npm - @camstack/core - Versions diffs - 0.1.33 → 0.1.35 - Mend

@camstack/core 0.1.33 → 0.1.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/dist/index.mjs CHANGED Viewed

@@ -31,7 +31,7 @@ import { promisify } from "node:util";
 import { errMsg, parseJsonObject } from "@camstack/types";
 import * as vm from "node:vm";
 import * as os from "node:os";
-//#region ../types/dist/index-DVKPWMwv.mjs
+//#region ../types/dist/index-BBVUwOlZ.mjs
 var MODEL_FORMATS = [
 	"onnx",
 	"coreml",
@@ -892,7 +892,7 @@ var DecodedFrameSchema = z.object({
 	]),
 	timestamp: z.number()
 });
-var BrokerStatusSchema = z.enum([
+var BrokerStatusSchema$1 = z.enum([
 	"idle",
 	"connecting",
 	"streaming",
@@ -900,7 +900,7 @@ var BrokerStatusSchema = z.enum([
 	"stopped"
 ]);
 var BrokerStatsSchema = z.object({
-	status: BrokerStatusSchema,
+	status: BrokerStatusSchema$1,
 	inputFps: z.number(),
 	decodeFps: z.number(),
 	encodedSubscribers: z.number(),
@@ -1000,6 +1000,37 @@ z.enum([
 	"disabled",
 	"waking"
 ]);
+var VideoCodecTargetSchema = z.enum([
+	"H264",
+	"H265",
+	"auto"
+]);
+var AudioCodecTargetSchema = z.enum([
+	"AAC",
+	"Opus",
+	"PCMU",
+	"none"
+]);
+var MaxResolutionSchema = z.object({
+	width: z.number().int().positive(),
+	height: z.number().int().positive()
+});
+var GetStreamWithCodecInputSchema = z.object({
+	deviceId: z.number().int().nonnegative(),
+	videoCodec: VideoCodecTargetSchema,
+	audioCodec: AudioCodecTargetSchema.optional(),
+	maxResolution: MaxResolutionSchema.optional(),
+	tag: z.string().optional()
+});
+var RtpSourceSchema = z.object({
+	url: z.string(),
+	videoCodec: z.enum(["H264", "H265"]),
+	audioCodec: z.string(),
+	resolution: MaxResolutionSchema,
+	transcoded: z.boolean(),
+	encoder: z.string(),
+	pipelineKey: z.string()
+});
 method(z.object({
 	deviceId: z.number().int().nonnegative(),
 	camStreamId: z.string().min(1),
@@ -1009,28 +1040,8 @@ method(z.object({
 	resolution: CamStreamResolutionSchema.optional(),
 	fps: z.number().positive().optional(),
 	label: z.string().optional(),
-	/**
-	* Device-level features that the broker / manager / snapshot
-	* orchestrator consult to derive per-stream policy (e.g.
-	* `BatteryOperated` → relax stall watchdog, default pre-buffer
-	* to off, raise snapshot rate-limit). Single source of truth —
-	* publishers no longer set per-stream flags like `allowStall`.
-	*/
 	deviceFeatures: z.array(z.string()).optional(),
-	/**
-	* Whether this stream participates in the broker's automatic
-	* profile assignment. Defaults `true`. Publishers set `false` for
-	* streams that should be SELECTABLE but not auto-picked — e.g.
-	* Reolink publishes native Baichuan as eligible and RTSP/RTMP
-	* mirrors as ineligible (still assignable manually via
-	* `assignProfile`).
-	*/
 	autoEligible: z.boolean().optional(),
-	/**
-	* Transport-specific opaque metadata stashed alongside the stream
-	* record. `pull-rfc4571` publishers put the SDP here so the broker
-	* reader can route packets without an in-band DESCRIBE phase.
-	*/
 	metadata: z.record(z.string(), z.unknown()).optional()
 }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
@@ -1074,7 +1085,16 @@ method(z.object({
 }), method(z.object({
 	streamId: z.string(),
 	format: StreamFormatSchema
-}), z.object({ url: z.string() })), method(z.object({ brokerId: z.string() }), z.custom()), method(z.object({
+}), z.object({ url: z.string() })), method(GetStreamWithCodecInputSchema, RtpSourceSchema, {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({ pipelineKey: z.string() }), z.object({
+	released: z.boolean(),
+	refcount: z.number().int().nonnegative()
+}), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({ brokerId: z.string() }), z.custom()), method(z.object({
 	brokerId: z.string(),
 	seconds: z.number().min(0).max(30)
 }), z.void(), {
@@ -2372,7 +2392,8 @@ var CollectionColumnSchema = z.object({
 		"TEXT",
 		"INTEGER",
 		"REAL",
-		"JSON"
+		"JSON",
+		"BOOLEAN"
 	]),
 	primaryKey: z.boolean().optional(),
 	notNull: z.boolean().optional(),
@@ -2444,7 +2465,206 @@ method(LogEntrySchema, z.void(), { kind: "mutation" }), method(z.object({
 	limit: z.number().optional(),
 	tags: z.record(z.string(), z.string()).optional()
 }), z.array(LogEntrySchema).readonly());
-method(z.void(), z.string()), method(z.void(), z.string());
+var StaticDirOutputSchema = z.object({ staticDir: z.string() });
+var VersionOutputSchema = z.object({ version: z.string() });
+method(z.void(), StaticDirOutputSchema), method(z.void(), VersionOutputSchema);
+var SsoBridgeClaimsSchema = z.object({
+	userId: z.string(),
+	username: z.string(),
+	isAdmin: z.boolean(),
+	provider: z.string(),
+	email: z.string().optional(),
+	displayName: z.string().optional(),
+	/**
+	* Public HTTPS URL of the hub that issued this token. Used by
+	* cloud-mode OAuth proxies (Alexa Smart Home Lambda, future Google
+	* Home Lambda) to route a request back to the originating hub
+	* without holding routing state of their own. The Lambda decodes the
+	* JWT WITHOUT verifying the signature — the hub re-verifies on every
+	* inbound call so trust still rests with the signing hub.
+	*/
+	hubUrl: z.string().optional()
+});
+method(z.object({
+	claims: SsoBridgeClaimsSchema,
+	ttlSec: z.number().int().positive().optional()
+}), z.object({ token: z.string() })), method(z.object({ token: z.string() }), SsoBridgeClaimsSchema.nullable());
+var PasskeySummarySchema = z.object({
+	credentialId: z.string(),
+	label: z.string(),
+	createdAt: z.number(),
+	lastUsedAt: z.number().nullable(),
+	transports: z.array(z.string()).default([])
+});
+method(z.object({
+	userId: z.string(),
+	username: z.string()
+}), z.object({ optionsJSON: z.record(z.string(), z.unknown()) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(z.object({
+	userId: z.string(),
+	/** RegistrationResponseJSON from the browser. */
+	response: z.record(z.string(), z.unknown()),
+	/** Operator-visible label (e.g. "MacBook Touch ID"). */
+	label: z.string()
+}), z.object({
+	success: z.literal(true),
+	credentialId: z.string()
+}), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(z.object({ userId: z.string().optional() }), z.object({ optionsJSON: z.record(z.string(), z.unknown()) }), {
+	kind: "mutation",
+	access: "view"
+}), method(z.object({
+	/** Required — the user the assertion belongs to (verified). */
+	userId: z.string(),
+	/** AuthenticationResponseJSON from the browser. */
+	response: z.record(z.string(), z.unknown())
+}), z.object({ verified: z.boolean() }), {
+	kind: "mutation",
+	access: "view"
+}), method(z.object({ userId: z.string() }), z.array(PasskeySummarySchema), { auth: "admin" }), method(z.object({
+	userId: z.string(),
+	credentialId: z.string()
+}), z.object({ success: z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
+});
+var EmailAddressSchema = z.email();
+var SendEmailInputSchema = z.object({
+	to: z.union([EmailAddressSchema, z.array(EmailAddressSchema).min(1)]),
+	cc: z.array(EmailAddressSchema).optional(),
+	bcc: z.array(EmailAddressSchema).optional(),
+	/** RFC 5322 `From` field. Most relays will reject if the domain
+	*  isn't authorised — the addon is responsible for substituting a
+	*  sane default when omitted. */
+	from: z.string().optional(),
+	/** Optional `Reply-To` override. */
+	replyTo: z.string().optional(),
+	subject: z.string(),
+	/** Plain-text body. Required even when `html` is present (fallback
+	*  for clients that strip HTML — including most spam filters). */
+	text: z.string(),
+	/** Optional HTML body. Renders alongside `text` as multi-part. */
+	html: z.string().optional()
+});
+var SendEmailResultSchema = z.object({
+	messageId: z.string(),
+	accepted: z.array(EmailAddressSchema).default([]),
+	rejected: z.array(EmailAddressSchema).default([])
+});
+var SmtpStatusSchema = z.object({
+	/** True iff the addon has successfully verified the relay. */
+	ready: z.boolean(),
+	/** Operator-visible host string (no credentials). */
+	host: z.string(),
+	/** Last error message reported by the relay, when not ready. */
+	error: z.string().optional(),
+	/** Last successful verify timestamp (unix ms). */
+	lastVerifiedAt: z.number().optional()
+});
+method(SendEmailInputSchema, SendEmailResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(z.void(), SmtpStatusSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "view"
+}), method(z.void(), SmtpStatusSchema, { auth: "admin" });
+var BrokerKindSchema = z.enum(["external", "embedded"]);
+var BrokerStatusSchema = z.enum([
+	"connected",
+	"disconnected",
+	"auth-failed",
+	"unreachable",
+	"tls-error"
+]);
+var BrokerInfoSchema = z.object({
+	id: z.string(),
+	name: z.string(),
+	url: z.string(),
+	kind: BrokerKindSchema,
+	status: BrokerStatusSchema,
+	latencyMs: z.number().nullable(),
+	error: z.string().optional(),
+	/** Embedded brokers only: number of MQTT clients currently connected. */
+	connectedClients: z.number().int().nonnegative().optional(),
+	/** Epoch ms of the last live probe (external) or aedes snapshot (embedded). */
+	lastCheckedAt: z.number().optional()
+});
+var BrokerConnectionDetailsSchema = z.object({
+	url: z.string(),
+	username: z.string().optional(),
+	password: z.string().optional(),
+	/**
+	* Suggested prefix for `clientId`. Each consumer should suffix this
+	* with its own discriminator (addon id, instance id) so reconnects
+	* don't kick each other off (MQTT spec: clientId must be unique per
+	* broker).
+	*/
+	clientIdPrefix: z.string().optional()
+});
+var AddBrokerInputSchema = z.object({
+	name: z.string().min(1),
+	url: z.string().regex(/^(mqtt|mqtts|ws|wss):\/\//, "URL must start with mqtt(s):// or ws(s)://"),
+	username: z.string().optional(),
+	password: z.string().optional(),
+	clientIdPrefix: z.string().optional()
+});
+var AddBrokerResultSchema = z.object({ id: z.string() });
+var IdInputSchema = z.object({ id: z.string() });
+var TestResultSchema = z.discriminatedUnion("ok", [z.object({
+	ok: z.literal(true),
+	latencyMs: z.number()
+}), z.object({
+	ok: z.literal(false),
+	error: z.string()
+})]);
+var StartEmbeddedInputSchema = z.object({
+	port: z.number().int().min(1).max(65535).default(1883),
+	/** Allow anonymous connect (no username/password). Default: false. */
+	allowAnonymous: z.boolean().default(false),
+	/** Optional shared username/password for clients. */
+	username: z.string().optional(),
+	password: z.string().optional()
+});
+var StartEmbeddedResultSchema = z.object({
+	id: z.string(),
+	url: z.string()
+});
+var StatusSchema = z.object({
+	brokerCount: z.number(),
+	embeddedRunning: z.boolean()
+});
+method(z.void(), z.array(BrokerInfoSchema)), method(IdInputSchema, BrokerConnectionDetailsSchema), method(AddBrokerInputSchema, AddBrokerResultSchema, { kind: "mutation" }), method(IdInputSchema, z.void(), { kind: "mutation" }), method(IdInputSchema, TestResultSchema, { kind: "mutation" }), method(StartEmbeddedInputSchema, StartEmbeddedResultSchema, { kind: "mutation" }), method(IdInputSchema, z.void(), { kind: "mutation" }), method(z.void(), StatusSchema);
+var LinkStateSchema = z.enum([
+	"unlinked",
+	"linked",
+	"error"
+]);
+var DeviceExportStatusSchema = z.object({
+	linkState: LinkStateSchema,
+	exposedDeviceCount: z.number(),
+	error: z.string().optional()
+});
+var DeviceKindSchema = z.string();
+var ExposedDeviceSchema = z.object({
+	deviceId: z.string(),
+	exposedAs: z.string().optional(),
+	capabilities: z.array(z.string()).optional()
+});
+var ExposeInputSchema = z.object({
+	deviceId: z.string(),
+	capabilities: z.array(z.string()).optional()
+});
+var UnexposeInputSchema = z.object({ deviceId: z.string() });
+method(z.void(), DeviceExportStatusSchema), method(z.void(), z.array(DeviceKindSchema)), method(z.void(), z.array(ExposedDeviceSchema)), method(ExposeInputSchema, z.void(), { kind: "mutation" }), method(UnexposeInputSchema, z.void(), { kind: "mutation" });
 var AddonPageDeclarationSchema$1 = z.object({
 	id: z.string(),
 	label: z.string(),
@@ -2548,9 +2768,41 @@ var AddonHttpRouteSchema = z.object({
 		"DELETE",
 		"PATCH"
 	]),
-	path: z.string()
+	path: z.string(),
+	access: z.enum([
+		"public",
+		"authenticated",
+		"admin"
+	]).optional(),
+	description: z.string().optional()
 });
-method(z.void(), z.array(AddonHttpRouteSchema));
+var InvokeRequestSchema = z.object({
+	method: z.string(),
+	path: z.string(),
+	params: z.record(z.string(), z.string()),
+	query: z.record(z.string(), z.string()),
+	body: z.unknown(),
+	headers: z.record(z.string(), z.string()),
+	user: z.object({
+		id: z.string(),
+		username: z.string(),
+		isAdmin: z.boolean()
+	}).optional(),
+	scopedToken: z.unknown().optional()
+});
+var InvokeReplyEnvelopeSchema = z.object({
+	status: z.number().int(),
+	headers: z.record(z.string(), z.string()),
+	/** When set, the hub MUST `reply.redirect(redirectUrl)` instead of
+	*  sending `body`. Status defaults to 302 when this is set unless
+	*  the handler called `reply.code(...)` explicitly. */
+	redirectUrl: z.string().nullable(),
+	/** JSON-serializable body. `undefined` is treated as "no body". */
+	body: z.unknown().optional(),
+	/** Set when the handler called `reply.type(mime)`. */
+	contentType: z.string().optional()
+});
+method(z.void(), z.array(AddonHttpRouteSchema)), method(InvokeRequestSchema, InvokeReplyEnvelopeSchema, { kind: "mutation" });
 method(z.object({ codec: z.string() }), z.boolean()), method(z.void(), z.object({
 	id: z.string(),
 	name: z.string(),
@@ -2668,6 +2920,14 @@ DeviceType$1.Camera, method(z.object({ deviceId: z.number().int().nonnegative()
 }), z.object({
 	sessionId: z.string(),
 	sdpOffer: z.string()
+}), { kind: "mutation" }), method(z.object({
+	deviceId: z.number().int().nonnegative(),
+	target: WebrtcStreamTargetSchema.optional(),
+	sdpOffer: z.string(),
+	sessionId: z.string().optional()
+}), z.object({
+	sessionId: z.string(),
+	sdpAnswer: z.string()
 }), { kind: "mutation" }), method(z.object({
 	deviceId: z.number().int().nonnegative(),
 	sessionId: z.string(),
@@ -3006,12 +3266,12 @@ method(z.void(), z.array(AudioCodecInfoSchema).readonly()), method(z.object({
 }), z.array(AudioEncodedChunkSchema), { kind: "mutation" }), method(z.void(), z.array(SessionInventoryEntrySchema).readonly());
 var EmbeddingResultSchema = z.object({
 	embedding: z.array(z.number()),
-	dimensions: z.number()
+	inferenceMs: z.number()
 });
 var EmbeddingInfoSchema = z.object({
 	modelId: z.string(),
-	dimensions: z.number(),
-	inputSize: z.number()
+	embeddingDim: z.number(),
+	ready: z.boolean()
 });
 method(z.object({
 	crop: z.instanceof(Uint8Array),
@@ -3292,7 +3552,14 @@ var AuthResultSchema = z.object({
 	username: z.string(),
 	email: z.string().optional(),
 	displayName: z.string().optional(),
-	roles: z.array(z.string()).optional()
+	/**
+	* Whether the authenticating user is an admin. The auth-provider
+	* surface returns this so the server's login flow can mint a JWT
+	* with the correct bypass flag. Non-admin users authenticated via
+	* an external IdP still need their scopes assigned by an admin via
+	* `setUserScopes` — the SSO flow doesn't carry permissions.
+	*/
+	isAdmin: z.boolean().default(false)
 });
 method(z.object({
 	username: z.string(),
@@ -3301,6 +3568,14 @@ method(z.object({
 var AuthProviderInfoSchema = z.object({
 	/** Stable id matching the addon id (used for `getLoginUrl({addonId,…})`). */
 	addonId: z.string(),
+	/**
+	* Per-instance id when one addon registers multiple "logical"
+	* providers (e.g. OIDC with Google + Microsoft + custom). The login
+	* URL becomes `/addon/${addonId}/${instanceId}/start` — handler reads
+	* `:instanceId` from the route. Empty/unset means the addon is a
+	* single-instance provider; the URL is `/addon/${addonId}/start`.
+	*/
+	instanceId: z.string().optional(),
 	/** Display label shown on the login button + admin row. */
 	displayName: z.string(),
 	/** Optional iconography hint (lucide-react icon name OR emoji). */
@@ -3311,6 +3586,8 @@ var AuthProviderInfoSchema = z.object({
 	/** When true, the provider exposes a credential-form login flow
 	*  (`validateCredentials` accepts username + password). */
 	hasCredentialFlow: z.boolean(),
+	/** Provider kind, drives admin-UI hint dispatch (oidc / saml / totp / …). */
+	kind: z.string().optional(),
 	/** Operator-facing status string (e.g. "Connected to https://login.acme.com"). */
 	status: z.string().optional(),
 	/** When false, the provider is registered but disabled by config; the
@@ -3335,7 +3612,20 @@ var NetworkAccessStatusSchema = z.object({
 	endpoint: NetworkEndpointSchema.nullable(),
 	error: z.string().optional()
 });
-method(z.void(), NetworkEndpointSchema, { kind: "mutation" }), method(z.void(), z.void(), { kind: "mutation" }), method(z.void(), NetworkEndpointSchema.nullable()), method(z.void(), NetworkAccessStatusSchema);
+var NetworkEndpointEntrySchema = NetworkEndpointSchema.extend({
+	/**
+	* Stable id within the provider — typically `<mode>-<sourcePort>` so
+	* the orchestrator can dedupe across `listEndpoints` polls.
+	*/
+	id: z.string(),
+	/** Operator-facing label (mirrors `MeshEndpoint.label`). */
+	label: z.string(),
+	/** Optional provider-specific mode tag, used for icon/colour in admin UI. */
+	mode: z.string().optional(),
+	/** Originating local port the ingress fronts (informational). */
+	sourcePort: z.number().optional()
+});
+method(z.void(), NetworkEndpointSchema, { kind: "mutation" }), method(z.void(), z.void(), { kind: "mutation" }), method(z.void(), NetworkEndpointSchema.nullable()), method(z.void(), NetworkAccessStatusSchema), method(z.void(), z.array(NetworkEndpointEntrySchema).readonly());
 var RemoteAccessEndpointSchema = z.object({
 	url: z.string(),
 	hostname: z.string(),
@@ -3448,28 +3738,78 @@ method(z.object({
 	success: z.boolean(),
 	error: z.string().optional()
 }), { kind: "mutation" });
+var NotificationRuleConditionsSchema = z.object({
+	deviceIds: z.array(z.number()).readonly().optional(),
+	classNames: z.array(z.string()).readonly().optional(),
+	zoneIds: z.array(z.string()).readonly().optional(),
+	minConfidence: z.number().optional(),
+	source: z.enum([
+		"pipeline",
+		"onboard",
+		"any"
+	]).optional(),
+	schedule: z.object({
+		days: z.array(z.number()).readonly(),
+		startHour: z.number(),
+		endHour: z.number()
+	}).optional(),
+	cooldownSeconds: z.number().optional(),
+	minDwellSeconds: z.number().optional()
+});
+var NotificationRuleTemplateSchema = z.object({
+	title: z.string(),
+	body: z.string(),
+	imageMode: z.enum([
+		"crop",
+		"annotated",
+		"full",
+		"none"
+	])
+});
 var NotificationRuleSchema = z.object({
 	id: z.string(),
 	name: z.string(),
 	enabled: z.boolean(),
-	conditions: z.record(z.string(), z.unknown()),
-	actions: z.array(z.record(z.string(), z.unknown()))
+	eventTypes: z.array(z.string()).readonly(),
+	conditions: NotificationRuleConditionsSchema,
+	outputs: z.array(z.string()).readonly(),
+	template: NotificationRuleTemplateSchema.optional(),
+	priority: z.enum([
+		"low",
+		"normal",
+		"high",
+		"critical"
+	])
+});
+var NotificationTestResultSchema = z.object({
+	ruleId: z.string(),
+	eventId: z.string(),
+	timestamp: z.number(),
+	wouldFire: z.boolean(),
+	reason: z.string().optional()
 });
 var NotificationHistoryEntrySchema = z.object({
 	id: z.string(),
 	ruleId: z.string(),
+	ruleName: z.string(),
+	eventId: z.string(),
 	timestamp: z.number(),
-	deviceId: z.number().optional(),
+	outputs: z.array(z.string()).readonly(),
 	success: z.boolean(),
-	error: z.string().optional()
+	error: z.string().optional(),
+	deviceId: z.number().optional()
 });
-method(z.void(), z.array(NotificationRuleSchema).readonly()), method(NotificationRuleSchema, z.void(), { kind: "mutation" }), method(z.object({ ruleId: z.string() }), z.void(), { kind: "mutation" }), method(z.object({
-	ruleId: z.string(),
-	lookbackMinutes: z.number()
-}), z.array(z.record(z.string(), z.unknown())), { kind: "mutation" }), method(z.object({
+var NotificationHistoryFilterSchema = z.object({
 	ruleId: z.string().optional(),
+	deviceId: z.number().optional(),
+	from: z.number().optional(),
+	to: z.number().optional(),
 	limit: z.number().optional()
-}), z.array(NotificationHistoryEntrySchema));
+});
+method(z.void(), z.object({ rules: z.array(NotificationRuleSchema).readonly() })), method(z.object({ rule: NotificationRuleSchema }), z.object({ success: z.literal(true) }), { kind: "mutation" }), method(z.object({ ruleId: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation" }), method(z.object({
+	ruleId: z.string(),
+	lookbackMinutes: z.number()
+}), z.object({ results: z.array(NotificationTestResultSchema).readonly() }), { kind: "mutation" }), method(z.object({ filter: NotificationHistoryFilterSchema.optional() }), z.object({ entries: z.array(NotificationHistoryEntrySchema).readonly() }));
 var RecordingModeSchema = z.enum([
 	"continuous",
 	"motion",
@@ -4157,6 +4497,22 @@ DeviceType$1.Camera, method(z.object({ deviceId: z.number() }), z.object({
 }), z.void(), {
 	kind: "mutation",
 	auth: "admin"
+}), method(z.object({ deviceId: z.number() }), z.object({ sessionId: z.string() }), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({
+	deviceId: z.number(),
+	/** PCM frames as little-endian s16, mono. Base64-encoded so
+	*  the payload survives tRPC JSON serialization. */
+	pcmBase64: z.string(),
+	/** Sequence number for ordering / dropping out-of-order frames. */
+	sequenceNumber: z.number().int()
+}), z.object({ accepted: z.boolean() }), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({ deviceId: z.number() }), z.void(), {
+	kind: "mutation",
+	auth: "admin"
 }), z.object({
 	deviceId: z.number(),
 	status: IntercomStatusSchema
@@ -4208,6 +4564,40 @@ var HwAccelBackendInputSchema = z.enum([
 	"none"
 ]).nullable().optional();
 var HwAccelResolutionSchema = z.object({ preferred: z.array(z.string()).readonly() });
+var HardwareEncoderIdSchema = z.enum([
+	"h264_videotoolbox",
+	"hevc_videotoolbox",
+	"h264_vaapi",
+	"hevc_vaapi",
+	"h264_nvenc",
+	"hevc_nvenc",
+	"h264_qsv",
+	"hevc_qsv",
+	"h264_amf",
+	"hevc_amf",
+	"libx264",
+	"libx265"
+]);
+var HardwareEncoderProbeSchema = z.object({
+	encoder: HardwareEncoderIdSchema,
+	codec: z.enum(["H264", "H265"]),
+	family: z.enum([
+		"videotoolbox",
+		"vaapi",
+		"nvenc",
+		"qsv",
+		"amf",
+		"software"
+	]),
+	available: z.boolean(),
+	reason: z.string().optional()
+});
+var HardwareEncodersSchema = z.object({
+	encoders: z.array(HardwareEncoderProbeSchema).readonly(),
+	defaultH264: HardwareEncoderIdSchema,
+	defaultH265: HardwareEncoderIdSchema,
+	probedAt: z.number()
+});
 var HardwarePlatformSchema = z.enum([
 	"darwin",
 	"linux",
@@ -4270,7 +4660,10 @@ var ResolvedInferenceConfigSchema = z.object({
 method(z.void(), PlatformCapabilitiesSchema), method(z.void(), HardwareInfoSchema), method(z.object({ requirements: z.array(ModelRequirementSchema).readonly() }), ResolvedInferenceConfigSchema), method(z.object({
 	prefer: HwAccelBackendInputSchema,
 	nodeId: z.string().optional()
-}), HwAccelResolutionSchema);
+}), HwAccelResolutionSchema), method(z.void(), HardwareEncodersSchema), method(z.void(), HardwareEncodersSchema, {
+	kind: "mutation",
+	auth: "admin"
+});
 var InterfaceKindEnum = z.enum([
 	"lan",
 	"wifi",
@@ -4440,28 +4833,30 @@ var MeshStatusSchema = z.object({
 	/** Last error from the daemon, when not joined. */
 	error: z.string().optional()
 });
-var PublicIngressConfigSchema = z.object({
-	/** Whether the provider should expose CamStack via its public
-	*  ingress (Tailscale Funnel, etc.). */
-	enabled: z.boolean(),
-	/** Local port to forward. Auto-detected from the hub HTTP port
-	*  when omitted. */
-	port: z.number().int().min(1).max(65535).optional()
-});
-var MeshIngressConfigSchema = z.object({
-	/** Whether the provider should expose CamStack inside the mesh
-	*  via HTTPS (Tailscale Serve, etc.) instead of just raw IP. */
-	enabled: z.boolean(),
-	/** Local port to forward. Auto-detected when omitted. */
-	port: z.number().int().min(1).max(65535).optional()
-});
 method(z.void(), MeshStatusSchema), method(z.object({
 	/** Provider-specific auth key. For Tailscale this is the
 	*  `tskey-auth-*` token from admin.tailscale.com. */
 	authKey: z.string().min(8),
 	/** Optional hostname override the host should advertise. */
 	hostname: z.string().optional()
-}), z.object({ joined: z.literal(true) }), { kind: "mutation" }), method(z.void(), z.object({ left: z.literal(true) }), { kind: "mutation" }), method(z.void(), z.object({ peers: z.array(MeshPeerSchema).readonly() })), method(PublicIngressConfigSchema, z.object({ success: z.literal(true) }), { kind: "mutation" }), method(MeshIngressConfigSchema, z.object({ success: z.literal(true) }), { kind: "mutation" });
+}), z.object({ joined: z.literal(true) }), { kind: "mutation" }), method(z.object({
+/** Optional hostname override the host should advertise once joined. */
+hostname: z.string().optional() }), z.object({
+/** Authentication URL the operator should open in a browser. */
+loginUrl: z.string() }), { kind: "mutation" }), method(z.void(), z.object({ left: z.literal(true) }), { kind: "mutation" }), method(z.void(), z.object({ peers: z.array(MeshPeerSchema).readonly() })), method(z.object({
+/** Optional auth key — when provided, probes the key validity
+*  against the provider's API. Omit when already joined to
+*  just ping the daemon. */
+authKey: z.string().optional() }), z.object({
+	ok: z.boolean(),
+	/** Provider-side identifier resolved by the probe (tailnet
+	*  name for Tailscale, network id for ZeroTier, etc.). */
+	tenant: z.string().optional(),
+	/** Daemon binary version, when reachable. */
+	daemonVersion: z.string().optional(),
+	/** Human-readable error when `ok: false`. */
+	error: z.string().optional()
+}), { kind: "mutation" });
 var MeshEndpointSchema = z.object({
 	id: z.string(),
 	label: z.string(),
@@ -4494,35 +4889,58 @@ method(z.void(), z.array(MeshProviderInfoSchema).readonly()), method(z.object({
 	authKey: z.string().min(8),
 	hostname: z.string().optional()
 }), z.object({ joined: z.literal(true) }), { kind: "mutation" }), method(z.object({ addonId: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation" });
-var UserRoleSchema = z.enum([
-	"admin",
-	"viewer",
-	"agent",
-	"scoped"
-]);
-var AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
-var AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
 var MethodAccessSchema = z.enum([
 	"view",
 	"create",
 	"delete"
 ]);
-var TokenScopeSchema = z.object({
-	type: z.enum(["addon", "capability"]),
-	target: z.string(),
-	access: z.array(MethodAccessSchema).min(1)
-});
+var AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
+var AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
+var CapScopeSchema = z.enum(["device", "system"]);
+var TokenScopeSchema = z.discriminatedUnion("type", [
+	z.object({
+		type: z.literal("category"),
+		target: CapScopeSchema,
+		access: z.array(MethodAccessSchema).min(1)
+	}),
+	z.object({
+		type: z.literal("capability"),
+		target: z.string(),
+		access: z.array(MethodAccessSchema).min(1)
+	}),
+	z.object({
+		type: z.literal("addon"),
+		target: z.string(),
+		access: z.array(MethodAccessSchema).min(1)
+	}),
+	z.object({
+		type: z.literal("device"),
+		/**
+		* One or more deviceIds (serialised as strings for wire-format
+		* consistency with the rest of the union). Matcher accepts if
+		* `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
+		* of one scope-per-device when granting access to a set of cameras.
+		*/
+		targets: z.array(z.string()).min(1),
+		access: z.array(MethodAccessSchema).min(1)
+	})
+]);
 z.object({
 	id: z.string(),
 	username: z.string(),
 	passwordHash: z.string(),
-	role: UserRoleSchema,
+	/**
+	* Admin bypass. When true, the middleware skips the scope-access
+	* check entirely. There is no other axis of privilege; the legacy
+	* role enum collapsed onto this boolean in v2.
+	*/
+	isAdmin: z.boolean().default(false),
 	allowedProviders: AllowedProviderSchema,
 	allowedDevices: AllowedDevicesSchema,
 	/**
-	* Scopes granted to this user. Admins bypass; their `scopes` is ignored.
-	* Non-admins (`viewer`, `agent`, `scoped`) without scopes are locked out
-	* of every protected call.
+	* Scopes granted to this user. Admins bypass; their `scopes` is
+	* ignored. Non-admins without scopes are locked out of every
+	* protected call.
 	*/
 	scopes: z.array(TokenScopeSchema).default([]),
 	createdAt: z.number(),
@@ -4531,7 +4949,7 @@ z.object({
 z.object({
 	id: z.string(),
 	label: z.string(),
-	role: UserRoleSchema,
+	isAdmin: z.boolean().default(false),
 	allowedProviders: AllowedProviderSchema,
 	allowedDevices: AllowedDevicesSchema,
 	tokenHash: z.string(),
@@ -4553,7 +4971,7 @@ z.object({
 var UserSummarySchema = z.object({
 	id: z.string(),
 	username: z.string(),
-	role: UserRoleSchema,
+	isAdmin: z.boolean().default(false),
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])),
 	scopes: z.array(TokenScopeSchema).default([]),
@@ -4563,14 +4981,14 @@ var UserSummarySchema = z.object({
 var CreateUserInputSchema = z.object({
 	username: z.string(),
 	password: z.string().min(6),
-	role: UserRoleSchema,
+	isAdmin: z.boolean().default(false),
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
 	scopes: z.array(TokenScopeSchema).optional()
 });
 var UpdateUserInputSchema = z.object({
 	id: z.string(),
-	role: UserRoleSchema.optional(),
+	isAdmin: z.boolean().optional(),
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
 	scopes: z.array(TokenScopeSchema).optional()
@@ -4578,7 +4996,7 @@ var UpdateUserInputSchema = z.object({
 var ApiKeySummarySchema = z.object({
 	id: z.string(),
 	label: z.string(),
-	role: UserRoleSchema,
+	isAdmin: z.boolean().default(false),
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
 	tokenPrefix: z.string(),
@@ -4587,7 +5005,7 @@ var ApiKeySummarySchema = z.object({
 });
 var CreateApiKeyInputSchema = z.object({
 	label: z.string(),
-	role: UserRoleSchema,
+	isAdmin: z.boolean().default(false),
 	allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
 	allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional()
 });
@@ -4615,43 +5033,89 @@ var CreateScopedTokenResultSchema = z.object({
 	token: z.string(),
 	record: ScopedTokenSummarySchema
 });
+var TotpSetupResultSchema = z.object({
+	secret: z.string(),
+	otpauthUrl: z.string()
+});
+var TotpStatusSchema = z.object({
+	/** True iff `confirmedAt != null` — a pending half-enrollment is reported as `enabled: false`. */
+	enabled: z.boolean(),
+	/** Null when no row exists OR the row is still pending confirmation. */
+	confirmedAt: z.number().nullable()
+});
 method(z.void(), z.array(UserSummarySchema), { auth: "admin" }), method(CreateUserInputSchema, UserSummarySchema, {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(UpdateUserInputSchema, z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "delete"
 }), method(z.object({
 	id: z.string(),
 	newPassword: z.string().min(6)
 }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(z.object({
 	userId: z.string(),
 	scopes: z.array(TokenScopeSchema)
 }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
+	auth: "admin",
+	access: "create"
 }), method(z.object({
 	username: z.string(),
 	password: z.string()
-}), UserSummarySchema.extend({ passwordHash: z.string() }).nullable(), { kind: "mutation" }), method(z.void(), z.array(ApiKeySummarySchema), { auth: "admin" }), method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, {
+}), UserSummarySchema.extend({ passwordHash: z.string() }).nullable(), {
 	kind: "mutation",
-	auth: "admin"
+	access: "view"
+}), method(z.void(), z.array(ApiKeySummarySchema), { auth: "admin" }), method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
 }), method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
-}), method(z.object({ token: z.string() }), ApiKeySummarySchema.nullable(), { kind: "mutation" }), method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, {
+	auth: "admin",
+	access: "delete"
+}), method(z.object({ token: z.string() }), ApiKeySummarySchema.nullable(), {
 	kind: "mutation",
-	auth: "admin"
+	access: "view"
+}), method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
 }), method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), {
 	kind: "mutation",
-	auth: "admin"
-}), method(z.object({ token: z.string() }), ScopedTokenSummarySchema.nullable()), method(z.object({ userId: z.string() }), z.array(ScopedTokenSummarySchema), { auth: "admin" });
+	auth: "admin",
+	access: "delete"
+}), method(z.object({ token: z.string() }), ScopedTokenSummarySchema.nullable(), { access: "view" }), method(z.object({ userId: z.string() }), z.array(ScopedTokenSummarySchema), { auth: "admin" }), method(z.object({ userId: z.string() }), TotpSetupResultSchema, {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(z.object({
+	userId: z.string(),
+	code: z.string()
+}), z.object({ success: z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "create"
+}), method(z.object({ userId: z.string() }), z.object({ success: z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
+}), method(z.object({ userId: z.string() }), TotpStatusSchema, { auth: "admin" }), method(z.object({
+	userId: z.string(),
+	code: z.string()
+}), z.object({ valid: z.boolean() }), {
+	kind: "mutation",
+	access: "view"
+});
 var FeatureManifestSchema = z.object({
 	streaming: z.boolean(),
 	notifications: z.boolean(),