Admin RPC action specs — declarative contract for admin-only operations.
Import this module for the specs, Input/Output schemas, and the all_admin_action_specs registry. Handlers live in auth/admin_actions.ts.
Authorization is declared at the spec level (auth: {role: ROLE_ADMIN})
so the RPC dispatcher enforces admin before the handler runs and the
generated surface accurately reports the requirement.
The registry always includes app_settings_get / app_settings_update —
the runtime factory only wires their handlers when
AdminActionOptions.app_settings is provided; dispatch falls back to
method_not_found when absent.
37 declarations
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: false; input: ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; limit: ZodOptional<...>; offset: ZodOptional<...>; }, $strict>>; output: ... auth/admin_action_specs.ts view source
50 Default admin_account_list page size.
auth/admin_action_specs.ts view source
200 Max admin_account_list page size.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: false; input: ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict>>; output: ZodObject<...>; async: true; description: string; } auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: true; input: ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; acting: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: strin... auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: true; input: ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; acting: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: strin... auth/admin_action_specs.ts view source
ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; limit: ZodOptional<ZodNullable<ZodNumber>>; offset: ZodOptional<...>; }, $strict>> Input for admin_account_list.
auth/admin_action_specs.ts view source
ZodObject<{ accounts: ZodArray<ZodObject<{ account: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; username: ZodString; email: ZodNullable<ZodEmail>; email_verified: ZodBoolean; created_at: ZodString; updated_at: ZodString; updated_by: ZodNullable<...>; }, $strict>; actor: ZodNullable<...>; role_grants: ZodArr... Output for admin_account_list.
auth/admin_action_specs.ts view source
ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict>> Input for admin_session_list.
auth/admin_action_specs.ts view source
ZodObject<{ sessions: ZodArray<ZodObject<{ id: ZodString; account_id: $ZodBranded<ZodUUID, "Uuid", "out">; created_at: ZodString; expires_at: ZodString; last_seen_at: ZodString; username: ZodString; }, $strict>>; }, $strict> Output for admin_session_list. Cross-account listing; fan-out already scoped by role auth.
auth/admin_action_specs.ts view source
ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict> Input for admin_session_revoke_all.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; count: ZodNumber; }, $strict> Output for admin_session_revoke_all.
auth/admin_action_specs.ts view source
ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict> Input for admin_token_revoke_all.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; count: ZodNumber; }, $strict> Output for admin_token_revoke_all.
auth/admin_action_specs.ts view source
{ method: string; initiator: "frontend" | "backend" | "both"; side_effects: boolean; input: ZodType<unknown, unknown, $ZodTypeInternals<unknown, unknown>>; output: ZodType<unknown, unknown, $ZodTypeInternals<unknown, unknown>>; ... 6 more ...; rate_limit?: "both" | ... 2 more ... | undefined; }[] All admin action specs — a codegen-ready registry. Consumers spread this
into their own action-spec array to include admin methods in a typed
client surface. Always includes the two app-settings specs; the runtime
factory only wires their handlers when AdminActionOptions.app_settings
is provided.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: false; input: ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict>>; output: ZodObject<...>; async: true; description: string; } auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: true; input: ZodObject<{ open_signup: ZodBoolean; acting: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: string; rate_limit: "account"... auth/admin_action_specs.ts view source
ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict>> Input for app_settings_get.
auth/admin_action_specs.ts view source
ZodObject<{ settings: ZodObject<{ open_signup: ZodBoolean; updated_at: ZodNullable<ZodString>; updated_by: ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>; updated_by_username: ZodNullable<...>; }, $strict>; }, $strict> Output for app_settings_get.
auth/admin_action_specs.ts view source
ZodObject<{ open_signup: ZodBoolean; acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict> Input for app_settings_update.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; settings: ZodObject<{ open_signup: ZodBoolean; updated_at: ZodNullable<ZodString>; updated_by: ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>; updated_by_username: ZodNullable<...>; }, $strict>; }, $strict> Output for app_settings_update.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: false; input: ZodDefault<ZodObject<{ event_type: ZodOptional<ZodNullable<ZodString>>; ... 5 more ...; acting: ZodOptional<...>; }, $strict>>; output: ZodObject<...>; as... auth/admin_action_specs.ts view source
200 Max audit-log page size.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: false; input: ZodDefault<ZodObject<{ limit: ZodOptional<ZodNullable<ZodNumber>>; offset: ZodOptional<...>; acting: ZodOptional<...>; }, $strict>>; output: ZodObject<...... auth/admin_action_specs.ts view source
ZodDefault<ZodObject<{ event_type: ZodOptional<ZodNullable<ZodString>>; outcome: ZodOptional<ZodNullable<ZodEnum<{ success: "success"; failure: "failure"; }>>>; ... 4 more ...; acting: ZodOptional<...>; }, $strict>> Input for audit_log_list. All filter fields are optional — omit for the
default newest-first page. since_seq exists for SSE reconnection gap
fill (caller supplies the highest seq seen; server returns everything
after).
auth/admin_action_specs.ts view source
ZodObject<{ events: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; seq: ZodNumber; event_type: ZodString; outcome: ZodEnum<{ success: "success"; failure: "failure"; }>; ... 8 more ...; target_username: ZodNullable<...>; }, $strict>>; }, $strict> Output for audit_log_list.
auth/admin_action_specs.ts view source
ZodDefault<ZodObject<{ limit: ZodOptional<ZodNullable<ZodNumber>>; offset: ZodOptional<ZodNullable<ZodNumber>>; acting: ZodOptional<...>; }, $strict>> Input for audit_log_role_grant_history.
auth/admin_action_specs.ts view source
ZodObject<{ events: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; seq: ZodNumber; event_type: ZodString; outcome: ZodEnum<{ success: "success"; failure: "failure"; }>; ... 8 more ...; target_username: ZodNullable<...>; }, $strict>>; }, $strict> Output for audit_log_role_grant_history.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: true; input: ZodObject<{ email: ZodOptional<ZodNullable<ZodEmail>>; username: ZodOptional<...>; acting: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: tr... auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: true; input: ZodObject<{ invite_id: $ZodBranded<ZodUUID, "Uuid", "out">; acting: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: string... auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { account: "required"; actor: "required"; roles: string[]; }; side_effects: false; input: ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict>>; output: ZodObject<...>; async: true; description: string; } auth/admin_action_specs.ts view source
ZodObject<{ email: ZodOptional<ZodNullable<ZodEmail>>; username: ZodOptional<ZodNullable<ZodString>>; acting: ZodOptional<...>; }, $strict> Input for invite_create. At least one of email / username must be provided.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; invite: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; email: ZodNullable<ZodEmail>; username: ZodNullable<...>; claimed_by: ZodNullable<...>; claimed_at: ZodNullable<...>; created_at: ZodString; created_by: ZodNullable<...>; }, $strict>; }, $strict> Output for invite_create.
auth/admin_action_specs.ts view source
ZodObject<{ invite_id: $ZodBranded<ZodUUID, "Uuid", "out">; acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict> Input for invite_delete.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; }, $strict> Output for invite_delete.
auth/admin_action_specs.ts view source
ZodDefault<ZodObject<{ acting: ZodOptional<$ZodBranded<ZodUUID, "Uuid", "out">>; }, $strict>> Input for invite_list.
auth/admin_action_specs.ts view source
ZodObject<{ invites: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; email: ZodNullable<ZodEmail>; username: ZodNullable<ZodString>; ... 5 more ...; claimed_by_username: ZodNullable<...>; }, $strict>>; }, $strict> Output for invite_list. Uses the enriched row including creator/claimer usernames.