auth/permit_offer_action_specs.ts

Permit offer RPC action specs — declarative contract for the consentful-permits surface (offer lifecycle + admin revoke).

Import this module for the specs, Input/Output schemas, ERROR_OFFER_* reason constants, and the all_permit_offer_action_specs registry. Handlers live in auth/permit_offer_actions.ts.

Authorization enforcement: offer-lifecycle specs declare auth: 'authenticated' and rely on query_* IDOR guards or in-handler policy checks (e.g. permit_offer_list/_history elevate to admin only when inspecting another account — an input-dependent check that can't be expressed at the spec level). permit_revoke declares auth: {role: 'admin'} — the RPC dispatcher's per-spec check_action_auth gates it before the handler runs even though the endpoint hosts non-admin methods alongside.

Declarations
#

27 declarations

view source

all_permit_offer_action_specs
#

auth/permit_offer_action_specs.ts view source

{ method: string; initiator: "frontend" | "backend" | "both"; side_effects: boolean; input: ZodType<unknown, unknown, $ZodTypeInternals<unknown, unknown>>; output: ZodType<unknown, unknown, $ZodTypeInternals<unknown, unknown>>; ... 6 more ...; rate_limit?: "both" | ... 2 more ... | undefined; }[]

All permit-offer action specs — a codegen-ready registry. Consumers spread this into their own action-spec array to include offer lifecycle + revoke methods in a typed client surface.

ERROR_OFFER_EXPIRED
#

ERROR_OFFER_NOT_AUTHORIZED
#

auth/permit_offer_action_specs.ts view source

"offer_not_authorized"

Error reason — caller is not authorized to offer this role (default policy: caller lacks the role; consumer authorize callback may add further policy).

ERROR_OFFER_NOT_FOUND
#

ERROR_OFFER_ROLE_NOT_GRANTABLE
#

ERROR_OFFER_SELF_TARGET
#

ERROR_OFFER_TERMINAL
#

permit_offer_accept_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: "authenticated"; side_effects: true; input: ZodObject<{ offer_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict>; output: ZodObject<...>; async: true; description: string; error_reasons: ("offer_terminal" | ... 1 more ... | "offer_not_found")...

permit_offer_create_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: "authenticated"; side_effects: true; input: ZodObject<{ to_account_id: $ZodBranded<ZodUUID, "Uuid", "out">; role: ZodString; scope_id: ZodOptional<...>; message: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: s...

permit_offer_decline_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: "authenticated"; side_effects: true; input: ZodObject<{ offer_id: $ZodBranded<ZodUUID, "Uuid", "out">; reason: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description: string; error_reasons: ("offer_terminal" | "offer_no...

permit_offer_history_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: "authenticated"; side_effects: false; input: ZodObject<{ account_id: ZodOptional<ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>>; limit: ZodOptional<...>; offset: ZodOptional<...>; }, $strict>; output: ZodObject<...>; async: true; description...

permit_offer_list_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: "authenticated"; side_effects: false; input: ZodObject<{ account_id: ZodOptional<ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>>; }, $strict>; output: ZodObject<...>; async: true; description: string; }

permit_offer_retract_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: "authenticated"; side_effects: true; input: ZodObject<{ offer_id: $ZodBranded<ZodUUID, "Uuid", "out">; }, $strict>; output: ZodObject<...>; async: true; description: string; error_reasons: ("offer_terminal" | "offer_not_found")[]; }

permit_revoke_action_spec
#

auth/permit_offer_action_specs.ts view source

{ method: string; kind: "request_response"; initiator: "frontend"; auth: { role: string; }; side_effects: true; input: ZodObject<{ actor_id: $ZodBranded<ZodUUID, "Uuid", "out">; permit_id: $ZodBranded<...>; reason: ZodOptional<...>; }, $strict>; ... 4 more ...; rate_limit: "account"; }

PermitOfferAcceptInput
#

PermitOfferAcceptOutput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ permit_id: $ZodBranded<ZodUUID, "Uuid", "out">; offer: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; from_actor_id: $ZodBranded<ZodUUID, "Uuid", "out">; ... 11 more ...; resulting_permit_id: ZodNullable<...>; }, $strict>; superseded_offer_ids: ZodArray<...>; }, $strict>

Output for permit_offer_accept.

PermitOfferCreateInput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ to_account_id: $ZodBranded<ZodUUID, "Uuid", "out">; role: ZodString; scope_id: ZodOptional<ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>>; message: ZodOptional<...>; }, $strict>

Input for permit_offer_create.

PermitOfferCreateOutput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ offer: ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; from_actor_id: $ZodBranded<ZodUUID, "Uuid", "out">; to_account_id: $ZodBranded<ZodUUID, "Uuid", "out">; ... 10 more ...; resulting_permit_id: ZodNullable<...>; }, $strict>; }, $strict>

Output for permit_offer_create.

PermitOfferDeclineInput
#

PermitOfferHistoryInput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ account_id: ZodOptional<ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>>; limit: ZodOptional<ZodNullable<ZodNumber>>; offset: ZodOptional<...>; }, $strict>

Input for permit_offer_history. Returns every offer involving the account in either direction (recipient or grantor), including terminal rows, newest first. account_id is admin-only.

PermitOfferHistoryOutput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ offers: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; from_actor_id: $ZodBranded<ZodUUID, "Uuid", "out">; to_account_id: $ZodBranded<ZodUUID, "Uuid", "out">; ... 10 more ...; resulting_permit_id: ZodNullable<...>; }, $strict>>; }, $strict>

Output for permit_offer_history.

PermitOfferListInput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ account_id: ZodOptional<ZodNullable<$ZodBranded<ZodUUID, "Uuid", "out">>>; }, $strict>

Input for permit_offer_list. account_id is admin-only (inspect another account's inbox).

PermitOfferListOutput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ offers: ZodArray<ZodObject<{ id: $ZodBranded<ZodUUID, "Uuid", "out">; from_actor_id: $ZodBranded<ZodUUID, "Uuid", "out">; to_account_id: $ZodBranded<ZodUUID, "Uuid", "out">; ... 10 more ...; resulting_permit_id: ZodNullable<...>; }, $strict>>; }, $strict>

Output for permit_offer_list.

PermitOfferOkOutput
#

PermitOfferRetractInput
#

PermitRevokeInput
#

auth/permit_offer_action_specs.ts view source

ZodObject<{ actor_id: $ZodBranded<ZodUUID, "Uuid", "out">; permit_id: $ZodBranded<ZodUUID, "Uuid", "out">; reason: ZodOptional<ZodNullable<ZodString>>; }, $strict>

Input for permit_revoke. Admin-only mutation that revokes an active permit on a target actor. actor_id is the natural key — permits are actor-scoped, and the admin UI reads row.actor.id straight from the listing. Deriving actor_id from account_id would collapse under multi-actor accounts.

PermitRevokeOutput
#

Depends on
#

Imported by
#