auth/account_schema.ts

Auth entity types and client-safe schemas.

Defines the runtime types for the fuz identity system: Account, Actor, Permit, AuthSession, and ApiToken.

DDL lives in ddl.ts; role system in role_schema.ts. See docs/identity.md for design rationale.

Declarations
#

24 declarations

view source

Account
#

auth/account_schema.ts view source

Account

Account — authentication identity. You log in as an account.

id

type string

username

type Username

email

type Email | null

email_verified

type boolean

password_hash

type string

created_at

type string

created_by

type string | null

updated_at

type string

updated_by

type string | null

Actor
#

auth/account_schema.ts view source

Actor

Actor — the entity that acts. Owns cells, holds permits, appears in audit trails.

id

type string

account_id

type string

name

type string

created_at

type string

updated_at

type string | null

updated_by

type string | null

ActorSummaryJson
#

AdminAccountEntryJson
#

auth/account_schema.ts view source

ZodObject<{ account: ZodObject<{ id: ZodString; username: ZodString; email: ZodNullable<ZodEmail>; email_verified: ZodBoolean; created_at: ZodString; updated_at: ZodString; updated_by: ZodNullable<...>; }, $strict>; actor: ZodNullable<...>; permits: ZodArray<...>; }, $strict>

Zod schema for an admin account listing entry (account + actor + permits).

AdminAccountJson
#

auth/account_schema.ts view source

ZodObject<{ id: ZodString; username: ZodString; email: ZodNullable<ZodEmail>; email_verified: ZodBoolean; created_at: ZodString; updated_at: ZodString; updated_by: ZodNullable<...>; }, $strict>

Zod schema for admin-facing account data — extends SessionAccountJson with audit fields.

ApiToken
#

auth/account_schema.ts view source

ApiToken

API token for CLI/programmatic access.

id

type string

account_id

type string

name

type string

token_hash

type string

expires_at

type string | null

last_used_at

type string | null

last_used_ip

type string | null

created_at

type string

AuthSession
#

auth/account_schema.ts view source

AuthSession

Server-side auth session, keyed by blake3 hash of session token.

id

type string

account_id

type string

created_at

type string

expires_at

type string

last_seen_at

type string

AuthSessionJson
#

auth/account_schema.ts view source

ZodObject<{ id: ZodString; account_id: ZodString; created_at: ZodString; expires_at: ZodString; last_seen_at: ZodString; }, $strict>

Zod schema for AuthSession — id is the blake3 hash, safe for client.

ClientApiTokenJson
#

auth/account_schema.ts view source

ZodObject<{ id: ZodString; account_id: ZodString; name: ZodString; expires_at: ZodNullable<ZodString>; last_used_at: ZodNullable<ZodString>; last_used_ip: ZodNullable<...>; created_at: ZodString; }, $strict>

Zod schema for client-safe API token listing (excludes token_hash).

CreateAccountInput
#

Email
#

GrantPermitInput
#

is_permit_active
#

Permit
#

auth/account_schema.ts view source

Permit

Permit — time-bounded, revocable grant of a role to an actor.

id

type string

actor_id

type string

role

type string

created_at

type string

expires_at

type string | null

revoked_at

type string | null

revoked_by

type string | null

granted_by

type string | null

PermitSummaryJson
#

auth/account_schema.ts view source

ZodObject<{ id: ZodString; role: ZodString; created_at: ZodString; expires_at: ZodNullable<ZodString>; granted_by: ZodNullable<ZodString>; }, $strict>

Zod schema for the permit summary returned in admin account listings.

SessionAccount
#

auth/account_schema.ts view source

SessionAccount

Account without sensitive fields, scoped to the authenticated user's own session.

id

type string

username

type Username

email

type Email | null

email_verified

type boolean

created_at

type string

SessionAccountJson
#

auth/account_schema.ts view source

ZodObject<{ id: ZodString; username: ZodString; email: ZodNullable<ZodEmail>; email_verified: ZodBoolean; created_at: ZodString; }, $strict>

Zod schema for SessionAccount — account without sensitive fields.

to_admin_account
#

auth/account_schema.ts view source

(account: Account): { id: string; username: string; email: string | null; email_verified: boolean; created_at: string; updated_at: string; updated_by: string | null; }

Convert an Account to an AdminAccountJson for admin listings.

account

the full account record

type Account

returns

{ id: string; username: string; email: string | null; email_verified: boolean; created_at: string; updated_at: string; updated_by: string | null; }

the admin-safe account with audit fields

to_session_account
#

Username
#

auth/account_schema.ts view source

ZodString

Username for account creation — starts with letter, alphanumeric/dash/underscore middle, ends with alphanumeric. No @ or . allowed.

USERNAME_LENGTH_MAX
#

USERNAME_LENGTH_MIN
#

USERNAME_PROVIDED_LENGTH_MAX
#

UsernameProvided
#

Imported by
#