Yes! We just need to tease apart permissions so we’re not storing spending perms on the server (without them being encrypted) but still have perms to generate invoices on the server.

We’ll iterate to these “duplex” permissions eventually.