npm - hazo_auth - Versions diffs - 10.2.3 → 10.4.1 - Mend

hazo_auth 10.2.3 → 10.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

package/dist/components/permission_denied_dialog.client.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import React from 'react';
+export interface PermissionDeniedDetails {
+    missing_permissions?: string[];
+    permission_descriptions?: Record<string, string>;
+    action_label?: string;
+    origin_url?: string;
+}
+export interface PermissionDeniedDialogProps {
+    open: boolean;
+    onOpenChange: (open: boolean) => void;
+    friendlyMessage?: string;
+    technicalDetails?: PermissionDeniedDetails;
+}
+/**
+ * Dialog shown when a user attempts an action they don't have permission for.
+ * Uses hazo_ui primitives when available, falls back to plain HTML overlay if not.
+ */
+export declare function PermissionDeniedDialog({ open, onOpenChange, friendlyMessage, technicalDetails, }: PermissionDeniedDialogProps): React.JSX.Element | null;
+//# sourceMappingURL=permission_denied_dialog.client.d.ts.map

package/dist/components/permission_denied_dialog.client.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission_denied_dialog.client.d.ts","sourceRoot":"","sources":["../../src/components/permission_denied_dialog.client.tsx"],"names":[],"mappings":"AAKA,OAAO,KAA8B,MAAM,OAAO,CAAC;AAGnD,MAAM,WAAW,uBAAuB;IACtC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,2BAA2B;IAC1C,IAAI,EAAE,OAAO,CAAC;IACd,YAAY,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,uBAAuB,CAAC;CAC5C;AAkDD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,EACrC,IAAI,EACJ,YAAY,EACZ,eAAoH,EACpH,gBAAgB,GACjB,EAAE,2BAA2B,4BAuJ7B"}

package/dist/components/permission_denied_dialog.client.js ADDED Viewed

@@ -0,0 +1,112 @@
+// file_description: dialog component shown when a fetch response returns error.code === 'PERMISSION_DENIED'
+// Probes hazo_ui at mount time (it's a peer dep) and falls back to plain HTML if unavailable.
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+// section: imports
+import React, { useEffect, useState } from 'react';
+// section: ui_probe
+// Lazy-loaded hazo_ui Dialog + Accordion primitives.
+// We use dynamic import so the build never hard-requires hazo_ui to be resolvable.
+let _Dialog = null;
+let _DialogContent = null;
+let _DialogHeader = null;
+let _DialogTitle = null;
+let _DialogDescription = null;
+let _Accordion = null;
+let _AccordionItem = null;
+let _AccordionTrigger = null;
+let _AccordionContent = null;
+let _uiReady = false;
+function probeUi() {
+    if (_uiReady)
+        return Promise.resolve(true);
+    return import('hazo_ui')
+        .then((m) => {
+        _Dialog = m.HazoUiDialogRoot;
+        _DialogContent = m.HazoUiDialogContent;
+        _DialogHeader = m.HazoUiDialogHeader;
+        _DialogTitle = m.HazoUiDialogTitle;
+        _DialogDescription = m.HazoUiDialogDescription;
+        _Accordion = m.Accordion;
+        _AccordionItem = m.AccordionItem;
+        _AccordionTrigger = m.AccordionTrigger;
+        _AccordionContent = m.AccordionContent;
+        _uiReady = true;
+        return true;
+    })
+        .catch(() => false);
+}
+// section: helpers
+/** Only allow http/https/relative URLs in hrefs to prevent javascript:/data: XSS. */
+function sanitizeHref(url) {
+    try {
+        // Relative paths (starting with /) are always safe
+        if (url.startsWith('/'))
+            return url;
+        const u = new URL(url);
+        return (u.protocol === 'http:' || u.protocol === 'https:') ? url : null;
+    }
+    catch (_a) {
+        return null;
+    }
+}
+// section: component
+/**
+ * Dialog shown when a user attempts an action they don't have permission for.
+ * Uses hazo_ui primitives when available, falls back to plain HTML overlay if not.
+ */
+export function PermissionDeniedDialog({ open, onOpenChange, friendlyMessage = "You don't have permission to perform this action. A request has been sent to your administrator.", technicalDetails, }) {
+    var _a, _b, _c;
+    const [uiReady, setUiReady] = useState(false);
+    useEffect(() => {
+        probeUi().then(setUiReady);
+    }, []);
+    const hasTechnical = technicalDetails &&
+        (((_b = (_a = technicalDetails.missing_permissions) === null || _a === void 0 ? void 0 : _a.length) !== null && _b !== void 0 ? _b : 0) > 0 ||
+            technicalDetails.action_label ||
+            technicalDetails.origin_url);
+    if (!open)
+        return null;
+    // Fallback: plain HTML overlay when hazo_ui is not installed
+    if (!uiReady) {
+        return (_jsx("div", { style: {
+                position: 'fixed',
+                inset: 0,
+                background: 'rgba(0,0,0,0.5)',
+                zIndex: 9999,
+                display: 'flex',
+                alignItems: 'center',
+                justifyContent: 'center',
+            }, children: _jsxs("div", { style: {
+                    background: '#fff',
+                    borderRadius: 8,
+                    padding: 24,
+                    maxWidth: 480,
+                    width: '100%',
+                }, children: [_jsx("h2", { style: { margin: '0 0 8px', fontSize: 18, fontWeight: 600 }, children: "Access Required" }), _jsx("p", { style: { margin: '0 0 16px', color: '#555' }, children: friendlyMessage }), _jsx("button", { onClick: () => onOpenChange(false), style: {
+                            padding: '8px 16px',
+                            background: '#000',
+                            color: '#fff',
+                            border: 'none',
+                            borderRadius: 4,
+                            cursor: 'pointer',
+                        }, children: "Close" })] }) }));
+    }
+    // Full hazo_ui dialog with optional technical-details accordion
+    return React.createElement(_Dialog, { open, onOpenChange }, React.createElement(_DialogContent, { className: 'sm:max-w-[480px]' }, React.createElement(_DialogHeader, null, React.createElement(_DialogTitle, null, 'Access Required'), React.createElement(_DialogDescription, null, friendlyMessage)), hasTechnical &&
+        React.createElement(_Accordion, { type: 'single', collapsible: true, className: 'mt-4' }, React.createElement(_AccordionItem, { value: 'details' }, React.createElement(_AccordionTrigger, { className: 'text-sm text-gray-500' }, 'Technical details'), React.createElement(_AccordionContent, null, React.createElement('div', { className: 'text-xs text-gray-600 space-y-2 pt-2' }, ((_c = technicalDetails === null || technicalDetails === void 0 ? void 0 : technicalDetails.missing_permissions) === null || _c === void 0 ? void 0 : _c.length)
+            ? React.createElement('div', null, React.createElement('span', { className: 'font-medium' }, 'Missing permissions: '), technicalDetails.missing_permissions.join(', '))
+            : null, (technicalDetails === null || technicalDetails === void 0 ? void 0 : technicalDetails.action_label)
+            ? React.createElement('div', null, React.createElement('span', { className: 'font-medium' }, 'Action: '), technicalDetails.action_label)
+            : null, (technicalDetails === null || technicalDetails === void 0 ? void 0 : technicalDetails.origin_url)
+            ? React.createElement('div', null, React.createElement('span', { className: 'font-medium' }, 'Return to: '), (() => {
+                const safe = sanitizeHref(technicalDetails.origin_url);
+                return safe
+                    ? React.createElement('a', { href: safe, className: 'underline text-blue-600' }, technicalDetails.origin_url)
+                    : React.createElement('span', { className: 'text-gray-500' }, technicalDetails.origin_url);
+            })())
+            : null)))), React.createElement('div', { className: 'mt-6 flex justify-end' }, React.createElement('button', {
+        onClick: () => onOpenChange(false),
+        className: 'px-4 py-2 text-sm font-medium bg-gray-900 text-white rounded-md hover:bg-gray-800',
+    }, 'Close'))));
+}

package/dist/components/ui/alert-dialog.d.ts CHANGED Viewed

@@ -6,11 +6,11 @@ declare const AlertDialogPortal: React.FC<AlertDialogPrimitive.AlertDialogPortal
 declare const AlertDialogOverlay: React.ForwardRefExoticComponent<Omit<AlertDialogPrimitive.AlertDialogOverlayProps & React.RefAttributes<HTMLDivElement>, "ref"> & React.RefAttributes<HTMLDivElement>>;
 declare const AlertDialogContent: React.ForwardRefExoticComponent<Omit<AlertDialogPrimitive.AlertDialogContentProps & React.RefAttributes<HTMLDivElement>, "ref"> & React.RefAttributes<HTMLDivElement>>;
 declare const AlertDialogHeader: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element;
     displayName: string;
 };
 declare const AlertDialogFooter: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element;
     displayName: string;
 };
 declare const AlertDialogTitle: React.ForwardRefExoticComponent<Omit<AlertDialogPrimitive.AlertDialogTitleProps & React.RefAttributes<HTMLHeadingElement>, "ref"> & React.RefAttributes<HTMLHeadingElement>>;

package/dist/components/ui/dialog.d.ts CHANGED Viewed

@@ -7,11 +7,11 @@ declare const DialogClose: React.ForwardRefExoticComponent<DialogPrimitive.Dialo
 declare const DialogOverlay: React.ForwardRefExoticComponent<Omit<DialogPrimitive.DialogOverlayProps & React.RefAttributes<HTMLDivElement>, "ref"> & React.RefAttributes<HTMLDivElement>>;
 declare const DialogContent: React.ForwardRefExoticComponent<Omit<DialogPrimitive.DialogContentProps & React.RefAttributes<HTMLDivElement>, "ref"> & React.RefAttributes<HTMLDivElement>>;
 declare const DialogHeader: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element;
     displayName: string;
 };
 declare const DialogFooter: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element;
     displayName: string;
 };
 declare const DialogTitle: React.ForwardRefExoticComponent<Omit<DialogPrimitive.DialogTitleProps & React.RefAttributes<HTMLHeadingElement>, "ref"> & React.RefAttributes<HTMLHeadingElement>>;

package/dist/components/ui/dropdown-menu.d.ts CHANGED Viewed

@@ -21,7 +21,7 @@ declare const DropdownMenuLabel: React.ForwardRefExoticComponent<Omit<DropdownMe
 } & React.RefAttributes<HTMLDivElement>>;
 declare const DropdownMenuSeparator: React.ForwardRefExoticComponent<Omit<DropdownMenuPrimitive.DropdownMenuSeparatorProps & React.RefAttributes<HTMLDivElement>, "ref"> & React.RefAttributes<HTMLDivElement>>;
 declare const DropdownMenuShortcut: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLSpanElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLSpanElement>): React.JSX.Element;
     displayName: string;
 };
 export { DropdownMenu, DropdownMenuTrigger, DropdownMenuContent, DropdownMenuItem, DropdownMenuCheckboxItem, DropdownMenuRadioItem, DropdownMenuLabel, DropdownMenuSeparator, DropdownMenuShortcut, DropdownMenuGroup, DropdownMenuPortal, DropdownMenuSub, DropdownMenuSubContent, DropdownMenuSubTrigger, DropdownMenuRadioGroup, };

package/dist/components/ui/hazo_ui_tooltip.d.ts CHANGED Viewed

@@ -22,5 +22,5 @@ export type HazoUITooltipProps = {
  * @param props - Component props including message, icon size, and placement
  * @returns Tooltip component with question mark icon
  */
-export declare function HazoUITooltip({ message, iconSize, iconClassName, side, }: HazoUITooltipProps): import("react/jsx-runtime").JSX.Element;
+export declare function HazoUITooltip({ message, iconSize, iconClassName, side, }: HazoUITooltipProps): import("react").JSX.Element;
 //# sourceMappingURL=hazo_ui_tooltip.d.ts.map

package/dist/components/ui/hazo_ui_tooltip.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"hazo_ui_tooltip.d.ts","sourceRoot":"","sources":["../../../src/components/ui/hazo_ui_tooltip.tsx"],"names":[],"mappings":"AASA,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,IAAI,CAAC,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC5C,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,EAC5B,OAAO,EACP,QAAa,EACb,aAAqD,EACrD,IAAY,GACb,EAAE,kBAAkB~~,2CAyBpB~~"}
1	+ {"version":3,"file":"hazo_ui_tooltip.d.ts","sourceRoot":"","sources":["../../../src/components/ui/hazo_ui_tooltip.tsx"],"names":[],"mappings":"AASA,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,IAAI,CAAC,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;CAC5C,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,EAC5B,OAAO,EACP,QAAa,EACb,aAAqD,EACrD,IAAY,GACb,EAAE,kBAAkB,+BAyBpB"}

package/dist/components/ui/sheet.d.ts CHANGED Viewed

@@ -10,11 +10,11 @@ declare const SheetContent: React.ForwardRefExoticComponent<Omit<SheetPrimitive.
     side?: "top" | "right" | "bottom" | "left" | null | undefined;
 } & import("class-variance-authority/types").ClassProp) | undefined) => string> & React.RefAttributes<HTMLDivElement>>;
 declare const SheetHeader: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element;
     displayName: string;
 };
 declare const SheetFooter: {
-    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+    ({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): React.JSX.Element;
     displayName: string;
 };
 declare const SheetTitle: React.ForwardRefExoticComponent<Omit<SheetPrimitive.DialogTitleProps & React.RefAttributes<HTMLHeadingElement>, "ref"> & React.RefAttributes<HTMLHeadingElement>>;

package/dist/components/ui/skeleton.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-declare function Skeleton({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react/jsx-runtime").JSX.Element;
+declare function Skeleton({ className, ...props }: React.HTMLAttributes<HTMLDivElement>): import("react").JSX.Element;
 export { Skeleton };
 //# sourceMappingURL=skeleton.d.ts.map

package/dist/components/ui/skeleton.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"skeleton.d.ts","sourceRoot":"","sources":["../../../src/components/ui/skeleton.tsx"],"names":[],"mappings":"AAEA,iBAAS,QAAQ,CAAC,EAChB,SAAS,EACT,GAAG,KAAK,EACT,EAAE,KAAK,CAAC,cAAc,CAAC,cAAc,CAAC~~,2CAOtC~~;AAED,OAAO,EAAE,QAAQ,EAAE,CAAA"}
1	+ {"version":3,"file":"skeleton.d.ts","sourceRoot":"","sources":["../../../src/components/ui/skeleton.tsx"],"names":[],"mappings":"AAEA,iBAAS,QAAQ,CAAC,EAChB,SAAS,EACT,GAAG,KAAK,EACT,EAAE,KAAK,CAAC,cAAc,CAAC,cAAc,CAAC,+BAOtC;AAED,OAAO,EAAE,QAAQ,EAAE,CAAA"}

package/dist/components/ui/sonner.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { Toaster as Sonner } from "sonner";
 type ToasterProps = React.ComponentProps<typeof Sonner>;
-declare const Toaster: ({ ...props }: ToasterProps) => import("react/jsx-runtime").JSX.Element;
+declare const Toaster: ({ ...props }: ToasterProps) => import("react").JSX.Element;
 export { Toaster };
 //# sourceMappingURL=sonner.d.ts.map

package/dist/components/ui/sonner.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"sonner.d.ts","sourceRoot":"","sources":["../../../src/components/ui/sonner.tsx"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE1C,KAAK,YAAY,GAAG,KAAK,CAAC,cAAc,CAAC,OAAO,MAAM,CAAC,CAAA;AAEvD,QAAA,MAAM,OAAO,GAAI,cAAc,YAAY,~~4CAqB1C~~,CAAA;AAED,OAAO,EAAE,OAAO,EAAE,CAAA"}
1	+ {"version":3,"file":"sonner.d.ts","sourceRoot":"","sources":["../../../src/components/ui/sonner.tsx"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE1C,KAAK,YAAY,GAAG,KAAK,CAAC,cAAc,CAAC,OAAO,MAAM,CAAC,CAAA;AAEvD,QAAA,MAAM,OAAO,GAAI,cAAc,YAAY,gCAqB1C,CAAA;AAED,OAAO,EAAE,OAAO,EAAE,CAAA"}

package/dist/components/ui/tree-view.d.ts CHANGED Viewed

@@ -86,7 +86,7 @@ declare const TreeNode: ({ item, handleSelectChange, expandedItemIds, selectedIt
     draggedItem: TreeDataItem | null;
     renderItem?: (params: TreeRenderItemParams) => React.ReactNode;
     level?: number;
-}) => import("react/jsx-runtime").JSX.Element;
+}) => React.JSX.Element;
 declare const TreeLeaf: React.ForwardRefExoticComponent<React.HTMLAttributes<HTMLDivElement> & {
     item: TreeDataItem;
     level: number;

package/dist/components/ui/tree-view.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"tree-view.d.ts","sourceRoot":"","sources":["../../../src/components/ui/tree-view.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,MAAM,OAAO,CAAA;AACzB,OAAO,KAAK,kBAAkB,MAAM,2BAA2B,CAAA;AAiB/D,UAAU,YAAY;IAClB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAClD,YAAY,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC1D,QAAQ,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACtD,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAA;IACzB,OAAO,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAA;IACpB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,KAAK,oBAAoB,GAAG;IACxB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,OAAO,CAAA;IACf,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,OAAO,CAAA;CACvB,CAAA;AAaD,QAAA,MAAM,QAAQ;UAVJ,YAAY,EAAE,GAAG,YAAY;4BACX,MAAM;qBACb,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;gBAC7C,OAAO;sBACD,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;qBAC5C,CAAC,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,KAAK,IAAI;iBAChE,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS;wCAoGjE,CAAA;AAeD,QAAA,MAAM,QAAQ;UA1HJ,YAAY,EAAE,GAAG,YAAY;4BACX,MAAM;qBACb,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;gBAC7C,OAAO;sBACD,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;qBAC5C,CAAC,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,KAAK,IAAI;iBAChE,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS;;qBAwG7C,MAAM;wBACH,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;qBAC3C,MAAM,EAAE;sBACP,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBACjC,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBAC5B,YAAY,GAAG,IAAI;YACxB,MAAM;wCAmEjB,CAAA;AAGD,QAAA,MAAM,QAAQ,GAAI,+JAYf;IACC,IAAI,EAAE,YAAY,CAAA;IAClB,kBAAkB,EAAE,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI,CAAA;IAC5D,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,eAAe,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7D,eAAe,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7D,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI,CAAA;IAC9C,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI,CAAA;IACzC,WAAW,EAAE,YAAY,GAAG,IAAI,CAAA;IAChC,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS,CAAA;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAA;CACjB,~~4CAqGA~~,CAAA;AAED,QAAA,MAAM,QAAQ;UAGA,YAAY;WACX,MAAM;qBACI,MAAM;wBACH,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;sBAC1C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBACjC,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBAC5B,YAAY,GAAG,IAAI;iBACnB,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS;wCAoGrE,CAAA;AAGD,QAAA,MAAM,gBAAgB;eAGH,KAAK,CAAC,SAAS;wCA2BhC,CAAA;AAGF,QAAA,MAAM,gBAAgB,oKAcpB,CAAA;AAgDF,OAAO,EACH,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,QAAQ,EACR,QAAQ,EACR,QAAQ,EACX,CAAA"}
1	+ {"version":3,"file":"tree-view.d.ts","sourceRoot":"","sources":["../../../src/components/ui/tree-view.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,MAAM,OAAO,CAAA;AACzB,OAAO,KAAK,kBAAkB,MAAM,2BAA2B,CAAA;AAiB/D,UAAU,YAAY;IAClB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAClD,YAAY,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC1D,QAAQ,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACtD,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAA;IACzB,OAAO,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAA;IACpB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,KAAK,oBAAoB,GAAG;IACxB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,OAAO,CAAA;IACf,UAAU,EAAE,OAAO,CAAA;IACnB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,OAAO,CAAA;CACvB,CAAA;AAaD,QAAA,MAAM,QAAQ;UAVJ,YAAY,EAAE,GAAG,YAAY;4BACX,MAAM;qBACb,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;gBAC7C,OAAO;sBACD,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;qBAC5C,CAAC,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,KAAK,IAAI;iBAChE,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS;wCAoGjE,CAAA;AAeD,QAAA,MAAM,QAAQ;UA1HJ,YAAY,EAAE,GAAG,YAAY;4BACX,MAAM;qBACb,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;gBAC7C,OAAO;sBACD,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;qBAC5C,CAAC,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,KAAK,IAAI;iBAChE,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS;;qBAwG7C,MAAM;wBACH,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;qBAC3C,MAAM,EAAE;sBACP,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBACjC,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBAC5B,YAAY,GAAG,IAAI;YACxB,MAAM;wCAmEjB,CAAA;AAGD,QAAA,MAAM,QAAQ,GAAI,+JAYf;IACC,IAAI,EAAE,YAAY,CAAA;IAClB,kBAAkB,EAAE,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI,CAAA;IAC5D,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,eAAe,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7D,eAAe,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7D,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI,CAAA;IAC9C,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI,CAAA;IACzC,WAAW,EAAE,YAAY,GAAG,IAAI,CAAA;IAChC,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS,CAAA;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAA;CACjB,sBAqGA,CAAA;AAED,QAAA,MAAM,QAAQ;UAGA,YAAY;WACX,MAAM;qBACI,MAAM;wBACH,CAAC,IAAI,EAAE,YAAY,GAAG,SAAS,KAAK,IAAI;sBAC1C,KAAK,CAAC,aAAa,CAAC;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;sBAC3C,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBACjC,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI;iBAC5B,YAAY,GAAG,IAAI;iBACnB,CAAC,MAAM,EAAE,oBAAoB,KAAK,KAAK,CAAC,SAAS;wCAoGrE,CAAA;AAGD,QAAA,MAAM,gBAAgB;eAGH,KAAK,CAAC,SAAS;wCA2BhC,CAAA;AAGF,QAAA,MAAM,gBAAgB,oKAcpB,CAAA;AAgDF,OAAO,EACH,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,QAAQ,EACR,QAAQ,EACR,QAAQ,EACX,CAAA"}

package/dist/components/ui/user-type-badge.d.ts CHANGED Viewed

@@ -19,5 +19,5 @@ export type UserTypeBadgeProps = {
  * // Using custom hex color
  * <UserTypeBadge label="VIP" color="#FFD700" />
  */
-export declare function UserTypeBadge({ label, color, className }: UserTypeBadgeProps): import("react/jsx-runtime").JSX.Element;
+export declare function UserTypeBadge({ label, color, className }: UserTypeBadgeProps): import("react").JSX.Element;
 //# sourceMappingURL=user-type-badge.d.ts.map

package/dist/components/ui/user-type-badge.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"user-type-badge.d.ts","sourceRoot":"","sources":["../../../src/components/ui/user-type-badge.tsx"],"names":[],"mappings":"AAiBA,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,KAAK,EAAE,MAAM,CAAC;IACd,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAoBF;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,kBAAkB~~,2CAmC5E~~"}
1	+ {"version":3,"file":"user-type-badge.d.ts","sourceRoot":"","sources":["../../../src/components/ui/user-type-badge.tsx"],"names":[],"mappings":"AAiBA,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,KAAK,EAAE,MAAM,CAAC;IACd,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAoBF;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,kBAAkB,+BAmC5E"}

package/dist/consent/cookie_consent_banner.d.ts CHANGED Viewed

@@ -6,6 +6,6 @@ interface CookieConsentBannerProps {
     /** Default: "bottom" */
     position?: "bottom" | "top";
 }
-export declare function CookieConsentBanner({ enableGTM, gtmContainerId, onChange, position, }: CookieConsentBannerProps): import("react/jsx-runtime").JSX.Element;
+export declare function CookieConsentBanner({ enableGTM, gtmContainerId, onChange, position, }: CookieConsentBannerProps): import("react").JSX.Element;
 export {};
 //# sourceMappingURL=cookie_consent_banner.d.ts.map

package/dist/consent/cookie_consent_banner.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cookie_consent_banner.d.ts","sourceRoot":"","sources":["../../src/consent/cookie_consent_banner.tsx"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,UAAU,wBAAwB;IAChC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;IACzC,wBAAwB;IACxB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC7B;AAED,wBAAgB,mBAAmB,CAAC,EAClC,SAAS,EACT,cAAc,EACd,QAAQ,EACR,QAAmB,GACpB,EAAE,wBAAwB~~,2CA4E1B~~"}
1	+ {"version":3,"file":"cookie_consent_banner.d.ts","sourceRoot":"","sources":["../../src/consent/cookie_consent_banner.tsx"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,UAAU,wBAAwB;IAChC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;IACzC,wBAAwB;IACxB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;CAC7B;AAED,wBAAgB,mBAAmB,CAAC,EAClC,SAAS,EACT,cAAc,EACd,QAAQ,EACR,QAAmB,GACpB,EAAE,wBAAwB,+BA4E1B"}

package/dist/consent/manage_modal.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare function ConsentManageModal(): import("react/jsx-runtime").JSX.Element;
+export declare function ConsentManageModal(): import("react").JSX.Element;
 //# sourceMappingURL=manage_modal.d.ts.map

package/dist/consent/manage_modal.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"manage_modal.d.ts","sourceRoot":"","sources":["../../src/consent/manage_modal.tsx"],"names":[],"mappings":"AAOA,wBAAgB,kBAAkB,~~4CA0GjC~~"}
1	+ {"version":3,"file":"manage_modal.d.ts","sourceRoot":"","sources":["../../src/consent/manage_modal.tsx"],"names":[],"mappings":"AAOA,wBAAgB,kBAAkB,gCA0GjC"}

package/dist/contexts/hazo_auth_provider.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { type ReactNode } from "react";
+import React, { type ReactNode } from "react";
 import { type HazoAuthConfig } from "./hazo_auth_config.js";
 /**
  * Props for HazoAuthProvider component
@@ -48,7 +48,7 @@ export type HazoAuthProviderProps = {
  * }
  * ```
  */
-export declare function HazoAuthProvider({ apiBasePath, children }: HazoAuthProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function HazoAuthProvider({ apiBasePath, children }: HazoAuthProviderProps): React.JSX.Element;
 /**
  * Hook to access hazo_auth runtime configuration
  *

package/dist/contexts/hazo_auth_provider.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"hazo_auth_provider.d.ts","sourceRoot":"","sources":["../../src/contexts/hazo_auth_provider.tsx"],"names":[],"mappings":"AAMA,~~OAAc~~,EAAsC,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAClF,OAAO,EAA4B,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAYnF;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAIF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,gBAAgB,CAAC,EAC/B,WAAkD,EAClD,QAAQ,EACT,EAAE,qBAAqB,~~2CAcvB~~;AAID;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAMlD"}
1	+ {"version":3,"file":"hazo_auth_provider.d.ts","sourceRoot":"","sources":["../../src/contexts/hazo_auth_provider.tsx"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,EAAsC,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAClF,OAAO,EAA4B,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAYnF;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAIF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,gBAAgB,CAAC,EAC/B,WAAkD,EAClD,QAAQ,EACT,EAAE,qBAAqB,qBAcvB;AAID;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAMlD"}

package/dist/lib/auth/deny_permission.server.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import 'server-only';
+export interface DenyPermissionInput {
+    request: Request;
+    /** HazoAuthResult | TenantAuthResult | any auth-like shape */
+    auth: any;
+    missing_permissions: string[];
+    /** Defaults to missing_permissions */
+    required_permissions?: string[];
+    permission_descriptions?: Record<string, string>;
+    /** Falls back to X-Hazo-Action-Label header, then permission join */
+    action_label?: string;
+    /** Falls back to default message */
+    user_friendly_message?: string;
+    /** Falls back to new URL(request.url).pathname */
+    api_route?: string;
+}
+export declare function denyPermission(input: DenyPermissionInput): Response;
+//# sourceMappingURL=deny_permission.server.d.ts.map

package/dist/lib/auth/deny_permission.server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"deny_permission.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/deny_permission.server.ts"],"names":[],"mappings":"AACA,OAAO,aAAa,CAAC;AASrB,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,8DAA8D;IAC9D,IAAI,EAAE,GAAG,CAAC;IACV,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,sCAAsC;IACtC,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oCAAoC;IACpC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kDAAkD;IAClD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAqBD,wBAAgB,cAAc,CAAC,KAAK,EAAE,mBAAmB,GAAG,QAAQ,CAuDnE"}

package/dist/lib/auth/deny_permission.server.js ADDED Viewed

@@ -0,0 +1,66 @@
+// file_description: standalone helper to return a 403 FORBIDDEN response and fire the permission-denied handler
+import 'server-only';
+import { buildDenialPayloadFromRequest, getPermissionDeniedHandler, } from './with_permission_issue_capture.server.js';
+function extractUserId(auth) {
+    var _a, _b;
+    return (((_a = auth === null || auth === void 0 ? void 0 : auth.user) === null || _a === void 0 ? void 0 : _a.id) ||
+        ((_b = auth === null || auth === void 0 ? void 0 : auth.tenant) === null || _b === void 0 ? void 0 : _b.user_id) ||
+        (auth === null || auth === void 0 ? void 0 : auth.user_id) ||
+        '');
+}
+function extractScopeId(auth) {
+    var _a, _b, _c, _d, _e, _f;
+    return ((_f = (_e = (_c = (_b = (_a = auth === null || auth === void 0 ? void 0 : auth.tenant) === null || _a === void 0 ? void 0 : _a.scope_id) !== null && _b !== void 0 ? _b : auth === null || auth === void 0 ? void 0 : auth.scope_id) !== null && _c !== void 0 ? _c : (_d = auth === null || auth === void 0 ? void 0 : auth.organization) === null || _d === void 0 ? void 0 : _d.id) !== null && _e !== void 0 ? _e : auth === null || auth === void 0 ? void 0 : auth.organization_id) !== null && _f !== void 0 ? _f : undefined);
+}
+export function denyPermission(input) {
+    var _a;
+    const user_id = extractUserId(input.auth);
+    const scope_id = extractScopeId(input.auth);
+    const payload = buildDenialPayloadFromRequest(input.request, {
+        user_id,
+        scope_id,
+        missing_permissions: input.missing_permissions,
+        required_permissions: input.required_permissions,
+        permission_descriptions: input.permission_descriptions,
+        action_label: input.action_label,
+        user_friendly_message: input.user_friendly_message,
+        api_route: input.api_route,
+    });
+    // Fire handler best-effort — do not await, must not delay the 403
+    Promise.resolve((_a = getPermissionDeniedHandler()) === null || _a === void 0 ? void 0 : _a(payload)).catch((e) => {
+        console.warn('[hazo_auth] denyPermission: permission denied handler failed', e);
+    });
+    // buildForbiddenResponse is async (dynamic import of hazo_api), but denyPermission must be
+    // synchronous to match the function signature. We build the fallback synchronously here
+    // and fire the async hazo_api path only when available. In practice, the caller immediately
+    // returns the Response so we use the sync fallback — consumers that need the hazo_api
+    // envelope can await a wrapping async function or use withPermissionIssueCapture instead.
+    const bodyJson = JSON.stringify({
+        ok: false,
+        error: {
+            code: 'FORBIDDEN',
+            message: payload.user_friendly_message,
+            details: {
+                missing_permissions: payload.missing_permissions,
+                permission_descriptions: payload.permission_descriptions,
+                action_label: payload.action_label,
+                origin_url: payload.origin_url,
+                user_friendly_message: payload.user_friendly_message,
+            },
+        },
+    });
+    // Kick off async hazo_api enhancement but return the sync response immediately.
+    // The returned Response object is the sync fallback; hazo_api is decorative for
+    // middleware use cases that don't need the exact envelope.
+    void import('hazo_api')
+        .then((m) => {
+        if (typeof (m === null || m === void 0 ? void 0 : m.fail) === 'function') {
+            // No-op: we already returned — this is a fire-and-forget; nothing to do with the result.
+        }
+    })
+        .catch(() => undefined);
+    return new Response(bodyJson, {
+        status: 403,
+        headers: { 'Content-Type': 'application/json' },
+    });
+}

package/dist/lib/auth/index.d.ts CHANGED Viewed

@@ -12,4 +12,6 @@ export { withAuth, withOptionalAuth, hasPermission, hasAllPermissions, hasAnyPer
 export type { AuthenticatedTenantAuth, AuthenticatedTenantAuthWithOrg, WithAuthOptions, } from "./with_auth.server";
 export { get_auth_cache, reset_auth_cache } from "./auth_cache.js";
 export { get_rate_limiter, reset_rate_limiter } from "./auth_rate_limiter.js";
+export { withPermissionIssueCapture, setPermissionDeniedHandler, getPermissionDeniedHandler, } from "./with_permission_issue_capture.server.js";
+export type { PermissionDeniedPayload } from "./with_permission_issue_capture.server";
 //# sourceMappingURL=index.d.ts.map

package/dist/lib/auth/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAG3E,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,wCAAwC,CAAC;AAChD,YAAY,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC"}

package/dist/lib/auth/index.js CHANGED Viewed

@@ -17,3 +17,5 @@ export { withAuth, withOptionalAuth, hasPermission, hasAllPermissions, hasAnyPer
 export { get_auth_cache, reset_auth_cache } from "./auth_cache.js";
 // section: rate_limiter_exports
 export { get_rate_limiter, reset_rate_limiter } from "./auth_rate_limiter.js";
+// section: permission_issue_capture_exports
+export { withPermissionIssueCapture, setPermissionDeniedHandler, getPermissionDeniedHandler, } from "./with_permission_issue_capture.server.js";

package/dist/lib/auth/with_permission_issue_capture.server.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import 'server-only';
+import { type NextRequest } from 'next/server';
+export interface PermissionDeniedPayload {
+    user_id: string;
+    scope_id?: string;
+    missing_permissions: string[];
+    required_permissions: string[];
+    user_permissions: string[];
+    permission_descriptions: Record<string, string>;
+    user_friendly_message: string;
+    action_label: string;
+    origin_url: string;
+    api_route: string;
+}
+export declare function setPermissionDeniedHandler(fn: (payload: PermissionDeniedPayload) => void | Promise<void>): void;
+export declare function getPermissionDeniedHandler(): ((payload: PermissionDeniedPayload) => void | Promise<void>) | null;
+export interface BuildDenialPayloadParts {
+    user_id: string;
+    scope_id?: string;
+    missing_permissions: string[];
+    required_permissions?: string[];
+    permission_descriptions?: Record<string, string>;
+    action_label?: string;
+    user_friendly_message?: string;
+    api_route?: string;
+    user_permissions?: string[];
+}
+/**
+ * Shared helper: builds a PermissionDeniedPayload from a request + explicit parts.
+ * Called by both withPermissionIssueCapture and denyPermission.
+ */
+export declare function buildDenialPayloadFromRequest(request: Request, parts: BuildDenialPayloadParts): PermissionDeniedPayload;
+/** Builds the 403 Response, using hazo_api.fail() if available, otherwise hand-built. */
+export declare function buildForbiddenResponse(payload: PermissionDeniedPayload): Promise<Response>;
+/**
+ * Wraps a Next.js route handler. On PermissionError, returns a structured
+ * hazo_api fail() 403 with code FORBIDDEN and fires the registered
+ * onPermissionDenied callback best-effort.
+ *
+ * Usage:
+ *   export const POST = withPermissionIssueCapture(
+ *     async (request) => { ... },
+ *     { required_permissions: ['edit_config'] }
+ *   );
+ */
+export declare function withPermissionIssueCapture(handler: (request: NextRequest) => Promise<Response>, opts: {
+    required_permissions: string[];
+}): (request: NextRequest) => Promise<Response>;
+//# sourceMappingURL=with_permission_issue_capture.server.d.ts.map

package/dist/lib/auth/with_permission_issue_capture.server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"with_permission_issue_capture.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/with_permission_issue_capture.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAS/C,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChD,qBAAqB,EAAE,MAAM,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAUD,wBAAgB,0BAA0B,CACxC,EAAE,EAAE,CAAC,OAAO,EAAE,uBAAuB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC7D,IAAI,CAEN;AAED,wBAAgB,0BAA0B,eARN,uBAAuB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,SAUnF;AAID,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,uBAAuB,GAC7B,uBAAuB,CAoCzB;AAID,yFAAyF;AACzF,wBAAsB,sBAAsB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAsChG;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,EACpD,IAAI,EAAE;IAAE,oBAAoB,EAAE,MAAM,EAAE,CAAA;CAAE,GACvC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CA0D7C"}