npm - @fuzdev/fuz_app - Versions diffs - 0.67.1 → 0.69.0 - Mend

@fuzdev/fuz_app 0.67.1 → 0.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/dist/actions/perform_action.d.ts.map +1 -1
package/dist/actions/perform_action.js +10 -3
package/dist/auth/CLAUDE.md +99 -5
package/dist/auth/account_queries.d.ts +87 -4
package/dist/auth/account_queries.d.ts.map +1 -1
package/dist/auth/account_queries.js +107 -17
package/dist/auth/account_schema.d.ts +19 -0
package/dist/auth/account_schema.d.ts.map +1 -1
package/dist/auth/account_schema.js +8 -0
package/dist/auth/admin_action_specs.d.ts +170 -3
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +148 -4
package/dist/auth/admin_actions.d.ts +4 -14
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +246 -40
package/dist/auth/audit_log_ddl.d.ts +10 -1
package/dist/auth/audit_log_ddl.d.ts.map +1 -1
package/dist/auth/audit_log_ddl.js +13 -4
package/dist/auth/audit_log_schema.d.ts +34 -1
package/dist/auth/audit_log_schema.d.ts.map +1 -1
package/dist/auth/audit_log_schema.js +73 -0
package/dist/auth/auth_ddl.d.ts +2 -2
package/dist/auth/auth_ddl.d.ts.map +1 -1
package/dist/auth/auth_ddl.js +10 -2
package/dist/auth/cell_action_specs.d.ts +1295 -0
package/dist/auth/cell_action_specs.d.ts.map +1 -0
package/dist/auth/cell_action_specs.js +397 -0
package/dist/auth/cell_actions.d.ts +63 -0
package/dist/auth/cell_actions.d.ts.map +1 -0
package/dist/auth/cell_actions.js +546 -0
package/dist/auth/cell_audit_action_specs.d.ts +131 -0
package/dist/auth/cell_audit_action_specs.d.ts.map +1 -0
package/dist/auth/cell_audit_action_specs.js +70 -0
package/dist/auth/cell_audit_actions.d.ts +18 -0
package/dist/auth/cell_audit_actions.d.ts.map +1 -0
package/dist/auth/cell_audit_actions.js +59 -0
package/dist/auth/cell_audit_events.d.ts +28 -0
package/dist/auth/cell_audit_events.d.ts.map +1 -0
package/dist/auth/cell_audit_events.js +42 -0
package/dist/auth/cell_audit_metadata.d.ts +48 -0
package/dist/auth/cell_audit_metadata.d.ts.map +1 -0
package/dist/auth/cell_audit_metadata.js +46 -0
package/dist/auth/cell_authorize.d.ts +88 -0
package/dist/auth/cell_authorize.d.ts.map +1 -0
package/dist/auth/cell_authorize.js +172 -0
package/dist/auth/cell_data_schema.d.ts +44 -0
package/dist/auth/cell_data_schema.d.ts.map +1 -0
package/dist/auth/cell_data_schema.js +42 -0
package/dist/auth/cell_field_action_specs.d.ts +244 -0
package/dist/auth/cell_field_action_specs.d.ts.map +1 -0
package/dist/auth/cell_field_action_specs.js +136 -0
package/dist/auth/cell_field_actions.d.ts +34 -0
package/dist/auth/cell_field_actions.d.ts.map +1 -0
package/dist/auth/cell_field_actions.js +153 -0
package/dist/auth/cell_field_audit_metadata.d.ts +30 -0
package/dist/auth/cell_field_audit_metadata.d.ts.map +1 -0
package/dist/auth/cell_field_audit_metadata.js +28 -0
package/dist/auth/cell_grant_action_specs.d.ts +333 -0
package/dist/auth/cell_grant_action_specs.d.ts.map +1 -0
package/dist/auth/cell_grant_action_specs.js +148 -0
package/dist/auth/cell_grant_actions.d.ts +50 -0
package/dist/auth/cell_grant_actions.d.ts.map +1 -0
package/dist/auth/cell_grant_actions.js +208 -0
package/dist/auth/cell_grant_audit_metadata.d.ts +75 -0
package/dist/auth/cell_grant_audit_metadata.d.ts.map +1 -0
package/dist/auth/cell_grant_audit_metadata.js +54 -0
package/dist/auth/cell_item_action_specs.d.ts +331 -0
package/dist/auth/cell_item_action_specs.d.ts.map +1 -0
package/dist/auth/cell_item_action_specs.js +182 -0
package/dist/auth/cell_item_actions.d.ts +37 -0
package/dist/auth/cell_item_actions.d.ts.map +1 -0
package/dist/auth/cell_item_actions.js +204 -0
package/dist/auth/cell_item_audit_metadata.d.ts +35 -0
package/dist/auth/cell_item_audit_metadata.d.ts.map +1 -0
package/dist/auth/cell_item_audit_metadata.js +32 -0
package/dist/auth/cell_relation_visibility.d.ts +32 -0
package/dist/auth/cell_relation_visibility.d.ts.map +1 -0
package/dist/auth/cell_relation_visibility.js +57 -0
package/dist/auth/deps.d.ts +9 -0
package/dist/auth/deps.d.ts.map +1 -1
package/dist/auth/role_grant_queries.d.ts +30 -0
package/dist/auth/role_grant_queries.d.ts.map +1 -1
package/dist/auth/role_grant_queries.js +54 -0
package/dist/auth/signup_routes.d.ts +0 -3
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +9 -3
package/dist/auth/standard_rpc_actions.d.ts +5 -5
package/dist/auth/standard_rpc_actions.js +4 -4
package/dist/db/CLAUDE.md +118 -0
package/dist/db/cell_audit_queries.d.ts +26 -0
package/dist/db/cell_audit_queries.d.ts.map +1 -0
package/dist/db/cell_audit_queries.js +53 -0
package/dist/db/cell_ddl.d.ts +151 -0
package/dist/db/cell_ddl.d.ts.map +1 -0
package/dist/db/cell_ddl.js +247 -0
package/dist/db/cell_field_queries.d.ts +105 -0
package/dist/db/cell_field_queries.d.ts.map +1 -0
package/dist/db/cell_field_queries.js +113 -0
package/dist/db/cell_grant_queries.d.ts +132 -0
package/dist/db/cell_grant_queries.d.ts.map +1 -0
package/dist/db/cell_grant_queries.js +145 -0
package/dist/db/cell_history_ddl.d.ts +38 -0
package/dist/db/cell_history_ddl.d.ts.map +1 -0
package/dist/db/cell_history_ddl.js +61 -0
package/dist/db/cell_item_queries.d.ts +107 -0
package/dist/db/cell_item_queries.d.ts.map +1 -0
package/dist/db/cell_item_queries.js +119 -0
package/dist/db/cell_queries.d.ts +327 -0
package/dist/db/cell_queries.d.ts.map +1 -0
package/dist/db/cell_queries.js +431 -0
package/dist/db/fact_ddl.d.ts +38 -0
package/dist/db/fact_ddl.d.ts.map +1 -0
package/dist/db/fact_ddl.js +71 -0
package/dist/db/fact_queries.d.ts +140 -0
package/dist/db/fact_queries.d.ts.map +1 -0
package/dist/db/fact_queries.js +161 -0
package/dist/db/fact_store.d.ts +112 -0
package/dist/db/fact_store.d.ts.map +1 -0
package/dist/db/fact_store.js +225 -0
package/dist/server/app_server.d.ts +1 -7
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +1 -5
package/dist/server/env.d.ts +2 -0
package/dist/server/env.d.ts.map +1 -1
package/dist/server/env.js +6 -0
package/dist/server/fact_write.d.ts +32 -0
package/dist/server/fact_write.d.ts.map +1 -0
package/dist/server/fact_write.js +56 -0
package/dist/server/file_fact_fetcher.d.ts +42 -0
package/dist/server/file_fact_fetcher.d.ts.map +1 -0
package/dist/server/file_fact_fetcher.js +60 -0
package/dist/server/file_fact_url.d.ts +53 -0
package/dist/server/file_fact_url.d.ts.map +1 -0
package/dist/server/file_fact_url.js +52 -0
package/dist/server/serve_fact_route.d.ts +78 -0
package/dist/server/serve_fact_route.d.ts.map +1 -0
package/dist/server/serve_fact_route.js +205 -0
package/dist/testing/CLAUDE.md +142 -6
package/dist/testing/app_server.d.ts +46 -0
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +67 -8
package/dist/testing/audit_completeness.d.ts.map +1 -1
package/dist/testing/audit_completeness.js +67 -1
package/dist/testing/cross_backend/account_lifecycle.d.ts +10 -0
package/dist/testing/cross_backend/account_lifecycle.d.ts.map +1 -0
package/dist/testing/cross_backend/account_lifecycle.js +144 -0
package/dist/testing/cross_backend/actor_lookup.d.ts +10 -0
package/dist/testing/cross_backend/actor_lookup.d.ts.map +1 -0
package/dist/testing/cross_backend/actor_lookup.js +83 -0
package/dist/testing/cross_backend/actor_search.d.ts +6 -0
package/dist/testing/cross_backend/actor_search.d.ts.map +1 -0
package/dist/testing/cross_backend/actor_search.js +92 -0
package/dist/testing/cross_backend/app_settings.d.ts +6 -0
package/dist/testing/cross_backend/app_settings.d.ts.map +1 -0
package/dist/testing/cross_backend/app_settings.js +95 -0
package/dist/testing/cross_backend/backend_config.d.ts +1 -1
package/dist/testing/cross_backend/capabilities.d.ts +29 -7
package/dist/testing/cross_backend/capabilities.d.ts.map +1 -1
package/dist/testing/cross_backend/capabilities.js +3 -1
package/dist/testing/cross_backend/cell_cross_helpers.d.ts +39 -0
package/dist/testing/cross_backend/cell_cross_helpers.d.ts.map +1 -0
package/dist/testing/cross_backend/cell_cross_helpers.js +45 -0
package/dist/testing/cross_backend/cell_crud.d.ts +4 -0
package/dist/testing/cross_backend/cell_crud.d.ts.map +1 -0
package/dist/testing/cross_backend/cell_crud.js +168 -0
package/dist/testing/cross_backend/cell_grant_role.d.ts +8 -0
package/dist/testing/cross_backend/cell_grant_role.d.ts.map +1 -0
package/dist/testing/cross_backend/cell_grant_role.js +102 -0
package/dist/testing/cross_backend/cell_relations.d.ts +4 -0
package/dist/testing/cross_backend/cell_relations.d.ts.map +1 -0
package/dist/testing/cross_backend/cell_relations.js +229 -0
package/dist/testing/cross_backend/conformance_case.d.ts +144 -0
package/dist/testing/cross_backend/conformance_case.d.ts.map +1 -0
package/dist/testing/cross_backend/conformance_case.js +132 -0
package/dist/testing/cross_backend/conformance_table.d.ts +46 -0
package/dist/testing/cross_backend/conformance_table.d.ts.map +1 -0
package/dist/testing/cross_backend/conformance_table.js +199 -0
package/dist/testing/cross_backend/default_backend_configs.d.ts.map +1 -1
package/dist/testing/cross_backend/default_backend_configs.js +6 -2
package/dist/testing/cross_backend/default_spine_surface.d.ts +17 -9
package/dist/testing/cross_backend/default_spine_surface.d.ts.map +1 -1
package/dist/testing/cross_backend/default_spine_surface.js +20 -12
package/dist/testing/cross_backend/origin.d.ts +10 -0
package/dist/testing/cross_backend/origin.d.ts.map +1 -0
package/dist/testing/cross_backend/origin.js +73 -0
package/dist/testing/cross_backend/setup.d.ts +22 -40
package/dist/testing/cross_backend/setup.d.ts.map +1 -1
package/dist/testing/cross_backend/setup.js +39 -5
package/dist/testing/cross_backend/testing_reset_actions.d.ts +90 -2
package/dist/testing/cross_backend/testing_reset_actions.d.ts.map +1 -1
package/dist/testing/cross_backend/testing_reset_actions.js +91 -3
package/dist/testing/cross_backend/xfail.d.ts +15 -0
package/dist/testing/cross_backend/xfail.d.ts.map +1 -0
package/dist/testing/cross_backend/xfail.js +37 -0
package/dist/testing/entities.d.ts.map +1 -1
package/dist/testing/entities.js +4 -0
package/dist/testing/integration.d.ts +2 -3
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +20 -85
package/dist/testing/rate_limiting.d.ts +1 -1
package/dist/testing/rpc_helpers.d.ts +3 -3
package/dist/testing/sse_round_trip.d.ts +1 -1
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +0 -1
package/dist/testing/ws_round_trip.d.ts.map +1 -1
package/dist/testing/ws_round_trip.js +4 -0
package/dist/ui/AdminAccounts.svelte +84 -35
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +21 -23
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +17 -26
package/dist/ui/OpenSignupToggle.svelte +2 -5
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +9 -10
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +7 -17
package/dist/ui/admin_accounts_state.svelte.d.ts +41 -20
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +52 -22
package/dist/ui/admin_invites_state.svelte.d.ts +8 -11
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +7 -16
package/dist/ui/admin_rpc_adapters.d.ts +6 -2
package/dist/ui/admin_rpc_adapters.d.ts.map +1 -1
package/dist/ui/admin_rpc_adapters.js +5 -1
package/dist/ui/admin_sessions_state.svelte.d.ts +6 -10
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +4 -14
package/dist/ui/app_settings_state.svelte.d.ts +8 -12
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +6 -16
package/dist/ui/audit_log_state.svelte.d.ts +9 -8
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +8 -20
package/package.json +2 -2

package/dist/actions/perform_action.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"perform_action.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/perform_action.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AACpD,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,EAGN,KAAK,cAAc,EACnB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAC,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,OAAO,EAEN,KAAK,gBAAgB,EAErB,KAAK,kBAAkB,EACvB,MAAM,oBAAoB,CAAC;~~AAW5B~~,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAEpD,OAAO,KAAK,EAA+B,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAE7E;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IAClC,kEAAkE;IAClE,MAAM,EAAE,SAAS,CAAC;IAClB,mGAAmG;IACnG,UAAU,EAAE,OAAO,CAAC;IACpB,sDAAsD;IACtD,UAAU,EAAE,gBAAgB,CAAC;IAC7B,yDAAyD;IACzD,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,uEAAuE;IACvE,eAAe,EAAE,cAAc,GAAG,IAAI,CAAC;IACvC,qEAAqE;IACrE,SAAS,EAAE,MAAM,CAAC;IAClB,oGAAoG;IACpG,MAAM,EAAE,WAAW,CAAC;IACpB,sFAAsF;IACtF,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;IAClD,uDAAuD;IACvD,aAAa,CAAC,EAAE,IAAI,CAAC;IACrB;;;;OAIG;IACH,MAAM,CAAC,EAAE;QAAC,eAAe,EAAE,cAAc,GAAG,IAAI,CAAA;KAAC,CAAC;CAClD;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,iBAAiB;IACjC,gGAAgG;IAChG,EAAE,EAAE,EAAE,CAAC;IACP;;;OAGG;IACH,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC;;;OAGG;IACH,mBAAmB,EAAE,KAAK,CAAC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACvD,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,kEAAkE;IAClE,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,uEAAuE;IACvE,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;CAChD;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAC5B;IAAC,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAC7B;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,kBAAkB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAC,CAAC;AAE9D;;;;;;;;;GASG;AACH,eAAO,MAAM,cAAc,GAC1B,OAAO,kBAAkB,EACzB,MAAM,iBAAiB,KACrB,OAAO,CAAC,mBAAmB,CAwJ7B,CAAC;~~AA4EF~~;;;GAGG;AACH,eAAO,MAAM,iCAAiC,GAC7C,IAAI,gBAAgB,EACpB,QAAQ,mBAAmB,KACzB;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,gBAAgB,CAAA;CAAC,GAAG,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAAG;IAAC,KAAK,EAAE,kBAAkB,CAAA;CAAC,CAK5F,CAAC"}
1	+ {"version":3,"file":"perform_action.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/perform_action.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AACpD,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,EAGN,KAAK,cAAc,EACnB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAC,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,OAAO,EAEN,KAAK,gBAAgB,EAErB,KAAK,kBAAkB,EACvB,MAAM,oBAAoB,CAAC;AAY5B,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAEpD,OAAO,KAAK,EAA+B,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAE7E;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IAClC,kEAAkE;IAClE,MAAM,EAAE,SAAS,CAAC;IAClB,mGAAmG;IACnG,UAAU,EAAE,OAAO,CAAC;IACpB,sDAAsD;IACtD,UAAU,EAAE,gBAAgB,CAAC;IAC7B,yDAAyD;IACzD,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,uEAAuE;IACvE,eAAe,EAAE,cAAc,GAAG,IAAI,CAAC;IACvC,qEAAqE;IACrE,SAAS,EAAE,MAAM,CAAC;IAClB,oGAAoG;IACpG,MAAM,EAAE,WAAW,CAAC;IACpB,sFAAsF;IACtF,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;IAClD,uDAAuD;IACvD,aAAa,CAAC,EAAE,IAAI,CAAC;IACrB;;;;OAIG;IACH,MAAM,CAAC,EAAE;QAAC,eAAe,EAAE,cAAc,GAAG,IAAI,CAAA;KAAC,CAAC;CAClD;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,iBAAiB;IACjC,gGAAgG;IAChG,EAAE,EAAE,EAAE,CAAC;IACP;;;OAGG;IACH,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC;;;OAGG;IACH,mBAAmB,EAAE,KAAK,CAAC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACvD,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,kEAAkE;IAClE,sBAAsB,EAAE,WAAW,GAAG,IAAI,CAAC;IAC3C,uEAAuE;IACvE,2BAA2B,EAAE,WAAW,GAAG,IAAI,CAAC;CAChD;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAC5B;IAAC,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAC7B;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,kBAAkB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAC,CAAC;AAE9D;;;;;;;;;GASG;AACH,eAAO,MAAM,cAAc,GAC1B,OAAO,kBAAkB,EACzB,MAAM,iBAAiB,KACrB,OAAO,CAAC,mBAAmB,CAwJ7B,CAAC;AAoFF;;;GAGG;AACH,eAAO,MAAM,iCAAiC,GAC7C,IAAI,gBAAgB,EACpB,QAAQ,mBAAmB,KACzB;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,gBAAgB,CAAA;CAAC,GAAG,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAAG;IAAC,KAAK,EAAE,kBAAkB,CAAA;CAAC,CAK5F,CAAC"}

package/dist/actions/perform_action.js CHANGED Viewed

@@ -43,7 +43,7 @@ import {} from '../hono_context.js';
 import { is_void_schema } from '../http/schema_helpers.js';
 import { JSONRPC_VERSION, } from '../http/jsonrpc.js';
 import { jsonrpc_error_messages, jsonrpc_error_code_to_http_status, http_status_to_jsonrpc_error_code, JSONRPC_ERROR_CODES, } from '../http/jsonrpc_errors.js';
-import { ERROR_INSUFFICIENT_PERMISSIONS, ERROR_CREDENTIAL_TYPE_REQUIRED, } from '../http/error_schemas.js';
+import { ERROR_AUTHENTICATION_REQUIRED, ERROR_INSUFFICIENT_PERMISSIONS, ERROR_CREDENTIAL_TYPE_REQUIRED, } from '../http/error_schemas.js';
 import { is_public_auth } from '../http/auth_shape.js';
 /**
  * The shared dispatch core. Pure data — no Hono context, no socket. Each
@@ -208,8 +208,15 @@ const rate_limited_result = (retry_after) => {
  */
 const check_action_auth_pre_validation = (auth, account_id) => {
     if (auth.account === 'required' || auth.actor === 'required') {
-        if (account_id == null)
-            return jsonrpc_error_messages.unauthenticated();
+        if (account_id == null) {
+            // Carry the reason on `error.data.reason` (symmetric with the 403
+            // credential / role gates) so a 401 can be asserted on reason, not
+            // just status. The reason is generic — it leaks nothing about
+            // whether a credential was present or what the route demanded.
+            return jsonrpc_error_messages.unauthenticated('unauthenticated', {
+                reason: ERROR_AUTHENTICATION_REQUIRED,
+            });
+        }
     }
     return null;
 };

package/dist/auth/CLAUDE.md CHANGED Viewed

@@ -62,7 +62,7 @@ Convention — `*_schema.ts` is Zod-only; `*_ddl.ts` holds DDL strings.
 - `auth/credential_type_schema.ts` — `CredentialTypeName`, `CREDENTIAL_TYPE_SESSION` / `_API_TOKEN` / `_DAEMON_TOKEN`, `create_credential_type_schema`.
 - `auth/grant_path_schema.ts` — `GrantPathName`, `GRANT_PATH_ADMIN` / `_SELF_SERVICE` / `_SYSTEM` / `_BOOTSTRAP`, `create_grant_path_schema`.
 - `auth/auth_ddl.ts` — `CREATE TABLE` / index / seed strings for the core identity tables.
-- `auth/audit_log_schema.ts` — `AUDIT_EVENT_TYPES` (21 builtins), `AuditEventType` / `AuditEventTypeName`, `audit_metadata_schemas`, `AuditLogEvent`, `AuditLogInput`, `AuditLogConfig`, `create_audit_log_config`.
+- `auth/audit_log_schema.ts` — `AUDIT_EVENT_TYPES` (27 builtins), `AuditEventType` / `AuditEventTypeName`, `audit_metadata_schemas`, `AuditLogEvent`, `AuditLogInput`, `AuditLogConfig`, `create_audit_log_config`.
 - `auth/audit_log_ddl.ts` — `audit_log` table DDL with `seq BIGSERIAL` for cursor-based gap fill (BIGSERIAL converges with the Rust spine; `create_db` registers a `pg.types` int8 parser so `seq` still reads as a JS number).
 - `auth/invite_schema.ts` — `Invite`, `CreateInviteInput`.
 - `auth/app_settings_schema.ts` — `AppSettings`, `UpdateAppSettingsInput` (single-row via `CHECK (id = 1)`).
@@ -148,6 +148,68 @@ See root ../../../CLAUDE.md §Middleware Ordering for canonical assembly
 order. The auth-specific invariants are described below in §Cross-cutting
 invariants.
+### Cell layer
+The cell content primitive's wire schemas, RPC handlers, and authz live
+here; the schema + queries live in `db/` (see `db/CLAUDE.md` §Cell layer).
+Generic-only — no app vocabulary on the wire; per-kind shape is the
+consumer's `validate_data` pass-through callback on `CellActionDeps`.
+- `auth/cell_data_schema.ts` — `CellData` base (`z.looseObject` with
+  optional `kind` / `label` / `summary`); per-kind sub-API extends it.
+- `auth/cell_action_specs.ts` — `CellVisibility` enum, `CellPath` brand,
+  `CellJson`, the six generic verb specs (`cell_create / get / update /
+delete / list / clone`), error reasons, and `all_cell_action_specs`
+  (spreads in the grant / field / item / audit registries so codegen + UI
+  see one cell namespace). `CellJson` has no hub axis; `path` is global.
+- `auth/cell_grant_action_specs.ts` / `cell_field_action_specs.ts` /
+  `cell_item_action_specs.ts` / `cell_audit_action_specs.ts` — the
+  `cell_grant_*` (3) / `cell_field_*` (3) / `cell_item_*` (4) /
+  `cell_audit_list` (1) specs + their wire JSON shapes.
+- `auth/cell_authorize.ts` — pure predicates over
+  `(RequestContext | null, CellRow, grants)`: `can_view_cell`,
+  `can_edit_cell`, and `can_manage_cell` (= admin ‖ owner, where owner is
+  the `cell.created_by` actor field). The manage tier gates visibility
+  writes, all grant management (`cell_grant_create` / `_list` /
+  `_revoke`), and the per-cell audit timeline (`cell_audit_list`, D14 —
+  it surfaces who-touched-the-cell); it is not a grant level and not
+  delegable. Editor-grant holders edit content + relations but cannot
+  manage grants or read the audit timeline. NULL
+  `created_by` (system origin) is admin-only for edit/manage (explicit
+  defense-in-depth).
+- `auth/cell_relation_visibility.ts` — `filter_visible_target_ids(deps,
+auth, ids)`: batched strict relation-read filter. Every relation read —
+  the `cell_get` bundle, **forward and reverse** `cell_field_list` /
+  `cell_item_list`, and the deep-clone walk (children bulk-loaded via
+  `query_cell_load_many`) — drops edges whose far endpoint the caller can't
+  view, so a viewer of a parent can't enumerate private linked cells by id.
+  Two queries for the whole id-set (avoids the N+1 of a per-row check). The
+  reverse list verbs additionally cap the fetch by the wire `limit` so a
+  heavily inbound-linked target can't force an unbounded scan.
+- `auth/cell_actions.ts` — `create_cell_actions(deps)`, the six generic
+  handlers. `cell_create` stamps `created_by`; `path` writes are
+  admin-only. `cell_update` gates `visibility` writes on `can_manage_cell`
+  (`ERROR_CELL_VISIBILITY_MANAGE_ONLY`). `cell_get` bundles
+  visibility-filtered `fields` + `items` (one over the cap for truncation
+  detection). `cell_clone` deep-walks viewable children only.
+- `auth/cell_grant_actions.ts` / `cell_field_actions.ts` /
+  `cell_item_actions.ts` / `cell_audit_actions.ts` — the relation + ACL +
+  audit handlers, exporting `to_grant_json` / `to_field_json` /
+  `to_item_json` reused by the `cell_get` bundle.
+- `auth/cell_audit_metadata.ts` + `cell_grant_audit_metadata.ts` +
+  `cell_field_audit_metadata.ts` + `cell_item_audit_metadata.ts` — audit
+  metadata envelopes (IDs only), registered via `extra_events:` on the
+  consumer's `create_audit_log_config`.
+- `auth/cell_audit_events.ts` — `cell_audit_events`, the canonical
+  `event_type → metadata` map bundling every cell-domain audit event.
+  Consumers spread it into `extra_events` to register the whole layer in
+  one call (aggregator by design, not a compat shim).
+The cell event types (`cell_create` / `_update` / `_delete` / `_clone`,
+`cell_grant_create` / `_revoke`, `cell_field_set` / `_delete`,
+`cell_item_insert` / `_move` / `_delete`) are consumer-registered extras,
+not built-ins — see §Audit event extensibility.
 ## Cross-cutting invariants
 The things that span multiple files and don't fit on any one symbol's TSDoc.
@@ -259,9 +321,21 @@ session_revoke_all          role_grant_offer_expire
 token_create                role_grant_offer_supersede
 token_revoke                invite_create
 token_revoke_all            invite_delete
-                            app_settings_update
+account_delete              app_settings_update
+account_purge
+account_undelete
+actor_delete
+actor_purge
+actor_undelete
 ```
+`account_delete` / `account_purge` / `account_undelete` snapshot
+`{username, email}` into metadata; `actor_delete` / `actor_purge` /
+`actor_undelete` snapshot `{name}`. The account-level handlers emit the
+account event plus one per-actor event (`delete` = soft, `purge` = hard,
+`undelete` = reactivation — see ../../../docs/security.md §Authorization,
+"Account-removal target guards").
 `role_grant_offer_supersede` carries
 `reason: 'sibling_accepted' | 'role_grant_revoked' | 'scope_destroyed'`
 plus `cause_id` pointing to the row that triggered the supersede.
@@ -336,11 +410,23 @@ are excluded.
   records, regardless of outcome. Default
   `default_action_account_rate_limit` is 1200/15min per actor.
-### Admin actions — eleven specs
+### Admin actions — fourteen specs
 `create_admin_actions(deps, options?)` in `auth/admin_actions.ts`.
-- `admin_account_list_action_spec` — read; input `{limit?, offset?}`; output `{accounts, grantable_roles}`.
+Three of these — `account_delete` / `account_purge` / `account_undelete` —
+carry `account_*` method names (not `admin_`): privilege lives in the auth
+spec, not the name, so soft-delete stays self-service-capable. They sit in
+the admin factory because their `actor: 'required'` shape + account-management
+queries match the rest of this registry (mixed-auth in one factory is
+fine — same as `role_grant_revoke`). `account_undelete` is admin-only —
+reactivation has no self path because a soft-deleted account can't
+authenticate.
+- `admin_account_list_action_spec` — read; input `{limit?, offset?, include_deleted?}`; output `{accounts, grantable_roles}`. `include_deleted` (default false) surfaces soft-deleted rows (with `account.deleted_at` set) for the admin UI's reactivation view.
+- `account_delete_action_spec` — mutation (soft delete); self-or-admin (`{account, actor}`, handler elevates to admin when `account_id` ≠ self); input `{account_id?}`; output `{ok, deleted}`. Tombstones account + actor(s), revokes sessions/tokens, emits `account_delete` + per-actor `actor_delete`. Refuses a keeper-role target (`ERROR_CANNOT_DELETE_KEEPER`) or the sole active admin (`ERROR_CANNOT_DELETE_LAST_ADMIN`) — both fail-loud with a failure-audit row.
+- `account_purge_action_spec` — mutation (hard purge); keeper-only (`credential_types: ['daemon_token']` + `roles: ['keeper']`) + `confirm: true` + WARN; input `{account_id, confirm?}`; output `{ok, purged}`. Cascading delete; emits `account_purge` + per-actor `actor_purge` (identity snapshot survives in metadata since `audit_log` ids carry no FK). Refuses a keeper-role target (`ERROR_CANNOT_DELETE_KEEPER`) or the sole active admin (`ERROR_CANNOT_DELETE_LAST_ADMIN`).
+- `account_undelete_action_spec` — mutation (reactivation, inverse of soft delete); admin-only (`roles: ['admin']` — no self path, a tombstoned account can't authenticate); input `{account_id}`; output `{ok, undeleted}`. Clears the `deleted_at` tombstone on the account + its actor(s), emits `account_undelete` + per-actor `actor_undelete`. Does not restore revoked sessions/tokens.
 - `admin_session_list_action_spec` — read; input `z.void()`; output `{sessions}`.
 - `admin_session_revoke_all_action_spec` — mutation; input `{account_id}`; output `{ok, count}`.
 - `admin_token_revoke_all_action_spec` — mutation; input `{account_id}`; output `{ok, count}`.
@@ -356,7 +442,15 @@ Constants: `AUDIT_LOG_LIST_LIMIT_MAX = 200`, `ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT =
 `ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200`.
 Error reasons via `error.data.reason`: `ERROR_ACCOUNT_NOT_FOUND` (404 via
-`jsonrpc_errors.not_found`) on admin revoke-all, `ERROR_INVITE_ACCOUNT_EXISTS_USERNAME` /
+`jsonrpc_errors.not_found`) on admin revoke-all + account delete/purge,
+`ERROR_INSUFFICIENT_PERMISSIONS` (403) when `account_delete` targets another
+account without admin, `ERROR_PURGE_NOT_CONFIRMED` (400) when `account_purge`
+omits `confirm: true`, `ERROR_CANNOT_DELETE_KEEPER` (403) when `account_delete` /
+`account_purge` targets a keeper-role account (the keeper account is never
+API-removable — auth + daemon-token both pivot on it),
+`ERROR_CANNOT_DELETE_LAST_ADMIN` (403) when `account_delete` / `account_purge`
+targets the sole remaining active admin (keeper-recoverable, but not in one
+click; soft-deleted admins don't count), `ERROR_INVITE_ACCOUNT_EXISTS_USERNAME` /
 `_EMAIL` / `ERROR_INVITE_DUPLICATE` on invite create, `ERROR_INVITE_NOT_FOUND`
 on invite delete. `invite_create` empty input is rejected at the schema via
 `.refine()` and surfaces as `invalid_params` with `error.data.issues`.

package/dist/auth/account_queries.d.ts CHANGED Viewed

@@ -18,7 +18,13 @@ import { type Account, type Actor, type CreateAccountInput, type AdminAccountEnt
  */
 export declare const query_create_account: (deps: QueryDeps, input: CreateAccountInput) => Promise<Account>;
 /**
- * Find an account by id.
+ * Find an **active** account by id (`deleted_at IS NULL`).
+ *
+ * This is the auth-resolution workhorse (`build_request_context` /
+ * `build_account_context`) and the admin-target lookup, so it
+ * deliberately excludes soft-deleted accounts: a tombstoned account must
+ * not authenticate (`delete` = soft, `purge` = hard). Purge, which must operate on
+ * soft-deleted rows too, uses `query_purge_account` directly.
  */
 export declare const query_account_by_id: (deps: QueryDeps, id: string) => Promise<Account | undefined>;
 /**
@@ -36,9 +42,15 @@ export declare const query_account_by_email: (deps: QueryDeps, email: string) =>
  * Otherwise tries username first then email. This supports a single
  * login field that accepts either format.
  *
+ * Excludes soft-deleted accounts (`deleted_at IS NULL`) — this is the
+ * login lookup, and a tombstoned account must not authenticate. The
+ * underlying `query_account_by_username` / `query_account_by_email` stay
+ * unfiltered because the invite-collision checks need to see soft-deleted
+ * accounts (usernames/emails stay reserved after a soft-delete).
+ *
  * @param deps - query dependencies
  * @param input - username or email address
- * @returns the matching account, or `undefined`
+ * @returns the matching active account, or `undefined`
  */
 export declare const query_account_by_username_or_email: (deps: QueryDeps, input: string) => Promise<Account | undefined>;
 /**
@@ -63,11 +75,75 @@ export declare const query_account_by_username_or_email: (deps: QueryDeps, input
  */
 export declare const query_update_account_password: (deps: QueryDeps, id: string, password_hash: string, updated_by: string | null, expected_hash: string) => Promise<boolean>;
 /**
- * Delete an account. Cascades to actors, role_grants, sessions, and tokens.
+ * Identifying values snapshotted into a deletion/purge audit event so the
+ * identity behind a now-orphaned `audit_log` id isn't lost. Mirrors the
+ * Rust `AccountIdentitySnapshot`.
+ */
+export interface AccountIdentitySnapshot {
+    username: string;
+    email: string | null;
+}
+/**
+ * Soft-delete an account — the reversible tombstone (`delete` = soft).
+ *
+ * Stamps `deleted_at` + `deleted_by` (the initiator's actor) on the active
+ * row — paired like `role_grant`'s `revoked_at` / `revoked_by`, and
+ * deliberately leaving `updated_at` / `updated_by` untouched (deletion
+ * isn't a content edit). Returns the identity snapshot for the
+ * `account_delete` audit event, or `undefined` when no active row matched
+ * (missing or already soft-deleted). Auth resolution
+ * (`query_account_by_id`) already excludes soft-deleted accounts; the
+ * caller revokes sessions/tokens.
+ *
+ * @mutates `account` row - sets `deleted_at` + `deleted_by` on one active row
+ */
+export declare const query_account_soft_delete: (deps: QueryDeps, id: string, deleted_by: string | null) => Promise<AccountIdentitySnapshot | undefined>;
+/**
+ * Hard-purge an account — irreversible cascading removal (`purge` = hard).
+ *
+ * Physically deletes the row, cascading to actors, role_grants, sessions,
+ * and tokens. Operates on active OR already-soft-deleted rows. Returns the
+ * identity snapshot for the `account_purge` audit event, or `undefined`
+ * when no row matched. The `audit_log` identity columns carry no FK, so
+ * the purged id survives on historical rows for forensic correlation back
+ * to the purge event.
+ *
+ * **Keeper-gated, loud, irreversible** — restrict to the keeper credential
+ * and confirm explicitly at the call site. The `purge` name flags the danger.
  *
  * @mutates `account` table and downstream FK rows - DELETE cascades through actors/role_grants/sessions/tokens
  */
-export declare const query_delete_account: (deps: QueryDeps, id: string) => Promise<boolean>;
+export declare const query_purge_account: (deps: QueryDeps, id: string) => Promise<AccountIdentitySnapshot | undefined>;
+/**
+ * Soft-delete one actor (sets `deleted_at` + `deleted_by`). Returns `true`
+ * when an active row flipped, `false` when none matched. Emitted per actor
+ * alongside the account-level soft-delete.
+ *
+ * @mutates `actor` row - sets `deleted_at` + `deleted_by` on one active row
+ */
+export declare const query_actor_soft_delete: (deps: QueryDeps, id: string, deleted_by: string | null) => Promise<boolean>;
+/**
+ * Reactivate a soft-deleted account — clears the `deleted_at` /
+ * `deleted_by` tombstone (the inverse of `query_account_soft_delete`).
+ *
+ * Operates only on a currently soft-deleted row (`deleted_at IS NOT NULL`)
+ * and returns the identity snapshot for the `account_undelete` audit
+ * event, or `undefined` when no soft-deleted row matched (missing or
+ * already active). Reactivation does **not** restore the revoked
+ * sessions/tokens — the account is live again but its principals re-auth
+ * fresh. `updated_at` / `updated_by` stay untouched.
+ *
+ * @mutates `account` row - clears `deleted_at` + `deleted_by` on one soft-deleted row
+ */
+export declare const query_account_undelete: (deps: QueryDeps, id: string) => Promise<AccountIdentitySnapshot | undefined>;
+/**
+ * Reactivate one soft-deleted actor (clears `deleted_at` / `deleted_by`).
+ * Returns `true` when a soft-deleted row flipped back, `false` when none
+ * matched. Emitted per actor alongside the account-level reactivation.
+ *
+ * @mutates `actor` row - clears `deleted_at` + `deleted_by` on one soft-deleted row
+ */
+export declare const query_actor_undelete: (deps: QueryDeps, id: string) => Promise<boolean>;
 /**
  * Check if any account exists.
  */
@@ -120,6 +196,13 @@ export interface AdminAccountListOptions {
     limit?: number | null;
     /** Pagination offset. Defaults to 0. */
     offset?: number | null;
+    /**
+     * Include soft-deleted (tombstoned) accounts. Defaults to `false` —
+     * the listing shows active accounts only, matching auth resolution.
+     * Set `true` for the admin UI's "show deleted" view, which offers
+     * reactivation via `account_undelete`.
+     */
+    include_deleted?: boolean | null;
 }
 /**
  * List accounts with their actors, active role_grants, and pending inbound

package/dist/auth/account_queries.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAEN,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,MAAM,qBAAqB,CAAC;AAG7B;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,OAAO,kBAAkB,KACvB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF~~;;GAEG~~;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,OAAO,GAAG,SAAS,~~CAE7B~~,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF~~;;;;;;;;;;GAUG~~;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,OAAO,GAAG,SAAS,CAS7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,eAAe,MAAM,EACrB,YAAY,MAAM,GAAG,IAAI,EACzB,eAAe,MAAM,KACnB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,GAAU,MAAM,SAAS,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,OAAO,~~CAKvF~~,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,OAAO,CAK5E,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,MAAM,MAAM,KACV,OAAO,CAAC,KAAK,CAMf,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAKtB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,KAAK,GAAG,SAAS,CAE3B,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,SAAS,EACf,OAAO,kBAAkB,KACvB,OAAO,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAI1C,CAAC;AA2BF,8CAA8C;AAC9C,MAAM,WAAW,uBAAuB;IACvC;;;;;OAKG;IACH,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,wCAAwC;IACxC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;~~CACvB~~;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,SAAS,EACf,UAAU,uBAAuB,KAC/B,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,~~CAyGtC~~,CAAC"}
1	+ {"version":3,"file":"account_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAEN,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,MAAM,qBAAqB,CAAC;AAG7B;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,OAAO,kBAAkB,KACvB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,OAAO,GAAG,SAAS,CAS7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,eAAe,MAAM,EACrB,YAAY,MAAM,GAAG,IAAI,EACzB,eAAe,MAAM,KACnB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACrB;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,YAAY,MAAM,GAAG,IAAI,KACvB,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAO7C,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAK7C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,YAAY,MAAM,GAAG,IAAI,KACvB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,uBAAuB,GAAG,SAAS,CAO7C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAAU,MAAM,SAAS,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,OAAO,CAQvF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,OAAO,CAK5E,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,MAAM,MAAM,KACV,OAAO,CAAC,KAAK,CAMf,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAKtB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,KAAK,GAAG,SAAS,CAE3B,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,SAAS,EACf,OAAO,kBAAkB,KACvB,OAAO,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAI1C,CAAC;AA2BF,8CAA8C;AAC9C,MAAM,WAAW,uBAAuB;IACvC;;;;;OAKG;IACH,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,wCAAwC;IACxC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CACjC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,SAAS,EACf,UAAU,uBAAuB,KAC/B,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CA8GtC,CAAC"}

package/dist/auth/account_queries.js CHANGED Viewed

@@ -24,10 +24,18 @@ export const query_create_account = async (deps, input) => {
     return assert_row(row, 'INSERT INTO account');
 };
 /**
- * Find an account by id.
+ * Find an **active** account by id (`deleted_at IS NULL`).
+ *
+ * This is the auth-resolution workhorse (`build_request_context` /
+ * `build_account_context`) and the admin-target lookup, so it
+ * deliberately excludes soft-deleted accounts: a tombstoned account must
+ * not authenticate (`delete` = soft, `purge` = hard). Purge, which must operate on
+ * soft-deleted rows too, uses `query_purge_account` directly.
  */
 export const query_account_by_id = async (deps, id) => {
-    return deps.db.query_one(`SELECT * FROM account WHERE id = $1`, [id]);
+    return deps.db.query_one(`SELECT * FROM account WHERE id = $1 AND deleted_at IS NULL`, [
+        id,
+    ]);
 };
 /**
  * Find an account by username (case-insensitive).
@@ -52,15 +60,25 @@ export const query_account_by_email = async (deps, email) => {
  * Otherwise tries username first then email. This supports a single
  * login field that accepts either format.
  *
+ * Excludes soft-deleted accounts (`deleted_at IS NULL`) — this is the
+ * login lookup, and a tombstoned account must not authenticate. The
+ * underlying `query_account_by_username` / `query_account_by_email` stay
+ * unfiltered because the invite-collision checks need to see soft-deleted
+ * accounts (usernames/emails stay reserved after a soft-delete).
+ *
  * @param deps - query dependencies
  * @param input - username or email address
- * @returns the matching account, or `undefined`
+ * @returns the matching active account, or `undefined`
  */
 export const query_account_by_username_or_email = async (deps, input) => {
-    if (input.includes('@')) {
-        return ((await query_account_by_email(deps, input)) ?? (await query_account_by_username(deps, input)));
-    }
-    return ((await query_account_by_username(deps, input)) ?? (await query_account_by_email(deps, input)));
+    const account = input.includes('@')
+        ? ((await query_account_by_email(deps, input)) ??
+            (await query_account_by_username(deps, input)))
+        : ((await query_account_by_username(deps, input)) ??
+            (await query_account_by_email(deps, input)));
+    // Login must not resolve a soft-deleted account, but the bare
+    // username/email lookups stay unfiltered for invite-collision checks.
+    return account && account.deleted_at === null ? account : undefined;
 };
 /**
  * Update the password hash for an account, conditional on the current
@@ -89,15 +107,85 @@ export const query_update_account_password = async (deps, id, password_hash, upd
     return rows.length > 0;
 };
 /**
- * Delete an account. Cascades to actors, role_grants, sessions, and tokens.
+ * Soft-delete an account — the reversible tombstone (`delete` = soft).
+ *
+ * Stamps `deleted_at` + `deleted_by` (the initiator's actor) on the active
+ * row — paired like `role_grant`'s `revoked_at` / `revoked_by`, and
+ * deliberately leaving `updated_at` / `updated_by` untouched (deletion
+ * isn't a content edit). Returns the identity snapshot for the
+ * `account_delete` audit event, or `undefined` when no active row matched
+ * (missing or already soft-deleted). Auth resolution
+ * (`query_account_by_id`) already excludes soft-deleted accounts; the
+ * caller revokes sessions/tokens.
+ *
+ * @mutates `account` row - sets `deleted_at` + `deleted_by` on one active row
+ */
+export const query_account_soft_delete = async (deps, id, deleted_by) => {
+    return deps.db.query_one(`UPDATE account SET deleted_at = NOW(), deleted_by = $2
+		 WHERE id = $1 AND deleted_at IS NULL
+		 RETURNING username, email`, [id, deleted_by]);
+};
+/**
+ * Hard-purge an account — irreversible cascading removal (`purge` = hard).
+ *
+ * Physically deletes the row, cascading to actors, role_grants, sessions,
+ * and tokens. Operates on active OR already-soft-deleted rows. Returns the
+ * identity snapshot for the `account_purge` audit event, or `undefined`
+ * when no row matched. The `audit_log` identity columns carry no FK, so
+ * the purged id survives on historical rows for forensic correlation back
+ * to the purge event.
+ *
+ * **Keeper-gated, loud, irreversible** — restrict to the keeper credential
+ * and confirm explicitly at the call site. The `purge` name flags the danger.
  *
  * @mutates `account` table and downstream FK rows - DELETE cascades through actors/role_grants/sessions/tokens
  */
-export const query_delete_account = async (deps, id) => {
-    const rows = await deps.db.query(`DELETE FROM account WHERE id = $1 RETURNING id`, [
-        id,
-    ]);
-    return rows.length > 0;
+export const query_purge_account = async (deps, id) => {
+    return deps.db.query_one(`DELETE FROM account WHERE id = $1 RETURNING username, email`, [id]);
+};
+/**
+ * Soft-delete one actor (sets `deleted_at` + `deleted_by`). Returns `true`
+ * when an active row flipped, `false` when none matched. Emitted per actor
+ * alongside the account-level soft-delete.
+ *
+ * @mutates `actor` row - sets `deleted_at` + `deleted_by` on one active row
+ */
+export const query_actor_soft_delete = async (deps, id, deleted_by) => {
+    const row = await deps.db.query_one(`UPDATE actor SET deleted_at = NOW(), deleted_by = $2
+		 WHERE id = $1 AND deleted_at IS NULL
+		 RETURNING id`, [id, deleted_by]);
+    return row !== undefined;
+};
+/**
+ * Reactivate a soft-deleted account — clears the `deleted_at` /
+ * `deleted_by` tombstone (the inverse of `query_account_soft_delete`).
+ *
+ * Operates only on a currently soft-deleted row (`deleted_at IS NOT NULL`)
+ * and returns the identity snapshot for the `account_undelete` audit
+ * event, or `undefined` when no soft-deleted row matched (missing or
+ * already active). Reactivation does **not** restore the revoked
+ * sessions/tokens — the account is live again but its principals re-auth
+ * fresh. `updated_at` / `updated_by` stay untouched.
+ *
+ * @mutates `account` row - clears `deleted_at` + `deleted_by` on one soft-deleted row
+ */
+export const query_account_undelete = async (deps, id) => {
+    return deps.db.query_one(`UPDATE account SET deleted_at = NULL, deleted_by = NULL
+		 WHERE id = $1 AND deleted_at IS NOT NULL
+		 RETURNING username, email`, [id]);
+};
+/**
+ * Reactivate one soft-deleted actor (clears `deleted_at` / `deleted_by`).
+ * Returns `true` when a soft-deleted row flipped back, `false` when none
+ * matched. Emitted per actor alongside the account-level reactivation.
+ *
+ * @mutates `actor` row - clears `deleted_at` + `deleted_by` on one soft-deleted row
+ */
+export const query_actor_undelete = async (deps, id) => {
+    const row = await deps.db.query_one(`UPDATE actor SET deleted_at = NULL, deleted_by = NULL
+		 WHERE id = $1 AND deleted_at IS NOT NULL
+		 RETURNING id`, [id]);
+    return row !== undefined;
 };
 /**
  * Check if any account exists.
@@ -172,12 +260,14 @@ export const query_create_account_with_actor = async (deps, input) => {
 export const query_admin_account_list = async (deps, options) => {
     const limit = options?.limit === null ? null : (options?.limit ?? ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT);
     const offset = options?.offset ?? 0;
+    // Active-only by default; the admin UI's "show deleted" view passes
+    // `include_deleted` to surface tombstoned rows for reactivation.
+    const where = options?.include_deleted ? '' : 'WHERE deleted_at IS NULL';
     const account_query = limit == null
-        ? deps.db.query(`SELECT * FROM account ORDER BY created_at OFFSET $1`, [offset])
-        : deps.db.query(`SELECT * FROM account ORDER BY created_at LIMIT $1 OFFSET $2`, [
-            limit,
+        ? deps.db.query(`SELECT * FROM account ${where} ORDER BY created_at OFFSET $1`, [
             offset,
-        ]);
+        ])
+        : deps.db.query(`SELECT * FROM account ${where} ORDER BY created_at LIMIT $1 OFFSET $2`, [limit, offset]);
     const accounts = await account_query;
     if (accounts.length === 0)
         return [];

package/dist/auth/account_schema.d.ts CHANGED Viewed

@@ -30,6 +30,19 @@ export interface Account {
     created_by: Uuid | null;
     updated_at: string;
     updated_by: Uuid | null;
+    /**
+     * Soft-delete tombstone. Non-null means the account is deleted
+     * (`delete` = soft); auth resolution treats it as absent. A hard
+     * `purge` removes the row entirely. See `auth/account_queries.ts`.
+     */
+    deleted_at: string | null;
+    /**
+     * Actor that performed the soft-delete (initiator: self / admin /
+     * keeper). Paired with `deleted_at`, mirroring `role_grant`'s
+     * `revoked_at` / `revoked_by`. Plain UUID (no FK, like
+     * `created_by` / `updated_by` on this table).
+     */
+    deleted_by: Uuid | null;
 }
 /** Account without sensitive fields, scoped to the authenticated user's own session. */
 export interface SessionAccount {
@@ -47,6 +60,10 @@ export interface Actor {
     created_at: string;
     updated_at: string | null;
     updated_by: Uuid | null;
+    /** Soft-delete tombstone — set alongside the owning account's soft-delete. */
+    deleted_at: string | null;
+    /** Actor that performed the soft-delete. Paired with `deleted_at`. */
+    deleted_by: Uuid | null;
 }
 /**
  * Maximum length of the optional free-form `revoked_reason` attached to a
@@ -158,6 +175,7 @@ export declare const AdminAccountJson: z.ZodObject<{
     created_at: z.ZodString;
     updated_at: z.ZodString;
     updated_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+    deleted_at: z.ZodNullable<z.ZodString>;
 }, z.core.$strict>;
 export type AdminAccountJson = z.infer<typeof AdminAccountJson>;
 /**
@@ -194,6 +212,7 @@ export declare const AdminAccountEntryJson: z.ZodObject<{
         created_at: z.ZodString;
         updated_at: z.ZodString;
         updated_by: z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
+        deleted_at: z.ZodNullable<z.ZodString>;
     }, z.core.$strict>;
     actor: z.ZodNullable<z.ZodObject<{
         id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;

package/dist/auth/account_schema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"account_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAC,QAAQ,EAAE,KAAK,EAAC,MAAM,yBAAyB,CAAC;AAIxD,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,wFAAwF;AACxF,MAAM,WAAW,cAAc;IAC9B,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,4FAA4F;AAC5F,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,MAAM,CAAC;AAExD,wEAAwE;AACxE,MAAM,WAAW,SAAS;IACzB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,sHAAsH;IACtH,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,mGAAmG;IACnG,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,eAAO,MAAM,oBAAoB,GAChC,GAAG;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EAC1D,MAAK,IAAiB,KACpB,OAA2E,CAAC;AAE/E,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACrB;AAED,6CAA6C;AAC7C,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,0EAA0E;AAC1E,eAAO,MAAM,kBAAkB;;;;;;kBAM7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,6EAA6E;AAC7E,eAAO,MAAM,eAAe;;;;;;kBAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4EAA4E;AAC5E,eAAO,MAAM,kBAAkB;;;;;;;;kBAQ7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gFAAgF;AAChF,eAAO,MAAM,oBAAoB;;;;;;;;kBAQ/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iGAAiG;AACjG,eAAO,MAAM,gBAAgB~~;;;;;;;;kBAG3B~~,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;kBASlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,sGAAsG;AACtG,eAAO,MAAM,qBAAqB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~kBAKhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACpC,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,0GAA0G;IAC1G,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,cAMpD,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,~~gBAIlD~~,CAAC"}
1	+ {"version":3,"file":"account_schema.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_schema.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE5C,OAAO,EAAC,QAAQ,EAAE,KAAK,EAAC,MAAM,yBAAyB,CAAC;AAIxD,mEAAmE;AACnE,MAAM,WAAW,OAAO;IACvB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB;;;;OAIG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B;;;;;OAKG;IACH,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED,wFAAwF;AACxF,MAAM,WAAW,cAAc;IAC9B,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,4FAA4F;AAC5F,MAAM,WAAW,KAAK;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,8EAA8E;IAC9E,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,sEAAsE;IACtE,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;CACxB;AAED;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,MAAM,CAAC;AAExD,wEAAwE;AACxE,MAAM,WAAW,SAAS;IACzB,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,sHAAsH;IACtH,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,mGAAmG;IACnG,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;CAC7B;AAED,eAAO,MAAM,oBAAoB,GAChC,GAAG;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,EAC1D,MAAK,IAAiB,KACpB,OAA2E,CAAC;AAE/E,uEAAuE;AACvE,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACrB;AAED,6CAA6C;AAC7C,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACnB;AAID,0EAA0E;AAC1E,eAAO,MAAM,kBAAkB;;;;;;kBAM7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,6EAA6E;AAC7E,eAAO,MAAM,eAAe;;;;;;kBAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,4EAA4E;AAC5E,eAAO,MAAM,kBAAkB;;;;;;;;kBAQ7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gFAAgF;AAChF,eAAO,MAAM,oBAAoB;;;;;;;;kBAQ/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,2EAA2E;AAC3E,eAAO,MAAM,gBAAgB;;;kBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iGAAiG;AACjG,eAAO,MAAM,gBAAgB;;;;;;;;;kBAU3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;kBASlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,sGAAsG;AACtG,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAKhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,MAAM,WAAW,kBAAkB;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACpC,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,0GAA0G;IAC1G,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC9B;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,OAAO,KAAG,cAMpD,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,gBAKlD,CAAC"}

package/dist/auth/account_schema.js CHANGED Viewed

@@ -73,6 +73,13 @@ export const ActorSummaryJson = z.strictObject({
 export const AdminAccountJson = SessionAccountJson.extend({
     updated_at: z.string(),
     updated_by: Uuid.nullable(),
+    /**
+     * Soft-delete tombstone, non-null when the account is deleted. Surfaced
+     * so the admin UI can mark tombstoned rows (shown only when the listing
+     * is requested with `include_deleted`) and offer reactivation via
+     * `account_undelete`. Active listings always carry `null` here.
+     */
+    deleted_at: z.string().nullable(),
 });
 /**
  * Zod schema for a pending role_grant offer surfaced in admin account listings.
@@ -127,4 +134,5 @@ export const to_admin_account = (account) => ({
     ...to_session_account(account),
     updated_at: account.updated_at,
     updated_by: account.updated_by,
+    deleted_at: account.deleted_at,
 });