npm - @fuzdev/fuz_app - Versions diffs - 0.64.0 → 0.66.0 - Mend

@fuzdev/fuz_app 0.64.0 → 0.66.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/dist/actions/CLAUDE.md +510 -946
package/dist/actions/action_codegen.d.ts +1 -1
package/dist/actions/action_codegen.js +1 -1
package/dist/actions/action_event_data.d.ts +1 -1
package/dist/actions/broadcast_api.d.ts +1 -1
package/dist/actions/broadcast_api.js +1 -1
package/dist/actions/cancel.d.ts +2 -2
package/dist/actions/cancel.js +3 -3
package/dist/actions/connection_closer.d.ts +1 -4
package/dist/actions/connection_closer.d.ts.map +1 -1
package/dist/actions/connection_closer.js +1 -4
package/dist/actions/register_action_ws.d.ts +2 -2
package/dist/actions/register_ws_endpoint.d.ts +1 -1
package/dist/actions/transports_ws_auth_guard.d.ts +1 -2
package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
package/dist/actions/transports_ws_auth_guard.js +1 -2
package/dist/auth/CLAUDE.md +570 -1871
package/dist/auth/account_schema.d.ts +1 -1
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/api_token_queries.js +1 -1
package/dist/auth/audit_log_ddl.d.ts +1 -1
package/dist/auth/audit_log_ddl.d.ts.map +1 -1
package/dist/auth/audit_log_ddl.js +1 -1
package/dist/auth/audit_log_schema.js +2 -2
package/dist/auth/bootstrap_account.d.ts.map +1 -1
package/dist/auth/bootstrap_account.js +1 -5
package/dist/auth/bootstrap_routes.d.ts +7 -1
package/dist/auth/bootstrap_routes.d.ts.map +1 -1
package/dist/auth/bootstrap_routes.js +15 -11
package/dist/auth/daemon_token_middleware.d.ts +15 -5
package/dist/auth/daemon_token_middleware.d.ts.map +1 -1
package/dist/auth/daemon_token_middleware.js +24 -15
package/dist/auth/invite_queries.d.ts +17 -7
package/dist/auth/invite_queries.d.ts.map +1 -1
package/dist/auth/invite_queries.js +19 -8
package/dist/auth/keyring.d.ts +6 -6
package/dist/auth/keyring.js +8 -8
package/dist/auth/role_grant_offer_actions.d.ts.map +1 -1
package/dist/auth/role_grant_offer_actions.js +4 -2
package/dist/auth/signup_routes.d.ts +47 -1
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +103 -52
package/dist/db/create_db.d.ts.map +1 -1
package/dist/db/create_db.js +13 -0
package/dist/dev/setup.d.ts +2 -2
package/dist/dev/setup.js +3 -3
package/dist/env/resolve.d.ts +44 -7
package/dist/env/resolve.d.ts.map +1 -1
package/dist/env/resolve.js +94 -27
package/dist/http/CLAUDE.md +243 -522
package/dist/http/error_schemas.d.ts +0 -4
package/dist/http/error_schemas.d.ts.map +1 -1
package/dist/http/error_schemas.js +0 -4
package/dist/http/ip_canonical.d.ts +5 -4
package/dist/http/ip_canonical.d.ts.map +1 -1
package/dist/http/ip_canonical.js +8 -4
package/dist/http/jsonrpc.d.ts +23 -7
package/dist/http/jsonrpc.d.ts.map +1 -1
package/dist/http/jsonrpc.js +19 -3
package/dist/http/origin.d.ts +1 -1
package/dist/http/origin.js +1 -1
package/dist/http/surface.d.ts +9 -2
package/dist/http/surface.d.ts.map +1 -1
package/dist/runtime/mock.d.ts +1 -1
package/dist/runtime/mock.js +2 -2
package/dist/server/app_server.d.ts +41 -10
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +10 -4
package/dist/server/env.d.ts +7 -7
package/dist/server/env.d.ts.map +1 -1
package/dist/server/env.js +14 -14
package/dist/server/static.d.ts +4 -4
package/dist/server/static.js +7 -7
package/dist/testing/CLAUDE.md +740 -418
package/dist/testing/admin_integration.d.ts +18 -23
package/dist/testing/admin_integration.d.ts.map +1 -1
package/dist/testing/admin_integration.js +230 -216
package/dist/testing/app_server.d.ts +141 -39
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +157 -44
package/dist/testing/audit_completeness.d.ts +25 -22
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +198 -159
package/dist/testing/bootstrap_success.d.ts +28 -0
package/dist/testing/bootstrap_success.d.ts.map +1 -0
package/dist/testing/bootstrap_success.js +144 -0
package/dist/testing/cross_backend/backend_config.d.ts +113 -0
package/dist/testing/cross_backend/backend_config.d.ts.map +1 -0
package/dist/testing/cross_backend/backend_config.js +1 -0
package/dist/testing/cross_backend/bench/bench_report.d.ts +46 -0
package/dist/testing/cross_backend/bench/bench_report.d.ts.map +1 -0
package/dist/testing/cross_backend/bench/bench_report.js +83 -0
package/dist/testing/cross_backend/bench/run_cross_impl_bench.d.ts +44 -0
package/dist/testing/cross_backend/bench/run_cross_impl_bench.d.ts.map +1 -0
package/dist/testing/cross_backend/bench/run_cross_impl_bench.js +38 -0
package/dist/testing/cross_backend/bench/scenario.d.ts +57 -0
package/dist/testing/cross_backend/bench/scenario.d.ts.map +1 -0
package/dist/testing/cross_backend/bench/scenario.js +28 -0
package/dist/testing/cross_backend/bootstrap_backend.d.ts +41 -0
package/dist/testing/cross_backend/bootstrap_backend.d.ts.map +1 -0
package/dist/testing/cross_backend/bootstrap_backend.js +34 -0
package/dist/testing/cross_backend/build_test_backend_paths.d.ts +24 -0
package/dist/testing/cross_backend/build_test_backend_paths.d.ts.map +1 -0
package/dist/testing/cross_backend/build_test_backend_paths.js +33 -0
package/dist/testing/cross_backend/capabilities.d.ts +65 -0
package/dist/testing/cross_backend/capabilities.d.ts.map +1 -0
package/dist/testing/cross_backend/capabilities.js +47 -0
package/dist/testing/cross_backend/default_backend_configs.d.ts +122 -0
package/dist/testing/cross_backend/default_backend_configs.d.ts.map +1 -0
package/dist/testing/cross_backend/default_backend_configs.js +111 -0
package/dist/testing/cross_backend/default_secrets.d.ts +40 -0
package/dist/testing/cross_backend/default_secrets.d.ts.map +1 -0
package/dist/testing/cross_backend/default_secrets.js +39 -0
package/dist/testing/cross_backend/default_spine_surface.d.ts +64 -0
package/dist/testing/cross_backend/default_spine_surface.d.ts.map +1 -0
package/dist/testing/cross_backend/default_spine_surface.js +121 -0
package/dist/testing/cross_backend/setup.d.ts +451 -0
package/dist/testing/cross_backend/setup.d.ts.map +1 -0
package/dist/testing/cross_backend/setup.js +581 -0
package/dist/testing/cross_backend/spawn_backend.d.ts +58 -0
package/dist/testing/cross_backend/spawn_backend.d.ts.map +1 -0
package/dist/testing/cross_backend/spawn_backend.js +229 -0
package/dist/testing/cross_backend/spine_stub_backend_config.d.ts +66 -0
package/dist/testing/cross_backend/spine_stub_backend_config.d.ts.map +1 -0
package/dist/testing/cross_backend/spine_stub_backend_config.js +49 -0
package/dist/testing/cross_backend/sse_round_trip.d.ts +37 -0
package/dist/testing/cross_backend/sse_round_trip.d.ts.map +1 -0
package/dist/testing/cross_backend/sse_round_trip.js +137 -0
package/dist/testing/cross_backend/standard.d.ts +96 -0
package/dist/testing/cross_backend/standard.d.ts.map +1 -0
package/dist/testing/cross_backend/standard.js +49 -0
package/dist/testing/cross_backend/testing_reset_actions.d.ts +171 -0
package/dist/testing/cross_backend/testing_reset_actions.d.ts.map +1 -0
package/dist/testing/cross_backend/testing_reset_actions.js +213 -0
package/dist/testing/cross_backend/testing_server_bun.d.ts +5 -0
package/dist/testing/cross_backend/testing_server_bun.d.ts.map +1 -0
package/dist/testing/cross_backend/testing_server_bun.js +59 -0
package/dist/testing/cross_backend/testing_server_core.d.ts +140 -0
package/dist/testing/cross_backend/testing_server_core.d.ts.map +1 -0
package/dist/testing/cross_backend/testing_server_core.js +68 -0
package/dist/testing/cross_backend/testing_server_deno.d.ts +5 -0
package/dist/testing/cross_backend/testing_server_deno.d.ts.map +1 -0
package/dist/testing/cross_backend/testing_server_deno.js +37 -0
package/dist/testing/cross_backend/testing_server_node.d.ts +5 -0
package/dist/testing/cross_backend/testing_server_node.d.ts.map +1 -0
package/dist/testing/cross_backend/testing_server_node.js +50 -0
package/dist/testing/cross_backend/ts_spine_backend_config.d.ts +72 -0
package/dist/testing/cross_backend/ts_spine_backend_config.d.ts.map +1 -0
package/dist/testing/cross_backend/ts_spine_backend_config.js +112 -0
package/dist/testing/cross_backend/ws_round_trip.d.ts +35 -0
package/dist/testing/cross_backend/ws_round_trip.d.ts.map +1 -0
package/dist/testing/cross_backend/ws_round_trip.js +113 -0
package/dist/testing/data_exposure.d.ts +11 -14
package/dist/testing/data_exposure.d.ts.map +1 -1
package/dist/testing/data_exposure.js +123 -146
package/dist/testing/db_entities.d.ts +22 -1
package/dist/testing/db_entities.d.ts.map +1 -1
package/dist/testing/db_entities.js +24 -1
package/dist/testing/integration.d.ts +56 -21
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +294 -319
package/dist/testing/integration_helpers.d.ts +16 -6
package/dist/testing/integration_helpers.d.ts.map +1 -1
package/dist/testing/integration_helpers.js +7 -7
package/dist/testing/mock_fs.d.ts.map +1 -1
package/dist/testing/mock_fs.js +0 -2
package/dist/testing/rate_limiting.d.ts.map +1 -1
package/dist/testing/rate_limiting.js +9 -0
package/dist/testing/role_grant_helpers.d.ts +31 -0
package/dist/testing/role_grant_helpers.d.ts.map +1 -0
package/dist/testing/role_grant_helpers.js +46 -0
package/dist/testing/round_trip.d.ts +20 -16
package/dist/testing/round_trip.d.ts.map +1 -1
package/dist/testing/round_trip.js +61 -86
package/dist/testing/rpc_helpers.d.ts +10 -4
package/dist/testing/rpc_helpers.d.ts.map +1 -1
package/dist/testing/rpc_helpers.js +1 -1
package/dist/testing/rpc_round_trip.d.ts +24 -21
package/dist/testing/rpc_round_trip.d.ts.map +1 -1
package/dist/testing/rpc_round_trip.js +87 -104
package/dist/testing/schema_introspect.d.ts +106 -0
package/dist/testing/schema_introspect.d.ts.map +1 -0
package/dist/testing/schema_introspect.js +123 -0
package/dist/testing/schema_parity.d.ts +144 -0
package/dist/testing/schema_parity.d.ts.map +1 -0
package/dist/testing/schema_parity.js +233 -0
package/dist/testing/sse_round_trip.d.ts.map +1 -1
package/dist/testing/sse_round_trip.js +1 -68
package/dist/testing/standard.d.ts +56 -25
package/dist/testing/standard.d.ts.map +1 -1
package/dist/testing/standard.js +62 -5
package/dist/testing/stubs.d.ts +21 -6
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +33 -23
package/dist/testing/testing_rate_limiter.d.ts +59 -0
package/dist/testing/testing_rate_limiter.d.ts.map +1 -0
package/dist/testing/testing_rate_limiter.js +74 -0
package/dist/testing/transports/bootstrap.d.ts +52 -0
package/dist/testing/transports/bootstrap.d.ts.map +1 -0
package/dist/testing/transports/bootstrap.js +70 -0
package/dist/testing/transports/fetch_transport.d.ts +81 -0
package/dist/testing/transports/fetch_transport.d.ts.map +1 -0
package/dist/testing/transports/fetch_transport.js +74 -0
package/dist/testing/transports/sse_frame_reader.d.ts +41 -0
package/dist/testing/transports/sse_frame_reader.d.ts.map +1 -0
package/dist/testing/transports/sse_frame_reader.js +84 -0
package/dist/testing/transports/sse_transport.d.ts +54 -0
package/dist/testing/transports/sse_transport.d.ts.map +1 -0
package/dist/testing/transports/sse_transport.js +51 -0
package/dist/testing/transports/ws_client.d.ts +108 -0
package/dist/testing/transports/ws_client.d.ts.map +1 -0
package/dist/testing/transports/ws_client.js +56 -0
package/dist/testing/transports/ws_transport.d.ts +43 -0
package/dist/testing/transports/ws_transport.d.ts.map +1 -0
package/dist/testing/transports/ws_transport.js +169 -0
package/dist/testing/ws_round_trip.d.ts +21 -103
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +42 -40
package/dist/ui/CLAUDE.md +5 -3
package/dist/ui/MenuLink.svelte +16 -16
package/dist/ui/MenuLink.svelte.d.ts +13 -4
package/dist/ui/MenuLink.svelte.d.ts.map +1 -1
package/package.json +10 -4

package/dist/auth/account_schema.d.ts CHANGED Viewed

@@ -74,7 +74,7 @@ export interface RoleGrant {
     expires_at: string | null;
     revoked_at: string | null;
     revoked_by: Uuid | null;
-    /** Optional free-form reason attached on revoke (surfaced in the revokee WS notification once it lands). */
+    /** Optional free-form reason attached on revoke (rides on the `role_grant_revoke` WS notification to the revokee). */
     revoked_reason: string | null;
     granted_by: Uuid | null;
     /** Offer that produced this role_grant (set by `query_accept_offer`). `null` for direct grants. */

package/dist/auth/account_schema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAC,QAAQ,EAAE,KAAK,EAAC,MAAM,yBAAyB,CAAC;AAIxD,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,wFAAwF;AACxF,MAAM,WAAW,cAAc;IAC9B,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,4FAA4F;AAC5F,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,MAAM,CAAC;AAExD,wEAAwE;AACxE,MAAM,WAAW,SAAS;IACzB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,~~4GAA4G~~;~~IAC5G~~,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,mGAAmG;IACnG,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,eAAO,MAAM,oBAAoB,GAChC,GAAG;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EAC1D,MAAK,IAAiB,KACpB,OAA2E,CAAC;AAE/E,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACrB;AAED,6CAA6C;AAC7C,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,0EAA0E;AAC1E,eAAO,MAAM,kBAAkB;;;;;;kBAM7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,6EAA6E;AAC7E,eAAO,MAAM,eAAe;;;;;;kBAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4EAA4E;AAC5E,eAAO,MAAM,kBAAkB;;;;;;;;kBAQ7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gFAAgF;AAChF,eAAO,MAAM,oBAAoB;;;;;;;;kBAQ/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iGAAiG;AACjG,eAAO,MAAM,gBAAgB;;;;;;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;kBASlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,sGAAsG;AACtG,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAKhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACpC,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,0GAA0G;IAC1G,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,cAMpD,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,gBAIlD,CAAC"}
1	+ {"version":3,"file":"account_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAC,QAAQ,EAAE,KAAK,EAAC,MAAM,yBAAyB,CAAC;AAIxD,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,wFAAwF;AACxF,MAAM,WAAW,cAAc;IAC9B,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,4FAA4F;AAC5F,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,MAAM,CAAC;AAExD,wEAAwE;AACxE,MAAM,WAAW,SAAS;IACzB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,sHAAsH;IACtH,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,mGAAmG;IACnG,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,eAAO,MAAM,oBAAoB,GAChC,GAAG;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EAC1D,MAAK,IAAiB,KACpB,OAA2E,CAAC;AAE/E,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACrB;AAED,6CAA6C;AAC7C,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,0EAA0E;AAC1E,eAAO,MAAM,kBAAkB;;;;;;kBAM7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,6EAA6E;AAC7E,eAAO,MAAM,eAAe;;;;;;kBAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4EAA4E;AAC5E,eAAO,MAAM,kBAAkB;;;;;;;;kBAQ7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gFAAgF;AAChF,eAAO,MAAM,oBAAoB;;;;;;;;kBAQ/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iGAAiG;AACjG,eAAO,MAAM,gBAAgB;;;;;;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;kBASlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,sGAAsG;AACtG,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAKhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACpC,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,0GAA0G;IAC1G,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,cAMpD,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,gBAIlD,CAAC"}

package/dist/auth/api_token_queries.js CHANGED Viewed

@@ -51,7 +51,7 @@ export const query_validate_api_token = async (deps, raw_token, ip, pending_effe
         ip ?? null,
         row.id,
     ])
-        .then(() => { }) // eslint-disable-line @typescript-eslint/no-empty-function
+        .then(() => { })
         .catch((err) => {
         deps.log.error('Failed to update last_used_at:', err);
     });

package/dist/auth/audit_log_ddl.d.ts CHANGED Viewed

@@ -19,6 +19,6 @@
  *
  * @module
  */
-export declare const AUDIT_LOG_SCHEMA = "\nCREATE TABLE IF NOT EXISTS audit_log (\n  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),\n  seq SERIAL NOT NULL,\n  event_type TEXT NOT NULL,\n  outcome TEXT NOT NULL DEFAULT 'success',\n  actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n  account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n  target_account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n  target_actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n  ip TEXT,\n  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),\n  metadata JSONB\n)";
+export declare const AUDIT_LOG_SCHEMA = "\nCREATE TABLE IF NOT EXISTS audit_log (\n  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),\n  seq BIGSERIAL NOT NULL,\n  event_type TEXT NOT NULL,\n  outcome TEXT NOT NULL DEFAULT 'success',\n  actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n  account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n  target_account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n  target_actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n  ip TEXT,\n  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),\n  metadata JSONB\n)";
 export declare const AUDIT_LOG_INDEXES: string[];
 //# sourceMappingURL=audit_log_ddl.d.ts.map

package/dist/auth/audit_log_ddl.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"audit_log_ddl.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_ddl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,eAAO,MAAM,gBAAgB,~~ihBAa3B~~,CAAC;AAEH,eAAO,MAAM,iBAAiB,UAM7B,CAAC"}
1	+ {"version":3,"file":"audit_log_ddl.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_ddl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,eAAO,MAAM,gBAAgB,ohBAa3B,CAAC;AAEH,eAAO,MAAM,iBAAiB,UAM7B,CAAC"}

package/dist/auth/audit_log_ddl.js CHANGED Viewed

@@ -22,7 +22,7 @@
 export const AUDIT_LOG_SCHEMA = `
 CREATE TABLE IF NOT EXISTS audit_log (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-  seq SERIAL NOT NULL,
+  seq BIGSERIAL NOT NULL,
   event_type TEXT NOT NULL,
   outcome TEXT NOT NULL DEFAULT 'success',
   actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,

package/dist/auth/audit_log_schema.js CHANGED Viewed

@@ -90,13 +90,13 @@ export const audit_metadata_schemas = Object.freeze({
     signup: z.looseObject({
         username: z.string().meta({ description: 'Username submitted at signup.' }),
         invite_id: Uuid.optional().meta({
-            description: 'Invite consumed by this signup. Set on success and on `race_lost` / `signup_conflict` failure rows when an invite was matched at attempt time.',
+            description: 'Invite consumed by this signup. Set on success and on `signup_conflict` failure rows when an invite was matched at attempt time.',
         }),
         open_signup: z.boolean().optional().meta({
             description: 'True when the signup occurred via the `open_signup` setting (no invite required). Set on success rows under `open_signup` and on failure rows when the attempt was made under `open_signup`.',
         }),
         reason: z.string().optional().meta({
-            description: 'Failure category: `no_match` (no unclaimed invite matched), `race_lost` (invite was claimed between find and claim), `signup_conflict` (username/email already exists). Set only on `outcome=failure`.',
+            description: 'Failure category: `no_match` (no unclaimed invite matched), `signup_conflict` (username/email already exists, raised by the DB unique constraint), `internal_error` (catch-all for non-classified tx failures — Argon2 fault, session create error, DB outage mid-tx). Set only on `outcome=failure`.',
         }),
         email: Email.optional().meta({
             description: 'Email submitted at signup — recorded on failure rows for forensic correlation. Omitted on success rows because the email is already tied to the resulting account.',

package/dist/auth/bootstrap_account.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"bootstrap_account.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/bootstrap_account.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,eAAe,CAAC;AACpD,OAAO,EACN,mBAAmB,EACnB,0BAA0B,EAC1B,wBAAwB,EACxB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAGnE,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,gDAAgD;AAChD,MAAM,WAAW,qBAAqB;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CACjB;AAED,6DAA6D;AAC7D,MAAM,WAAW,uBAAuB;IACvC,EAAE,EAAE,IAAI,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,WAAW,EAAE;QAAC,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,SAAS,CAAA;KAAC,CAAC;IACnD,wFAAwF;IACxF,kBAAkB,EAAE,OAAO,CAAC;CAC5B;AAED,gCAAgC;AAChC,MAAM,MAAM,uBAAuB,GAChC;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,OAAO,0BAA0B,CAAC;IAAC,MAAM,EAAE,GAAG,CAAA;CAAC,GAClE;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,OAAO,wBAAwB,CAAC;IAAC,MAAM,EAAE,GAAG,CAAA;CAAC,GAChE;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,OAAO,mBAAmB,CAAC;IAAC,MAAM,EAAE,GAAG,CAAA;CAAC,CAAC;AAE/D,qFAAqF;AACrF,MAAM,MAAM,sBAAsB,GAAG,uBAAuB,GAAG,uBAAuB,CAAC;AAEvF;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,EAAE,EAAE,EAAE,CAAC;IACP,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,6EAA6E;IAC7E,QAAQ,EAAE,IAAI,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAClD,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,oBAAoB,EAC1B,gBAAgB,MAAM,EACtB,OAAO,qBAAqB,KAC1B,OAAO,CAAC,sBAAsB,~~CA4EhC~~,CAAC"}
1	+ {"version":3,"file":"bootstrap_account.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/bootstrap_account.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,eAAe,CAAC;AACpD,OAAO,EACN,mBAAmB,EACnB,0BAA0B,EAC1B,wBAAwB,EACxB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAGnE,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,gDAAgD;AAChD,MAAM,WAAW,qBAAqB;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CACjB;AAED,6DAA6D;AAC7D,MAAM,WAAW,uBAAuB;IACvC,EAAE,EAAE,IAAI,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,WAAW,EAAE;QAAC,MAAM,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,SAAS,CAAA;KAAC,CAAC;IACnD,wFAAwF;IACxF,kBAAkB,EAAE,OAAO,CAAC;CAC5B;AAED,gCAAgC;AAChC,MAAM,MAAM,uBAAuB,GAChC;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,OAAO,0BAA0B,CAAC;IAAC,MAAM,EAAE,GAAG,CAAA;CAAC,GAClE;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,OAAO,wBAAwB,CAAC;IAAC,MAAM,EAAE,GAAG,CAAA;CAAC,GAChE;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,OAAO,mBAAmB,CAAC;IAAC,MAAM,EAAE,GAAG,CAAA;CAAC,CAAC;AAE/D,qFAAqF;AACrF,MAAM,MAAM,sBAAsB,GAAG,uBAAuB,GAAG,uBAAuB,CAAC;AAEvF;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,EAAE,EAAE,EAAE,CAAC;IACP,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,cAAc,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,qBAAqB;IACrB,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,6EAA6E;IAC7E,QAAQ,EAAE,IAAI,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAClD,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,oBAAoB,EAC1B,gBAAgB,MAAM,EACtB,OAAO,qBAAqB,KAC1B,OAAO,CAAC,sBAAsB,CAuEhC,CAAC"}

package/dist/auth/bootstrap_account.js CHANGED Viewed

@@ -9,7 +9,7 @@
 import { timingSafeEqual } from 'node:crypto';
 import { ERROR_INVALID_TOKEN, ERROR_ALREADY_BOOTSTRAPPED, ERROR_TOKEN_FILE_MISSING, } from '../http/error_schemas.js';
 import { ROLE_ADMIN, ROLE_KEEPER } from './role_schema.js';
-import { query_create_account_with_actor, query_account_has_any } from './account_queries.js';
+import { query_create_account_with_actor } from './account_queries.js';
 import { query_create_role_grant } from './role_grant_queries.js';
 /**
  * Bootstrap the first account with keeper and admin privileges.
@@ -57,10 +57,6 @@ export const bootstrap_account = async (deps, provided_token, input) => {
         if (lock_rows.length === 0) {
             return { ok: false, error: ERROR_ALREADY_BOOTSTRAPPED, status: 403 };
         }
-        // Belt-and-suspenders: verify no accounts exist even if lock was available
-        if (await query_account_has_any({ db: tx })) {
-            return { ok: false, error: ERROR_ALREADY_BOOTSTRAPPED, status: 403 };
-        }
         const tx_deps = { db: tx };
         const { account, actor } = await query_create_account_with_actor(tx_deps, {
             username: input.username,

package/dist/auth/bootstrap_routes.d.ts CHANGED Viewed

@@ -26,7 +26,13 @@ export type BootstrapInput = z.infer<typeof BootstrapInput>;
 /** Output for `POST /bootstrap`. Session cookie is the operative side effect. */
 export declare const BootstrapOutput: z.ZodObject<{
     ok: z.ZodLiteral<true>;
-    username: z.ZodString;
+    account: z.ZodObject<{
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+        username: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+    }, z.core.$strict>;
+    actor: z.ZodObject<{
+        id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
+    }, z.core.$strict>;
 }, z.core.$strict>;
 export type BootstrapOutput = z.infer<typeof BootstrapOutput>;
 /**

package/dist/auth/bootstrap_routes.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"bootstrap_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/bootstrap_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAClC,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;~~AAEpD~~,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAoB,KAAK,uBAAuB,EAAC,MAAM,wBAAwB,CAAC;AAGvF,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AACpC,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAClF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;~~AAYnD~~,gFAAgF;AAChF,eAAO,MAAM,cAAc;;;;kBAIzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,iFAAiF;AACjF,eAAO,MAAM,eAAe~~;;;kBAG1B~~,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACrC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,8EAA8E;IAC9E,gBAAgB,EAAE,eAAe,CAAC;IAClC;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9E,4EAA4E;IAC5E,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACxC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,EAAE,EAAE,EAAE,CAAC;IACP,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,wBAAwB,EAC9B,SAAS;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,KAClC,OAAO,CAAC,eAAe,CAwBzB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,gBAAgB,EACtB,SAAS,qBAAqB,KAC5B,KAAK,CAAC,SAAS,~~CAiHjB~~,CAAC"}
1	+ {"version":3,"file":"bootstrap_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/bootstrap_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAClC,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAGpD,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAoB,KAAK,uBAAuB,EAAC,MAAM,wBAAwB,CAAC;AAGvF,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AACpC,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAClF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AAWnD,gFAAgF;AAChF,eAAO,MAAM,cAAc;;;;kBAIzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,iFAAiF;AACjF,eAAO,MAAM,eAAe;;;;;;;;;kBAI1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACrC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,8EAA8E;IAC9E,gBAAgB,EAAE,eAAe,CAAC;IAClC;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9E,4EAA4E;IAC5E,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACxC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,EAAE,EAAE,EAAE,CAAC;IACP,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,wBAAwB,EAC9B,SAAS;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,KAClC,OAAO,CAAC,eAAe,CAwBzB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,gBAAgB,EACtB,SAAS,qBAAqB,KAC5B,KAAK,CAAC,SAAS,CAkHjB,CAAC"}

package/dist/auth/bootstrap_routes.js CHANGED Viewed

@@ -7,6 +7,7 @@
  * @module
  */
 import { z } from 'zod';
+import { Uuid } from '@fuzdev/fuz_util/id.js';
 import { create_session_and_set_cookie } from './session_middleware.js';
 import { bootstrap_account } from './bootstrap_account.js';
 import { Username } from '../primitive_schemas.js';
@@ -14,7 +15,7 @@ import { Password } from './password.js';
 import { get_route_input } from '../http/route_spec.js';
 import { get_client_ip } from '../http/proxy.js';
 import { rate_limit_exceeded_response } from '../rate_limiter.js';
-import { ERROR_BOOTSTRAP_NOT_CONFIGURED, ERROR_INVALID_TOKEN, ERROR_ALREADY_BOOTSTRAPPED, ERROR_TOKEN_FILE_MISSING, ERROR_INVALID_JSON_BODY, ERROR_INVALID_REQUEST_BODY, } from '../http/error_schemas.js';
+import { ERROR_INVALID_TOKEN, ERROR_ALREADY_BOOTSTRAPPED, ERROR_TOKEN_FILE_MISSING, ERROR_INVALID_JSON_BODY, ERROR_INVALID_REQUEST_BODY, } from '../http/error_schemas.js';
 // -- Input/output schemas ---------------------------------------------------
 /** Input for `POST /bootstrap`. `token` is the one-shot token file contents. */
 export const BootstrapInput = z.strictObject({
@@ -25,7 +26,8 @@ export const BootstrapInput = z.strictObject({
 /** Output for `POST /bootstrap`. Session cookie is the operative side effect. */
 export const BootstrapOutput = z.strictObject({
     ok: z.literal(true),
-    username: z.string(),
+    account: z.strictObject({ id: Uuid, username: Username }),
+    actor: z.strictObject({ id: Uuid }),
 });
 /**
  * Check bootstrap availability at startup.
@@ -85,13 +87,14 @@ export const create_bootstrap_route_specs = (deps, options) => {
                 }),
                 401: z.looseObject({ error: z.literal(ERROR_INVALID_TOKEN) }),
                 403: z.looseObject({ error: z.literal(ERROR_ALREADY_BOOTSTRAPPED) }),
-                404: z.looseObject({
-                    error: z.enum([ERROR_TOKEN_FILE_MISSING, ERROR_BOOTSTRAP_NOT_CONFIGURED]),
-                }),
+                404: z.looseObject({ error: z.literal(ERROR_TOKEN_FILE_MISSING) }),
             },
             handler: async (c, route) => {
-                // Short-circuit if bootstrap already completed
-                if (!bootstrap_status.available) {
+                // Short-circuit if bootstrap already completed or surface-only mounted.
+                // In 'surface_only' mode `bootstrap_status.token_path === null` and
+                // `available === false`; in 'live' mode after success `available` flips
+                // to `false`. Either way the wire shape is 403 ALREADY_BOOTSTRAPPED.
+                if (!bootstrap_status.available || token_path === null) {
                     return c.json({ error: ERROR_ALREADY_BOOTSTRAPPED }, 403);
                 }
                 // Per-IP rate limit check (before any token/DB work)
@@ -103,9 +106,6 @@ export const create_bootstrap_route_specs = (deps, options) => {
                     }
                 }
                 const input = get_route_input(c);
-                if (token_path === null) {
-                    return c.json({ error: ERROR_BOOTSTRAP_NOT_CONFIGURED }, 404);
-                }
                 // `transaction: false` makes `route.db` the pool. `bootstrap_account`
                 // manages its own transaction internally.
                 const result = await bootstrap_account({
@@ -158,7 +158,11 @@ export const create_bootstrap_route_specs = (deps, options) => {
                 if (!result.token_file_deleted) {
                     throw new Error(`Bootstrap succeeded but token file was not deleted at ${token_path}. Delete it manually and log in.`);
                 }
-                return c.json({ ok: true, username: result.account.username });
+                return c.json({
+                    ok: true,
+                    account: { id: result.account.id, username: result.account.username },
+                    actor: { id: result.actor.id },
+                });
             },
         },
     ];

package/dist/auth/daemon_token_middleware.d.ts CHANGED Viewed

@@ -34,6 +34,11 @@ export declare const get_daemon_token_path: (runtime: Pick<EnvDeps, "env_get">,
  *
  * Uses `write_file_atomic` (temp file + rename) and optionally sets mode 0600.
  *
+ * On-disk format is JSON `{"token": "..."}` — the wrapper leaves room for
+ * future fields (rotated_at, version) without changing every reader. Both
+ * the TS cross-backend harness reader (`spawn_backend.read_daemon_token`)
+ * and the Rust daemon-token writer match this shape.
+ *
  * @param runtime - runtime with file write capabilities
  * @param token_path - path to write the token
  * @param token - the raw token string
@@ -58,8 +63,14 @@ export declare const write_daemon_token: (runtime: DaemonTokenWriteDeps, token_p
 export declare const resolve_keeper_account_id: (deps: QueryDeps) => Promise<string | null>;
 /** Options for daemon token rotation. */
 export interface DaemonTokenRotationOptions {
-    /** Application name (for `~/.{name}/run/daemon_token`). */
-    app_name: string;
+    /**
+     * Absolute path the token file is written to. Caller computes from
+     * its own conventions — e.g. `get_daemon_token_path(runtime, app_name)`
+     * for the standard `~/.{name}/run/daemon_token` layout, or a path
+     * derived from `PUBLIC_<APP>_DIR` for cross-process test setups that
+     * isolate the app dir to a tmpdir.
+     */
+    token_path: string;
     /** Rotation interval in ms. Default: `30000` (30s). */
     rotation_interval_ms?: number;
 }
@@ -76,13 +87,12 @@ export interface DaemonTokenRotation {
  * Generates an initial token, writes it to disk, resolves the keeper account,
  * and sets up periodic rotation. Returns the mutable state object and a stop function.
  *
- * @param runtime - runtime with file, env, and remove capabilities
+ * @param runtime - runtime with file and remove capabilities
  * @param deps - query dependencies for resolving keeper account
  * @param options - rotation configuration
  * @param log - the logger instance
  * @returns rotation state and stop function
  * @mutates filesystem - writes the token file on each rotation; `stop` removes it
- * @throws Error if `$HOME` is not set so the daemon token path cannot be resolved
  */
 export declare const start_daemon_token_rotation: (runtime: DaemonTokenWriteDeps & FsRemoveDeps, deps: QueryDeps, options: DaemonTokenRotationOptions, log: Logger) => Promise<DaemonTokenRotation>;
 /**
@@ -105,5 +115,5 @@ export declare const start_daemon_token_rotation: (runtime: DaemonTokenWriteDeps
  * @param state - the daemon token runtime state
  * @mutates Hono context - sets `ACCOUNT_ID_KEY`, `CREDENTIAL_TYPE_KEY`, and `AUTH_API_TOKEN_ID_KEY` on a valid token
  */
-export declare const create_daemon_token_middleware: (state: DaemonTokenState, _deps: QueryDeps) => MiddlewareHandler;
+export declare const create_daemon_token_middleware: (state: DaemonTokenState, deps: QueryDeps) => MiddlewareHandler;
 //# sourceMappingURL=daemon_token_middleware.d.ts.map

package/dist/auth/daemon_token_middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"daemon_token_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/daemon_token_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAC,KAAK,WAAW,EAAE,KAAK,YAAY,EAAE,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAKN,KAAK,gBAAgB,EACrB,MAAM,mBAAmB,CAAC;AAE3B,8DAA8D;AAC9D,eAAO,MAAM,4BAA4B,QAAS,CAAC;AAEnD,iDAAiD;AACjD,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAC1D,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,iBAAiB,GAAG,QAAQ,CAAC,GAAG;IAC3D,6FAA6F;IAC7F,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GACjC,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EACjC,MAAM,MAAM,KACV,MAAM,GAAG,IAGX,CAAC;AAEF~~;;;;;;;;;GASG~~;AACH,eAAO,MAAM,kBAAkB,GAC9B,SAAS,oBAAoB,EAC7B,YAAY,MAAM,EAClB,OAAO,MAAM,KACX,OAAO,CAAC,IAAI,CAKd,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yBAAyB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAEtF,CAAC;AAEF,yCAAyC;AACzC,MAAM,WAAW,0BAA0B;IAC1C~~,2DAA2D~~;~~IAC3D~~,~~QAAQ~~,EAAE,MAAM,CAAC;~~IACjB~~,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IACnC,2EAA2E;IAC3E,KAAK,EAAE,gBAAgB,CAAC;IACxB,kGAAkG;IAClG,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED~~;;;;;;;;;;;;;GAaG~~;AACH,eAAO,MAAM,2BAA2B,GACvC,SAAS,oBAAoB,GAAG,YAAY,EAC5C,MAAM,SAAS,EACf,SAAS,0BAA0B,EACnC,KAAK,MAAM,KACT,OAAO,CAAC,mBAAmB,~~CAwD7B~~,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,8BAA8B,GAC1C,OAAO,gBAAgB,EACvB,~~OAAO~~,SAAS,~~KACd~~,~~iBA+BF~~,CAAC"}
1	+ {"version":3,"file":"daemon_token_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/daemon_token_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAC,KAAK,WAAW,EAAE,KAAK,YAAY,EAAE,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAKN,KAAK,gBAAgB,EACrB,MAAM,mBAAmB,CAAC;AAE3B,8DAA8D;AAC9D,eAAO,MAAM,4BAA4B,QAAS,CAAC;AAEnD,iDAAiD;AACjD,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,GAC1D,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,iBAAiB,GAAG,QAAQ,CAAC,GAAG;IAC3D,6FAA6F;IAC7F,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GACjC,SAAS,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,EACjC,MAAM,MAAM,KACV,MAAM,GAAG,IAGX,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,kBAAkB,GAC9B,SAAS,oBAAoB,EAC7B,YAAY,MAAM,EAClB,OAAO,MAAM,KACX,OAAO,CAAC,IAAI,CAKd,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yBAAyB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAEtF,CAAC;AAEF,yCAAyC;AACzC,MAAM,WAAW,0BAA0B;IAC1C;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IACnC,2EAA2E;IAC3E,KAAK,EAAE,gBAAgB,CAAC;IACxB,kGAAkG;IAClG,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,2BAA2B,GACvC,SAAS,oBAAoB,GAAG,YAAY,EAC5C,MAAM,SAAS,EACf,SAAS,0BAA0B,EACnC,KAAK,MAAM,KACT,OAAO,CAAC,mBAAmB,CAqD7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,8BAA8B,GAC1C,OAAO,gBAAgB,EACvB,MAAM,SAAS,KACb,iBAsCF,CAAC"}

package/dist/auth/daemon_token_middleware.js CHANGED Viewed

@@ -35,13 +35,18 @@ export const get_daemon_token_path = (runtime, name) => {
  *
  * Uses `write_file_atomic` (temp file + rename) and optionally sets mode 0600.
  *
+ * On-disk format is JSON `{"token": "..."}` — the wrapper leaves room for
+ * future fields (rotated_at, version) without changing every reader. Both
+ * the TS cross-backend harness reader (`spawn_backend.read_daemon_token`)
+ * and the Rust daemon-token writer match this shape.
+ *
  * @param runtime - runtime with file write capabilities
  * @param token_path - path to write the token
  * @param token - the raw token string
  * @mutates filesystem - writes `token_path` atomically and `chmod 0600` when supported
  */
 export const write_daemon_token = async (runtime, token_path, token) => {
-    await write_file_atomic(runtime, token_path, token + '\n');
+    await write_file_atomic(runtime, token_path, JSON.stringify({ token }) + '\n');
     if (runtime.chmod) {
         await runtime.chmod(token_path, 0o600);
     }
@@ -70,26 +75,23 @@ export const resolve_keeper_account_id = async (deps) => {
  * Generates an initial token, writes it to disk, resolves the keeper account,
  * and sets up periodic rotation. Returns the mutable state object and a stop function.
  *
- * @param runtime - runtime with file, env, and remove capabilities
+ * @param runtime - runtime with file and remove capabilities
  * @param deps - query dependencies for resolving keeper account
  * @param options - rotation configuration
  * @param log - the logger instance
  * @returns rotation state and stop function
  * @mutates filesystem - writes the token file on each rotation; `stop` removes it
- * @throws Error if `$HOME` is not set so the daemon token path cannot be resolved
  */
 export const start_daemon_token_rotation = async (runtime, deps, options, log) => {
-    const { app_name, rotation_interval_ms = DEFAULT_ROTATION_INTERVAL_MS } = options;
-    const token_path = get_daemon_token_path(runtime, app_name);
-    if (!token_path) {
-        throw new Error('$HOME not set — cannot determine daemon token path');
-    }
-    // ensure run directory exists
-    const app_dir = get_app_dir(runtime, app_name);
-    if (app_dir) {
-        await runtime.mkdir(`${app_dir}/run`, { recursive: true });
+    const { token_path, rotation_interval_ms = DEFAULT_ROTATION_INTERVAL_MS } = options;
+    // ensure parent directory exists
+    const last_slash = token_path.lastIndexOf('/');
+    if (last_slash > 0) {
+        await runtime.mkdir(token_path.slice(0, last_slash), { recursive: true });
     }
-    // resolve keeper account (may be null pre-bootstrap)
+    // resolve keeper account (may be null pre-bootstrap; the middleware
+    // lazily refreshes on the first null hit to cover the
+    // rotation-starts-before-bootstrap case)
     const keeper_account_id = await resolve_keeper_account_id(deps);
     // generate initial token and write to disk
     const initial_token = generate_daemon_token();
@@ -150,7 +152,7 @@ export const start_daemon_token_rotation = async (runtime, deps, options, log) =
  * @param state - the daemon token runtime state
  * @mutates Hono context - sets `ACCOUNT_ID_KEY`, `CREDENTIAL_TYPE_KEY`, and `AUTH_API_TOKEN_ID_KEY` on a valid token
  */
-export const create_daemon_token_middleware = (state, _deps) => {
+export const create_daemon_token_middleware = (state, deps) => {
     return async (c, next) => {
         const token_header = c.req.header(DAEMON_TOKEN_HEADER);
         if (!token_header) {
@@ -166,7 +168,14 @@ export const create_daemon_token_middleware = (state, _deps) => {
         if (!validate_daemon_token(parse_result.data, state)) {
             return c.json({ error: ERROR_INVALID_DAEMON_TOKEN }, 401);
         }
-        // daemon token valid — resolve keeper account
+        // daemon token valid — resolve keeper account. `start_daemon_token_rotation`
+        // resolves the keeper once at startup, but rotation often starts before the
+        // keeper account exists (e.g. cross-process test harnesses spawn the binary
+        // then POST /bootstrap). Lazily refresh from the DB on the first null hit
+        // so the post-bootstrap state lands without a separate hook.
+        if (!state.keeper_account_id) {
+            state.keeper_account_id = await resolve_keeper_account_id(deps);
+        }
         if (!state.keeper_account_id) {
             return c.json({ error: ERROR_KEEPER_ACCOUNT_NOT_CONFIGURED }, 503);
         }

package/dist/auth/invite_queries.d.ts CHANGED Viewed

@@ -26,27 +26,37 @@ export declare const query_invite_find_unclaimed_by_email: (deps: QueryDeps, ema
  */
 export declare const query_invite_find_unclaimed_by_username: (deps: QueryDeps, username: string) => Promise<Invite | undefined>;
 /**
- * Find an unclaimed invite matching email and/or username using three scoping modes:
+ * Find an unclaimed invite matching email and/or username, taking a
+ * row-level write lock on the matched row.
+ *
+ * Three scoping modes:
  *
  * - **Email-only invite** (email set, username NULL) → matches only if signup provides matching email.
  * - **Username-only invite** (username set, email NULL) → matches only if signup provides matching username.
  * - **Both-field invite** (both set) → requires BOTH email and username to match.
  *
- * @param deps - query dependencies
+ * Must run inside the same transaction as `query_invite_claim_unscoped`:
+ * `FOR UPDATE` makes find + claim atomic, so a concurrent signup that
+ * matched the same invite blocks on the lock until this transaction
+ * commits/rolls back. After commit, the loser's `find_for_update`
+ * returns no row (the winner flipped `claimed_at`) and falls through to
+ * `ERROR_NO_MATCHING_INVITE` — no race window between find and claim.
+ *
+ * @param deps - query dependencies — `deps.db` MUST be a transaction
  * @param email - email to match (or null if signup provides none)
  * @param username - username to match
- * @returns the matching invite, or `undefined`
+ * @returns the matching invite (locked), or `undefined`
  */
-export declare const query_invite_find_unclaimed_match: (deps: QueryDeps, email: string | null, username: string) => Promise<Invite | undefined>;
+export declare const query_invite_find_unclaimed_match_for_update: (deps: QueryDeps, email: string | null, username: string) => Promise<Invite | undefined>;
 /**
  * Claim an invite by setting the claimed_by and claimed_at fields.
  *
  * The `_unscoped` suffix is the safety signal — the SQL only checks the
  * row state (`claimed_at IS NULL`), not whether the claiming account's
  * email or username matches the invite. Callers must scope the lookup
- * upstream via `query_invite_find_unclaimed_match`; the production caller
- * (`auth/signup_routes.ts`) does this. Skipping the find step lets a
- * caller claim any unclaimed invite by id.
+ * upstream via one of the `_find_unclaimed_match*` siblings (production
+ * uses `_for_update` to make find + claim atomic). Skipping the find
+ * step lets a caller claim any unclaimed invite by id.
  *
  * Mirrors the `query_session_revoke_by_hash_unscoped` precedent — there
  * is no scoped sibling because the scoping is provided by a separate

package/dist/auth/invite_queries.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"invite_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAE,iBAAiB,EAAE,uBAAuB,EAAC,MAAM,oBAAoB,CAAC;AAE3F;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,OAAO,iBAAiB,KACtB,OAAO,CAAC,MAAM,CAQhB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,MAAM,GAAG,SAAS,CAK5B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,MAAM,GAAG,SAAS,CAK5B,CAAC;AAEF~~;;;;;;;;;;;GAWG~~;AACH,eAAO,MAAM,~~iCAAiC~~,~~GAC7C~~,MAAM,SAAS,EACf,OAAO,MAAM,GAAG,IAAI,EACpB,UAAU,MAAM,KACd,OAAO,CAAC,MAAM,GAAG,SAAS,~~CAe5B~~,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,SAAS,EACf,WAAW,MAAM,EACjB,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAElF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,KACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAUxC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,OAAO,CAMjB,CAAC"}
1	+ {"version":3,"file":"invite_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAE,iBAAiB,EAAE,uBAAuB,EAAC,MAAM,oBAAoB,CAAC;AAE3F;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,OAAO,iBAAiB,KACtB,OAAO,CAAC,MAAM,CAQhB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,MAAM,GAAG,SAAS,CAK5B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,MAAM,GAAG,SAAS,CAK5B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,4CAA4C,GACxD,MAAM,SAAS,EACf,OAAO,MAAM,GAAG,IAAI,EACpB,UAAU,MAAM,KACd,OAAO,CAAC,MAAM,GAAG,SAAS,CAgB5B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,SAAS,EACf,WAAW,MAAM,EACjB,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAElF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,KACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAUxC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,OAAO,CAMjB,CAAC"}

package/dist/auth/invite_queries.js CHANGED Viewed

@@ -34,18 +34,28 @@ export const query_invite_find_unclaimed_by_username = async (deps, username) =>
     return deps.db.query_one(`SELECT * FROM invite WHERE LOWER(username) = LOWER($1) AND claimed_at IS NULL`, [username]);
 };
 /**
- * Find an unclaimed invite matching email and/or username using three scoping modes:
+ * Find an unclaimed invite matching email and/or username, taking a
+ * row-level write lock on the matched row.
+ *
+ * Three scoping modes:
  *
  * - **Email-only invite** (email set, username NULL) → matches only if signup provides matching email.
  * - **Username-only invite** (username set, email NULL) → matches only if signup provides matching username.
  * - **Both-field invite** (both set) → requires BOTH email and username to match.
  *
- * @param deps - query dependencies
+ * Must run inside the same transaction as `query_invite_claim_unscoped`:
+ * `FOR UPDATE` makes find + claim atomic, so a concurrent signup that
+ * matched the same invite blocks on the lock until this transaction
+ * commits/rolls back. After commit, the loser's `find_for_update`
+ * returns no row (the winner flipped `claimed_at`) and falls through to
+ * `ERROR_NO_MATCHING_INVITE` — no race window between find and claim.
+ *
+ * @param deps - query dependencies — `deps.db` MUST be a transaction
  * @param email - email to match (or null if signup provides none)
  * @param username - username to match
- * @returns the matching invite, or `undefined`
+ * @returns the matching invite (locked), or `undefined`
  */
-export const query_invite_find_unclaimed_match = async (deps, email, username) => {
+export const query_invite_find_unclaimed_match_for_update = async (deps, email, username) => {
     return deps.db.query_one(`SELECT * FROM invite WHERE claimed_at IS NULL AND (
 			(email IS NOT NULL AND username IS NULL
 			 AND $1::text IS NOT NULL AND LOWER(email) = LOWER($1::text))
@@ -56,7 +66,8 @@ export const query_invite_find_unclaimed_match = async (deps, email, username) =
 			(email IS NOT NULL AND username IS NOT NULL
 			 AND $1::text IS NOT NULL AND LOWER(email) = LOWER($1::text)
 			 AND LOWER(username) = LOWER($2))
-		) ORDER BY created_at ASC, id ASC LIMIT 1`, [email, username]);
+		) ORDER BY created_at ASC, id ASC LIMIT 1
+		FOR UPDATE`, [email, username]);
 };
 /**
  * Claim an invite by setting the claimed_by and claimed_at fields.
@@ -64,9 +75,9 @@ export const query_invite_find_unclaimed_match = async (deps, email, username) =
  * The `_unscoped` suffix is the safety signal — the SQL only checks the
  * row state (`claimed_at IS NULL`), not whether the claiming account's
  * email or username matches the invite. Callers must scope the lookup
- * upstream via `query_invite_find_unclaimed_match`; the production caller
- * (`auth/signup_routes.ts`) does this. Skipping the find step lets a
- * caller claim any unclaimed invite by id.
+ * upstream via one of the `_find_unclaimed_match*` siblings (production
+ * uses `_for_update` to make find + claim atomic). Skipping the find
+ * step lets a caller claim any unclaimed invite by id.
  *
  * Mirrors the `query_session_revoke_by_hash_unscoped` precedent — there
  * is no scoped sibling because the scoping is provided by a separate

package/dist/auth/keyring.d.ts CHANGED Viewed

@@ -7,7 +7,7 @@
  *
  * @example
  * ```ts
- * const keyring = create_keyring(process.env.SECRET_COOKIE_KEYS);
+ * const keyring = create_keyring(process.env.SECRET_FUZ_COOKIE_KEYS);
  * if (!keyring) throw new Error('No keys configured');
  *
  * const signed = await keyring.sign('user:123:1700000000');
@@ -47,12 +47,12 @@ export interface Keyring {
  *
  * **Security: key rotation is an operational concern.** Old keys remain valid
  * for verification indefinitely — a leaked old key can forge session cookies
- * until it is removed from `SECRET_COOKIE_KEYS`. After rotating to a new
+ * until it is removed from `SECRET_FUZ_COOKIE_KEYS`. After rotating to a new
  * signing key, remove the old key within a grace period (e.g. 24–48 hours,
  * long enough for active sessions to re-sign with the new key via cookie
- * refresh). Treat `SECRET_COOKIE_KEYS` changes as security-critical deploys.
+ * refresh). Treat `SECRET_FUZ_COOKIE_KEYS` changes as security-critical deploys.
  *
- * @param env_value - the SECRET_COOKIE_KEYS environment variable
+ * @param env_value - the SECRET_FUZ_COOKIE_KEYS environment variable
  * @returns keyring or null if no keys configured
  */
 export declare const create_keyring: (env_value: string | undefined) => Keyring | null;
@@ -63,7 +63,7 @@ export declare const create_keyring: (env_value: string | undefined) => Keyring
  * or all-separator input like `'____'`), and for each key shorter than
  * `MIN_KEY_LENGTH` characters.
  *
- * @param env_value - the SECRET_COOKIE_KEYS environment variable
+ * @param env_value - the SECRET_FUZ_COOKIE_KEYS environment variable
  * @returns array of validation errors (empty if valid)
  */
 export declare const validate_keyring: (env_value: string | undefined) => Array<string>;
@@ -84,7 +84,7 @@ export type ValidatedKeyringResult = {
  * Returns a discriminated union so callers handle exit/logging their own way
  * (e.g. `Deno.exit(1)` vs `runtime.exit(1)`).
  *
- * @param env_value - the SECRET_COOKIE_KEYS environment variable
+ * @param env_value - the SECRET_FUZ_COOKIE_KEYS environment variable
  * @returns `{ok: true, keyring}` or `{ok: false, errors}`
  */
 export declare const create_validated_keyring: (env_value: string | undefined) => ValidatedKeyringResult;

package/dist/auth/keyring.js CHANGED Viewed

@@ -7,7 +7,7 @@
  *
  * @example
  * ```ts
- * const keyring = create_keyring(process.env.SECRET_COOKIE_KEYS);
+ * const keyring = create_keyring(process.env.SECRET_FUZ_COOKIE_KEYS);
  * if (!keyring) throw new Error('No keys configured');
  *
  * const signed = await keyring.sign('user:123:1700000000');
@@ -30,12 +30,12 @@ const encoder = new TextEncoder();
  *
  * **Security: key rotation is an operational concern.** Old keys remain valid
  * for verification indefinitely — a leaked old key can forge session cookies
- * until it is removed from `SECRET_COOKIE_KEYS`. After rotating to a new
+ * until it is removed from `SECRET_FUZ_COOKIE_KEYS`. After rotating to a new
  * signing key, remove the old key within a grace period (e.g. 24–48 hours,
  * long enough for active sessions to re-sign with the new key via cookie
- * refresh). Treat `SECRET_COOKIE_KEYS` changes as security-critical deploys.
+ * refresh). Treat `SECRET_FUZ_COOKIE_KEYS` changes as security-critical deploys.
  *
- * @param env_value - the SECRET_COOKIE_KEYS environment variable
+ * @param env_value - the SECRET_FUZ_COOKIE_KEYS environment variable
  * @returns keyring or null if no keys configured
  */
 export const create_keyring = (env_value) => {
@@ -75,13 +75,13 @@ export const create_keyring = (env_value) => {
  * or all-separator input like `'____'`), and for each key shorter than
  * `MIN_KEY_LENGTH` characters.
  *
- * @param env_value - the SECRET_COOKIE_KEYS environment variable
+ * @param env_value - the SECRET_FUZ_COOKIE_KEYS environment variable
  * @returns array of validation errors (empty if valid)
  */
 export const validate_keyring = (env_value) => {
     const keys = parse_keys(env_value);
     if (keys.length === 0) {
-        return ['SECRET_COOKIE_KEYS is required'];
+        return ['SECRET_FUZ_COOKIE_KEYS is required'];
     }
     const errors = [];
     for (const [i, key] of keys.entries()) {
@@ -126,7 +126,7 @@ const verify_with_crypto_key = async (signed_value, key) => {
  * Returns a discriminated union so callers handle exit/logging their own way
  * (e.g. `Deno.exit(1)` vs `runtime.exit(1)`).
  *
- * @param env_value - the SECRET_COOKIE_KEYS environment variable
+ * @param env_value - the SECRET_FUZ_COOKIE_KEYS environment variable
  * @returns `{ok: true, keyring}` or `{ok: false, errors}`
  */
 export const create_validated_keyring = (env_value) => {
@@ -136,7 +136,7 @@ export const create_validated_keyring = (env_value) => {
     }
     const keyring = create_keyring(env_value);
     if (!keyring) {
-        return { ok: false, errors: ['SECRET_COOKIE_KEYS is required'] };
+        return { ok: false, errors: ['SECRET_FUZ_COOKIE_KEYS is required'] };
     }
     return { ok: true, keyring };
 };

package/dist/auth/role_grant_offer_actions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role_grant_offer_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_grant_offer_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,EAGN,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAIN,KAAK,gBAAgB,EACrB,MAAM,kBAAkB,CAAC;AA0B1B,OAAO,EAA4C,KAAK,cAAc,EAAC,MAAM,sBAAsB,CAAC;AACpG,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAEhD,OAAO,EAON,KAAK,kBAAkB,EACvB,MAAM,qCAAqC,CAAC;AAiC7C;;;;;;;;GAQG;AACH,MAAM,MAAM,6BAA6B,GAAG,CAC3C,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EACrE,IAAI,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,EACnC,GAAG,EAAE,aAAa,KACd,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,qDAAqD;AACrD,MAAM,WAAW,2BAA2B;IAC3C;;;;;OAKG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,0FAA0F;IAC1F,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;CAC1C;AA6BD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,EAAE,6BAavC,CAAC;AAIF;;;;;;;GAOG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,OAAO,CAAC,GAAG;IAC/C,mBAAmB,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAChD,EACD,UAAS,2BAAgC,KACvC,KAAK,CAAC,SAAS,~~CAidjB~~,CAAC"}
1	+ {"version":3,"file":"role_grant_offer_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_grant_offer_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,EAGN,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAIN,KAAK,gBAAgB,EACrB,MAAM,kBAAkB,CAAC;AA0B1B,OAAO,EAA4C,KAAK,cAAc,EAAC,MAAM,sBAAsB,CAAC;AACpG,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAEhD,OAAO,EAON,KAAK,kBAAkB,EACvB,MAAM,qCAAqC,CAAC;AAiC7C;;;;;;;;GAQG;AACH,MAAM,MAAM,6BAA6B,GAAG,CAC3C,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EACrE,IAAI,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,EACnC,GAAG,EAAE,aAAa,KACd,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,qDAAqD;AACrD,MAAM,WAAW,2BAA2B;IAC3C;;;;;OAKG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,0FAA0F;IAC1F,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;CAC1C;AA6BD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,EAAE,6BAavC,CAAC;AAIF;;;;;;;GAOG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,OAAO,CAAC,GAAG;IAC/C,mBAAmB,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAChD,EACD,UAAS,2BAAgC,KACvC,KAAK,CAAC,SAAS,CAmdjB,CAAC"}

package/dist/auth/role_grant_offer_actions.js CHANGED Viewed

@@ -130,8 +130,10 @@ export const create_role_grant_offer_actions = (deps, options = {}) => {
         });
     };
     // Returns {offer} only — no auto-accept. Recipient must call
-    // role_grant_offer_accept; admin tests materialize role_grants via
-    // query_accept_offer (see testing/admin_integration.ts `offer_and_accept`).
+    // role_grant_offer_accept; admin tests drive the full consent flow over
+    // RPC (see testing/admin_integration.ts `offer_and_accept`), or seed
+    // role_grants directly via create_test_role_grant_direct when the
+    // test isn't about the consent path.
     const create_handler = async (input, ctx) => {
         const auth = ctx.auth;
         // Role must include the admin grant path — same gate as admin direct-grant.