npm - @camstack/addon-pipeline-orchestrator - Versions diffs - 0.1.14 → 0.1.15 - Mend

@camstack/addon-pipeline-orchestrator 0.1.14 → 0.1.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/dist/index.mjs CHANGED Viewed

@@ -5134,6 +5134,9 @@ function hydrateField(field, values) {
     return { ...field, value: items };
   }
   const rawValue = storedValue !== void 0 ? storedValue : defaultValue !== void 0 ? defaultValue : null;
+  if (field.type === "password") {
+    return { ...field, value: "" };
+  }
   const value = field.type === "textarea" && field.isJson && rawValue !== null && typeof rawValue === "object" ? JSON.stringify(rawValue, null, 2) : rawValue;
   const hydrated = { ...field, value };
   return hydrated;
@@ -7343,6 +7346,34 @@ MotionTriggerStatusSchema.extend({
     }) }
   }
 });
+object({
+  enabled: boolean(),
+  sensitivity: number(),
+  /** Row-major active-cell grid. Length = gridWidth*gridHeight (see getOptions). */
+  cells: array(boolean()),
+  lastFetchedAt: number()
+});
+const MotionZoneOptionsSchema = object({
+  gridWidth: number(),
+  gridHeight: number(),
+  sensitivity: object({ min: number(), max: number(), step: number() })
+});
+const MotionZonePatchSchema = object({
+  enabled: boolean().optional(),
+  sensitivity: number().optional(),
+  cells: array(boolean()).optional()
+});
+({
+  deviceTypes: [DeviceType.Camera],
+  methods: {
+    getOptions: method(object({ deviceId: number() }), MotionZoneOptionsSchema),
+    setZone: method(
+      object({ deviceId: number(), patch: MotionZonePatchSchema }),
+      _void(),
+      { kind: "mutation", auth: "admin" }
+    )
+  }
+});
 const AutotrackTargetTypeSchema = string().describe("Vendor target string (people/vehicle/pet); empty = camera default");
 const PtzAutotrackSettingsSchema = object({
   targetType: AutotrackTargetTypeSchema,
@@ -7431,6 +7462,72 @@ PtzAutotrackStatusSchema.extend({
     }) }
   }
 });
+const StreamProfileSchema = _enum(["main", "sub", "ext"]);
+const StreamProfileConfigSchema = object({
+  width: number(),
+  height: number(),
+  codec: _enum(["h264", "h265"]),
+  framerate: number(),
+  bitrate: number(),
+  // kbps
+  bitrateMode: _enum(["vbr", "cbr"]).optional(),
+  encoderProfile: _enum(["high", "main", "baseline"]).optional(),
+  gop: number().optional(),
+  audio: boolean().optional()
+});
+object({
+  /** Per-profile current config. A profile absent = the camera doesn't have it. */
+  main: StreamProfileConfigSchema.optional(),
+  sub: StreamProfileConfigSchema.optional(),
+  ext: StreamProfileConfigSchema.optional(),
+  lastFetchedAt: number()
+});
+const StreamProfileOptionsSchema = object({
+  resolutions: array(object({ width: number(), height: number() })),
+  codecs: array(_enum(["h264", "h265"])),
+  framerates: array(number()),
+  /** Allowed bitrate values (kbps). Empty if the camera takes a free range. */
+  bitrates: array(number()),
+  /** Optional [min,max] kbps when the camera accepts a continuous range. */
+  bitrateRange: tuple([number(), number()]).optional(),
+  supportsBitrateMode: boolean(),
+  supportsEncoderProfile: boolean(),
+  supportsGop: boolean()
+});
+const StreamParamsOptionsSchema = object({
+  main: StreamProfileOptionsSchema.optional(),
+  sub: StreamProfileOptionsSchema.optional(),
+  ext: StreamProfileOptionsSchema.optional()
+});
+const StreamProfilePatchSchema = object({
+  width: number().optional(),
+  height: number().optional(),
+  codec: _enum(["h264", "h265"]).optional(),
+  framerate: number().optional(),
+  bitrate: number().optional(),
+  bitrateMode: _enum(["vbr", "cbr"]).optional(),
+  encoderProfile: _enum(["high", "main", "baseline"]).optional(),
+  gop: number().optional(),
+  audio: boolean().optional()
+});
+({
+  deviceTypes: [DeviceType.Camera],
+  methods: {
+    getOptions: method(
+      object({ deviceId: number() }),
+      StreamParamsOptionsSchema
+    ),
+    setProfile: method(
+      object({
+        deviceId: number(),
+        profile: StreamProfileSchema,
+        patch: StreamProfilePatchSchema
+      }),
+      _void(),
+      { kind: "mutation", auth: "admin" }
+    )
+  }
+});
 object({
   on: boolean(),
   /** Ms epoch of the last state change. Useful for UI "X minutes ago". */
@@ -8371,6 +8468,83 @@ const VersionOutputSchema = object({ version: string() });
     getVersion: method(_void(), VersionOutputSchema)
   }
 });
+const MethodAccessSchema = _enum(["view", "create", "delete"]);
+const AllowedProviderSchema = union([literal("*"), array(string())]);
+const AllowedDevicesSchema = record(string(), union([literal("*"), array(string())]));
+const CapScopeSchema = _enum(["device", "system"]);
+const TokenScopeSchema = discriminatedUnion("type", [
+  object({
+    type: literal("category"),
+    target: CapScopeSchema,
+    access: array(MethodAccessSchema).min(1)
+  }),
+  object({
+    type: literal("capability"),
+    target: string(),
+    access: array(MethodAccessSchema).min(1)
+  }),
+  object({
+    type: literal("addon"),
+    target: string(),
+    access: array(MethodAccessSchema).min(1)
+  }),
+  object({
+    type: literal("device"),
+    /**
+     * One or more deviceIds (serialised as strings for wire-format
+     * consistency with the rest of the union). Matcher accepts if
+     * `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
+     * of one scope-per-device when granting access to a set of cameras.
+     */
+    targets: array(string()).min(1),
+    access: array(MethodAccessSchema).min(1)
+  })
+]);
+object({
+  id: string(),
+  username: string(),
+  passwordHash: string(),
+  /**
+   * Admin bypass. When true, the middleware skips the scope-access
+   * check entirely. There is no other axis of privilege; the legacy
+   * role enum collapsed onto this boolean in v2.
+   */
+  isAdmin: boolean().default(false),
+  allowedProviders: AllowedProviderSchema,
+  allowedDevices: AllowedDevicesSchema,
+  /**
+   * Scopes granted to this user. Admins bypass; their `scopes` is
+   * ignored. Non-admins without scopes are locked out of every
+   * protected call.
+   */
+  scopes: array(TokenScopeSchema).default([]),
+  createdAt: number(),
+  updatedAt: number()
+});
+object({
+  id: string(),
+  label: string(),
+  isAdmin: boolean().default(false),
+  allowedProviders: AllowedProviderSchema,
+  allowedDevices: AllowedDevicesSchema,
+  tokenHash: string(),
+  tokenPrefix: string(),
+  createdAt: number(),
+  lastUsedAt: number().optional()
+});
+object({
+  id: string(),
+  userId: string(),
+  name: string(),
+  tokenHash: string(),
+  tokenPrefix: string(),
+  scopes: array(TokenScopeSchema),
+  // SQLite/JSON storage round-trips undefined → null. Use `nullish` so the
+  // schema accepts both `null` (read from disk) and `undefined` (in-memory).
+  expiresAt: number().nullish(),
+  lastUsedAt: number().nullish(),
+  createdAt: number()
+});
 const SsoBridgeClaimsSchema = object({
   userId: string(),
   username: string(),
@@ -8386,7 +8560,18 @@ const SsoBridgeClaimsSchema = object({
    * JWT WITHOUT verifying the signature — the hub re-verifies on every
    * inbound call so trust still rests with the signing hub.
    */
-  hubUrl: string().optional()
+  hubUrl: string().optional(),
+  /** Permission scopes baked into the token. Set by the OAuth
+   *  account-linking grant; absent on ordinary SSO-login tokens. */
+  scopes: array(TokenScopeSchema).optional(),
+  /** OAuth authorization-code binding — set only on `oauth-code` tokens. */
+  redirectUri: string().optional(),
+  integrationId: string().optional(),
+  /** JWT ID — unique per issued code; consumed-set enforces single-use. */
+  jti: string().optional(),
+  /** OAuth session registry id — set on `oauth-access`/`oauth-refresh`
+   *  tokens so the verify path can check the session is not revoked. */
+  sessionId: string().optional()
 });
 ({
   methods: {
@@ -8403,6 +8588,23 @@ const SsoBridgeClaimsSchema = object({
     )
   }
 });
+const OauthIntegrationDescriptorSchema = object({
+  /** Stable id used as the `integration=` query param, e.g. 'export-alexa'. */
+  integrationId: string(),
+  /** Human label rendered on the consent page. */
+  displayName: string(),
+  /** Scopes baked into every token issued for this integration. */
+  requestedScopes: array(TokenScopeSchema),
+  /** Allowed redirect_uri prefixes. /oauth2/authorize rejects any
+   *  redirect_uri that does not start with one of these. Required —
+   *  an empty list means the integration can never complete linking. */
+  allowedRedirectPrefixes: array(string()).min(1)
+});
+({
+  methods: {
+    getDescriptor: method(_void(), OauthIntegrationDescriptorSchema)
+  }
+});
 const PasskeySummarySchema = object({
   credentialId: string(),
   label: string(),
@@ -11076,6 +11278,14 @@ const PtzMoveCommandSchema = object({
   zoom: number().optional(),
   speed: number().optional()
 });
+const PtzOptionsSchema = object({
+  hasPan: boolean(),
+  hasTilt: boolean(),
+  hasZoom: boolean(),
+  supportsPresets: boolean(),
+  /** Max number of named presets the camera supports, when known. */
+  maxPresets: number().optional()
+});
 ({
   deviceTypes: [DeviceType.Camera],
   methods: {
@@ -11103,6 +11313,20 @@ const PtzMoveCommandSchema = object({
       _void(),
       { kind: "mutation" }
     ),
+    savePreset: method(
+      object({ deviceId: number(), presetId: string(), name: string() }),
+      _void(),
+      { kind: "mutation", auth: "admin" }
+    ),
+    deletePreset: method(
+      object({ deviceId: number(), presetId: string() }),
+      _void(),
+      { kind: "mutation", auth: "admin" }
+    ),
+    getOptions: method(
+      object({ deviceId: number() }),
+      PtzOptionsSchema
+    ),
     goHome: method(
       object({ deviceId: number() }),
       _void(),
@@ -12052,83 +12276,6 @@ const MeshStatusSchema = object({
     // tabs driven by this cap.
   }
 });
-const MethodAccessSchema = _enum(["view", "create", "delete"]);
-const AllowedProviderSchema = union([literal("*"), array(string())]);
-const AllowedDevicesSchema = record(string(), union([literal("*"), array(string())]));
-const CapScopeSchema = _enum(["device", "system"]);
-const TokenScopeSchema = discriminatedUnion("type", [
-  object({
-    type: literal("category"),
-    target: CapScopeSchema,
-    access: array(MethodAccessSchema).min(1)
-  }),
-  object({
-    type: literal("capability"),
-    target: string(),
-    access: array(MethodAccessSchema).min(1)
-  }),
-  object({
-    type: literal("addon"),
-    target: string(),
-    access: array(MethodAccessSchema).min(1)
-  }),
-  object({
-    type: literal("device"),
-    /**
-     * One or more deviceIds (serialised as strings for wire-format
-     * consistency with the rest of the union). Matcher accepts if
-     * `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
-     * of one scope-per-device when granting access to a set of cameras.
-     */
-    targets: array(string()).min(1),
-    access: array(MethodAccessSchema).min(1)
-  })
-]);
-object({
-  id: string(),
-  username: string(),
-  passwordHash: string(),
-  /**
-   * Admin bypass. When true, the middleware skips the scope-access
-   * check entirely. There is no other axis of privilege; the legacy
-   * role enum collapsed onto this boolean in v2.
-   */
-  isAdmin: boolean().default(false),
-  allowedProviders: AllowedProviderSchema,
-  allowedDevices: AllowedDevicesSchema,
-  /**
-   * Scopes granted to this user. Admins bypass; their `scopes` is
-   * ignored. Non-admins without scopes are locked out of every
-   * protected call.
-   */
-  scopes: array(TokenScopeSchema).default([]),
-  createdAt: number(),
-  updatedAt: number()
-});
-object({
-  id: string(),
-  label: string(),
-  isAdmin: boolean().default(false),
-  allowedProviders: AllowedProviderSchema,
-  allowedDevices: AllowedDevicesSchema,
-  tokenHash: string(),
-  tokenPrefix: string(),
-  createdAt: number(),
-  lastUsedAt: number().optional()
-});
-object({
-  id: string(),
-  userId: string(),
-  name: string(),
-  tokenHash: string(),
-  tokenPrefix: string(),
-  scopes: array(TokenScopeSchema),
-  // SQLite/JSON storage round-trips undefined → null. Use `nullish` so the
-  // schema accepts both `null` (read from disk) and `undefined` (in-memory).
-  expiresAt: number().nullish(),
-  lastUsedAt: number().nullish(),
-  createdAt: number()
-});
 const UserSummarySchema = object({
   id: string(),
   username: string(),
@@ -12201,6 +12348,16 @@ const CreateScopedTokenResultSchema = object({
   token: string(),
   record: ScopedTokenSummarySchema
 });
+const OauthSessionSummarySchema = object({
+  id: string(),
+  userId: string(),
+  username: string(),
+  integrationId: string(),
+  scopes: array(TokenScopeSchema),
+  createdAt: number(),
+  lastUsedAt: number(),
+  revokedAt: number().nullable()
+});
 const TotpSetupResultSchema = object({
   secret: string(),
   otpauthUrl: string()
@@ -12276,6 +12433,66 @@ const TotpStatusSchema = object({
       object({ userId: string(), code: string() }),
       object({ valid: boolean() }),
       { kind: "mutation", access: "view" }
+    ),
+    // ── OAuth account-linking grant ────────────────────────────────
+    //
+    // Core's /oauth2/* endpoints delegate here. Tokens are sso-bridge
+    // JWTs (kinds oauth-code / oauth-access / oauth-refresh) and ALWAYS
+    // carry isAdmin:false — the operator login proves hub control; the
+    // issued token is minimal (device scope only).
+    oauthIssueCode: method(
+      object({
+        integrationId: string(),
+        userId: string(),
+        username: string(),
+        scopes: array(TokenScopeSchema),
+        redirectUri: string(),
+        hubUrl: string()
+      }),
+      object({ code: string() }),
+      { kind: "mutation", access: "create" }
+    ),
+    oauthExchangeCode: method(
+      object({ code: string(), redirectUri: string() }),
+      object({
+        accessToken: string(),
+        refreshToken: string(),
+        expiresIn: number()
+      }).nullable(),
+      { kind: "mutation", access: "view" }
+    ),
+    oauthRefresh: method(
+      object({ refreshToken: string() }),
+      object({
+        accessToken: string(),
+        refreshToken: string(),
+        expiresIn: number()
+      }).nullable(),
+      { kind: "mutation", access: "view" }
+    ),
+    oauthVerifyAccessToken: method(
+      object({ token: string() }),
+      object({
+        userId: string(),
+        username: string(),
+        scopes: array(TokenScopeSchema)
+      }).nullable(),
+      { access: "view" }
+    ),
+    // ── OAuth linked-session management (Phase D) ──────────────────
+    //
+    // The admin UI lists active account-linking sessions and revokes
+    // them; revocation makes the linked integration's tokens fail
+    // verification immediately.
+    listOauthSessions: method(
+      _void(),
+      array(OauthSessionSummarySchema),
+      { auth: "admin" }
+    ),
+    revokeOauthSession: method(
+      object({ id: string() }),
+      object({ success: boolean() }),
+      { kind: "mutation", auth: "admin", access: "delete" }
     )
   }
 });
@@ -14778,6 +14995,24 @@ class PipelineOrchestratorAddon extends BaseAddon {
           allowedSizes: ["lg", "xl"],
           defaultColumns: 12,
           defaultRows: 4
+        },
+        {
+          // On-camera motion-detection grid editor. The `motion-zones`
+          // cap is owned by the camera provider addons; the widget only
+          // talks to it over tRPC, so hosting the React surface here
+          // (one bundle) avoids duplicating it per provider.
+          stableId: "motion-zones-editor",
+          label: "Motion Zones",
+          description: "On-camera motion-detection grid editor (live-frame overlay).",
+          icon: "grid-3x3",
+          remoteName: "addon_pipeline_orchestrator_widgets",
+          bundle: "remoteEntry.js",
+          hosts: ["device-tab"],
+          requires: { deviceContext: true, integrationContext: false },
+          defaultSize: "lg",
+          allowedSizes: ["md", "lg"],
+          defaultColumns: 12,
+          defaultRows: 1
         }
       ]
     };
@@ -16949,8 +17184,28 @@ class PipelineOrchestratorAddon extends BaseAddon {
         }
       ]
     };
+    const motionZonesSection = {
+      id: "motion-zones",
+      title: "Motion Zones",
+      tab: "motion",
+      location: "settings",
+      columns: 1,
+      order: 0,
+      fields: [
+        {
+          // Widget fields manage their own state via DeviceProxy —
+          // `ConfigWidgetField` carries no `value` (unlike the legacy
+          // `zone-editor` field type which still does).
+          type: "widget",
+          key: "motion-zones",
+          label: "Motion Zones",
+          widgetId: "pipeline-orchestrator/motion-zones-editor",
+          span: 1
+        }
+      ]
+    };
     return {
-      sections: [...baseSections, zonesSection]
+      sections: [...baseSections, zonesSection, motionZonesSection]
     };
   }
   // `getCameraPipelineWithFallback` was a thin wrapper over