@camstack/core 0.1.28 → 0.1.30

package/dist/index.mjs

@@ -31,7 +31,7 @@ import { promisify } from "node:util";
 import { errMsg, parseJsonObject } from "@camstack/types";
 import * as vm from "node:vm";
 import * as os from "node:os";
-//#region ../types/dist/auth-records-wKlyGWdW.mjs
+//#region ../types/dist/index-DVKPWMwv.mjs
 var MODEL_FORMATS = [
 	"onnx",
 	"coreml",
@@ -643,6 +643,7 @@ function method(input, output, options) {
 		output,
 		kind: options?.kind ?? "query",
 		auth: options?.auth ?? "protected",
+		...options?.access !== void 0 ? { access: options.access } : {},
 		timeoutMs: options?.timeoutMs
 	};
 }
@@ -2139,14 +2140,14 @@ method(z.object({
 	updatedAt: true
 }), StorageLocationSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ id: z.string() }), z.void(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ id: z.string() }), z.object({
 	ok: z.boolean(),
 	error: z.string().optional()
-}), { auth: "superAdmin" }), method(z.void(), z.array(z.object({
+}), { auth: "admin" }), method(z.void(), z.array(z.object({
 	providerId: z.string(),
 	displayName: z.string(),
 	supportedLocationTypes: z.array(StorageLocationTypeSchema$1).readonly(),
@@ -2157,7 +2158,7 @@ method(z.object({
 }), z.object({
 	ok: z.boolean(),
 	error: z.string().optional()
-}), { auth: "superAdmin" });
+}), { auth: "admin" });
 var ProviderInfoSchema = z.object({
 	providerId: z.string().min(1),
 	displayName: z.string().min(1),
@@ -2195,7 +2196,7 @@ var ReadChunkInputSchema = z.object({
 	length: z.number()
 });
 var EndDownloadInputSchema = z.object({ downloadId: z.string() });
-method(z.void(), ProviderInfoSchema), method(z.object({ config: z.record(z.string(), z.unknown()) }), TestLocationResultSchema, { auth: "superAdmin" }), method(z.object({
+method(z.void(), ProviderInfoSchema), method(z.object({ config: z.record(z.string(), z.unknown()) }), TestLocationResultSchema, { auth: "admin" }), method(z.object({
 	location: StorageLocationSchema,
 	relativePath: z.string()
 }), z.string()), method(z.object({
@@ -2296,18 +2297,18 @@ var LocationStatSchema = z.object({
 	fileCount: z.number(),
 	present: z.boolean()
 });
-method(z.void(), z.array(BackupDestinationInfoSchema).readonly(), { auth: "superAdmin" }), method(z.object({
+method(z.void(), z.array(BackupDestinationInfoSchema).readonly(), { auth: "admin" }), method(z.object({
 	/** Subset of registered `backup-destination` addon ids to write to. */
 	destinations: z.array(z.string()).optional(),
 	locations: z.array(z.string()).optional(),
 	label: z.string().optional()
 }).optional(), z.array(BackupEntrySchema).readonly(), {
 	kind: "mutation",
-	auth: "superAdmin"
-}), method(z.void(), z.array(BackupEntrySchema).readonly(), { auth: "superAdmin" }), method(z.void(), z.array(LocationStatSchema).readonly(), { auth: "superAdmin" }), method(z.object({
+	auth: "admin"
+}), method(z.void(), z.array(BackupEntrySchema).readonly(), { auth: "admin" }), method(z.void(), z.array(LocationStatSchema).readonly(), { auth: "admin" }), method(z.object({
 	destinationId: z.string(),
 	backupId: z.string()
-}), ArchiveManifestSchema.nullable(), { auth: "superAdmin" }), method(z.object({
+}), ArchiveManifestSchema.nullable(), { auth: "admin" }), method(z.object({
 	destinationId: z.string(),
 	backupId: z.string(),
 	/**
@@ -2320,14 +2321,14 @@ method(z.void(), z.array(BackupDestinationInfoSchema).readonly(), { auth: "super
 	locations: z.array(z.string()).optional()
 }), z.void(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({
 	destinationId: z.string(),
 	backupId: z.string()
 }), z.void(), {
 	kind: "mutation",
-	auth: "superAdmin"
-}), method(z.object({ destinationId: z.string() }), z.array(BackupArchiveEntrySchema).readonly(), { auth: "superAdmin" }), method(z.object({
+	auth: "admin"
+}), method(z.object({ destinationId: z.string() }), z.array(BackupArchiveEntrySchema).readonly(), { auth: "admin" }), method(z.object({
 	locationId: z.string(),
 	enabled: z.boolean(),
 	retentionCount: z.number().int().min(1).max(1e3),
@@ -2341,7 +2342,7 @@ method(z.void(), z.array(BackupDestinationInfoSchema).readonly(), { auth: "super
 	cron: z.string().optional()
 }), z.void(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({
 	cron: z.string(),
 	count: z.number().int().min(1).max(20).optional()
@@ -3321,7 +3322,7 @@ method(z.void(), z.array(AuthProviderInfoSchema).readonly()), method(z.object({
 	enabled: z.boolean()
 }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 });
 var NetworkEndpointSchema = z.object({
 	url: z.string(),
@@ -3357,10 +3358,10 @@ var RemoteAccessProviderInfoSchema = z.object({
 });
 method(z.void(), z.array(RemoteAccessProviderInfoSchema).readonly()), method(z.object({ addonId: z.string() }), RemoteAccessEndpointSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ addonId: z.string() }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 });
 var TurnServerSchema = z.object({
 	/** Single URL or list of URLs (e.g. "turn:turn.example.com:3478?transport=udp"). */
@@ -3394,7 +3395,7 @@ method(z.void(), z.array(TurnProviderInfoSchema).readonly()), method(z.void(), z
 	enabled: z.boolean()
 }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 });
 var SnapshotImageSchema = z.object({
 	base64: z.string(),
@@ -4493,39 +4494,91 @@ method(z.void(), z.array(MeshProviderInfoSchema).readonly()), method(z.object({
 	authKey: z.string().min(8),
 	hostname: z.string().optional()
 }), z.object({ joined: z.literal(true) }), { kind: "mutation" }), method(z.object({ addonId: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation" });
-var UserRoleSchema$1 = z.enum([
-	"super_admin",
+var UserRoleSchema = z.enum([
 	"admin",
 	"viewer",
 	"agent",
 	"scoped"
 ]);
+var AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
+var AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
+var MethodAccessSchema = z.enum([
+	"view",
+	"create",
+	"delete"
+]);
+var TokenScopeSchema = z.object({
+	type: z.enum(["addon", "capability"]),
+	target: z.string(),
+	access: z.array(MethodAccessSchema).min(1)
+});
+z.object({
+	id: z.string(),
+	username: z.string(),
+	passwordHash: z.string(),
+	role: UserRoleSchema,
+	allowedProviders: AllowedProviderSchema,
+	allowedDevices: AllowedDevicesSchema,
+	/**
+	* Scopes granted to this user. Admins bypass; their `scopes` is ignored.
+	* Non-admins (`viewer`, `agent`, `scoped`) without scopes are locked out
+	* of every protected call.
+	*/
+	scopes: z.array(TokenScopeSchema).default([]),
+	createdAt: z.number(),
+	updatedAt: z.number()
+});
+z.object({
+	id: z.string(),
+	label: z.string(),
+	role: UserRoleSchema,
+	allowedProviders: AllowedProviderSchema,
+	allowedDevices: AllowedDevicesSchema,
+	tokenHash: z.string(),
+	tokenPrefix: z.string(),
+	createdAt: z.number(),
+	lastUsedAt: z.number().optional()
+});
+z.object({
+	id: z.string(),
+	userId: z.string(),
+	name: z.string(),
+	tokenHash: z.string(),
+	tokenPrefix: z.string(),
+	scopes: z.array(TokenScopeSchema),
+	expiresAt: z.number().nullish(),
+	lastUsedAt: z.number().nullish(),
+	createdAt: z.number()
+});
 var UserSummarySchema = z.object({
 	id: z.string(),
 	username: z.string(),
-	role: UserRoleSchema$1,
+	role: UserRoleSchema,
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])),
+	scopes: z.array(TokenScopeSchema).default([]),
 	createdAt: z.number(),
 	updatedAt: z.number()
 });
 var CreateUserInputSchema = z.object({
 	username: z.string(),
 	password: z.string().min(6),
-	role: UserRoleSchema$1,
+	role: UserRoleSchema,
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
-	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional()
+	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
+	scopes: z.array(TokenScopeSchema).optional()
 });
 var UpdateUserInputSchema = z.object({
 	id: z.string(),
-	role: UserRoleSchema$1.optional(),
+	role: UserRoleSchema.optional(),
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
-	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional()
+	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
+	scopes: z.array(TokenScopeSchema).optional()
 });
 var ApiKeySummarySchema = z.object({
 	id: z.string(),
 	label: z.string(),
-	role: UserRoleSchema$1,
+	role: UserRoleSchema,
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
 	tokenPrefix: z.string(),
@@ -4534,7 +4587,7 @@ var ApiKeySummarySchema = z.object({
 });
 var CreateApiKeyInputSchema = z.object({
 	label: z.string(),
-	role: UserRoleSchema$1,
+	role: UserRoleSchema,
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional()
 });
@@ -4542,20 +4595,12 @@ var CreateApiKeyResultSchema = z.object({
 	token: z.string(),
 	record: ApiKeySummarySchema
 });
-var TokenScopeSchema$1 = z.object({
-	type: z.enum([
-		"addon",
-		"route-prefix",
-		"capability"
-	]),
-	target: z.string()
-});
 var ScopedTokenSummarySchema = z.object({
 	id: z.string(),
 	userId: z.string(),
 	name: z.string(),
 	tokenPrefix: z.string(),
-	scopes: z.array(TokenScopeSchema$1),
+	scopes: z.array(TokenScopeSchema),
 	expiresAt: z.number().nullish(),
 	lastUsedAt: z.number().nullish(),
 	createdAt: z.number()
@@ -4563,7 +4608,7 @@ var ScopedTokenSummarySchema = z.object({
 var CreateScopedTokenInputSchema = z.object({
 	userId: z.string(),
 	name: z.string(),
-	scopes: z.array(TokenScopeSchema$1),
+	scopes: z.array(TokenScopeSchema),
 	expiresAt: z.number().optional()
 });
 var CreateScopedTokenResultSchema = z.object({
@@ -4572,19 +4617,25 @@ var CreateScopedTokenResultSchema = z.object({
 });
 method(z.void(), z.array(UserSummarySchema), { auth: "admin" }), method(CreateUserInputSchema, UserSummarySchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(UpdateUserInputSchema, z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({
 	id: z.string(),
 	newPassword: z.string().min(6)
 }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
+}), method(z.object({
+	userId: z.string(),
+	scopes: z.array(TokenScopeSchema)
+}), z.object({ success: z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin"
 }), method(z.object({
 	username: z.string(),
 	password: z.string()
@@ -4624,10 +4675,10 @@ var NetworkAddressSchema = z.object({
 });
 method(z.void(), FeatureManifestSchema), method(z.void(), HealthStatusSchema), method(z.void(), FeatureManifestSchema), method(z.void(), z.array(NetworkAddressSchema).readonly()), method(z.void(), z.unknown().nullable(), { auth: "admin" }), method(z.record(z.string(), z.unknown()), z.null(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.void(), z.void(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 });
 var StreamNetworkStatsSchema = z.object({
 	nominalBitrateKbps: z.number(),
@@ -4737,37 +4788,37 @@ var RenameNodeResultSchema = z.object({
 });
 method(z.void(), z.array(TopologyNodeSchema).readonly(), { auth: "admin" }), method(NodeAddonInputSchema, SuccessSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(NodeAddonInputSchema, SuccessSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(NodeAddonInputSchema, SuccessSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({
 	nodeId: z.string(),
 	processName: z.string()
 }), RestartProcessResultSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ nodeId: z.string() }), RestartNodeResultSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ nodeId: z.string() }), SuccessSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({
 	nodeId: z.string(),
 	name: z.string().min(1).max(64)
 }), RenameNodeResultSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
-}), method(z.void(), z.record(z.string(), ClusterAddonStatusEntrySchema), { auth: "superAdmin" }), method(z.object({
+	auth: "admin"
+}), method(z.void(), z.record(z.string(), ClusterAddonStatusEntrySchema), { auth: "admin" }), method(z.object({
 	nodeId: z.string(),
 	level: z.string()
 }), SuccessSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({
 	nodeId: z.string(),
 	addonId: z.string(),
@@ -4775,7 +4826,7 @@ method(z.void(), z.array(TopologyNodeSchema).readonly(), { auth: "admin" }), met
 	params: z.record(z.string(), z.unknown()).optional()
 }), z.unknown(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 });
 var IntegrationWithStateSchema = z.object({
 	id: z.string(),
@@ -4837,16 +4888,16 @@ method(z.void(), z.array(IntegrationWithStateSchema)), method(z.object({ id: z.s
 	auth: "admin"
 }), method(UpdateIntegrationInputSchema, IntegrationLiteSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ id: z.string() }), DeleteIntegrationResultSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ id: z.string() }), z.record(z.string(), z.unknown()), { auth: "admin" }), method(z.object({
 	id: z.string(),
 	settings: z.record(z.string(), z.unknown())
 }), z.object({ success: z.boolean() }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.void(), z.array(AvailableIntegrationTypeSchema), { auth: "admin" }), method(z.object({
 	addonId: z.string(),
 	settings: z.record(z.string(), z.unknown())
@@ -4993,13 +5044,13 @@ method(z.void(), z.array(AddonListItemSchema).readonly()), method(z.object({
 	version: z.string().optional()
 }), InstallPackageResultSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ packageName: z.string() }), InstallPackageResultSchema, {
 	kind: "mutation",
 	auth: "admin"
 }), method(z.void(), z.boolean()), method(z.void(), z.array(z.unknown()).readonly()), method(z.object({ packageName: z.string() }), z.unknown(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.void(), ReloadPackagesResultSchema, {
 	kind: "mutation",
 	auth: "admin"
@@ -5008,28 +5059,28 @@ method(z.void(), z.array(AddonListItemSchema).readonly()), method(z.object({
 	version: z.string().optional()
 }), z.unknown(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ name: z.string().min(1) }), z.object({ rolledBackTo: z.string().nullable() }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.void(), z.unknown(), {
 	kind: "mutation",
 	auth: "admin"
 }), method(z.object({ confirm: z.literal(true) }), z.unknown(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ name: z.string() }), z.array(PackageVersionInfoSchema).readonly()), method(z.object({ addonId: z.string() }), RestartAddonResultSchema, {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ packageName: z.string() }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.void(), AutoUpdateSettingsSchema, { auth: "admin" }), method(z.object({
 	channel: ChannelSchema,
 	intervalSeconds: z.number().min(300).max(86400).optional()
 }), z.unknown(), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(z.object({ addonId: z.string() }), AddonAutoUpdateSchema, { auth: "admin" }), method(z.object({
 	addonId: z.string(),
 	channel: ChannelWithInheritSchema
@@ -5038,60 +5089,11 @@ method(z.void(), z.array(AddonListItemSchema).readonly()), method(z.object({
 	auth: "admin"
 }), method(z.object({ channel: ChannelSchema }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "superAdmin"
+	auth: "admin"
 }), method(CustomActionInputSchema, z.unknown(), { kind: "mutation" }), method(z.object({
 	addonId: z.string(),
 	level: LogLevelSchema.optional()
 }), LogStreamEntrySchema, { kind: "subscription" });
-var UserRoleSchema = z.enum([
-	"super_admin",
-	"admin",
-	"viewer",
-	"agent",
-	"scoped"
-]);
-var AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
-var AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
-z.object({
-	id: z.string(),
-	username: z.string(),
-	passwordHash: z.string(),
-	role: UserRoleSchema,
-	allowedProviders: AllowedProviderSchema,
-	allowedDevices: AllowedDevicesSchema,
-	createdAt: z.number(),
-	updatedAt: z.number()
-});
-z.object({
-	id: z.string(),
-	label: z.string(),
-	role: UserRoleSchema,
-	allowedProviders: AllowedProviderSchema,
-	allowedDevices: AllowedDevicesSchema,
-	tokenHash: z.string(),
-	tokenPrefix: z.string(),
-	createdAt: z.number(),
-	lastUsedAt: z.number().optional()
-});
-var TokenScopeSchema = z.object({
-	type: z.enum([
-		"addon",
-		"route-prefix",
-		"capability"
-	]),
-	target: z.string()
-});
-z.object({
-	id: z.string(),
-	userId: z.string(),
-	name: z.string(),
-	tokenHash: z.string(),
-	tokenPrefix: z.string(),
-	scopes: z.array(TokenScopeSchema),
-	expiresAt: z.number().nullish(),
-	lastUsedAt: z.number().nullish(),
-	createdAt: z.number()
-});
 //#endregion
 //#region ../types/dist/node.mjs
 function getPlatformInfo() {