npm - @fuzdev/fuz_app - Versions diffs - 0.59.0 → 0.61.0 - Mend

@fuzdev/fuz_app 0.59.0 → 0.61.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/dist/actions/CLAUDE.md +5 -5
package/dist/actions/action_codegen.d.ts +1 -1
package/dist/actions/action_codegen.js +2 -2
package/dist/actions/action_event_helpers.d.ts +3 -3
package/dist/actions/action_event_helpers.js +8 -8
package/dist/actions/action_event_types.d.ts +3 -3
package/dist/actions/action_event_types.js +3 -3
package/dist/actions/transports_ws_auth_guard.d.ts +2 -2
package/dist/actions/transports_ws_auth_guard.js +3 -3
package/dist/auth/CLAUDE.md +157 -15
package/dist/auth/actor_lookup_action_specs.d.ts +127 -0
package/dist/auth/actor_lookup_action_specs.d.ts.map +1 -0
package/dist/auth/actor_lookup_action_specs.js +93 -0
package/dist/auth/actor_lookup_actions.d.ts +19 -0
package/dist/auth/actor_lookup_actions.d.ts.map +1 -0
package/dist/auth/actor_lookup_actions.js +32 -0
package/dist/auth/actor_lookup_queries.d.ts +44 -0
package/dist/auth/actor_lookup_queries.d.ts.map +1 -0
package/dist/auth/actor_lookup_queries.js +42 -0
package/dist/auth/actor_search_action_specs.d.ts +166 -0
package/dist/auth/actor_search_action_specs.d.ts.map +1 -0
package/dist/auth/actor_search_action_specs.js +139 -0
package/dist/auth/actor_search_actions.d.ts +31 -0
package/dist/auth/actor_search_actions.d.ts.map +1 -0
package/dist/auth/actor_search_actions.js +61 -0
package/dist/auth/actor_search_queries.d.ts +75 -0
package/dist/auth/actor_search_queries.d.ts.map +1 -0
package/dist/auth/actor_search_queries.js +91 -0
package/dist/auth/admin_actions.js +2 -2
package/dist/auth/all_action_spec_registries.d.ts +55 -0
package/dist/auth/all_action_spec_registries.d.ts.map +1 -0
package/dist/auth/all_action_spec_registries.js +59 -0
package/dist/auth/audit_emitter.d.ts +1 -1
package/dist/auth/audit_emitter.js +2 -2
package/dist/auth/audit_log_queries.d.ts +1 -1
package/dist/auth/audit_log_queries.js +3 -3
package/dist/auth/audit_log_routes.d.ts +1 -1
package/dist/auth/audit_log_routes.js +1 -1
package/dist/auth/audit_log_schema.d.ts +5 -5
package/dist/auth/audit_log_schema.js +7 -7
package/dist/auth/auth_ddl.d.ts +7 -0
package/dist/auth/auth_ddl.d.ts.map +1 -1
package/dist/auth/auth_ddl.js +8 -0
package/dist/auth/credential_type_schema.d.ts +1 -1
package/dist/auth/credential_type_schema.js +3 -3
package/dist/auth/grant_path_schema.d.ts +1 -1
package/dist/auth/grant_path_schema.js +3 -3
package/dist/auth/migrations.d.ts +4 -4
package/dist/auth/migrations.d.ts.map +1 -1
package/dist/auth/migrations.js +7 -6
package/dist/auth/role_grant_offer_actions.js +2 -2
package/dist/auth/role_grant_offer_notifications.d.ts +2 -2
package/dist/auth/role_grant_offer_notifications.js +2 -2
package/dist/auth/role_grant_queries.d.ts +21 -0
package/dist/auth/role_grant_queries.d.ts.map +1 -1
package/dist/auth/role_grant_queries.js +31 -0
package/dist/auth/role_schema.d.ts +2 -2
package/dist/auth/role_schema.js +3 -3
package/dist/auth/self_service_role_actions.d.ts +1 -1
package/dist/auth/self_service_role_actions.js +2 -2
package/dist/auth/session_cookie.d.ts +1 -1
package/dist/auth/session_cookie.js +1 -1
package/dist/auth/session_middleware.d.ts +1 -1
package/dist/auth/session_middleware.js +5 -5
package/dist/rate_limiter.d.ts +5 -5
package/dist/rate_limiter.js +6 -6
package/dist/realtime/sse_auth_guard.d.ts +3 -3
package/dist/realtime/sse_auth_guard.js +4 -4
package/dist/server/app_backend.d.ts +3 -3
package/dist/server/app_backend.js +4 -4
package/dist/server/app_server.d.ts +1 -1
package/dist/server/app_server.js +10 -10
package/dist/testing/CLAUDE.md +22 -12
package/dist/testing/admin_integration.js +4 -4
package/dist/testing/app_server.d.ts +1 -1
package/dist/testing/app_server.js +2 -2
package/dist/testing/attack_surface.d.ts +4 -4
package/dist/testing/attack_surface.js +6 -6
package/dist/testing/audit_completeness.js +4 -4
package/dist/testing/data_exposure.d.ts +2 -2
package/dist/testing/data_exposure.js +7 -7
package/dist/testing/db.d.ts +8 -8
package/dist/testing/db.js +11 -11
package/dist/testing/integration.js +4 -4
package/dist/testing/integration_helpers.d.ts +6 -6
package/dist/testing/integration_helpers.js +7 -7
package/dist/testing/rate_limiting.js +4 -4
package/dist/testing/round_trip.js +2 -2
package/dist/testing/rpc_round_trip.js +2 -2
package/dist/testing/schema_generators.d.ts.map +1 -1
package/dist/testing/schema_generators.js +23 -2
package/dist/testing/sse_round_trip.js +2 -2
package/dist/testing/surface_invariants.d.ts +4 -4
package/dist/testing/surface_invariants.js +5 -5
package/dist/ui/AccountSessions.svelte +21 -6
package/dist/ui/AccountSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminAccounts.svelte +32 -25
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminAuditLog.svelte +3 -3
package/dist/ui/AdminInvites.svelte +20 -15
package/dist/ui/AdminOverview.svelte +19 -21
package/dist/ui/AdminOverview.svelte.d.ts.map +1 -1
package/dist/ui/AdminRoleGrantHistory.svelte +3 -3
package/dist/ui/AdminSessions.svelte +19 -21
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/AdminSettings.svelte +1 -3
package/dist/ui/AdminSettings.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +123 -69
package/dist/ui/ConfirmButton.svelte +82 -24
package/dist/ui/ConfirmButton.svelte.d.ts +8 -34
package/dist/ui/ConfirmButton.svelte.d.ts.map +1 -1
package/dist/ui/OpenSignupToggle.svelte +6 -4
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/RoleGrantOfferForm.svelte +4 -4
package/dist/ui/RoleGrantOfferHistory.svelte +3 -3
package/dist/ui/RoleGrantOfferInbox.svelte +10 -6
package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +17 -7
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +32 -33
package/dist/ui/admin_accounts_state.svelte.d.ts +48 -17
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +58 -76
package/dist/ui/admin_invites_state.svelte.d.ts +14 -7
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +32 -48
package/dist/ui/admin_sessions_state.svelte.d.ts +15 -8
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +30 -47
package/dist/ui/app_settings_state.svelte.d.ts +8 -3
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +19 -27
package/dist/ui/async_slot.svelte.d.ts +173 -0
package/dist/ui/async_slot.svelte.d.ts.map +1 -0
package/dist/ui/async_slot.svelte.js +241 -0
package/dist/ui/audit_log_state.svelte.d.ts +8 -2
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +19 -18
package/dist/ui/keyed_async_slot.svelte.d.ts +139 -0
package/dist/ui/keyed_async_slot.svelte.d.ts.map +1 -0
package/dist/ui/keyed_async_slot.svelte.js +177 -0
package/dist/ui/role_grant_offers_state.svelte.d.ts +39 -7
package/dist/ui/role_grant_offers_state.svelte.d.ts.map +1 -1
package/dist/ui/role_grant_offers_state.svelte.js +34 -15
package/dist/ui/table_state.svelte.d.ts +10 -7
package/dist/ui/table_state.svelte.d.ts.map +1 -1
package/dist/ui/table_state.svelte.js +11 -8
package/package.json +1 -1
package/dist/ui/loadable.svelte.d.ts +0 -60
package/dist/ui/loadable.svelte.d.ts.map +0 -1
package/dist/ui/loadable.svelte.js +0 -80

package/dist/ui/CLAUDE.md CHANGED Viewed

@@ -2,8 +2,12 @@
 Frontend subsystem — Svelte 5 components, reactive state classes, and DOM
 utilities. Cookie-based SPA auth; prerendered static HTML served by Hono
-(no SvelteKit SSR for sessions). State classes extend `Loadable` and
-hold `$state` fields exclusively via runes. Shared dependencies flow
+(no SvelteKit SSR for sessions). State classes hold one or more `AsyncSlot`s
+via composition (one per distinct async operation — e.g. `list` + `create` +
+`revoke`); per-row write ops use `KeyedAsyncSlot<K, T = void, E = string>`
+(supersedes the old `AsyncSlot` + `SvelteSet<id>` pair) so concurrent rows
+don't abort each other and failures surface per-row via `slot.error(key)`.
+Payload lives as `$state.raw` fields on the class. Shared dependencies flow
 through Svelte context, never through props — RPC adapters in particular
 are provisioned once at the admin shell and read by every `Admin*.svelte`.
@@ -128,14 +132,18 @@ destructive actions.
 - `AdminAccounts.svelte` — accounts + role_grants + pending offers.
   Consumes `admin_accounts_rpc_context`. Per-row actions: grant (+role
   chip with `ConfirmButton`), revoke (`actor_id` + `role_grant_id`),
-  retract pending offer. Tracks `granting_keys` / `revoking_ids` /
-  `retracting_ids` for per-action spinners.
+  retract pending offer. Reads per-row spinner + error state via
+  `state.grant.loading(key)` / `state.revoke.loading(role_grant_id)` /
+  `state.retract.loading(offer_id)` and their `.error(key)` siblings —
+  per-row error displays inline next to the failing button (no
+  top-level rollup).
 - `AdminAuditLog.svelte` — audit event stream. Consumes
   `audit_log_rpc_context`. Filter by `event_type`, manual refresh,
   toggle SSE streaming (via `EventSource` — not RPC).
 - `AdminInvites.svelte` — invite CRUD + embeds `OpenSignupToggle`.
-  Consumes `admin_invites_rpc_context`. Tracks `creating` +
-  `deleting_ids`.
+  Consumes `admin_invites_rpc_context`. Per-row delete reads
+  `state.remove.loading(invite_id)` / `state.remove.error(invite_id)`
+  with inline per-row error display.
 - `AdminOverview.svelte` — dashboard panels (accounts / sessions /
   invites / recent activity / security / system). Consumes all four
   RPC contexts plus `auth_state_context`; fetches in parallel on mount.
@@ -185,27 +193,56 @@ destructive actions.
   `format_scope?`, `format_role?`. Consumes
   `role_grant_offers_state_context`; caller seeds via
   `RoleGrantOffersState.fetch_history()`.
-- `role_grant_offers_state.svelte.ts` — `RoleGrantOffersState` (extends
-  `Loadable`) + `role_grant_offers_state_context`. Options:
-  `rpc: RoleGrantOffersRpc`, `account_id: () => string | null`,
-  `actor_id: () => string | null`. The narrow `RoleGrantOffersRpc`
-  interface has six methods: `list`, `history`, `create`, `accept`,
-  `decline`, `retract`. `$state.raw` Map keyed by offer id;
-  `$derived.by` views: `incoming` (recipient-side pending, soonest-
-  expiry first), `outgoing` (grantor-side pending, newest-created
-  first), `history` (all known, newest-created first). Reducer
-  `apply_notification` handles the six role-grant-offer notification
-  methods; `role_grant_revoke` is deliberately ignored here (auth/role_grants
-  concern). `reset()` clears the Map.
+- `role_grant_offers_state.svelte.ts` — `RoleGrantOffersState` +
+  `role_grant_offers_state_context`. Options: `rpc: RoleGrantOffersRpc`,
+  `account_id: () => string | null`, `actor_id: () => string | null`.
+  The narrow `RoleGrantOffersRpc` interface has six methods: `list`,
+  `history`, `create`, `accept`, `decline`, `retract`. Holds six
+  `AsyncSlot`s — five `AsyncSlot<void>` for status/error tracking
+  (`list` / `list_history` / `accept` / `decline` / `retract`) plus
+  one `AsyncSlot<RoleGrantOfferJson>` (`create`) that owns the
+  created offer so `submit_create` returns it via the slot's
+  supersession-safe `data` path. The `$state.raw` Map cache keyed by
+  offer id stays on the class (multiple ops + WS notifications merge
+  into it). Methods use the `submit_*` prefix to avoid slot-name
+  collisions (`submit_create` / `submit_accept` / `submit_decline` /
+  `submit_retract`); the fetch slot is named `list_history` so the
+  derived view stays natural as `history`. `$derived.by` views:
+  `incoming` (recipient-side pending, soonest-expiry first),
+  `outgoing` (grantor-side pending, newest-created first), `history`
+  (all known, newest-created first). Reducer `apply_notification`
+  handles the six role-grant-offer notification methods;
+  `role_grant_revoke` is deliberately ignored here (auth/role_grants
+  concern). `reset()` clears every slot + the Map.
 ## State primitives
-- `loadable.svelte.ts` — `Loadable<TError = string>` base class.
-  `loading`, `error`, `error_data` (raw caught value for programmatic
-  inspection). Protected `run(fn, map_error?)` wraps async operations
-  with loading + error handling; subclasses add `$state` fields and
-  call `run`. `reset()` clears state; subclasses override to clear
-  domain data.
+- `async_slot.svelte.ts` — `AsyncSlot<T = void, E = string>`. Composable
+  reactive container for one async operation. Surface: explicit
+  four-value `status` (`'initial' | 'pending' | 'success' | 'failure'`),
+  derived `initial` / `loading` / `succeeded` / `failed`, supersession
+  via internal `AbortController` (a second `run()` aborts the first
+  and silently drops its commit), `AbortSignal` threaded to the
+  callback + external-signal hookup via `RunOptions`, per-slot
+  `map_error` set once in the constructor, opt-in
+  `preserve_error_on_retry`, public `run()` / `abort()` / `set()` /
+  `reset()`. Slots are HELD by state classes via composition (one per
+  distinct async op), not subclassed. Payload typically lives on the
+  state class as `$state.raw` fields; `slot.data` is reserved for
+  cases where the slot owns the result.
+- `keyed_async_slot.svelte.ts` — `KeyedAsyncSlot<K, T = void, E = string>`.
+  Keyed sibling of `AsyncSlot` — lazily creates a child slot per key
+  in a `SvelteMap`, propagating `map_error` / `preserve_error_on_retry`
+  to each child. Replaces the `AsyncSlot` + `SvelteSet<id>` pair: each
+  key has its own `AbortController`, so a `run(b, ...)` does NOT abort
+  an in-flight `run(a, ...)`, and `error(key)` surfaces per-row.
+  Reactive sugar: `loading(key)`, `error(key)`, `failed(key)`,
+  `succeeded(key)`, `has(key)`, `size`, plus `get(key)` for full slot
+  access. Resolved entries persist (no auto-cleanup) so components can
+  render per-row error indicators after the run completes; call
+  `delete(key)` to dismiss an entry or `reset()` to wipe everything.
+  `abort(key)` / `abort_all()` cancel without removing entries.
+  `entries()` / `keys()` / `values()` iterate for cross-key views.
 - `auth_state.svelte.ts` — `AuthState`, `auth_state_context`.
   Fields: `verifying`, `verified`, `verify_error`, `account`, `actor`
   (the caller's own `ActorSummaryJson` — surfaced directly so consumers
@@ -214,11 +251,14 @@ destructive actions.
   `needs_bootstrap`. Methods: `check_session()`
   (GET `/api/account/status`), `login`, `bootstrap`, `signup`,
   `logout`. Handles 401/403/409/429 translations inline.
-- `table_state.svelte.ts` — `TableState` extends `Loadable`.
-  Paginated DB browser state: `table_name`, `columns`, `rows`,
-  `total`, `offset`, `limit` (capped by `TABLE_LIMIT_MAX = 1000`),
-  `primary_key`. Derived `showing_start`/`showing_end`/`has_prev`/
-  `has_next`. Methods: `fetch`, `go_prev`/`go_next`, `delete_row`.
+- `table_state.svelte.ts` — `TableState`. Paginated DB browser state.
+  Holds one `AsyncSlot` (`list`) + payload fields (`table_name`,
+  `columns`, `rows`, `total`, `offset`, `limit` capped by
+  `TABLE_LIMIT_MAX = 1000`, `primary_key`). Derived
+  `showing_start`/`showing_end`/`has_prev`/`has_next`. Methods:
+  `fetch`, `go_prev`/`go_next`, `delete_row`. `delete_row` uses
+  plain try/catch + scalar `deleting` / `delete_error` fields (no
+  slot — error must survive past `list.run()` retries).
 - `form_state.svelte.ts` — `FormState`. Enter-advance between
   focusable elements via `keydown`; per-field `touched` set via
   delegated `focusout`; form-level `attempted` set on submit attempt.
@@ -231,47 +271,61 @@ destructive actions.
 ## Per-domain state modules
-- `account_sessions_state.svelte.ts` — `AccountSessionsState` extends
-  `Loadable` + `account_sessions_rpc_context` + narrow
-  `AccountSessionsRpc` (`list`, `revoke`, `revoke_all`). Wraps the
-  `account_session_list` / `account_session_revoke` /
-  `account_session_revoke_all` RPC actions. Derived `active_count`.
-- `audit_log_state.svelte.ts` — `AuditLogState` extends `Loadable`
-  - `audit_log_rpc_context` + narrow `AuditLogRpc` (`list` +
-    `role_grant_history`). Fields: `events`, `role_grant_history_events`,
-    `connected`. Internal `#last_seq` for SSE gap fill on reconnect.
-    Methods: `fetch(options?)` (RPC), `fetch_role_grant_history`,
-    `subscribe()` (opens `EventSource` at `#stream_url`, default
-    `/api/admin/audit/stream`; prepends new events; refills gap
-    via `since_seq`), `disconnect()`. SSE stays on `EventSource` —
-    streaming is not an RPC concern.
-- `admin_accounts_state.svelte.ts` — `AdminAccountsState` extends
-  `Loadable` + `admin_accounts_rpc_context` + narrow
-  `AdminAccountsRpc` (six methods: `list_accounts`, `create_role_grant`,
+All state classes hold per-op `AsyncSlot`s for the fetch + singular
+write verbs, and `KeyedAsyncSlot`s for per-row write verbs (the
+`SvelteSet<id>` pattern is retired — per-row tracking lives on the
+keyed slot's `loading(key)` / `error(key)` accessors). Method names use
+the `submit_*` prefix where the verb collides with a slot name.
+- `account_sessions_state.svelte.ts` — `AccountSessionsState` +
+  `account_sessions_rpc_context` + narrow `AccountSessionsRpc`
+  (`list`, `revoke`, `revoke_all`). Slots: `list` (AsyncSlot),
+  `revoke` (`KeyedAsyncSlot<string, void>` keyed by `session_id` for
+  per-row independence), `revoke_all` (AsyncSlot). Methods: `fetch`,
+  `submit_revoke(id)`, `submit_revoke_all`. Derived `active_count`.
+- `audit_log_state.svelte.ts` — `AuditLogState` +
+  `audit_log_rpc_context` + narrow `AuditLogRpc` (`list` +
+  `role_grant_history`). Slots: `list`, `role_grant_history`. Fields:
+  `events`, `role_grant_history_events`, `connected`. Internal
+  `#last_seq` for SSE gap fill on reconnect. Methods:
+  `fetch(options?)` (RPC), `fetch_role_grant_history`, `subscribe()`
+  (opens `EventSource` at `#stream_url`, default
+  `/api/admin/audit/stream`; prepends new events to `events`; refills
+  gap via `since_seq`), `disconnect()`. SSE stays on `EventSource` —
+  streaming is not an RPC concern.
+- `admin_accounts_state.svelte.ts` — `AdminAccountsState` +
+  `admin_accounts_rpc_context` + narrow `AdminAccountsRpc` (seven
+  methods: `list_accounts`, `list_sessions`, `create_role_grant`,
   `revoke_role_grant`, `retract_offer`, `session_revoke_all`,
-  `token_revoke_all` — the last two are also reused by
-  `AdminSessionsState`). `SvelteSet`s for in-flight tracking:
-  `granting_keys` (`${account_id}:${role}` for the account-grain
-  default; `${account_id}:${role}:${to_actor_id}` when `create_role_grant`
-  is called with an actor-targeted offer), `revoking_ids` (role_grant id),
-  `retracting_ids` (offer id). `revoke_role_grant` keys on `actor_id`
-  (role_grants are actor-scoped — matches `row.actor.id` straight from the
-  listing) with optional `reason`.
-- `admin_invites_state.svelte.ts` — `AdminInvitesState` extends
-  `Loadable` + `admin_invites_rpc_context` + narrow
-  `AdminInvitesRpc` (`list`, `create`, `delete`). Fields:
-  `invites`, `creating`, `deleting_ids`; derived `invite_count`,
-  `unclaimed_count`.
-- `admin_sessions_state.svelte.ts` — `AdminSessionsState` extends
-  `Loadable`. **Reuses** `admin_accounts_rpc_context` /
-  `AdminAccountsRpc` for the listing (`list_sessions` wraps
-  `admin_session_list`) and the two revoke-all mutations. `SvelteSet`s:
-  `revoking_account_ids`, `revoking_token_account_ids`. `has_rpc`
-  gates the listing + both revoke controls.
-- `app_settings_state.svelte.ts` — `AppSettingsState` extends
-  `Loadable` + `app_settings_rpc_context` + narrow `AppSettingsRpc`
-  (`get`, `update`). Fields: `settings`, `updating`. Single mutation
-  `update_open_signup(boolean)`.
+  `token_revoke_all` — the last three are also reused by
+  `AdminSessionsState`). Slots: `list` (AsyncSlot), `grant`
+  (`KeyedAsyncSlot<string, RoleGrantOfferJson>` — slot owns the
+  created offer; key composed by exported
+  `grant_key(account_id, role, to_actor_id?)`, 2-segment for
+  account-grain, 3-segment when actor-targeted), `revoke`
+  (`KeyedAsyncSlot<Uuid, void>` keyed by `role_grant_id`), `retract`
+  (`KeyedAsyncSlot<Uuid, void>` keyed by `offer_id`). `submit_revoke`
+  takes `actor_id` as the first arg (role_grants are actor-scoped —
+  matches `row.actor.id` straight from the listing) with optional
+  `reason`.
+- `admin_invites_state.svelte.ts` — `AdminInvitesState` +
+  `admin_invites_rpc_context` + narrow `AdminInvitesRpc` (`list`,
+  `create`, `delete`). Slots: `list`, `create` (both AsyncSlot),
+  `remove` (`KeyedAsyncSlot<Uuid, void>` keyed by `invite_id`).
+  Field: `invites`; derived `invite_count`, `unclaimed_count`.
+  Methods: `fetch`, `submit_create`, `submit_delete`. (Slot `remove`
+  instead of `delete` to avoid keyword shadowing.)
+- `admin_sessions_state.svelte.ts` — `AdminSessionsState`. **Reuses**
+  `admin_accounts_rpc_context` / `AdminAccountsRpc` for the listing
+  (`list_sessions` wraps `admin_session_list`) and the two revoke-all
+  mutations. Slots: `list` (AsyncSlot), `revoke_sessions` /
+  `revoke_tokens` (`KeyedAsyncSlot<Uuid, void>` keyed by
+  `account_id`). `has_rpc` gates the listing + both revoke controls.
+  Methods: `fetch`, `submit_revoke_sessions`, `submit_revoke_tokens`.
+- `app_settings_state.svelte.ts` — `AppSettingsState` +
+  `app_settings_rpc_context` + narrow `AppSettingsRpc` (`get`,
+  `update`). Slots: `list`, `update`. Field: `settings`. Single
+  mutation `update_open_signup(boolean)`.
 - `admin_rpc_adapters.ts` (plain `.ts`, no reactive state) — bundled
   wiring for the four admin RPC contexts. `create_admin_rpc_adapters(api)`
   takes the typed throwing Proxy from `create_frontend_rpc_client` (or

package/dist/ui/ConfirmButton.svelte CHANGED Viewed

@@ -6,19 +6,31 @@
 	 * On confirm, calls `onconfirm` and hides the popover (controlled
 	 * by `hide_on_confirm`). Defaults to `position="left"`.
 	 *
-	 * Snippets (`children`, `popover_content`, `popover_button_content`)
-	 * receive both the `Popover` instance and a `confirm` callback.
+	 * Trigger content: pass `label` for a simple string, or a `children`
+	 * snippet for custom content (the two are mutually exclusive — DEV
+	 * errors when both are set). `pending: boolean` overlays a spinner
+	 * and disables the trigger, mirroring `PendingButton` semantics so
+	 * the label stays put while an async operation runs.
 	 *
 	 * @example
 	 * ```svelte
 	 * <ConfirmButton
 	 * 	onconfirm={() => delete_item(item.id)}
 	 * 	title="delete item"
-	 * 	disabled={deleting}
+	 * 	label="delete"
+	 * 	pending={state.remove.loading(item.id)}
+	 * />
+	 * ```
+	 *
+	 * @example
+	 * ```svelte
+	 * <!-- custom trigger content via the children snippet -->
+	 * <ConfirmButton
+	 * 	onconfirm={() => grant(item.id, role)}
+	 * 	title="offer {role}"
+	 * 	pending={state.grant.loading(key)}
 	 * >
-	 * 	{#snippet children(_popover, _confirm)}
-	 * 		{deleting ? 'deleting…' : 'delete'}
-	 * 	{/snippet}
+	 * 	{#snippet children(_popover, _confirm)}+ {role}{/snippet}
 	 * </ConfirmButton>
 	 * ```
 	 *
@@ -34,10 +46,12 @@
 	 * @module
 	 */
+	import {DEV} from 'esm-env';
 	import type {SvelteHTMLElements} from 'svelte/elements';
 	import type {ComponentProps, Snippet} from 'svelte';
 	import type {OmitStrict} from '@fuzdev/fuz_util/types.js';
 	import Glyph from '@fuzdev/fuz_ui/Glyph.svelte';
+	import PendingAnimation from '@fuzdev/fuz_ui/PendingAnimation.svelte';
 	import PopoverButton from './PopoverButton.svelte';
 	import type {Popover} from './popover.svelte.js';
@@ -53,6 +67,9 @@
 		popover_button_content,
 		button,
 		children,
+		label,
+		pending = false,
+		disabled: disabled_prop,
 		...rest
 	}: OmitStrict<ComponentProps<typeof PopoverButton>, 'popover_content' | 'children'> &
 		OmitStrict<SvelteHTMLElements['button'], 'children'> & {
@@ -65,21 +82,34 @@
 			popover_button_content?: Snippet<[popover: Popover, confirm: () => void]> | undefined;
 			/** Unlike on `PopoverButton` this has a `confirm` arg */
 			children?: Snippet<[popover: Popover, confirm: () => void]> | undefined;
+			/** Simple string content for the trigger. Mutually exclusive with `children`. */
+			label?: string | undefined;
+			/**
+			 * When `true`, the trigger is disabled and a spinner overlays the
+			 * content (mirrors `PendingButton`). The label / children stay
+			 * rendered underneath so the button keeps its size.
+			 */
+			pending?: boolean | undefined;
 		} = $props();
 	// TODO @many type union instead of this pattern?
-	$effect(() => {
-		if (popover_content_prop && popover_button_attrs) {
-			console.error(
-				'ConfirmButton has both popover_content and popover_attrs defined - popover_content takes precedence',
-			);
-		}
-		if (popover_content_prop && popover_button_content) {
-			console.error(
-				'ConfirmButton has both popover_content and popover_button_content defined - popover_content takes precedence',
-			);
-		}
-	});
+	if (DEV) {
+		$effect(() => {
+			if (popover_content_prop && popover_button_attrs) {
+				console.error(
+					'ConfirmButton has both popover_content and popover_button_attrs defined - popover_content takes precedence',
+				);
+			}
+			if (popover_content_prop && popover_button_content) {
+				console.error(
+					'ConfirmButton has both popover_content and popover_button_content defined - popover_content takes precedence',
+				);
+			}
+			if (label !== undefined && children) {
+				console.error('ConfirmButton has both label and children defined - pick one');
+			}
+		});
+	}
 	const confirm = (popover: Popover): void => {
 		if (hide_on_confirm) popover.hide();
@@ -92,6 +122,7 @@
 	{position}
 	{button}
 	{...rest as any}
+	disabled={disabled_prop ?? pending}
 	children={button ? undefined : children_default}
 >
 	{#snippet popover_content(popover)}
@@ -103,7 +134,7 @@
 				class="color_c bg_100"
 				class:icon_button={!popover_button_content}
 				onclick={() => confirm(popover)}
-				title="confirm {rest.title || ''}"
+				title={rest.title ? `confirm ${rest.title}` : 'confirm'}
 				{...popover_button_attrs}
 			>
 				{#if popover_button_content}
@@ -117,9 +148,36 @@
 </PopoverButton>
 {#snippet children_default(popover: Popover)}
-	{#if children}
-		{@render children(popover, () => confirm(popover))}
-	{:else}
-		<Glyph glyph={GLYPH_REMOVE} />
-	{/if}
+	<span class="trigger" class:pending>
+		<span class="content">
+			{#if children}
+				{@render children(popover, () => confirm(popover))}
+			{:else if label !== undefined}
+				{label}
+			{:else}
+				<Glyph glyph={GLYPH_REMOVE} />
+			{/if}
+		</span>
+		{#if pending}
+			<span class="animation">
+				<PendingAnimation inline />
+			</span>
+		{/if}
+	</span>
 {/snippet}
+<style>
+	.trigger {
+		position: relative;
+	}
+	.pending .content {
+		visibility: hidden;
+	}
+	.animation {
+		position: absolute;
+		inset: 0;
+		display: flex;
+		justify-content: center;
+		align-items: center;
+	}
+</style>

package/dist/ui/ConfirmButton.svelte.d.ts CHANGED Viewed

@@ -1,37 +1,3 @@
-/**
-     * Confirmation popover wrapping `PopoverButton`.
-     *
-     * Clicking the trigger opens a popover with a confirm button.
-     * On confirm, calls `onconfirm` and hides the popover (controlled
-     * by `hide_on_confirm`). Defaults to `position="left"`.
-     *
-     * Snippets (`children`, `popover_content`, `popover_button_content`)
-     * receive both the `Popover` instance and a `confirm` callback.
-     *
-     * @example
-     * ```svelte
-     * <ConfirmButton
-     * 	onconfirm={() => delete_item(item.id)}
-     * 	title="delete item"
-     * 	disabled={deleting}
-     * >
-     * 	{#snippet children(_popover, _confirm)}
-     * 		{deleting ? 'deleting…' : 'delete'}
-     * 	{/snippet}
-     * </ConfirmButton>
-     * ```
-     *
-     * @example
-     * ```svelte
-     * <!-- custom confirm button content -->
-     * <ConfirmButton onconfirm={handle_revoke} class="icon_button plain" title="revoke">
-     * 	revoke
-     * 	{#snippet popover_button_content()}revoke{/snippet}
-     * </ConfirmButton>
-     * ```
-     *
-     * @module
-     */
 import type { SvelteHTMLElements } from 'svelte/elements';
 import type { ComponentProps, Snippet } from 'svelte';
 import type { OmitStrict } from '@fuzdev/fuz_util/types.js';
@@ -47,6 +13,14 @@ type $$ComponentProps = OmitStrict<ComponentProps<typeof PopoverButton>, 'popove
     popover_button_content?: Snippet<[popover: Popover, confirm: () => void]> | undefined;
     /** Unlike on `PopoverButton` this has a `confirm` arg */
     children?: Snippet<[popover: Popover, confirm: () => void]> | undefined;
+    /** Simple string content for the trigger. Mutually exclusive with `children`. */
+    label?: string | undefined;
+    /**
+     * When `true`, the trigger is disabled and a spinner overlays the
+     * content (mirrors `PendingButton`). The label / children stay
+     * rendered underneath so the button keeps its size.
+     */
+    pending?: boolean | undefined;
 };
 declare const ConfirmButton: import("svelte").Component<$$ComponentProps, {}, "">;
 type ConfirmButton = ReturnType<typeof ConfirmButton>;

package/dist/ui/ConfirmButton.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ConfirmButton.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/ConfirmButton.svelte"],"names":[],"mappings":"~~AAGA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCI;AACJ~~,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EAAC,cAAc,EAAE,OAAO,EAAC,MAAM,QAAQ,CAAC;AACpD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,2BAA2B,CAAC;~~AAG1D~~,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,qBAAqB,CAAC;AAEhD,KAAK,gBAAgB,GAAI,UAAU,CAAC,cAAc,CAAC,OAAO,aAAa,CAAC,EAAE,iBAAiB,GAAG,UAAU,CAAC,GACxG,UAAU,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,UAAU,CAAC,GAAG;IACtD,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;IACtC,oBAAoB,CAAC,EAAE,kBAAkB,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;IAChE,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IACtC,yEAAyE;IACzE,eAAe,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC;IAC/E,qCAAqC;IACrC,sBAAsB,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC;IACtF,yDAAyD;IACzD,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC;~~CACxE~~,CAAC;~~AAyEJ~~,QAAA,MAAM,aAAa,sDAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}
1	+ {"version":3,"file":"ConfirmButton.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/ConfirmButton.svelte"],"names":[],"mappings":"AAkDA,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EAAC,cAAc,EAAE,OAAO,EAAC,MAAM,QAAQ,CAAC;AACpD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,2BAA2B,CAAC;AAI1D,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,qBAAqB,CAAC;AAEhD,KAAK,gBAAgB,GAAI,UAAU,CAAC,cAAc,CAAC,OAAO,aAAa,CAAC,EAAE,iBAAiB,GAAG,UAAU,CAAC,GACxG,UAAU,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,UAAU,CAAC,GAAG;IACtD,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;IACtC,oBAAoB,CAAC,EAAE,kBAAkB,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;IAChE,eAAe,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IACtC,yEAAyE;IACzE,eAAe,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC;IAC/E,qCAAqC;IACrC,sBAAsB,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC;IACtF,yDAAyD;IACzD,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,SAAS,CAAC;IACxE,iFAAiF;IACjF,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;CAC9B,CAAC;AAgGJ,QAAA,MAAM,aAAa,sDAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}

package/dist/ui/OpenSignupToggle.svelte CHANGED Viewed

@@ -19,7 +19,7 @@
 <div class="open-signup-toggle">
 	{#if !app_settings.has_rpc}
 		<p class="text_50">rpc adapter not wired</p>
-	{:else if app_settings.loading}
+	{:else if app_settings.list.loading}
 		<p class="text_50">loading settings...</p>
 	{:else if app_settings.settings}
 		<label class="row">
@@ -27,7 +27,7 @@
 				type="checkbox"
 				class="mr_lg"
 				checked={app_settings.settings.open_signup}
-				disabled={app_settings.updating}
+				disabled={app_settings.update.loading}
 				onchange={() => app_settings.update_open_signup(!app_settings.settings!.open_signup)}
 			/>
 			<div>
@@ -42,7 +42,9 @@
 			</div>
 		</label>
 	{/if}
-	{#if app_settings.error}
-		<p class="color_c_50">{app_settings.error}</p>
+	{#if app_settings.list.error}
+		<p class="color_c_50">{app_settings.list.error}</p>
+	{:else if app_settings.update.error}
+		<p class="color_c_50">{app_settings.update.error}</p>
 	{/if}
 </div>

package/dist/ui/OpenSignupToggle.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"OpenSignupToggle.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/OpenSignupToggle.svelte"],"names":[],"mappings":"~~AA+CA~~,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,gBAAgB;;kBAA+E,CAAC;AACpF,KAAK,gBAAgB,GAAG,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAChE,eAAe,gBAAgB,CAAC"}
1	+ {"version":3,"file":"OpenSignupToggle.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/OpenSignupToggle.svelte"],"names":[],"mappings":"AAiDA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,gBAAgB;;kBAA+E,CAAC;AACpF,KAAK,gBAAgB,GAAG,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAChE,eAAe,gBAAgB,CAAC"}

package/dist/ui/RoleGrantOfferForm.svelte CHANGED Viewed

@@ -58,7 +58,7 @@
 	let message = $state.raw('');
 	let local_error: string | null = $state.raw(null);
-	const submitting = $derived(role_grant_offers.loading);
+	const submitting = $derived(role_grant_offers.create.loading);
 	const surface_error = (reason: string | null): string | null => {
 		switch (reason) {
@@ -84,7 +84,7 @@
 			form_state.focus('role');
 			return;
 		}
-		const offer = await role_grant_offers.create({
+		const offer = await role_grant_offers.submit_create({
 			to_account_id,
 			to_actor_id,
 			role: selected_role,
@@ -98,12 +98,12 @@
 			return;
 		}
 		// Structured error data carries the reason; fall back to raw error string.
-		const data = role_grant_offers.error_data as
+		const data = role_grant_offers.create.error_data as
 			| {data?: {reason?: string}; reason?: string}
 			| null
 			| undefined;
 		const reason = data?.data?.reason ?? data?.reason ?? null;
-		local_error = surface_error(reason) ?? role_grant_offers.error;
+		local_error = surface_error(reason) ?? role_grant_offers.create.error;
 	};
 </script>

package/dist/ui/RoleGrantOfferHistory.svelte CHANGED Viewed

@@ -82,10 +82,10 @@
 <section>
 	<h2>offer history</h2>
-	{#if role_grant_offers.loading}
+	{#if role_grant_offers.list_history.loading}
 		<p class="text_50">loading history...</p>
-	{:else if role_grant_offers.error}
-		<p class="color_c_50">{role_grant_offers.error}</p>
+	{:else if role_grant_offers.list_history.error}
+		<p class="color_c_50">{role_grant_offers.list_history.error}</p>
 	{:else}
 		<Datatable {columns} rows={role_grant_offers.history} height="400px" row_key="id">
 			{#snippet cell(column, row)}

package/dist/ui/RoleGrantOfferInbox.svelte CHANGED Viewed

@@ -48,8 +48,12 @@
 <section class="role-grant-offer-inbox">
 	<h2>pending offers</h2>
-	{#if role_grant_offers.error}
-		<p class="color_c_50">{role_grant_offers.error}</p>
+	{#if role_grant_offers.list.error || role_grant_offers.accept.error || role_grant_offers.decline.error}
+		<p class="color_c_50">
+			{role_grant_offers.list.error ??
+				role_grant_offers.accept.error ??
+				role_grant_offers.decline.error}
+		</p>
 	{/if}
 	{#if role_grant_offers.incoming.length === 0}
@@ -76,9 +80,9 @@
 					<div class="row gap_sm">
 						<PendingButton
-							pending={role_grant_offers.loading}
-							disabled={role_grant_offers.loading}
-							onclick={() => role_grant_offers.accept(offer.id)}
+							pending={role_grant_offers.accept.loading}
+							disabled={role_grant_offers.accept.loading}
+							onclick={() => role_grant_offers.submit_accept(offer.id)}
 							class="color_b"
 						>
 							accept
@@ -89,7 +93,7 @@
 							position="bottom"
 							onconfirm={() => {
 								const reason = decline_reasons.get(offer.id) ?? '';
-								void role_grant_offers.decline(offer.id, reason || null);
+								void role_grant_offers.submit_decline(offer.id, reason || null);
 								decline_reasons.delete(offer.id);
 							}}
 						>

package/dist/ui/RoleGrantOfferInbox.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"RoleGrantOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/RoleGrantOfferInbox.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;~~AA2FH~~,QAAA,MAAM,mBAAmB,sDAAwC,CAAC;AAClE,KAAK,mBAAmB,GAAG,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAClE,eAAe,mBAAmB,CAAC"}
1	+ {"version":3,"file":"RoleGrantOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/RoleGrantOfferInbox.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA+FH,QAAA,MAAM,mBAAmB,sDAAwC,CAAC;AAClE,KAAK,mBAAmB,GAAG,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAClE,eAAe,mBAAmB,CAAC"}

package/dist/ui/account_sessions_state.svelte.d.ts CHANGED Viewed

@@ -1,11 +1,18 @@
 /**
  * Reactive state for managing the authenticated account's auth sessions on a
- * settings page. Reads and mutations flow through a narrow RPC adapter
- * backed by `auth/account_actions.ts`.
+ * settings page. Reads and mutations flow through a narrow RPC adapter backed
+ * by `auth/account_actions.ts`.
+ *
+ * Holds two `AsyncSlot`s — `list` for the fetch, `revoke_all` for the bulk
+ * revoke — plus one `KeyedAsyncSlot<string, void>` (`revoke`) keyed by
+ * `session_id` for per-row revoke (independent supersession across
+ * concurrent rows; per-row error surfacing). Method names use the
+ * `submit_*` prefix to avoid slot-name collisions.
  *
  * @module
  */
-import { Loadable } from './loadable.svelte.js';
+import { AsyncSlot } from './async_slot.svelte.js';
+import { KeyedAsyncSlot } from './keyed_async_slot.svelte.js';
 import type { AuthSessionJson } from '../auth/account_schema.js';
 /**
  * Narrow RPC surface consumed by `AccountSessionsState`. Consumers adapt their
@@ -50,15 +57,18 @@ export interface AccountSessionsStateOptions {
      */
     get_rpc?: () => AccountSessionsRpc | null;
 }
-export declare class AccountSessionsState extends Loadable {
+export declare class AccountSessionsState {
     #private;
+    readonly list: AsyncSlot<void, string>;
+    readonly revoke: KeyedAsyncSlot<string, void, string>;
+    readonly revoke_all: AsyncSlot<void, string>;
     sessions: Array<AuthSessionJson>;
     readonly active_count: number;
     constructor(options?: AccountSessionsStateOptions);
-    /** True when an RPC adapter is wired. `fetch` / `revoke` / `revoke_all` no-op without it. */
+    /** True when an RPC adapter is wired. `fetch` / `submit_revoke` / `submit_revoke_all` no-op without it. */
     get has_rpc(): boolean;
     fetch(): Promise<void>;
-    revoke(id: string): Promise<void>;
-    revoke_all(): Promise<void>;
+    submit_revoke(id: string): Promise<void>;
+    submit_revoke_all(): Promise<void>;
 }
 //# sourceMappingURL=account_sessions_state.svelte.d.ts.map