Admin RPC action specs — declarative contract for admin-only operations.
Import this module for the specs, Input/Output schemas, and the all_admin_action_specs registry. Handlers live in auth/admin_actions.ts.
Authorization is declared at the spec level (auth: {role: ROLE_ADMIN})
so the RPC dispatcher enforces admin before the handler runs and the
generated surface accurately reports the requirement.
The registry always includes app_settings_get / app_settings_update —
the runtime factory only wires their handlers when
AdminActionOptions.app_settings is provided; dispatch falls back to
method_not_found when absent.
35 declarations
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: false; input: ZodVoid; output: ZodObject<{ accounts: ZodArray<ZodObject<{ account: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; ... 5 more ...; updated_by: ZodNullable<...>; }, $strict>; actor: ZodNullab... auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: false; input: ZodVoid; output: ZodObject<{ sessions: ZodArray<ZodObject<{ id: ZodString; account_id: $ZodBranded<...>; created_at: ZodString; expires_at: ZodString; last_seen_at: ZodString; username: ZodString; ... auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: true; input: ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict>; output: ZodObject<...>; async: true; description: string; rate_limit: "account"; } auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: true; input: ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict>; output: ZodObject<...>; async: true; description: string; rate_limit: "account"; } auth/admin_action_specs.ts view source
ZodVoid Input for admin_account_list. No parameters — the caller is the subject.
auth/admin_action_specs.ts view source
ZodObject<{ accounts: ZodArray<ZodObject<{ account: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; username: ZodString; email: ZodNullable<ZodEmail>; email_verified: ZodBoolean; created_at: ZodString; updated_at: ZodString; updated_by: ZodNullable<...>; }, $strict>; actor: ZodNullable<...>; permits: ZodArray<.... Output for admin_account_list.
auth/admin_action_specs.ts view source
ZodVoid Input for admin_session_list. No parameters — reads every active session.
auth/admin_action_specs.ts view source
ZodObject<{ sessions: ZodArray<ZodObject<{ id: ZodString; account_id: $ZodBranded<ZodUUID, "Uuid", "out">; created_at: ZodString; expires_at: ZodString; last_seen_at: ZodString; username: ZodString; }, $strict>>; }, $strict> Output for admin_session_list. Cross-account listing; fan-out already scoped by role auth.
auth/admin_action_specs.ts view source
ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict> Input for admin_session_revoke_all.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; count: ZodNumber; }, $strict> Output for admin_session_revoke_all.
auth/admin_action_specs.ts view source
ZodObject<{ account_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict> Input for admin_token_revoke_all.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; count: ZodNumber; }, $strict> Output for admin_token_revoke_all.
auth/admin_action_specs.ts view source
{ method: string; initiator: "frontend" | "backend" | "both"; side_effects: boolean; input: ZodType<unknown, unknown, $ZodTypeInternals<unknown, unknown>>; output: ZodType<unknown, unknown, $ZodTypeInternals<unknown, unknown>>; ... 6 more ...; rate_limit?: "both" | ... 2 more ... | undefined; }[] All admin action specs — a codegen-ready registry. Consumers spread this
into their own action-spec array to include admin methods in a typed
client surface. Always includes the two app-settings specs; the runtime
factory only wires their handlers when AdminActionOptions.app_settings
is provided.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: false; input: ZodVoid; output: ZodObject<{ settings: ZodObject<{ open_signup: ZodBoolean; updated_at: ZodNullable<...>; updated_by: ZodNullable<...>; updated_by_username: ZodNullable<...>; }, $strict>; }, $stric... auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: true; input: ZodObject<{ open_signup: ZodBoolean; }, $strict>; output: ZodObject<...>; async: true; description: string; rate_limit: "account"; } auth/admin_action_specs.ts view source
ZodVoid Input for app_settings_get. No parameters.
auth/admin_action_specs.ts view source
ZodObject<{ settings: ZodObject<{ open_signup: ZodBoolean; updated_at: ZodNullable<ZodString>; updated_by: ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>; updated_by_username: ZodNullable<...>; }, $strict>; }, $strict> Output for app_settings_get.
auth/admin_action_specs.ts view source
ZodObject<{ open_signup: ZodBoolean; }, $strict> Input for app_settings_update.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; settings: ZodObject<{ open_signup: ZodBoolean; updated_at: ZodNullable<ZodString>; updated_by: ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>; updated_by_username: ZodNullable<...>; }, $strict>; }, $strict> Output for app_settings_update.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: false; input: ZodObject<{ event_type: ZodOptional<ZodNullable<ZodString>>; ... 4 more ...; since_seq: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: string; } auth/admin_action_specs.ts view source
200 Max audit-log page size. Mirrors the former REST route's clamp.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: false; input: ZodObject<{ limit: ZodOptional<ZodNullable<ZodNumber>>; offset: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: string; } auth/admin_action_specs.ts view source
ZodObject<{ event_type: ZodOptional<ZodNullable<ZodString>>; outcome: ZodOptional<ZodNullable<ZodEnum<{ success: "success"; failure: "failure"; }>>>; account_id: ZodOptional<...>; limit: ZodOptional<...>; offset: ZodOptional<...>; since_seq: ZodOptional<...>; }, $strict> Input for audit_log_list. All filter fields are optional — omit for the
default newest-first page. since_seq exists for SSE reconnection gap
fill (caller supplies the highest seq seen; server returns everything
after).
auth/admin_action_specs.ts view source
ZodObject<{ events: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; seq: ZodNumber; event_type: ZodString; outcome: ZodEnum<{ success: "success"; failure: "failure"; }>; ... 7 more ...; target_username: ZodNullable<...>; }, $strict>>; }, $strict> Output for audit_log_list.
auth/admin_action_specs.ts view source
ZodObject<{ limit: ZodOptional<ZodNullable<ZodNumber>>; offset: ZodOptional<ZodNullable<ZodNumber>>; }, $strict> Input for audit_log_permit_history.
auth/admin_action_specs.ts view source
ZodObject<{ events: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; seq: ZodNumber; event_type: ZodString; outcome: ZodEnum<{ success: "success"; failure: "failure"; }>; ... 7 more ...; target_username: ZodNullable<...>; }, $strict>>; }, $strict> Output for audit_log_permit_history.
auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: true; input: ZodObject<{ email: ZodOptional<ZodNullable<ZodEmail>>; username: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: string; rate_limit: "account"; } auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: true; input: ZodObject<{ invite_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict>; output: ZodObject<...>; async: true; description: string; rate_limit: "account"; } auth/admin_action_specs.ts view source
{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: false; input: ZodVoid; output: ZodObject<{ invites: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; ... 7 more ...; claimed_by_username: ZodNullable<...>; }, $strict>>; }, $strict>; async: true; de... auth/admin_action_specs.ts view source
ZodObject<{ email: ZodOptional<ZodNullable<ZodEmail>>; username: ZodOptional<ZodNullable<ZodString>>; }, $strict> Input for invite_create. At least one of email / username must be provided.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; invite: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; email: ZodNullable<ZodEmail>; username: ZodNullable<...>; claimed_by: ZodNullable<...>; claimed_at: ZodNullable<...>; created_at: ZodString; created_by: ZodNullable<...>; }, $strict>; }, $strict> Output for invite_create.
auth/admin_action_specs.ts view source
ZodObject<{ invite_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict> Input for invite_delete.
auth/admin_action_specs.ts view source
ZodObject<{ ok: ZodLiteral<true>; }, $strict> Output for invite_delete.
auth/admin_action_specs.ts view source
ZodVoid Input for invite_list.
auth/admin_action_specs.ts view source
ZodObject<{ invites: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; email: ZodNullable<ZodEmail>; username: ZodNullable<ZodString>; ... 5 more ...; claimed_by_username: ZodNullable<...>; }, $strict>>; }, $strict> Output for invite_list. Uses the enriched row including creator/claimer usernames.