npm - @fuzdev/fuz_app - Versions diffs - 0.68.0 → 0.70.0 - Mend

@fuzdev/fuz_app 0.68.0 → 0.70.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/dist/actions/perform_action.d.ts.map +1 -1
package/dist/actions/perform_action.js +10 -3
package/dist/auth/admin_action_specs.d.ts +2 -3
package/dist/auth/admin_action_specs.d.ts.map +1 -1
package/dist/auth/admin_action_specs.js +2 -3
package/dist/auth/admin_actions.d.ts +4 -14
package/dist/auth/admin_actions.d.ts.map +1 -1
package/dist/auth/admin_actions.js +28 -36
package/dist/auth/signup_routes.d.ts +0 -3
package/dist/auth/signup_routes.d.ts.map +1 -1
package/dist/auth/signup_routes.js +9 -3
package/dist/auth/standard_rpc_actions.d.ts +5 -5
package/dist/auth/standard_rpc_actions.js +4 -4
package/dist/server/app_server.d.ts +1 -7
package/dist/server/app_server.d.ts.map +1 -1
package/dist/server/app_server.js +1 -5
package/dist/testing/CLAUDE.md +98 -10
package/dist/testing/app_server.d.ts +34 -0
package/dist/testing/app_server.d.ts.map +1 -1
package/dist/testing/app_server.js +31 -6
package/dist/testing/cross_backend/account_lifecycle.d.ts.map +1 -1
package/dist/testing/cross_backend/account_lifecycle.js +69 -1
package/dist/testing/cross_backend/actor_lookup.d.ts +10 -0
package/dist/testing/cross_backend/actor_lookup.d.ts.map +1 -0
package/dist/testing/cross_backend/actor_lookup.js +83 -0
package/dist/testing/cross_backend/actor_search.d.ts +6 -0
package/dist/testing/cross_backend/actor_search.d.ts.map +1 -0
package/dist/testing/cross_backend/actor_search.js +92 -0
package/dist/testing/cross_backend/app_settings.d.ts +6 -0
package/dist/testing/cross_backend/app_settings.d.ts.map +1 -0
package/dist/testing/cross_backend/app_settings.js +95 -0
package/dist/testing/cross_backend/backend_config.d.ts +1 -1
package/dist/testing/cross_backend/capabilities.d.ts +0 -9
package/dist/testing/cross_backend/capabilities.d.ts.map +1 -1
package/dist/testing/cross_backend/capabilities.js +0 -1
package/dist/testing/cross_backend/cell_grant_role.d.ts +8 -0
package/dist/testing/cross_backend/cell_grant_role.d.ts.map +1 -0
package/dist/testing/cross_backend/cell_grant_role.js +102 -0
package/dist/testing/cross_backend/conformance_case.d.ts +144 -0
package/dist/testing/cross_backend/conformance_case.d.ts.map +1 -0
package/dist/testing/cross_backend/conformance_case.js +132 -0
package/dist/testing/cross_backend/conformance_table.d.ts +46 -0
package/dist/testing/cross_backend/conformance_table.d.ts.map +1 -0
package/dist/testing/cross_backend/conformance_table.js +199 -0
package/dist/testing/cross_backend/create_cross_backend_global_setup.d.ts +57 -0
package/dist/testing/cross_backend/create_cross_backend_global_setup.d.ts.map +1 -0
package/dist/testing/cross_backend/create_cross_backend_global_setup.js +31 -0
package/dist/testing/cross_backend/default_backend_configs.d.ts +13 -0
package/dist/testing/cross_backend/default_backend_configs.d.ts.map +1 -1
package/dist/testing/cross_backend/default_backend_configs.js +4 -6
package/dist/testing/cross_backend/default_spine_surface.d.ts +17 -9
package/dist/testing/cross_backend/default_spine_surface.d.ts.map +1 -1
package/dist/testing/cross_backend/default_spine_surface.js +20 -12
package/dist/testing/cross_backend/make_cross_backend_project.d.ts +72 -0
package/dist/testing/cross_backend/make_cross_backend_project.d.ts.map +1 -0
package/dist/testing/cross_backend/make_cross_backend_project.js +51 -0
package/dist/testing/cross_backend/origin.d.ts +10 -0
package/dist/testing/cross_backend/origin.d.ts.map +1 -0
package/dist/testing/cross_backend/origin.js +73 -0
package/dist/testing/cross_backend/setup.d.ts +22 -40
package/dist/testing/cross_backend/setup.d.ts.map +1 -1
package/dist/testing/cross_backend/setup.js +34 -5
package/dist/testing/cross_backend/standard.d.ts +8 -0
package/dist/testing/cross_backend/standard.d.ts.map +1 -1
package/dist/testing/cross_backend/standard.js +1 -0
package/dist/testing/cross_backend/testing_reset_actions.d.ts +102 -10
package/dist/testing/cross_backend/testing_reset_actions.d.ts.map +1 -1
package/dist/testing/cross_backend/testing_reset_actions.js +96 -5
package/dist/testing/cross_backend/xfail.d.ts +15 -0
package/dist/testing/cross_backend/xfail.d.ts.map +1 -0
package/dist/testing/cross_backend/xfail.js +37 -0
package/dist/testing/integration.d.ts +2 -3
package/dist/testing/integration.d.ts.map +1 -1
package/dist/testing/integration.js +40 -88
package/dist/testing/rate_limiting.d.ts +1 -1
package/dist/testing/rpc_helpers.d.ts +3 -3
package/dist/testing/sse_round_trip.d.ts +1 -1
package/dist/testing/stubs.d.ts.map +1 -1
package/dist/testing/stubs.js +0 -1
package/dist/ui/AdminAccounts.svelte +74 -83
package/dist/ui/AdminAccounts.svelte.d.ts.map +1 -1
package/dist/ui/AdminSessions.svelte +21 -23
package/dist/ui/AdminSessions.svelte.d.ts.map +1 -1
package/dist/ui/CLAUDE.md +17 -26
package/dist/ui/OpenSignupToggle.svelte +2 -5
package/dist/ui/OpenSignupToggle.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.d.ts +9 -10
package/dist/ui/account_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/account_sessions_state.svelte.js +7 -17
package/dist/ui/admin_accounts_state.svelte.d.ts +12 -19
package/dist/ui/admin_accounts_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_accounts_state.svelte.js +10 -24
package/dist/ui/admin_invites_state.svelte.d.ts +8 -11
package/dist/ui/admin_invites_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_invites_state.svelte.js +7 -16
package/dist/ui/admin_sessions_state.svelte.d.ts +6 -10
package/dist/ui/admin_sessions_state.svelte.d.ts.map +1 -1
package/dist/ui/admin_sessions_state.svelte.js +4 -14
package/dist/ui/app_settings_state.svelte.d.ts +8 -12
package/dist/ui/app_settings_state.svelte.d.ts.map +1 -1
package/dist/ui/app_settings_state.svelte.js +6 -16
package/dist/ui/audit_log_state.svelte.d.ts +9 -8
package/dist/ui/audit_log_state.svelte.d.ts.map +1 -1
package/dist/ui/audit_log_state.svelte.js +8 -20
package/package.json +1 -1

package/dist/testing/integration.d.ts CHANGED Viewed

@@ -25,13 +25,12 @@ export interface StandardIntegrationTestOptions {
      * not the source the test runtime reads from.
      */
     surface_source: AppSurfaceSpec;
-    /** Backend capability declarations — companion to `fixture.in_process` narrowing. */
+    /** Backend capability declarations for capability-gated cases. */
     capabilities: BackendCapabilities;
     /**
      * Session config — needed to resolve factory-form `rpc_endpoints`
      * against a stub `AppServerContext` at setup time and to read
-     * `cookie_name` for manual cookie composition in the origin-verify
-     * cases.
+     * `cookie_name` for manual cookie composition in the session cases.
      */
     session_options: SessionOptions<string>;
     /**

package/dist/testing/integration.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;~~AAO9D~~,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;~~AAkB1B~~,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACvD,OAAO,~~EAAU~~,KAAK,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;~~AAClF~~,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAGxD;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C;;;;OAIG;IACH,UAAU,EAAE,SAAS,CAAC;IACtB;;;;;;;;;OASG;IACH,cAAc,EAAE,cAAc,CAAC;IAC/B,~~qFAAqF~~;~~IACrF~~,YAAY,EAAE,mBAAmB,CAAC;IAClC~~;;;;;OAKG~~;IACH,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,~~IAy5CF~~,CAAC"}
1	+ {"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAM9D,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAiB1B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAC,KAAK,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAGxD;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C;;;;OAIG;IACH,UAAU,EAAE,SAAS,CAAC;IACtB;;;;;;;;;OASG;IACH,cAAc,EAAE,cAAc,CAAC;IAC/B,kEAAkE;IAClE,YAAY,EAAE,mBAAmB,CAAC;IAClC;;;;OAIG;IACH,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IA60CF,CAAC"}

package/dist/testing/integration.js CHANGED Viewed

@@ -17,14 +17,13 @@ import './assert_dev_env.js';
  * @module
  */
 import { describe, test, assert, afterAll } from 'vitest';
-import { find_auth_route, assert_response_matches_spec, create_expired_test_cookie, assert_no_error_info_leakage, } from './integration_helpers.js';
+import { find_auth_route, assert_response_matches_spec, assert_no_error_info_leakage, } from './integration_helpers.js';
 import { find_rpc_action, rpc_call_for_spec, require_rpc_endpoint_path, resolve_rpc_endpoints_for_setup, } from './rpc_helpers.js';
 import { ErrorCoverageCollector, assert_error_coverage, DEFAULT_INTEGRATION_ERROR_COVERAGE, } from './error_coverage.js';
-import { ApiError, ERROR_FORBIDDEN_ORIGIN } from '../http/error_schemas.js';
 import { is_public_auth } from '../http/auth_shape.js';
 import { account_verify_action_spec, account_session_list_action_spec, account_session_revoke_action_spec, account_session_revoke_all_action_spec, account_token_create_action_spec, account_token_list_action_spec, account_token_revoke_action_spec, } from '../auth/account_action_specs.js';
 import { invite_create_action_spec } from '../auth/admin_action_specs.js';
-import { test_if } from './cross_backend/capabilities.js';
+import {} from './cross_backend/capabilities.js';
 import { DEFAULT_TEST_PASSWORD } from './app_server.js';
 /**
  * Standard integration test suite for fuz_app auth routes.
@@ -323,19 +322,12 @@ export const describe_standard_integration_tests = (options) => {
                 });
                 assert.strictEqual(res.status, 401);
             });
-            test_if(options.capabilities.in_process_only, 'expired cookie returns 401', async () => {
-                const fixture = await options.setup_test();
-                assert(fixture.in_process);
-                const expired_cookie = await create_expired_test_cookie(fixture.keyring, options.session_options);
-                const res = await rpc_call_for_spec({
-                    app: { request: fixture.transport },
-                    path: rpc_path,
-                    spec: account_verify_action_spec,
-                    params: undefined,
-                    headers: { cookie: `${cookie_name}=${expired_cookie}` },
-                });
-                assert.strictEqual(res.status, 401);
-            });
+            // Expired-session rejection promoted to the cross-backend conformance
+            // table (the `expired_session` principal, `conformance_expiry_cases.ts`) —
+            // it exercises the authoritative server-side DB-row expiry gate over
+            // real auth resolution on every spine, not the cookie-payload gate a
+            // backdated-payload forge hit here. The payload gate stays covered by
+            // `parse_session`'s own unit tests.
         });
         // --- 4. Session revocation ---
         describe('session revocation', () => {
@@ -486,29 +478,11 @@ export const describe_standard_integration_tests = (options) => {
         });
         // --- 5. Origin verification ---
         describe('origin verification', () => {
-            test_if(options.capabilities.in_process_only, 'evil origin is rejected with 403', async () => {
-                const fixture = await options.setup_test();
-                assert(fixture.in_process);
-                // `verify_request_source` runs before the RPC dispatcher and returns a
-                // plain REST `{error}` body — not a JSON-RPC envelope. Skip `rpc_call`.
-                const res = await fixture.transport(rpc_path, {
-                    method: 'POST',
-                    headers: {
-                        host: 'localhost',
-                        origin: 'http://evil.com',
-                        'content-type': 'application/json',
-                        cookie: `${cookie_name}=${fixture.backend_internals.session_cookie}`,
-                    },
-                    body: JSON.stringify({
-                        jsonrpc: '2.0',
-                        method: account_verify_action_spec.method,
-                        id: 'evil-origin',
-                    }),
-                });
-                assert.strictEqual(res.status, 403);
-                const body = ApiError.parse(await res.json());
-                assert.strictEqual(body.error, ERROR_FORBIDDEN_ORIGIN);
-            });
+            // Disallowed-Origin → 403 and absent-Origin → pass promoted to the
+            // dedicated cross-backend origin parity suite (`cross_backend/origin.ts`,
+            // both legs) — it drives raw transport calls against each spine's real
+            // origin middleware. This positive control stays here as a basic
+            // happy-path check in the consumer integration bundle.
             test('valid origin is accepted', async () => {
                 const fixture = await options.setup_test();
                 const res = await rpc_call_for_spec({
@@ -520,21 +494,6 @@ export const describe_standard_integration_tests = (options) => {
                 });
                 assert.strictEqual(res.status, 200);
             });
-            test_if(options.capabilities.in_process_only, 'no origin header is allowed (direct access)', async () => {
-                const fixture = await options.setup_test();
-                assert(fixture.in_process);
-                // Probe the "no Origin / no Referer" path; `suppress_default_origin`
-                // skips the default `origin` header.
-                const res = await rpc_call_for_spec({
-                    app: { request: fixture.transport },
-                    path: rpc_path,
-                    spec: account_verify_action_spec,
-                    params: undefined,
-                    headers: { cookie: `${cookie_name}=${fixture.backend_internals.session_cookie}` },
-                    suppress_default_origin: true,
-                });
-                assert.notStrictEqual(res.status, 403);
-            });
         });
         // --- 6. Bearer auth ---
         describe('bearer auth', () => {
@@ -646,13 +605,30 @@ export const describe_standard_integration_tests = (options) => {
             test('non-admin cannot access admin routes', async () => {
                 const fixture = await options.setup_test();
                 // admin routes are optional in the base suite — admin-specific coverage
-                // lives in describe_standard_admin_integration_tests
-                const admin_route = route_specs.find((s) => s.auth.roles?.includes('admin') ?? false);
+                // lives in describe_standard_admin_integration_tests.
+                //
+                // Pick an admin REST route where a clean role-denial 403 is
+                // reachable: account-grain (`actor: 'none'`, so the authorization
+                // phase doesn't first demand an acting actor → `actor_required`)
+                // and input/param/query-free (so input validation doesn't 400
+                // first, per the 401 → 400 → 403 phase order). Admin surfaces are
+                // RPC-first now; a consumer may expose no such REST route (fuz_app
+                // itself, zzz) — then this REST-era check is a no-op and RPC denial
+                // is covered by `describe_rpc_attack_surface_tests`.
+                const admin_route = route_specs.find((s) => (s.auth.roles?.includes('admin') ?? false) &&
+                    s.auth.actor === 'none' &&
+                    !s.input &&
+                    !s.params &&
+                    !s.query);
                 if (!admin_route)
                     return;
+                // Probe with a freshly-created account — it holds no admin role
+                // (the keeper fixture behind `create_session_headers` does, so it
+                // would pass the gate).
+                const non_admin = await fixture.create_account({ username: 'non_admin_admin_probe' });
                 const res = await fixture.transport(admin_route.path, {
                     method: admin_route.method,
-                    headers: fixture.create_session_headers(),
+                    headers: { cookie: `${cookie_name}=${non_admin.session_cookie}` },
                 });
                 assert.strictEqual(res.status, 403);
                 const body = await res.json();
@@ -938,37 +914,13 @@ export const describe_standard_integration_tests = (options) => {
             });
         });
         // --- 11. Expired credential rejection ---
-        describe('expired credential rejection', () => {
-            test_if(options.capabilities.in_process_only, 'expired session cookie returns 401', async () => {
-                const fixture = await options.setup_test();
-                assert(fixture.in_process);
-                const expired_cookie = await create_expired_test_cookie(fixture.keyring, options.session_options);
-                const res = await rpc_call_for_spec({
-                    app: { request: fixture.transport },
-                    path: rpc_path,
-                    spec: account_verify_action_spec,
-                    params: undefined,
-                    headers: { cookie: `${cookie_name}=${expired_cookie}` },
-                });
-                assert.strictEqual(res.status, 401, 'Expired session cookie should be rejected');
-            });
-            test_if(options.capabilities.in_process_only, 'expired session cookie returns 401 on mutation route', async () => {
-                const fixture = await options.setup_test();
-                assert(fixture.in_process);
-                const logout_route = find_auth_route(route_specs, '/logout', 'POST');
-                assert.ok(logout_route, 'Expected POST /logout route — ensure create_route_specs includes account routes');
-                const expired_cookie = await create_expired_test_cookie(fixture.keyring, options.session_options);
-                const res = await fixture.transport(logout_route.path, {
-                    method: 'POST',
-                    headers: {
-                        host: 'localhost',
-                        cookie: `${cookie_name}=${expired_cookie}`,
-                    },
-                });
-                assert.strictEqual(res.status, 401, 'Expired session cookie should be rejected on POST');
-                error_collector.record(route_specs, 'POST', logout_route.path, 401);
-            });
-        });
+        // Expired-credential rejection (read + mutation paths) promoted to the
+        // cross-backend conformance table (`conformance_expiry_cases.ts`, the
+        // `expired_session` principal) — it asserts the authoritative
+        // server-side DB-row expiry gate over real auth resolution on every
+        // spine. The two near-identical in-process skips this replaced (both an
+        // `account_verify` read) collapse into the single read row there; the
+        // `/logout` mutation path is the second row.
         // --- 12. Bearer token browser context on mutation routes ---
         describe('bearer token browser context silently discarded on mutations', () => {
             test('bearer token with Origin header discarded on POST logout', async () => {

package/dist/testing/rate_limiting.d.ts CHANGED Viewed

@@ -32,7 +32,7 @@ export interface RateLimitingTestOptions {
      * Accepts either an array (eager) or a factory
      * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — the factory form
      * is required when action handlers must close over the per-test
-     * `ctx.app_settings` / `ctx.deps`. The factory must return the same
+     * `ctx.deps`. The factory must return the same
      * endpoint `path` regardless of ctx — it is invoked once at setup with
      * a stub ctx for path lookup and again per-test by `create_app_server`
      * for live dispatch.

package/dist/testing/rpc_helpers.d.ts CHANGED Viewed

@@ -10,9 +10,9 @@ import type { SessionOptions } from '../auth/session_cookie.js';
  * Union accepted by the suite-level `rpc_endpoints` option — eager array or
  * a factory that takes an `AppServerContext` and returns endpoint specs. The
  * factory form is required when action handlers must close over the
- * per-test `ctx.app_settings` / `ctx.deps` (e.g. the canonical
- * `create_standard_rpc_actions(ctx.deps, {app_settings: ctx.app_settings})`
- * pattern). `create_app_server` resolves either shape natively; test helpers
+ * per-test `ctx.deps` (e.g. the canonical
+ * `create_standard_rpc_actions(ctx.deps)` pattern). `create_app_server`
+ * resolves either shape natively; test helpers
  * forward the raw value to the top-level `rpc_endpoints` slot on
  * `CreateTestAppOptions` for live dispatch.
  */

package/dist/testing/sse_round_trip.d.ts CHANGED Viewed

@@ -57,7 +57,7 @@ export interface SseRouteTestOptions {
      * Accepts either an array (eager) or a factory
      * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — the factory form
      * is required when action handlers must close over the per-test
-     * `ctx.app_settings` / `ctx.deps`. The factory must return the same
+     * `ctx.deps`. The factory must return the same
      * endpoint `path` regardless of ctx — it is invoked once at setup with
      * a stub ctx for path lookup and again per-test by `create_app_server`
      * for live dispatch.

package/dist/testing/stubs.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"stubs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/stubs.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAE/D,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,YAAY,EAAC,MAAM,0BAA0B,CAAC;AAE3D,OAAO,KAAK,EAAC,gBAAgB,EAAE,sBAAsB,EAAC,MAAM,yBAAyB,CAAC;AACtF,OAAO,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAC/B,OAAO,EAAqB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAGzE,OAAO,EAEN,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAkB,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAA8B,KAAK,WAAW,EAAC,MAAM,+BAA+B,CAAC;AAI5F;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,GAAG,GAAG,EAAE,OAAO,MAAM,KAAG,CAqBtD,CAAC;AAET;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,GAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,MAAM,EAAE,YAAY,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,CAOxF,CAAC;AAET,iEAAiE;AACjE,eAAO,MAAM,IAAI,EAAE,GAAkC,CAAC;AAEtD;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,EAI/B,CAAC;AAEJ,gDAAgD;AAChD,eAAO,MAAM,YAAY,QAAO,QAAgC,CAAC;AAEjE,2CAA2C;AAC3C,eAAO,MAAM,OAAO,GAAU,IAAI,GAAG,EAAE,MAAM,GAAG,KAAG,OAAO,CAAC,IAAI,CAAW,CAAC;AAI3E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,QAAO,YAM3C,CAAC;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,QAAO,WAUxC,CAAC;AAEF,2EAA2E;AAC3E,eAAO,MAAM,aAAa,EAAE,OAS3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,QAAO,OAStC,CAAC;AAEH,2FAA2F;AAC3F,eAAO,MAAM,0BAA0B,GAAI,UAAU;IACpD,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAC/B,KAAG,KAAK,CAAC,cAAc,CAqBvB,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,8BAA8B,GAC1C,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,~~gBAqBF~~,CAAC;AAEF,kDAAkD;AAClD,MAAM,WAAW,+BAA+B;IAC/C,6DAA6D;IAC7D,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qFAAqF;IACrF,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,oEAAoE;IACpE,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACzB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC7F;;;;;;;;OAQG;IACH,YAAY,CAAC,EACV,aAAa,CAAC,cAAc,CAAC,GAC7B,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9D,mFAAmF;IACnF,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAC/E;;;;;;;;OAQG;IACH,SAAS,CAAC,EAAE,sBAAsB,CAAC;CACnC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B,GACxC,SAAS,+BAA+B,KACtC,cAwDF,CAAC"}
1	+ {"version":3,"file":"stubs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/stubs.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAE/D,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC7C,OAAO,KAAK,EAAC,YAAY,EAAC,MAAM,0BAA0B,CAAC;AAE3D,OAAO,KAAK,EAAC,gBAAgB,EAAE,sBAAsB,EAAC,MAAM,yBAAyB,CAAC;AACtF,OAAO,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAC/B,OAAO,EAAqB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAGzE,OAAO,EAEN,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAkB,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAA8B,KAAK,WAAW,EAAC,MAAM,+BAA+B,CAAC;AAI5F;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,GAAG,GAAG,EAAE,OAAO,MAAM,KAAG,CAqBtD,CAAC;AAET;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,GAAI,CAAC,GAAG,GAAG,EAAE,QAAQ,MAAM,EAAE,YAAY,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,CAOxF,CAAC;AAET,iEAAiE;AACjE,eAAO,MAAM,IAAI,EAAE,GAAkC,CAAC;AAEtD;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,QAAO,EAI/B,CAAC;AAEJ,gDAAgD;AAChD,eAAO,MAAM,YAAY,QAAO,QAAgC,CAAC;AAEjE,2CAA2C;AAC3C,eAAO,MAAM,OAAO,GAAU,IAAI,GAAG,EAAE,MAAM,GAAG,KAAG,OAAO,CAAC,IAAI,CAAW,CAAC;AAI3E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,QAAO,YAM3C,CAAC;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,QAAO,WAUxC,CAAC;AAEF,2EAA2E;AAC3E,eAAO,MAAM,aAAa,EAAE,OAS3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,QAAO,OAStC,CAAC;AAEH,2FAA2F;AAC3F,eAAO,MAAM,0BAA0B,GAAI,UAAU;IACpD,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAC/B,KAAG,KAAK,CAAC,cAAc,CAqBvB,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,8BAA8B,GAC1C,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,gBAoBF,CAAC;AAEF,kDAAkD;AAClD,MAAM,WAAW,+BAA+B;IAC/C,6DAA6D;IAC7D,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qFAAqF;IACrF,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,oEAAoE;IACpE,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC;IACzB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAC7F;;;;;;;;OAQG;IACH,YAAY,CAAC,EACV,aAAa,CAAC,cAAc,CAAC,GAC7B,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9D,mFAAmF;IACnF,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,KAAK,CAAC,cAAc,CAAC,CAAC;IAC/E;;;;;;;;OAQG;IACH,SAAS,CAAC,EAAE,sBAAsB,CAAC;CACnC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B,GACxC,SAAS,+BAA+B,KACtC,cAwDF,CAAC"}

package/dist/testing/stubs.js CHANGED Viewed

@@ -201,7 +201,6 @@ export const create_stub_app_server_context = (session_options) => {
         signup_account_rate_limiter: null,
         action_ip_rate_limiter: null,
         action_account_rate_limiter: null,
-        app_settings: { open_signup: false, updated_at: null, updated_by: null },
         audit_sse: null,
     };
 };

package/dist/ui/AdminAccounts.svelte CHANGED Viewed

@@ -50,21 +50,18 @@
 		</p>
 	{/if}
-	{#if admin_accounts.has_rpc}
-		<label class="row gap_xs font_size_sm">
-			<input
-				type="checkbox"
-				checked={admin_accounts.show_deleted}
-				onchange={(e) => admin_accounts.set_show_deleted(e.currentTarget.checked)}
-			/>
-			show deleted
-		</label>
-		<p class="text_50 font_size_sm">
-			“delete” is a reversible soft-delete (tombstone) — enable “show deleted” to reactivate an
-			account. Permanent hard-delete (purge) is keeper/CLI-only and intentionally not available
-			here.
-		</p>
-	{/if}
+	<label class="row gap_xs font_size_sm">
+		<input
+			type="checkbox"
+			checked={admin_accounts.show_deleted}
+			onchange={(e) => admin_accounts.set_show_deleted(e.currentTarget.checked)}
+		/>
+		show deleted
+	</label>
+	<p class="text_50 font_size_sm">
+		“delete” is a reversible soft-delete (tombstone) — enable “show deleted” to reactivate an
+		account. Permanent hard-delete (purge) is keeper/CLI-only and intentionally not available here.
+	</p>
 	{#if admin_accounts.list.loading}
 		<p class="text_50">loading accounts...</p>
@@ -111,7 +108,7 @@
 									expires {format_relative_time(role_grant.expires_at)}
 								</span>
 							{/if}
-							{#if admin_accounts.has_rpc && row.actor}
+							{#if row.actor}
 								{@const actor_id = row.actor.id}
 								{@const revoke_error = admin_accounts.revoke.error(role_grant.id)}
 								<ConfirmButton
@@ -129,6 +126,7 @@
 					{/each}
 					{#each row.pending_offers as offer (offer.id)}
 						{@const offer_scope = scope_label(offer.scope_id, offer.role)}
+						{@const retract_error = admin_accounts.retract.error(offer.id)}
 						<div class="row">
 							<span
 								class="chip"
@@ -141,18 +139,15 @@
 									{offer_scope}
 								</span>
 							{/if}
-							{#if admin_accounts.has_rpc}
-								{@const retract_error = admin_accounts.retract.error(offer.id)}
-								<ConfirmButton
-									onconfirm={() => admin_accounts.submit_retract(offer.id)}
-									title="retract offer"
-									class="sm"
-									label="retract"
-									pending={admin_accounts.retract.loading(offer.id)}
-								/>
-								{#if retract_error}
-									<span class="color_c_50 font_size_sm">{retract_error}</span>
-								{/if}
+							<ConfirmButton
+								onconfirm={() => admin_accounts.submit_retract(offer.id)}
+								title="retract offer"
+								class="sm"
+								label="retract"
+								pending={admin_accounts.retract.loading(offer.id)}
+							/>
+							{#if retract_error}
+								<span class="color_c_50 font_size_sm">{retract_error}</span>
 							{/if}
 						</div>
 					{/each}
@@ -160,70 +155,66 @@
 						<span class="text_50">none</span>
 					{/if}
 				{:else if column.key === 'actor'}
-					{#if admin_accounts.has_rpc}
-						{#each admin_accounts.grantable_roles as role (role)}
-							{@const key = grant_key(row.account.id, role)}
-							{@const grant_error = admin_accounts.grant.error(key)}
-							{#if !row.role_grants.some((p) => p.role === role) && !row.pending_offers.some((o) => o.role === role)}
-								<ConfirmButton
-									onconfirm={() => admin_accounts.submit_grant(row.account.id, role)}
-									title="offer {role}"
-									class="sm"
-									label={`+ ${role}`}
-									pending={admin_accounts.grant.loading(key)}
-								>
-									{#snippet popover_content(_popover, do_confirm)}
-										<button type="button" class="color_b bg_100" onclick={() => do_confirm()}>
-											<span class="py_sm">offer '{role}' to @{row.account.username}</span>
-										</button>
-									{/snippet}
-								</ConfirmButton>
-								{#if grant_error}
-									<span class="color_c_50 font_size_sm">{grant_error}</span>
-								{/if}
-							{/if}
-						{/each}
-					{/if}
-				{:else if column.key === 'pending_offers'}
-					{#if admin_accounts.has_rpc}
-						{#if row.account.deleted_at}
-							{@const undelete_error = admin_accounts.undelete.error(row.account.id)}
-							<span
-								class="chip font_size_sm color_c"
-								title={format_datetime_local(row.account.deleted_at)}
-							>
-								deleted {format_relative_time(row.account.deleted_at)}
-							</span>
-							<button
-								type="button"
-								class="sm"
-								disabled={admin_accounts.undelete.loading(row.account.id)}
-								onclick={() => admin_accounts.submit_undelete(row.account.id)}
-							>
-								reactivate
-							</button>
-							{#if undelete_error}
-								<span class="color_c_50 font_size_sm">{undelete_error}</span>
-							{/if}
-						{:else}
-							{@const delete_error = admin_accounts.soft_delete.error(row.account.id)}
+					{#each admin_accounts.grantable_roles as role (role)}
+						{@const key = grant_key(row.account.id, role)}
+						{@const grant_error = admin_accounts.grant.error(key)}
+						{#if !row.role_grants.some((p) => p.role === role) && !row.pending_offers.some((o) => o.role === role)}
 							<ConfirmButton
-								onconfirm={() => admin_accounts.submit_delete(row.account.id)}
-								title="soft-delete @{row.account.username}"
+								onconfirm={() => admin_accounts.submit_grant(row.account.id, role)}
+								title="offer {role}"
 								class="sm"
-								label="delete"
-								pending={admin_accounts.soft_delete.loading(row.account.id)}
+								label={`+ ${role}`}
+								pending={admin_accounts.grant.loading(key)}
 							>
 								{#snippet popover_content(_popover, do_confirm)}
-									<button type="button" class="color_c bg_100" onclick={() => do_confirm()}>
-										<span class="py_sm">soft-delete @{row.account.username} (reversible)</span>
+									<button type="button" class="color_b bg_100" onclick={() => do_confirm()}>
+										<span class="py_sm">offer '{role}' to @{row.account.username}</span>
 									</button>
 								{/snippet}
 							</ConfirmButton>
-							{#if delete_error}
-								<span class="color_c_50 font_size_sm">{delete_error}</span>
+							{#if grant_error}
+								<span class="color_c_50 font_size_sm">{grant_error}</span>
 							{/if}
 						{/if}
+					{/each}
+				{:else if column.key === 'pending_offers'}
+					{#if row.account.deleted_at}
+						{@const undelete_error = admin_accounts.undelete.error(row.account.id)}
+						<span
+							class="chip font_size_sm color_c"
+							title={format_datetime_local(row.account.deleted_at)}
+						>
+							deleted {format_relative_time(row.account.deleted_at)}
+						</span>
+						<button
+							type="button"
+							class="sm"
+							disabled={admin_accounts.undelete.loading(row.account.id)}
+							onclick={() => admin_accounts.submit_undelete(row.account.id)}
+						>
+							reactivate
+						</button>
+						{#if undelete_error}
+							<span class="color_c_50 font_size_sm">{undelete_error}</span>
+						{/if}
+					{:else}
+						{@const delete_error = admin_accounts.soft_delete.error(row.account.id)}
+						<ConfirmButton
+							onconfirm={() => admin_accounts.submit_delete(row.account.id)}
+							title="soft-delete @{row.account.username}"
+							class="sm"
+							label="delete"
+							pending={admin_accounts.soft_delete.loading(row.account.id)}
+						>
+							{#snippet popover_content(_popover, do_confirm)}
+								<button type="button" class="color_c bg_100" onclick={() => do_confirm()}>
+									<span class="py_sm">soft-delete @{row.account.username} (reversible)</span>
+								</button>
+							{/snippet}
+						</ConfirmButton>
+						{#if delete_error}
+							<span class="color_c_50 font_size_sm">{delete_error}</span>
+						{/if}
 					{/if}
 				{/if}
 			{/snippet}

package/dist/ui/AdminAccounts.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AdminAccounts.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAccounts.svelte"],"names":[],"mappings":"~~AA2MA~~,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}
1	+ {"version":3,"file":"AdminAccounts.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAccounts.svelte"],"names":[],"mappings":"AAkMA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}

package/dist/ui/AdminSessions.svelte CHANGED Viewed

@@ -62,29 +62,27 @@
 						{format_relative_time(row.expires_at)}
 					</span>
 				{:else if column.key === 'account_id'}
-					{#if admin_sessions.has_rpc}
-						{@const revoke_sessions_error = admin_sessions.revoke_sessions.error(row.account_id)}
-						{@const revoke_tokens_error = admin_sessions.revoke_tokens.error(row.account_id)}
-						<ConfirmButton
-							onconfirm={() => admin_sessions.submit_revoke_sessions(row.account_id)}
-							title="revoke all sessions for {row.username}"
-							class="sm"
-							label="revoke sessions"
-							pending={admin_sessions.revoke_sessions.loading(row.account_id)}
-						/>
-						{#if revoke_sessions_error}
-							<span class="color_c_50 font_size_sm">{revoke_sessions_error}</span>
-						{/if}
-						<ConfirmButton
-							onconfirm={() => admin_sessions.submit_revoke_tokens(row.account_id)}
-							title="revoke all tokens for {row.username}"
-							class="sm"
-							label="revoke tokens"
-							pending={admin_sessions.revoke_tokens.loading(row.account_id)}
-						/>
-						{#if revoke_tokens_error}
-							<span class="color_c_50 font_size_sm">{revoke_tokens_error}</span>
-						{/if}
+					{@const revoke_sessions_error = admin_sessions.revoke_sessions.error(row.account_id)}
+					{@const revoke_tokens_error = admin_sessions.revoke_tokens.error(row.account_id)}
+					<ConfirmButton
+						onconfirm={() => admin_sessions.submit_revoke_sessions(row.account_id)}
+						title="revoke all sessions for {row.username}"
+						class="sm"
+						label="revoke sessions"
+						pending={admin_sessions.revoke_sessions.loading(row.account_id)}
+					/>
+					{#if revoke_sessions_error}
+						<span class="color_c_50 font_size_sm">{revoke_sessions_error}</span>
+					{/if}
+					<ConfirmButton
+						onconfirm={() => admin_sessions.submit_revoke_tokens(row.account_id)}
+						title="revoke all tokens for {row.username}"
+						class="sm"
+						label="revoke tokens"
+						pending={admin_sessions.revoke_tokens.loading(row.account_id)}
+					/>
+					{#if revoke_tokens_error}
+						<span class="color_c_50 font_size_sm">{revoke_tokens_error}</span>
 					{/if}
 				{:else if column.format}
 					{column.format(row[column.key], row)}

package/dist/ui/AdminSessions.svelte.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AdminSessions.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminSessions.svelte"],"names":[],"mappings":"~~AAoGA~~,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}
1	+ {"version":3,"file":"AdminSessions.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminSessions.svelte"],"names":[],"mappings":"AAkGA,UAAU,kCAAkC,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,MAAM,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,GAAG,EAAE,EAAE,QAAQ,GAAG,MAAM;IACpM,KAAK,OAAO,EAAE,OAAO,QAAQ,EAAE,2BAA2B,CAAC,KAAK,CAAC,GAAG,OAAO,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC;IACjK,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAA;KAAC,GAAG,OAAO,GAAG;QAAE,IAAI,CAAC,EAAE,GAAG,CAAC;QAAC,GAAG,CAAC,EAAE,GAAG,CAAA;KAAE,CAAC;IACtG,YAAY,CAAC,EAAE,QAAQ,CAAC;CAC3B;AAKD,QAAA,MAAM,aAAa;;kBAA+E,CAAC;AACjF,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAe,aAAa,CAAC"}

package/dist/ui/CLAUDE.md CHANGED Viewed

@@ -18,16 +18,17 @@ file is a reference, not a tutorial.
 ## Key patterns
-### RPC adapter contexts with `() => null` fallback
+### RPC adapter contexts (required, no fallback)
 Five narrow RPC adapter contexts — `admin_accounts_rpc_context`,
 `admin_invites_rpc_context`, `audit_log_rpc_context`,
 `app_settings_rpc_context`, `account_sessions_rpc_context` — carry a
-reactive `() => Rpc | null` accessor. All five declare a `() => () => null`
-default so components mounted without a provisioner render the "rpc adapter
-not wired" state instead of crashing. (`role_grant_offers_state_context` carries
-a `RoleGrantOffersState` directly, not an RPC accessor, and isn't counted
-here.) The standard consumer shape:
+reactive `() => Rpc` accessor. None declares a fallback, so `get()` throws
+when a component mounts without a provisioner above it — the adapter is
+required, and a missing wire fails loudly at mount rather than degrading
+silently. (`role_grant_offers_state_context` carries a `RoleGrantOffersState`
+directly, not an RPC accessor, and isn't counted here.) The standard consumer
+shape:
 ```ts
 const get_rpc = admin_accounts_rpc_context.get();
@@ -45,14 +46,6 @@ The provisioner calls `context.set(() => rpc)` once at the admin route
 shell. Every admin component plus `OpenSignupToggle.svelte` consumes the
 context — RPC adapters are never threaded through props.
-### `has_rpc` gates fetch and mutations
-Every state class backed by a narrow RPC interface exposes a `has_rpc`
-getter. When `false`, `fetch()`, mutations, and `subscribe` no-op and
-set `error` to `'rpc adapter not wired'`. `AdminSessionsState`'s listing
-plus mutations all run through the shared `AdminAccountsRpc`, so
-`has_rpc` gates the whole surface.
 ### `$state.raw` Map keyed by id + `$derived` views
 `RoleGrantOffersState` maintains a single `Map<string, RoleGrantOfferJson>` in
@@ -159,7 +152,7 @@ destructive actions.
   `/api/surface` (REST) and delegates to `SurfaceExplorer`.
 - `OpenSignupToggle.svelte` — single checkbox bound to
   `AppSettingsState.settings.open_signup`. Consumes
-  `app_settings_rpc_context`; hides gracefully when `has_rpc` is `false`.
+  `app_settings_rpc_context`.
 - `SurfaceExplorer.svelte` — reads-only `AppSurface` renderer. Props:
   `surface: AppSurface`. Filter routes by auth type; expand a row to
   dump `params`/`query`/`input`/`output`/`errors` schemas as JSON.
@@ -317,8 +310,7 @@ the `submit_*` prefix where the verb collides with a slot name.
   (`list_sessions` wraps `admin_session_list`) and the two revoke-all
   mutations. Slots: `list` (AsyncSlot), `revoke_sessions` /
   `revoke_tokens` (`KeyedAsyncSlot<Uuid, void>` keyed by
-  `account_id`). `has_rpc` gates the listing + both revoke controls.
-  Methods: `fetch`, `submit_revoke_sessions`, `submit_revoke_tokens`.
+  `account_id`). Methods: `fetch`, `submit_revoke_sessions`, `submit_revoke_tokens`.
 - `app_settings_state.svelte.ts` — `AppSettingsState` +
   `app_settings_rpc_context` + narrow `AppSettingsRpc` (`get`,
   `update`). Slots: `list`, `update`. Field: `settings`. Single
@@ -337,23 +329,22 @@ the `submit_*` prefix where the verb collides with a slot name.
 ## RPC adapter contexts
-All five RPC-carrying contexts have a `() => () => null` default and
-share the same `has_rpc`-gated state-class shape; consumers wire a typed
-RPC client to each narrow interface. See "Key patterns" above for the
-provisioner pattern.
+All five RPC-carrying contexts are required (no fallback) — `get()` throws
+when unprovisioned; consumers wire a typed RPC client to each narrow
+interface. See "Key patterns" above for the provisioner pattern.
 - `auth_state_context` — carries `AuthState` directly (not an RPC
   accessor). Used by every auth form, `AdminOverview`,
   `AdminSettings`, `AccountSessions`, `LogoutButton`.
-- `admin_accounts_rpc_context` — `() => AdminAccountsRpc | null`.
+- `admin_accounts_rpc_context` — `() => AdminAccountsRpc`.
   Consumed by `AdminAccounts`, `AdminSessions`, `AdminOverview`.
-- `admin_invites_rpc_context` — `() => AdminInvitesRpc | null`.
+- `admin_invites_rpc_context` — `() => AdminInvitesRpc`.
   Consumed by `AdminInvites`, `AdminOverview`.
-- `audit_log_rpc_context` — `() => AuditLogRpc | null`. Consumed by
+- `audit_log_rpc_context` — `() => AuditLogRpc`. Consumed by
   `AdminAuditLog`, `AdminRoleGrantHistory`, `AdminOverview`.
-- `app_settings_rpc_context` — `() => AppSettingsRpc | null`.
+- `app_settings_rpc_context` — `() => AppSettingsRpc`.
   Consumed by `OpenSignupToggle`, `AdminOverview`.
-- `account_sessions_rpc_context` — `() => AccountSessionsRpc | null`.
+- `account_sessions_rpc_context` — `() => AccountSessionsRpc`.
   Consumed by `AccountSessions`.
 - `role_grant_offers_state_context` — carries `RoleGrantOffersState`
   directly. Consumed by `RoleGrantOfferInbox`, `RoleGrantOfferForm`,