@camstack/addon-admin-ui 0.1.34 → 0.1.35

package/dist/server/addon.js

@@ -10195,51 +10195,6 @@ const AuthResultSchema = object({
     validateToken: method(object({ token: string() }), AuthResultSchema.nullable())
   }
 });
-const AuthProviderInfoSchema = object({
-  /** Stable id matching the addon id (used for `getLoginUrl({addonId,…})`). */
-  addonId: string(),
-  /**
-   * Per-instance id when one addon registers multiple "logical"
-   * providers (e.g. OIDC with Google + Microsoft + custom). The login
-   * URL becomes `/addon/${addonId}/${instanceId}/start` — handler reads
-   * `:instanceId` from the route. Empty/unset means the addon is a
-   * single-instance provider; the URL is `/addon/${addonId}/start`.
-   */
-  instanceId: string().optional(),
-  /** Display label shown on the login button + admin row. */
-  displayName: string(),
-  /** Optional iconography hint (lucide-react icon name OR emoji). */
-  icon: string().optional(),
-  /** When true, the provider exposes a redirect-based login flow
-   *  (`getLoginUrl` returns a URL the browser navigates to). */
-  hasRedirectFlow: boolean(),
-  /** When true, the provider exposes a credential-form login flow
-   *  (`validateCredentials` accepts username + password). */
-  hasCredentialFlow: boolean(),
-  /** Provider kind, drives admin-UI hint dispatch (oidc / saml / totp / …). */
-  kind: string().optional(),
-  /** Operator-facing status string (e.g. "Connected to https://login.acme.com"). */
-  status: string().optional(),
-  /** When false, the provider is registered but disabled by config; the
-   *  UI surfaces it as inactive without enumerating it for login. */
-  enabled: boolean()
-});
-({
-  methods: {
-    /** All registered auth providers, both enabled and disabled. */
-    listProviders: method(_void(), array(AuthProviderInfoSchema).readonly()),
-    /**
-     * Toggle a provider's enabled flag. Disabled providers stay
-     * registered but aren't surfaced on the login page. The orchestrator
-     * persists the state in `addon-settings` so it survives restarts.
-     */
-    setProviderEnabled: method(
-      object({ addonId: string(), enabled: boolean() }),
-      object({ success: literal(true) }),
-      { kind: "mutation", auth: "admin" }
-    )
-  }
-});
 const NetworkEndpointSchema = object({
   url: string(),
   hostname: string(),
@@ -10271,55 +10226,13 @@ const NetworkEndpointEntrySchema = NetworkEndpointSchema.extend({
     getEndpoint: method(_void(), NetworkEndpointSchema.nullable()),
     getStatus: method(_void(), NetworkAccessStatusSchema),
     /**
-     * Enumerate every active ingress entry. Default implementation (when
-     * the provider omits this method) is derived from `getEndpoint()` —
-     * see the remote-access orchestrator for the fallback path.
+     * Enumerate every active ingress entry. Providers that expose only a
+     * single endpoint may omit this method; callers fall back to
+     * `getEndpoint()` in that case.
      */
     listEndpoints: method(_void(), array(NetworkEndpointEntrySchema).readonly())
   }
 });
-const RemoteAccessEndpointSchema = object({
-  url: string(),
-  hostname: string(),
-  port: number(),
-  protocol: _enum(["http", "https"])
-});
-const RemoteAccessProviderInfoSchema = object({
-  /** Stable id matching the addon id. */
-  addonId: string(),
-  /** Display label shown on the admin row — sourced from the addon manifest. */
-  displayName: string(),
-  /** When false, the provider is registered but disabled. */
-  enabled: boolean(),
-  /** True when the underlying tunnel/connection is up. */
-  connected: boolean(),
-  /** Public-facing endpoint, when connected. Null otherwise. */
-  endpoint: RemoteAccessEndpointSchema.nullable(),
-  /** Last error message (when connected=false), if available. */
-  error: string().optional()
-});
-({
-  methods: {
-    /** All registered remote-access providers + their live status. */
-    listProviders: method(_void(), array(RemoteAccessProviderInfoSchema).readonly()),
-    /**
-     * Start a specific provider's tunnel. Per-provider config still
-     * lives on the addon's settings panel; this is just the on/off
-     * trigger so the admin UI can manage the lifecycle from one place.
-     */
-    startProvider: method(
-      object({ addonId: string() }),
-      RemoteAccessEndpointSchema,
-      { kind: "mutation", auth: "admin" }
-    ),
-    /** Stop a specific provider's tunnel (idempotent on already-stopped). */
-    stopProvider: method(
-      object({ addonId: string() }),
-      object({ success: literal(true) }),
-      { kind: "mutation", auth: "admin" }
-    )
-  }
-});
 const TurnServerSchema = object({
   /** Single URL or list of URLs (e.g. "turn:turn.example.com:3478?transport=udp"). */
   urls: union([string(), array(string())]),
@@ -10339,45 +10252,6 @@ const TurnServerSchema = object({
     )
   }
 });
-const TurnProviderInfoSchema = object({
-  /** Stable id matching the addon id. */
-  addonId: string(),
-  /** Display label shown on the admin row — sourced from the addon manifest. */
-  displayName: string(),
-  /** When false, the provider is registered but disabled. */
-  enabled: boolean(),
-  /** Number of servers this provider is currently exposing. */
-  serverCount: number(),
-  /**
-   * Flat list of every TURN/STUN URL this provider currently exposes.
-   * One row per URL (multi-URL ICE server entries are flattened). The
-   * admin UI shows this in a compact per-provider list so operators
-   * can verify what's actually being negotiated without having to dig
-   * into the combined `getAllServers` output.
-   */
-  urls: array(string()).readonly(),
-  /** Last fetch error (when serverCount=0 due to API failure), if any. */
-  error: string().optional()
-});
-({
-  methods: {
-    /** All registered TURN providers + per-provider stats. */
-    listProviders: method(_void(), array(TurnProviderInfoSchema).readonly()),
-    /**
-     * Combined list of TURN/STUN servers from all ENABLED providers.
-     * Consumed by the WebRTC layer at session-creation time —
-     * implementations may fetch fresh short-lived credentials each
-     * call (e.g. Cloudflare API), so consumers SHOULD call per-session.
-     */
-    getAllServers: method(_void(), array(TurnServerSchema).readonly()),
-    /** Toggle a provider's enabled flag. */
-    setProviderEnabled: method(
-      object({ addonId: string(), enabled: boolean() }),
-      object({ success: literal(true) }),
-      { kind: "mutation", auth: "admin" }
-    )
-  }
-});
 const SnapshotImageSchema = object({
   base64: string(),
   contentType: string()
@@ -11845,7 +11719,7 @@ const AllowedAddressesSchema = object({
     )
   }
 });
-const MeshEndpointSchema$1 = object({
+const MeshEndpointSchema = object({
   /** Stable identifier within the provider (e.g. `mesh-ipv4`, `magicdns`, `funnel`). */
   id: string(),
   /** Operator-facing label (e.g. "Mesh IPv4", "MagicDNS"). */
@@ -11918,7 +11792,7 @@ const MeshStatusSchema = object({
   /** Number of peers visible to this host (excluding self). */
   peerCount: number(),
   /** Every endpoint this provider exposes for the current host. */
-  endpoints: array(MeshEndpointSchema$1).readonly(),
+  endpoints: array(MeshEndpointSchema).readonly(),
   /** Last error from the daemon, when not joined. */
   error: string().optional(),
   // ── Account / tenant identity (generic across providers) ────────
@@ -12081,105 +11955,6 @@ const MeshStatusSchema = object({
     // tabs driven by this cap.
   }
 });
-const MeshEndpointSchema = object({
-  id: string(),
-  label: string(),
-  scope: _enum(["mesh", "public"]),
-  url: string(),
-  hostname: string(),
-  port: number(),
-  protocol: _enum(["http", "https"])
-});
-const MeshProviderInfoSchema = object({
-  /** Stable id matching the addon id. */
-  addonId: string(),
-  /** Display label shown on the admin row — sourced from the addon manifest. */
-  displayName: string(),
-  /** True when the host is joined to this provider's mesh. */
-  joined: boolean(),
-  /** Local mesh IP (empty when not joined). */
-  meshIp: string(),
-  /** MagicDNS / mesh hostname (empty when not configured). */
-  magicDnsHostname: string(),
-  /** Peer count (excluding self). */
-  peerCount: number(),
-  /** Active endpoints (mesh IP + MagicDNS + optional public Funnel). */
-  endpoints: array(MeshEndpointSchema).readonly(),
-  /** Last error reported by the provider. */
-  error: string().optional(),
-  // ── Generic identity fields mirrored from MeshStatus ─────────────
-  /** Tenant / tailnet / network display name. Empty pre-join. */
-  tenantName: string(),
-  /** Mesh DNS suffix (e.g. tailXXXX.ts.net). Empty when not configured. */
-  magicDnsSuffix: string(),
-  /** Authenticated user / account login. Null for token-only providers. */
-  userLogin: string().nullable(),
-  /** Provider control-plane URL. */
-  controlPlaneUrl: string(),
-  /** Machine-key expiry (epoch ms). Null when keys don't rotate. */
-  keyExpiry: number().nullable()
-});
-({
-  methods: {
-    /** All registered mesh-network providers + live status. */
-    listProviders: method(_void(), array(MeshProviderInfoSchema).readonly()),
-    /**
-     * Join the mesh of a specific provider. Per-provider config still
-     * lives on its settings panel; the orchestrator forwards.
-     */
-    joinProvider: method(
-      object({
-        addonId: string(),
-        authKey: string().min(8),
-        hostname: string().optional()
-      }),
-      object({ joined: literal(true) }),
-      { kind: "mutation" }
-    ),
-    leaveProvider: method(
-      object({ addonId: string() }),
-      object({ success: literal(true) }),
-      { kind: "mutation" }
-    ),
-    /**
-     * Browser-redirect login flow. Forwards to the named provider's
-     * `mesh-network.startLogin` and returns the URL the daemon
-     * prints. UI opens it in a new tab, then polls `listProviders`
-     * for `joined: true`.
-     */
-    startLoginProvider: method(
-      object({
-        addonId: string(),
-        hostname: string().optional()
-      }),
-      object({ loginUrl: string() }),
-      { kind: "mutation" }
-    ),
-    /**
-     * Sign out of the provider's account entirely (`mesh-network.logout`).
-     * Distinct from `leaveProvider` which only takes the host off-mesh;
-     * `logoutProvider` wipes credentials so the next start requires a
-     * fresh login.
-     */
-    logoutProvider: method(
-      object({ addonId: string() }),
-      object({ loggedOut: literal(true) }),
-      { kind: "mutation" }
-    ),
-    /**
-     * Per-provider peer list. Forwards to `mesh-network.listPeers` on
-     * the addressed provider. Separate from `listProviders` because
-     * peer payloads can be large on a heavily-populated tailnet —
-     * fetch only when the operator opens the Peers tab.
-     */
-    listProviderPeers: method(
-      object({ addonId: string() }),
-      object({
-        peers: array(MeshPeerSchema).readonly()
-      })
-    )
-  }
-});
 const MethodAccessSchema = _enum(["view", "create", "delete"]);
 const AllowedProviderSchema = union([literal("*"), array(string())]);
 const AllowedDevicesSchema = record(string(), union([literal("*"), array(string())]));
@@ -13049,6 +12824,29 @@ const CustomActionInputSchema = object({
         isActive: boolean()
       })).readonly()
     ),
+    /**
+     * Toggle a single collection-cap provider on/off. Generic write-side
+     * counterpart of `listCapabilityProviders` — drives the per-provider
+     * Enable/Disable affordance in admin pages (TURN servers, etc.)
+     * without needing a bespoke orchestrator cap.
+     *
+     * Reaches the hub's `CapabilityRegistry` directly:
+     * `enableCollectionProvider` / `disableCollectionProvider` flip the
+     * registry-level `disabledProviders` set. `getCollectionEntries`
+     * already filters disabled providers out, so a disabled provider
+     * drops out of every collection aggregate immediately. Only valid
+     * for `mode: 'collection'` caps — the registry no-ops + warns for
+     * singletons.
+     */
+    setCapabilityProviderEnabled: method(
+      object({
+        capName: string().min(1),
+        addonId: string().min(1),
+        enabled: boolean()
+      }),
+      object({ success: literal(true) }),
+      { kind: "mutation", auth: "admin" }
+    ),
     /**
      * Live-update one of the framework packages marked
      * `camstack.system: true` (`@camstack/types|kernel|core|sdk|ui-library`).