatable from './Datatable.svelte';
 	import type {DatatableColumn} from './datatable.js';
@@ -45,10 +49,10 @@
 		</p>
 	{/if}
 
-	{#if admin_accounts.loading}
+	{#if admin_accounts.list.loading}
 		<p class="text_50">loading accounts...</p>
-	{:else if admin_accounts.error}
-		<p class="color_c_50">{admin_accounts.error}</p>
+	{:else if admin_accounts.list.error}
+		<p class="color_c_50">{admin_accounts.list.error}</p>
 	{:else}
 		<Datatable {columns} rows={admin_accounts.accounts} height="400px">
 			{#snippet cell(column, row)}
@@ -92,16 +96,17 @@
 							{/if}
 							{#if admin_accounts.has_rpc && row.actor}
 								{@const actor_id = row.actor.id}
+								{@const revoke_error = admin_accounts.revoke.error(role_grant.id)}
 								<ConfirmButton
-									onconfirm={() => admin_accounts.revoke_role_grant(actor_id, role_grant.id)}
+									onconfirm={() => admin_accounts.submit_revoke(actor_id, role_grant.id)}
 									title="revoke {role_grant.role}"
 									class="sm"
-									disabled={admin_accounts.revoking_ids.has(role_grant.id)}
-								>
-									{#snippet children(_popover, _confirm)}
-										{admin_accounts.revoking_ids.has(role_grant.id) ? 'revoking…' : 'revoke'}
-									{/snippet}
-								</ConfirmButton>
+									label="revoke"
+									pending={admin_accounts.revoke.loading(role_grant.id)}
+								/>
+								{#if revoke_error}
+									<span class="color_c_50 font_size_sm">{revoke_error}</span>
+								{/if}
 							{/if}
 						</div>
 					{/each}
@@ -120,16 +125,17 @@
 								</span>
 							{/if}
 							{#if admin_accounts.has_rpc}
+								{@const retract_error = admin_accounts.retract.error(offer.id)}
 								<ConfirmButton
-									onconfirm={() => admin_accounts.retract_offer(offer.id)}
+									onconfirm={() => admin_accounts.submit_retract(offer.id)}
 									title="retract offer"
 									class="sm"
-									disabled={admin_accounts.retracting_ids.has(offer.id)}
-								>
-									{#snippet children(_popover, _confirm)}
-										{admin_accounts.retracting_ids.has(offer.id) ? 'retracting…' : 'retract'}
-									{/snippet}
-								</ConfirmButton>
+									label="retract"
+									pending={admin_accounts.retract.loading(offer.id)}
+								/>
+								{#if retract_error}
+									<span class="color_c_50 font_size_sm">{retract_error}</span>
+								{/if}
 							{/if}
 						</div>
 					{/each}
@@ -139,24 +145,25 @@
 				{:else if column.key === 'actor'}
 					{#if admin_accounts.has_rpc}
 						{#each admin_accounts.grantable_roles as role (role)}
+							{@const key = grant_key(row.account.id, role)}
+							{@const grant_error = admin_accounts.grant.error(key)}
 							{#if !row.role_grants.some((p) => p.role === role) && !row.pending_offers.some((o) => o.role === role)}
 								<ConfirmButton
-									onconfirm={() => admin_accounts.create_role_grant(row.account.id, role)}
+									onconfirm={() => admin_accounts.submit_grant(row.account.id, role)}
 									title="offer {role}"
 									class="sm"
-									disabled={admin_accounts.granting_keys.has(`${row.account.id}:${role}`)}
+									label={`+ ${role}`}
+									pending={admin_accounts.grant.loading(key)}
 								>
-									{#snippet children(_popover, _confirm)}
-										{admin_accounts.granting_keys.has(`${row.account.id}:${role}`)
-											? 'offering…'
-											: `+ ${role}`}
-									{/snippet}
 									{#snippet popover_content(_popover, do_confirm)}
 										<button type="button" class="color_b bg_100" onclick={() => do_confirm()}>
 											<span class="py_sm">offer '{role}' to @{row.account.username}</span>
 										</button>
 									{/snippet}
 								</ConfirmButton>
+								{#if grant_error}
+									<span class="color_c_50 font_size_sm">{grant_error}</span>
+								{/if}
 							{/if}
 						{/each}
 					{/if}

package/dist/ui/AdminAccounts.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminAccounts.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAccounts.svelte"],"names":[],"mappings":"AA+JA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}
+{"version":3,"file":"AdminAccounts.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAccounts.svelte"],"names":[],"mappings":"AAmKA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}

package/dist/ui/AdminAuditLog.svelte

@@ -98,10 +98,10 @@
 		{/if}
 	</div>
 
-	{#if audit_log.loading}
+	{#if audit_log.list.loading}
 		<p class="text_50">loading audit log...</p>
-	{:else if audit_log.error}
-		<p class="color_c_50">{audit_log.error}</p>
+	{:else if audit_log.list.error}
+		<p class="color_c_50">{audit_log.list.error}</p>
 	{:else}
 		<Datatable {columns} rows={audit_log.events} height="500px">
 			{#snippet cell(column, row)}

package/dist/ui/AdminInvites.svelte

@@ -25,12 +25,12 @@
 	let invite_username = $state.raw('');
 
 	const can_create = $derived(
-		(invite_email.trim() || invite_username.trim()) && !admin_invites.creating,
+		(invite_email.trim() || invite_username.trim()) && !admin_invites.create.loading,
 	);
 
 	const handle_create = async (): Promise<void> => {
 		if (!can_create) return;
-		const success = await admin_invites.create_invite(
+		const success = await admin_invites.submit_create(
 			invite_email.trim() || undefined,
 			invite_username.trim() || undefined,
 		);
@@ -80,7 +80,7 @@
 					type="email"
 					bind:value={invite_email}
 					placeholder="email (optional)"
-					disabled={admin_invites.creating}
+					disabled={admin_invites.create.loading}
 				/>
 			</label>
 			<label class="grow">
@@ -89,20 +89,24 @@
 					type="text"
 					bind:value={invite_username}
 					placeholder="username (optional)"
-					disabled={admin_invites.creating}
+					disabled={admin_invites.create.loading}
 				/>
 			</label>
 		</fieldset>
-		<PendingButton pending={admin_invites.creating} disabled={!can_create} onclick={handle_create}>
+		<PendingButton
+			pending={admin_invites.create.loading}
+			disabled={!can_create}
+			onclick={handle_create}
+		>
 			create invite
 		</PendingButton>
 	</form>
 
-	{#if admin_invites.error}
-		<p class="color_c_50">{admin_invites.error}</p>
+	{#if admin_invites.list.error || admin_invites.create.error}
+		<p class="color_c_50">{admin_invites.list.error ?? admin_invites.create.error}</p>
 	{/if}
 
-	{#if admin_invites.loading}
+	{#if admin_invites.list.loading}
 		<p class="text_50">loading invites...</p>
 	{:else}
 		<Datatable {columns} rows={admin_invites.invites} height="400px">
@@ -129,16 +133,17 @@
 					</span>
 				{:else if column.key === 'id'}
 					{#if !row.claimed_at}
+						{@const remove_error = admin_invites.remove.error(row.id)}
 						<ConfirmButton
-							onconfirm={() => admin_invites.delete_invite(row.id)}
+							onconfirm={() => admin_invites.submit_delete(row.id)}
 							title="delete invite"
 							class="sm"
-							disabled={admin_invites.deleting_ids.has(row.id)}
-						>
-							{#snippet children(_popover, _confirm)}
-								{admin_invites.deleting_ids.has(row.id) ? 'deleting...' : 'delete'}
-							{/snippet}
-						</ConfirmButton>
+							label="delete"
+							pending={admin_invites.remove.loading(row.id)}
+						/>
+						{#if remove_error}
+							<span class="color_c_50 font_size_sm">{remove_error}</span>
+						{/if}
 					{:else}
 						<span class="text_50">-</span>
 					{/if}

package/dist/ui/AdminOverview.svelte

@@ -89,10 +89,10 @@
 			<h3>accounts</h3>
 			<a href={resolve('/admin/accounts' as any)} class="text_50 font_size_sm">view all &rarr;</a>
 		</div>
-		{#if accounts.loading}
+		{#if accounts.list.loading}
 			<p class="text_50">loading...</p>
-		{:else if accounts.error}
-			<p class="color_c_50">{accounts.error}</p>
+		{:else if accounts.list.error}
+			<p class="color_c_50">{accounts.list.error}</p>
 		{:else}
 			<div class="baseline-row gap_xs">
 				<strong class="font_size_lg">{accounts.account_count}</strong>
@@ -131,10 +131,10 @@
 			<h3>sessions</h3>
 			<a href={resolve('/admin/sessions' as any)} class="text_50 font_size_sm">view all &rarr;</a>
 		</div>
-		{#if sessions.loading}
+		{#if sessions.list.loading}
 			<p class="text_50">loading...</p>
-		{:else if sessions.error}
-			<p class="color_c_50">{sessions.error}</p>
+		{:else if sessions.list.error}
+			<p class="color_c_50">{sessions.list.error}</p>
 		{:else}
 			<div class="baseline-row gap_xs">
 				<strong class="font_size_lg">{sessions.active_count}</strong>
@@ -161,10 +161,10 @@
 			<h3>invites</h3>
 			<a href={resolve('/admin/invites' as any)} class="text_50 font_size_sm">view all &rarr;</a>
 		</div>
-		{#if invites.loading}
+		{#if invites.list.loading}
 			<p class="text_50">loading...</p>
-		{:else if invites.error}
-			<p class="color_c_50">{invites.error}</p>
+		{:else if invites.list.error}
+			<p class="color_c_50">{invites.list.error}</p>
 		{:else}
 			<div class="baseline-row gap_sm">
 				<span class="text_50">public signup</span>
@@ -206,10 +206,10 @@
 			<h3>recent activity</h3>
 			<a href={resolve('/admin/audit-log' as any)} class="text_50 font_size_sm">view all &rarr;</a>
 		</div>
-		{#if audit_log.loading}
+		{#if audit_log.list.loading}
 			<p class="text_50">loading...</p>
-		{:else if audit_log.error}
-			<p class="color_c_50">{audit_log.error}</p>
+		{:else if audit_log.list.error}
+			<p class="color_c_50">{audit_log.list.error}</p>
 		{:else if recent_events.length === 0}
 			<p class="text_50">no events</p>
 		{:else}
@@ -234,10 +234,10 @@
 			<h3>security</h3>
 			<a href={resolve('/admin/audit-log' as any)} class="text_50 font_size_sm">audit log &rarr;</a>
 		</div>
-		{#if audit_log.loading}
+		{#if audit_log.list.loading}
 			<p class="text_50">loading...</p>
-		{:else if audit_log.error}
-			<p class="color_c_50">{audit_log.error}</p>
+		{:else if audit_log.list.error}
+			<p class="color_c_50">{audit_log.list.error}</p>
 		{:else}
 			<div class="baseline-row gap_xs">
 				<strong class="font_size_lg" class:color_c_50={failed_logins.length > 0}>
@@ -271,10 +271,10 @@
 		<div class="panel-header">
 			<h3>system</h3>
 		</div>
-		{#if app_settings.loading}
+		{#if app_settings.list.loading}
 			<p class="text_50">loading...</p>
-		{:else if app_settings.error}
-			<p class="color_c_50">{app_settings.error}</p>
+		{:else if app_settings.list.error}
+			<p class="color_c_50">{app_settings.list.error}</p>
 		{:else}
 			<div class="baseline-row gap_sm">
 				<span class="text_50">public signup</span>
@@ -308,10 +308,8 @@
 						await auth_state.logout();
 					}}
 					title="log out"
+					label="log out"
 				>
-					{#snippet children(_popover, _confirm)}
-						log out
-					{/snippet}
 					{#snippet popover_button_content()}
 						<span class="p_md"> log out </span>
 					{/snippet}

package/dist/ui/AdminOverview.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminOverview.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminOverview.svelte"],"names":[],"mappings":"AA4UA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}
+{"version":3,"file":"AdminOverview.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminOverview.svelte"],"names":[],"mappings":"AA2UA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}

package/dist/ui/AdminRoleGrantHistory.svelte

@@ -40,10 +40,10 @@
 <section>
 	<h1>role_grant history</h1>
 
-	{#if audit_log.loading}
+	{#if audit_log.role_grant_history.loading}
 		<p class="text_50">loading role_grant history...</p>
-	{:else if audit_log.error}
-		<p class="color_c_50">{audit_log.error}</p>
+	{:else if audit_log.role_grant_history.error}
+		<p class="color_c_50">{audit_log.role_grant_history.error}</p>
 	{:else}
 		<Datatable {columns} rows={audit_log.role_grant_history_events} height="400px" row_key="id">
 			{#snippet cell(column, row)}

package/dist/ui/AdminSessions.svelte

@@ -40,10 +40,10 @@
 		</p>
 	{/if}
 
-	{#if admin_sessions.loading}
+	{#if admin_sessions.list.loading}
 		<p class="text_50">loading sessions...</p>
-	{:else if admin_sessions.error}
-		<p class="color_c_50">{admin_sessions.error}</p>
+	{:else if admin_sessions.list.error}
+		<p class="color_c_50">{admin_sessions.list.error}</p>
 	{:else}
 		<Datatable {columns} rows={admin_sessions.sessions} height="400px">
 			{#snippet cell(column, row)}
@@ -63,30 +63,28 @@
 					</span>
 				{:else if column.key === 'account_id'}
 					{#if admin_sessions.has_rpc}
+						{@const revoke_sessions_error = admin_sessions.revoke_sessions.error(row.account_id)}
+						{@const revoke_tokens_error = admin_sessions.revoke_tokens.error(row.account_id)}
 						<ConfirmButton
-							onconfirm={() => admin_sessions.revoke_all_for_account(row.account_id)}
+							onconfirm={() => admin_sessions.submit_revoke_sessions(row.account_id)}
 							title="revoke all sessions for {row.username}"
 							class="sm"
-							disabled={admin_sessions.revoking_account_ids.has(row.account_id)}
-						>
-							{#snippet children(_popover, _confirm)}
-								{admin_sessions.revoking_account_ids.has(row.account_id)
-									? 'revoking…'
-									: 'revoke sessions'}
-							{/snippet}
-						</ConfirmButton>
+							label="revoke sessions"
+							pending={admin_sessions.revoke_sessions.loading(row.account_id)}
+						/>
+						{#if revoke_sessions_error}
+							<span class="color_c_50 font_size_sm">{revoke_sessions_error}</span>
+						{/if}
 						<ConfirmButton
-							onconfirm={() => admin_sessions.revoke_all_tokens_for_account(row.account_id)}
+							onconfirm={() => admin_sessions.submit_revoke_tokens(row.account_id)}
 							title="revoke all tokens for {row.username}"
 							class="sm"
-							disabled={admin_sessions.revoking_token_account_ids.has(row.account_id)}
-						>
-							{#snippet children(_popover, _confirm)}
-								{admin_sessions.revoking_token_account_ids.has(row.account_id)
-									? 'revoking…'
-									: 'revoke tokens'}
-							{/snippet}
-						</ConfirmButton>
+							label="revoke tokens"
+							pending={admin_sessions.revoke_tokens.loading(row.account_id)}
+						/>
+						{#if revoke_tokens_error}
+							<span class="color_c_50 font_size_sm">{revoke_tokens_error}</span>
+						{/if}
 					{/if}
 				{:else if column.format}
 					{column.format(row[column.key], row)}

package/dist/ui/AdminSessions.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminSessions.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminSessions.svelte"],"names":[],"mappings":"AAwGA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}
+{"version":3,"file":"AdminSessions.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminSessions.svelte"],"names":[],"mappings":"AAoGA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}

package/dist/ui/AdminSettings.svelte

@@ -30,10 +30,8 @@
 			await auth_state.logout();
 		}}
 		title="log out"
+		label="log out"
 	>
-		{#snippet children(_popover, _confirm)}
-			log out
-		{/snippet}
 		{#snippet popover_button_content()}
 			<span class="p_md"> log out </span>
 		{/snippet}

package/dist/ui/AdminSettings.svelte.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminSettings.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminSettings.svelte"],"names":[],"mappings":"AA+CA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}
+{"version":3,"file":"AdminSettings.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminSettings.svelte"],"names":[],"mappings":"AA8CA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}