@camstack/core 0.1.33 → 0.1.34

package/dist/index.js

@@ -37,7 +37,7 @@ let node_vm = require("node:vm");
 node_vm = require_chunk.__toESM(node_vm);
 let node_os = require("node:os");
 node_os = require_chunk.__toESM(node_os);
-//#region ../types/dist/index-DVKPWMwv.mjs
+//#region ../types/dist/index-BKnvgAep.mjs
 var MODEL_FORMATS = [
 	"onnx",
 	"coreml",
@@ -2378,7 +2378,8 @@ var CollectionColumnSchema = zod.z.object({
 		"TEXT",
 		"INTEGER",
 		"REAL",
-		"JSON"
+		"JSON",
+		"BOOLEAN"
 	]),
 	primaryKey: zod.z.boolean().optional(),
 	notNull: zod.z.boolean().optional(),
@@ -2451,6 +2452,233 @@ method(LogEntrySchema, zod.z.void(), { kind: "mutation" }), method(zod.z.object(
 	tags: zod.z.record(zod.z.string(), zod.z.string()).optional()
 }), zod.z.array(LogEntrySchema).readonly());
 method(zod.z.void(), zod.z.string()), method(zod.z.void(), zod.z.string());
+var SsoBridgeClaimsSchema = zod.z.object({
+	userId: zod.z.string(),
+	username: zod.z.string(),
+	isAdmin: zod.z.boolean(),
+	provider: zod.z.string(),
+	email: zod.z.string().optional(),
+	displayName: zod.z.string().optional()
+});
+method(zod.z.object({
+	claims: SsoBridgeClaimsSchema,
+	ttlSec: zod.z.number().int().positive().optional()
+}), zod.z.object({ token: zod.z.string() })), method(zod.z.object({ token: zod.z.string() }), SsoBridgeClaimsSchema.nullable());
+var PasskeySummarySchema = zod.z.object({
+	credentialId: zod.z.string(),
+	label: zod.z.string(),
+	createdAt: zod.z.number(),
+	lastUsedAt: zod.z.number().nullable(),
+	transports: zod.z.array(zod.z.string()).default([])
+});
+method(zod.z.object({
+	userId: zod.z.string(),
+	username: zod.z.string()
+}), zod.z.object({ optionsJSON: zod.z.record(zod.z.string(), zod.z.unknown()) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(zod.z.object({
+	userId: zod.z.string(),
+	/** RegistrationResponseJSON from the browser. */
+	response: zod.z.record(zod.z.string(), zod.z.unknown()),
+	/** Operator-visible label (e.g. "MacBook Touch ID"). */
+	label: zod.z.string()
+}), zod.z.object({
+	success: zod.z.literal(true),
+	credentialId: zod.z.string()
+}), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(zod.z.object({ userId: zod.z.string().optional() }), zod.z.object({ optionsJSON: zod.z.record(zod.z.string(), zod.z.unknown()) }), {
+	kind: "mutation",
+	access: "view"
+}), method(zod.z.object({
+	/** Required — the user the assertion belongs to (verified). */
+	userId: zod.z.string(),
+	/** AuthenticationResponseJSON from the browser. */
+	response: zod.z.record(zod.z.string(), zod.z.unknown())
+}), zod.z.object({ verified: zod.z.boolean() }), {
+	kind: "mutation",
+	access: "view"
+}), method(zod.z.object({ userId: zod.z.string() }), zod.z.array(PasskeySummarySchema), { auth: "admin" }), method(zod.z.object({
+	userId: zod.z.string(),
+	credentialId: zod.z.string()
+}), zod.z.object({ success: zod.z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
+});
+var EmailAddressSchema = zod.z.string().email();
+var SendEmailInputSchema = zod.z.object({
+	to: zod.z.union([EmailAddressSchema, zod.z.array(EmailAddressSchema).min(1)]),
+	cc: zod.z.array(EmailAddressSchema).optional(),
+	bcc: zod.z.array(EmailAddressSchema).optional(),
+	/** RFC 5322 `From` field. Most relays will reject if the domain
+	*  isn't authorised — the addon is responsible for substituting a
+	*  sane default when omitted. */
+	from: zod.z.string().optional(),
+	/** Optional `Reply-To` override. */
+	replyTo: zod.z.string().optional(),
+	subject: zod.z.string(),
+	/** Plain-text body. Required even when `html` is present (fallback
+	*  for clients that strip HTML — including most spam filters). */
+	text: zod.z.string(),
+	/** Optional HTML body. Renders alongside `text` as multi-part. */
+	html: zod.z.string().optional()
+});
+var SendEmailResultSchema = zod.z.object({
+	messageId: zod.z.string(),
+	accepted: zod.z.array(EmailAddressSchema).default([]),
+	rejected: zod.z.array(EmailAddressSchema).default([])
+});
+var SmtpStatusSchema = zod.z.object({
+	/** True iff the addon has successfully verified the relay. */
+	ready: zod.z.boolean(),
+	/** Operator-visible host string (no credentials). */
+	host: zod.z.string(),
+	/** Last error message reported by the relay, when not ready. */
+	error: zod.z.string().optional(),
+	/** Last successful verify timestamp (unix ms). */
+	lastVerifiedAt: zod.z.number().optional()
+});
+method(SendEmailInputSchema, SendEmailResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(zod.z.void(), SmtpStatusSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "view"
+}), method(zod.z.void(), SmtpStatusSchema, { auth: "admin" });
+var QosSchema = zod.z.union([
+	zod.z.literal(0),
+	zod.z.literal(1),
+	zod.z.literal(2)
+]);
+var PublishInputSchema = zod.z.object({
+	topic: zod.z.string(),
+	/** UTF-8 payload. Binary payloads must be base64-encoded by the caller. */
+	payload: zod.z.string(),
+	qos: QosSchema.default(0),
+	retain: zod.z.boolean().default(false)
+});
+var SubscribeInputSchema = zod.z.object({
+	/** MQTT topic filter (supports `+` single-level and `#` multi-level wildcards). */
+	topic: zod.z.string(),
+	qos: QosSchema.default(0),
+	/**
+	* Caller-supplied owner tag. Useful for debugging + the
+	* `listSubscriptions` admin view ("which consumer owns this?").
+	* When omitted, the addon synthesizes one from the caller's addon id.
+	*/
+	owner: zod.z.string().optional()
+});
+var SubscribeResultSchema = zod.z.object({
+	success: zod.z.literal(true),
+	/** Server-generated subscription id. Pass to `unsubscribe` to release. */
+	subscriptionId: zod.z.string()
+});
+var UnsubscribeInputSchema = zod.z.object({ 
+/** Subscription id from `subscribe`. */
+subscriptionId: zod.z.string() });
+var MqttStatusSchema = zod.z.object({
+	/** True iff the addon has an active connection to the broker. */
+	connected: zod.z.boolean(),
+	/** Operator-visible host string (e.g. `mqtt://broker.example:1883`). */
+	brokerUrl: zod.z.string(),
+	/** Active subscription count (per-owner, NOT broker-side topic count). */
+	subscriptionCount: zod.z.number().int(),
+	/** Last error reported by the broker. */
+	error: zod.z.string().optional(),
+	/** Last successful connection timestamp (unix ms). */
+	connectedAt: zod.z.number().optional()
+});
+var SubscriptionInfoSchema = zod.z.object({
+	subscriptionId: zod.z.string(),
+	topic: zod.z.string(),
+	qos: QosSchema,
+	owner: zod.z.string(),
+	/** When this individual subscription was created. */
+	createdAt: zod.z.number()
+});
+method(PublishInputSchema, zod.z.object({ success: zod.z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(SubscribeInputSchema, SubscribeResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(UnsubscribeInputSchema, zod.z.object({ success: zod.z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
+}), method(zod.z.void(), zod.z.array(SubscriptionInfoSchema), { auth: "admin" }), method(zod.z.void(), MqttStatusSchema, { auth: "admin" });
+var HaServiceCallSchema = zod.z.object({
+	/** HA domain (e.g. `light`, `switch`, `notify`). */
+	domain: zod.z.string(),
+	/** HA service (e.g. `turn_on`, `toggle`). */
+	service: zod.z.string(),
+	/** Service-specific data payload (e.g. `{entity_id: 'light.kitchen', brightness: 200}`). */
+	serviceData: zod.z.record(zod.z.string(), zod.z.unknown()).optional(),
+	/** Optional target spec (entity_id / device_id / area_id). */
+	target: zod.z.record(zod.z.string(), zod.z.unknown()).optional()
+});
+var HaStateSchema = zod.z.object({
+	entity_id: zod.z.string(),
+	state: zod.z.string(),
+	attributes: zod.z.record(zod.z.string(), zod.z.unknown()).default({}),
+	last_changed: zod.z.string().optional(),
+	last_updated: zod.z.string().optional()
+});
+var HaStatusSchema = zod.z.object({
+	connected: zod.z.boolean(),
+	host: zod.z.string(),
+	/** Active per-owner subscription count. */
+	subscriptionCount: zod.z.number().int(),
+	/** Last error reported by the WebSocket. */
+	error: zod.z.string().optional(),
+	/** HA version reported during the auth handshake, when reachable. */
+	haVersion: zod.z.string().optional(),
+	connectedAt: zod.z.number().optional()
+});
+var HaSubscribeInputSchema = zod.z.object({
+	/**
+	* Specific HA event type to subscribe to (`state_changed`,
+	* `service_called`, etc.). Empty string = all events (firehose —
+	* only for debugging).
+	*/
+	eventType: zod.z.string().optional(),
+	/** Caller-supplied tag for listSubscriptions debugging. */
+	owner: zod.z.string().optional()
+});
+var HaSubscribeResultSchema = zod.z.object({
+	success: zod.z.literal(true),
+	subscriptionId: zod.z.string()
+});
+var HaUnsubscribeInputSchema = zod.z.object({ subscriptionId: zod.z.string() });
+var HaSubscriptionInfoSchema = zod.z.object({
+	subscriptionId: zod.z.string(),
+	/** Empty string when subscribed to ALL events. */
+	eventType: zod.z.string(),
+	owner: zod.z.string(),
+	createdAt: zod.z.number()
+});
+method(HaSubscribeInputSchema, HaSubscribeResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(HaUnsubscribeInputSchema, zod.z.object({ success: zod.z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
+}), method(HaServiceCallSchema, zod.z.object({ result: zod.z.unknown() }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(zod.z.void(), zod.z.array(HaStateSchema).readonly(), { auth: "admin" }), method(zod.z.object({ entityId: zod.z.string() }), HaStateSchema.nullable(), { auth: "admin" }), method(zod.z.void(), zod.z.array(HaSubscriptionInfoSchema).readonly(), { auth: "admin" }), method(zod.z.void(), HaStatusSchema, { auth: "admin" });
 var AddonPageDeclarationSchema$1 = zod.z.object({
 	id: zod.z.string(),
 	label: zod.z.string(),
@@ -2554,9 +2782,41 @@ var AddonHttpRouteSchema = zod.z.object({
 		"DELETE",
 		"PATCH"
 	]),
-	path: zod.z.string()
+	path: zod.z.string(),
+	access: zod.z.enum([
+		"public",
+		"authenticated",
+		"admin"
+	]).optional(),
+	description: zod.z.string().optional()
 });
-method(zod.z.void(), zod.z.array(AddonHttpRouteSchema));
+var InvokeRequestSchema = zod.z.object({
+	method: zod.z.string(),
+	path: zod.z.string(),
+	params: zod.z.record(zod.z.string(), zod.z.string()),
+	query: zod.z.record(zod.z.string(), zod.z.string()),
+	body: zod.z.unknown(),
+	headers: zod.z.record(zod.z.string(), zod.z.string()),
+	user: zod.z.object({
+		id: zod.z.string(),
+		username: zod.z.string(),
+		isAdmin: zod.z.boolean()
+	}).optional(),
+	scopedToken: zod.z.unknown().optional()
+});
+var InvokeReplyEnvelopeSchema = zod.z.object({
+	status: zod.z.number().int(),
+	headers: zod.z.record(zod.z.string(), zod.z.string()),
+	/** When set, the hub MUST `reply.redirect(redirectUrl)` instead of
+	*  sending `body`. Status defaults to 302 when this is set unless
+	*  the handler called `reply.code(...)` explicitly. */
+	redirectUrl: zod.z.string().nullable(),
+	/** JSON-serializable body. `undefined` is treated as "no body". */
+	body: zod.z.unknown().optional(),
+	/** Set when the handler called `reply.type(mime)`. */
+	contentType: zod.z.string().optional()
+});
+method(zod.z.void(), zod.z.array(AddonHttpRouteSchema)), method(InvokeRequestSchema, InvokeReplyEnvelopeSchema, { kind: "mutation" });
 method(zod.z.object({ codec: zod.z.string() }), zod.z.boolean()), method(zod.z.void(), zod.z.object({
 	id: zod.z.string(),
 	name: zod.z.string(),
@@ -3298,7 +3558,14 @@ var AuthResultSchema = zod.z.object({
 	username: zod.z.string(),
 	email: zod.z.string().optional(),
 	displayName: zod.z.string().optional(),
-	roles: zod.z.array(zod.z.string()).optional()
+	/**
+	* Whether the authenticating user is an admin. The auth-provider
+	* surface returns this so the server's login flow can mint a JWT
+	* with the correct bypass flag. Non-admin users authenticated via
+	* an external IdP still need their scopes assigned by an admin via
+	* `setUserScopes` — the SSO flow doesn't carry permissions.
+	*/
+	isAdmin: zod.z.boolean().default(false)
 });
 method(zod.z.object({
 	username: zod.z.string(),
@@ -3307,6 +3574,14 @@ method(zod.z.object({
 var AuthProviderInfoSchema = zod.z.object({
 	/** Stable id matching the addon id (used for `getLoginUrl({addonId,…})`). */
 	addonId: zod.z.string(),
+	/**
+	* Per-instance id when one addon registers multiple "logical"
+	* providers (e.g. OIDC with Google + Microsoft + custom). The login
+	* URL becomes `/addon/${addonId}/${instanceId}/start` — handler reads
+	* `:instanceId` from the route. Empty/unset means the addon is a
+	* single-instance provider; the URL is `/addon/${addonId}/start`.
+	*/
+	instanceId: zod.z.string().optional(),
 	/** Display label shown on the login button + admin row. */
 	displayName: zod.z.string(),
 	/** Optional iconography hint (lucide-react icon name OR emoji). */
@@ -3317,6 +3592,8 @@ var AuthProviderInfoSchema = zod.z.object({
 	/** When true, the provider exposes a credential-form login flow
 	*  (`validateCredentials` accepts username + password). */
 	hasCredentialFlow: zod.z.boolean(),
+	/** Provider kind, drives admin-UI hint dispatch (oidc / saml / totp / …). */
+	kind: zod.z.string().optional(),
 	/** Operator-facing status string (e.g. "Connected to https://login.acme.com"). */
 	status: zod.z.string().optional(),
 	/** When false, the provider is registered but disabled by config; the
@@ -4467,7 +4744,20 @@ method(zod.z.void(), MeshStatusSchema), method(zod.z.object({
 	authKey: zod.z.string().min(8),
 	/** Optional hostname override the host should advertise. */
 	hostname: zod.z.string().optional()
-}), zod.z.object({ joined: zod.z.literal(true) }), { kind: "mutation" }), method(zod.z.void(), zod.z.object({ left: zod.z.literal(true) }), { kind: "mutation" }), method(zod.z.void(), zod.z.object({ peers: zod.z.array(MeshPeerSchema).readonly() })), method(PublicIngressConfigSchema, zod.z.object({ success: zod.z.literal(true) }), { kind: "mutation" }), method(MeshIngressConfigSchema, zod.z.object({ success: zod.z.literal(true) }), { kind: "mutation" });
+}), zod.z.object({ joined: zod.z.literal(true) }), { kind: "mutation" }), method(zod.z.void(), zod.z.object({ left: zod.z.literal(true) }), { kind: "mutation" }), method(zod.z.void(), zod.z.object({ peers: zod.z.array(MeshPeerSchema).readonly() })), method(PublicIngressConfigSchema, zod.z.object({ success: zod.z.literal(true) }), { kind: "mutation" }), method(MeshIngressConfigSchema, zod.z.object({ success: zod.z.literal(true) }), { kind: "mutation" }), method(zod.z.object({ 
+/** Optional auth key — when provided, probes the key validity
+*  against the provider's API. Omit when already joined to
+*  just ping the daemon. */
+authKey: zod.z.string().optional() }), zod.z.object({
+	ok: zod.z.boolean(),
+	/** Provider-side identifier resolved by the probe (tailnet
+	*  name for Tailscale, network id for ZeroTier, etc.). */
+	tenant: zod.z.string().optional(),
+	/** Daemon binary version, when reachable. */
+	daemonVersion: zod.z.string().optional(),
+	/** Human-readable error when `ok: false`. */
+	error: zod.z.string().optional()
+}), { kind: "mutation" });
 var MeshEndpointSchema = zod.z.object({
 	id: zod.z.string(),
 	label: zod.z.string(),
@@ -4500,35 +4790,58 @@ method(zod.z.void(), zod.z.array(MeshProviderInfoSchema).readonly()), method(zod
 	authKey: zod.z.string().min(8),
 	hostname: zod.z.string().optional()
 }), zod.z.object({ joined: zod.z.literal(true) }), { kind: "mutation" }), method(zod.z.object({ addonId: zod.z.string() }), zod.z.object({ success: zod.z.literal(true) }), { kind: "mutation" });
-var UserRoleSchema = zod.z.enum([
-	"admin",
-	"viewer",
-	"agent",
-	"scoped"
-]);
-var AllowedProviderSchema = zod.z.union([zod.z.literal("*"), zod.z.array(zod.z.string())]);
-var AllowedDevicesSchema = zod.z.record(zod.z.string(), zod.z.union([zod.z.literal("*"), zod.z.array(zod.z.string())]));
 var MethodAccessSchema = zod.z.enum([
 	"view",
 	"create",
 	"delete"
 ]);
-var TokenScopeSchema = zod.z.object({
-	type: zod.z.enum(["addon", "capability"]),
-	target: zod.z.string(),
-	access: zod.z.array(MethodAccessSchema).min(1)
-});
+var AllowedProviderSchema = zod.z.union([zod.z.literal("*"), zod.z.array(zod.z.string())]);
+var AllowedDevicesSchema = zod.z.record(zod.z.string(), zod.z.union([zod.z.literal("*"), zod.z.array(zod.z.string())]));
+var CapScopeSchema = zod.z.enum(["device", "system"]);
+var TokenScopeSchema = zod.z.discriminatedUnion("type", [
+	zod.z.object({
+		type: zod.z.literal("category"),
+		target: CapScopeSchema,
+		access: zod.z.array(MethodAccessSchema).min(1)
+	}),
+	zod.z.object({
+		type: zod.z.literal("capability"),
+		target: zod.z.string(),
+		access: zod.z.array(MethodAccessSchema).min(1)
+	}),
+	zod.z.object({
+		type: zod.z.literal("addon"),
+		target: zod.z.string(),
+		access: zod.z.array(MethodAccessSchema).min(1)
+	}),
+	zod.z.object({
+		type: zod.z.literal("device"),
+		/**
+		* One or more deviceIds (serialised as strings for wire-format
+		* consistency with the rest of the union). Matcher accepts if
+		* `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
+		* of one scope-per-device when granting access to a set of cameras.
+		*/
+		targets: zod.z.array(zod.z.string()).min(1),
+		access: zod.z.array(MethodAccessSchema).min(1)
+	})
+]);
 zod.z.object({
 	id: zod.z.string(),
 	username: zod.z.string(),
 	passwordHash: zod.z.string(),
-	role: UserRoleSchema,
+	/**
+	* Admin bypass. When true, the middleware skips the scope-access
+	* check entirely. There is no other axis of privilege; the legacy
+	* role enum collapsed onto this boolean in v2.
+	*/
+	isAdmin: zod.z.boolean().default(false),
 	allowedProviders: AllowedProviderSchema,
 	allowedDevices: AllowedDevicesSchema,
 	/**
-	* Scopes granted to this user. Admins bypass; their `scopes` is ignored.
-	* Non-admins (`viewer`, `agent`, `scoped`) without scopes are locked out
-	* of every protected call.
+	* Scopes granted to this user. Admins bypass; their `scopes` is
+	* ignored. Non-admins without scopes are locked out of every
+	* protected call.
 	*/
 	scopes: zod.z.array(TokenScopeSchema).default([]),
 	createdAt: zod.z.number(),
@@ -4537,7 +4850,7 @@ zod.z.object({
 zod.z.object({
 	id: zod.z.string(),
 	label: zod.z.string(),
-	role: UserRoleSchema,
+	isAdmin: zod.z.boolean().default(false),
 	allowedProviders: AllowedProviderSchema,
 	allowedDevices: AllowedDevicesSchema,
 	tokenHash: zod.z.string(),
@@ -4559,7 +4872,7 @@ zod.z.object({
 var UserSummarySchema = zod.z.object({
 	id: zod.z.string(),
 	username: zod.z.string(),
-	role: UserRoleSchema,
+	isAdmin: zod.z.boolean().default(false),
 	allowedProviders: zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")]),
 	allowedDevices: zod.z.record(zod.z.string(), zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")])),
 	scopes: zod.z.array(TokenScopeSchema).default([]),
@@ -4569,14 +4882,14 @@ var UserSummarySchema = zod.z.object({
 var CreateUserInputSchema = zod.z.object({
 	username: zod.z.string(),
 	password: zod.z.string().min(6),
-	role: UserRoleSchema,
+	isAdmin: zod.z.boolean().default(false),
 	allowedProviders: zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")]).optional(),
 	allowedDevices: zod.z.record(zod.z.string(), zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")])).optional(),
 	scopes: zod.z.array(TokenScopeSchema).optional()
 });
 var UpdateUserInputSchema = zod.z.object({
 	id: zod.z.string(),
-	role: UserRoleSchema.optional(),
+	isAdmin: zod.z.boolean().optional(),
 	allowedProviders: zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")]).optional(),
 	allowedDevices: zod.z.record(zod.z.string(), zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")])).optional(),
 	scopes: zod.z.array(TokenScopeSchema).optional()
@@ -4584,7 +4897,7 @@ var UpdateUserInputSchema = zod.z.object({
 var ApiKeySummarySchema = zod.z.object({
 	id: zod.z.string(),
 	label: zod.z.string(),
-	role: UserRoleSchema,
+	isAdmin: zod.z.boolean().default(false),
 	allowedProviders: zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")]).optional(),
 	allowedDevices: zod.z.record(zod.z.string(), zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")])).optional(),
 	tokenPrefix: zod.z.string(),
@@ -4593,7 +4906,7 @@ var ApiKeySummarySchema = zod.z.object({
 });
 var CreateApiKeyInputSchema = zod.z.object({
 	label: zod.z.string(),
-	role: UserRoleSchema,
+	isAdmin: zod.z.boolean().default(false),
 	allowedProviders: zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")]).optional(),
 	allowedDevices: zod.z.record(zod.z.string(), zod.z.union([zod.z.array(zod.z.string()), zod.z.literal("*")])).optional()
 });
@@ -4621,43 +4934,89 @@ var CreateScopedTokenResultSchema = zod.z.object({
 	token: zod.z.string(),
 	record: ScopedTokenSummarySchema
 });
+var TotpSetupResultSchema = zod.z.object({
+	secret: zod.z.string(),
+	otpauthUrl: zod.z.string()
+});
+var TotpStatusSchema = zod.z.object({
+	/** True iff `confirmedAt != null` — a pending half-enrollment is reported as `enabled: false`. */
+	enabled: zod.z.boolean(),
+	/** Null when no row exists OR the row is still pending confirmation. */
+	confirmedAt: zod.z.number().nullable()
+});
 method(zod.z.void(), zod.z.array(UserSummarySchema), { auth: "admin" }), method(CreateUserInputSchema, UserSummarySchema, {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(UpdateUserInputSchema, zod.z.object({ success: zod.z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(zod.z.object({ id: zod.z.string() }), zod.z.object({ success: zod.z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "delete"
 }), method(zod.z.object({
 	id: zod.z.string(),
 	newPassword: zod.z.string().min(6)
 }), zod.z.object({ success: zod.z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(zod.z.object({
 	userId: zod.z.string(),
 	scopes: zod.z.array(TokenScopeSchema)
 }), zod.z.object({ success: zod.z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(zod.z.object({
 	username: zod.z.string(),
 	password: zod.z.string()
-}), UserSummarySchema.extend({ passwordHash: zod.z.string() }).nullable(), { kind: "mutation" }), method(zod.z.void(), zod.z.array(ApiKeySummarySchema), { auth: "admin" }), method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, {
+}), UserSummarySchema.extend({ passwordHash: zod.z.string() }).nullable(), {
 	kind: "mutation",
-	auth: "admin"
+	access: "view"
+}), method(zod.z.void(), zod.z.array(ApiKeySummarySchema), { auth: "admin" }), method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
 }), method(zod.z.object({ id: zod.z.string() }), zod.z.object({ success: zod.z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
-}), method(zod.z.object({ token: zod.z.string() }), ApiKeySummarySchema.nullable(), { kind: "mutation" }), method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, {
+	auth: "admin",
+	access: "delete"
+}), method(zod.z.object({ token: zod.z.string() }), ApiKeySummarySchema.nullable(), {
 	kind: "mutation",
-	auth: "admin"
+	access: "view"
+}), method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
 }), method(zod.z.object({ id: zod.z.string() }), zod.z.object({ success: zod.z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
-}), method(zod.z.object({ token: zod.z.string() }), ScopedTokenSummarySchema.nullable()), method(zod.z.object({ userId: zod.z.string() }), zod.z.array(ScopedTokenSummarySchema), { auth: "admin" });
+	auth: "admin",
+	access: "delete"
+}), method(zod.z.object({ token: zod.z.string() }), ScopedTokenSummarySchema.nullable(), { access: "view" }), method(zod.z.object({ userId: zod.z.string() }), zod.z.array(ScopedTokenSummarySchema), { auth: "admin" }), method(zod.z.object({ userId: zod.z.string() }), TotpSetupResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(zod.z.object({
+	userId: zod.z.string(),
+	code: zod.z.string()
+}), zod.z.object({ success: zod.z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(zod.z.object({ userId: zod.z.string() }), zod.z.object({ success: zod.z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
+}), method(zod.z.object({ userId: zod.z.string() }), TotpStatusSchema, { auth: "admin" }), method(zod.z.object({
+	userId: zod.z.string(),
+	code: zod.z.string()
+}), zod.z.object({ valid: zod.z.boolean() }), {
+	kind: "mutation",
+	access: "view"
+});
 var FeatureManifestSchema = zod.z.object({
 	streaming: zod.z.boolean(),
 	notifications: zod.z.boolean(),