@camstack/core 0.1.37 → 0.1.39

package/dist/index.mjs

@@ -31,7 +31,7 @@ import { promisify } from "node:util";
 import { errMsg, parseJsonObject } from "@camstack/types";
 import * as vm from "node:vm";
 import * as os from "node:os";
-//#region ../types/dist/index-Ce7RZWP4.mjs
+//#region ../types/dist/index-CgPd35k5.mjs
 var MODEL_FORMATS = [
 	"onnx",
 	"coreml",
@@ -106,6 +106,12 @@ Object.fromEntries([
 		icon: "video",
 		order: 35
 	},
+	{
+		id: "ptz",
+		label: "PTZ",
+		icon: "move",
+		order: 40
+	},
 	{
 		id: "pipeline",
 		label: "Detection Pipeline",
@@ -232,7 +238,19 @@ var DecoderSessionConfigSchema = z.object({
 	* on every line so `grep tag=broker:5/high` filters one camera
 	* profile cleanly.
 	*/
-	tag: z.string().optional()
+	tag: z.string().optional(),
+	/**
+	* Where the session delivers decoded frames (Phase 5 / D9):
+	*
+	* - `'callback'` (default) — the legacy pixel path: decoded frames are
+	*   buffered as `DecodedFrame`s and drained via `pullFrames`.
+	* - `'shm'` — the shared-memory frame plane: decoded frames are written
+	*   into an OS shared-memory ring and drained as zero-pixel
+	*   `FrameHandle`s via `pullHandles`. A session is one mode or the
+	*   other — `pullFrames` returns nothing for an `'shm'` session and
+	*   `pullHandles` returns nothing for a `'callback'` session.
+	*/
+	frameSink: z.enum(["callback", "shm"]).default("callback")
 });
 function errMsg$1(err) {
 	if (err instanceof Error) return err.message;
@@ -892,6 +910,63 @@ var DecodedFrameSchema = z.object({
 	]),
 	timestamp: z.number()
 });
+var FrameHandleSchema = z.object({
+	shmId: z.string(),
+	slot: z.number().int().nonnegative(),
+	seq: z.number().int().nonnegative(),
+	width: z.number().int().positive(),
+	height: z.number().int().positive(),
+	format: z.enum([
+		"jpeg",
+		"rgb",
+		"bgr",
+		"yuv420",
+		"gray"
+	]),
+	pts: z.number(),
+	byteLength: z.number().int().nonnegative(),
+	nodeId: z.string(),
+	slotCount: z.number().int().positive()
+});
+var FrameHandleFormatSchema = z.enum([
+	"rgb",
+	"bgr",
+	"yuv420",
+	"gray"
+]);
+var SubscribeFramesInputSchema = z.object({
+	brokerId: z.string(),
+	format: FrameHandleFormatSchema,
+	/**
+	* Optional reader-side cadence hint in frames per second. The broker does
+	* NOT throttle — latest-wins ring reads drop frames implicitly for a slow
+	* consumer. The value is echoed back in `SubscribeFramesResult.maxFps` so
+	* the consumer can pace its own `pullFrameHandles` polling.
+	*/
+	maxFps: z.number().positive().optional(),
+	/** Short caller-identity tag (`motion`, `detection`, …) for diagnostics. */
+	tag: z.string().optional()
+});
+var SubscribeFramesResultSchema = z.object({
+	/** Opaque id the consumer passes to `pullFrameHandles` / `unsubscribeFrames`. */
+	subscriptionId: z.string(),
+	/** Reader-side cadence hint (frames/s) — echoes `SubscribeFramesInput.maxFps`. */
+	maxFps: z.number().nonnegative()
+});
+var DecodedAudioChunkSchema = z.object({
+	data: z.instanceof(Uint8Array),
+	sampleRate: z.number().int().positive(),
+	channels: z.number().int().positive(),
+	timestamp: z.number()
+});
+var SubscribeAudioChunksInputSchema = z.object({
+	brokerId: z.string(),
+	/** Short caller-identity tag (`audio-analyzer`, …) for `listClients`. */
+	tag: z.string().optional()
+});
+var SubscribeAudioChunksResultSchema = z.object({ 
+/** Opaque id passed to `pullAudioChunks` / `unsubscribeAudioChunks`. */
+subscriptionId: z.string() });
 var BrokerStatusSchema$1 = z.enum([
 	"idle",
 	"connecting",
@@ -1094,7 +1169,13 @@ method(z.object({
 }), {
 	kind: "mutation",
 	auth: "admin"
-}), method(z.object({ brokerId: z.string() }), z.custom()), method(z.object({
+}), method(SubscribeAudioChunksInputSchema, SubscribeAudioChunksResultSchema, { kind: "mutation" }), method(z.object({
+	subscriptionId: z.string(),
+	maxCount: z.number().int().positive().default(8)
+}), z.array(DecodedAudioChunkSchema).readonly()), method(z.object({ subscriptionId: z.string() }), z.object({ released: z.boolean() }), { kind: "mutation" }), method(SubscribeFramesInputSchema, SubscribeFramesResultSchema, { kind: "mutation" }), method(z.object({
+	subscriptionId: z.string(),
+	maxCount: z.number().int().positive().default(4)
+}), z.array(FrameHandleSchema).readonly()), method(z.object({ subscriptionId: z.string() }), z.object({ released: z.boolean() }), { kind: "mutation" }), method(z.object({
 	brokerId: z.string(),
 	seconds: z.number().min(0).max(30)
 }), z.void(), {
@@ -1787,6 +1868,34 @@ DeviceType$1.Light, DeviceType$1.Siren, DeviceType$1.Switch, method(z.object({
 	enabled: z.boolean(),
 	lastChangedAt: z.number()
 });
+z.object({
+	enabled: z.boolean(),
+	sensitivity: z.number(),
+	/** Row-major active-cell grid. Length = gridWidth*gridHeight (see getOptions). */
+	cells: z.array(z.boolean()),
+	lastFetchedAt: z.number()
+});
+var MotionZoneOptionsSchema = z.object({
+	gridWidth: z.number(),
+	gridHeight: z.number(),
+	sensitivity: z.object({
+		min: z.number(),
+		max: z.number(),
+		step: z.number()
+	})
+});
+var MotionZonePatchSchema = z.object({
+	enabled: z.boolean().optional(),
+	sensitivity: z.number().optional(),
+	cells: z.array(z.boolean()).optional()
+});
+DeviceType$1.Camera, method(z.object({ deviceId: z.number() }), MotionZoneOptionsSchema), method(z.object({
+	deviceId: z.number(),
+	patch: MotionZonePatchSchema
+}), z.void(), {
+	kind: "mutation",
+	auth: "admin"
+});
 var AutotrackTargetTypeSchema = z.string().describe("Vendor target string (people/vehicle/pet); empty = camera default");
 var PtzAutotrackSettingsSchema = z.object({
 	targetType: AutotrackTargetTypeSchema,
@@ -1829,6 +1938,85 @@ DeviceType$1.Camera, method(z.object({ deviceId: z.number() }), PtzAutotrackStat
 	deviceId: z.number(),
 	status: PtzAutotrackStatusSchema
 });
+var StreamProfileSchema = z.enum([
+	"main",
+	"sub",
+	"ext"
+]);
+var StreamProfileConfigSchema = z.object({
+	width: z.number(),
+	height: z.number(),
+	codec: z.enum(["h264", "h265"]),
+	framerate: z.number(),
+	bitrate: z.number(),
+	bitrateMode: z.enum(["vbr", "cbr"]).optional(),
+	encoderProfile: z.enum([
+		"high",
+		"main",
+		"baseline"
+	]).optional(),
+	gop: z.number().optional(),
+	audio: z.boolean().optional()
+});
+z.object({
+	/** Per-profile current config. A profile absent = the camera doesn't have it. */
+	main: StreamProfileConfigSchema.optional(),
+	sub: StreamProfileConfigSchema.optional(),
+	ext: StreamProfileConfigSchema.optional(),
+	lastFetchedAt: z.number()
+});
+var StreamProfileOptionsSchema = z.object({
+	resolutions: z.array(z.object({
+		width: z.number(),
+		height: z.number()
+	})),
+	codecs: z.array(z.enum(["h264", "h265"])),
+	framerates: z.array(z.number()),
+	/** Allowed bitrate values (kbps). Empty if the camera takes a free range. */
+	bitrates: z.array(z.number()),
+	/** Optional [min,max] kbps when the camera accepts a continuous range. */
+	bitrateRange: z.tuple([z.number(), z.number()]).optional(),
+	supportsBitrateMode: z.boolean(),
+	supportsEncoderProfile: z.boolean(),
+	supportsGop: z.boolean(),
+	/** Allowed GOP / keyframe-interval range, in seconds — drives the
+	*  I-frame-interval selector. Absent when the camera advertises GOP
+	*  support but no concrete range (callers then fall back to a free
+	*  numeric input). `{ min, max, step }` per the getOptions convention. */
+	gop: z.object({
+		min: z.number(),
+		max: z.number(),
+		step: z.number()
+	}).optional()
+});
+var StreamParamsOptionsSchema = z.object({
+	main: StreamProfileOptionsSchema.optional(),
+	sub: StreamProfileOptionsSchema.optional(),
+	ext: StreamProfileOptionsSchema.optional()
+});
+var StreamProfilePatchSchema = z.object({
+	width: z.number().optional(),
+	height: z.number().optional(),
+	codec: z.enum(["h264", "h265"]).optional(),
+	framerate: z.number().optional(),
+	bitrate: z.number().optional(),
+	bitrateMode: z.enum(["vbr", "cbr"]).optional(),
+	encoderProfile: z.enum([
+		"high",
+		"main",
+		"baseline"
+	]).optional(),
+	gop: z.number().optional(),
+	audio: z.boolean().optional()
+});
+DeviceType$1.Camera, method(z.object({ deviceId: z.number() }), StreamParamsOptionsSchema), method(z.object({
+	deviceId: z.number(),
+	profile: StreamProfileSchema,
+	patch: StreamProfilePatchSchema
+}), z.void(), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({ deviceId: z.number() }), z.unknown().nullable());
 z.object({
 	on: z.boolean(),
 	/** Ms epoch of the last state change. Useful for UI "X minutes ago". */
@@ -2468,6 +2656,85 @@ method(LogEntrySchema, z.void(), { kind: "mutation" }), method(z.object({
 var StaticDirOutputSchema = z.object({ staticDir: z.string() });
 var VersionOutputSchema = z.object({ version: z.string() });
 method(z.void(), StaticDirOutputSchema), method(z.void(), VersionOutputSchema);
+var MethodAccessSchema = z.enum([
+	"view",
+	"create",
+	"delete"
+]);
+var AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
+var AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
+var CapScopeSchema = z.enum(["device", "system"]);
+var TokenScopeSchema = z.discriminatedUnion("type", [
+	z.object({
+		type: z.literal("category"),
+		target: CapScopeSchema,
+		access: z.array(MethodAccessSchema).min(1)
+	}),
+	z.object({
+		type: z.literal("capability"),
+		target: z.string(),
+		access: z.array(MethodAccessSchema).min(1)
+	}),
+	z.object({
+		type: z.literal("addon"),
+		target: z.string(),
+		access: z.array(MethodAccessSchema).min(1)
+	}),
+	z.object({
+		type: z.literal("device"),
+		/**
+		* One or more deviceIds (serialised as strings for wire-format
+		* consistency with the rest of the union). Matcher accepts if
+		* `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
+		* of one scope-per-device when granting access to a set of cameras.
+		*/
+		targets: z.array(z.string()).min(1),
+		access: z.array(MethodAccessSchema).min(1)
+	})
+]);
+z.object({
+	id: z.string(),
+	username: z.string(),
+	passwordHash: z.string(),
+	/**
+	* Admin bypass. When true, the middleware skips the scope-access
+	* check entirely. There is no other axis of privilege; the legacy
+	* role enum collapsed onto this boolean in v2.
+	*/
+	isAdmin: z.boolean().default(false),
+	allowedProviders: AllowedProviderSchema,
+	allowedDevices: AllowedDevicesSchema,
+	/**
+	* Scopes granted to this user. Admins bypass; their `scopes` is
+	* ignored. Non-admins without scopes are locked out of every
+	* protected call.
+	*/
+	scopes: z.array(TokenScopeSchema).default([]),
+	createdAt: z.number(),
+	updatedAt: z.number()
+});
+z.object({
+	id: z.string(),
+	label: z.string(),
+	isAdmin: z.boolean().default(false),
+	allowedProviders: AllowedProviderSchema,
+	allowedDevices: AllowedDevicesSchema,
+	tokenHash: z.string(),
+	tokenPrefix: z.string(),
+	createdAt: z.number(),
+	lastUsedAt: z.number().optional()
+});
+z.object({
+	id: z.string(),
+	userId: z.string(),
+	name: z.string(),
+	tokenHash: z.string(),
+	tokenPrefix: z.string(),
+	scopes: z.array(TokenScopeSchema),
+	expiresAt: z.number().nullish(),
+	lastUsedAt: z.number().nullish(),
+	createdAt: z.number()
+});
 var SsoBridgeClaimsSchema = z.object({
 	userId: z.string(),
 	username: z.string(),
@@ -2483,12 +2750,36 @@ var SsoBridgeClaimsSchema = z.object({
 	* JWT WITHOUT verifying the signature — the hub re-verifies on every
 	* inbound call so trust still rests with the signing hub.
 	*/
-	hubUrl: z.string().optional()
+	hubUrl: z.string().optional(),
+	/** Permission scopes baked into the token. Set by the OAuth
+	*  account-linking grant; absent on ordinary SSO-login tokens. */
+	scopes: z.array(TokenScopeSchema).optional(),
+	/** OAuth authorization-code binding — set only on `oauth-code` tokens. */
+	redirectUri: z.string().optional(),
+	integrationId: z.string().optional(),
+	/** JWT ID — unique per issued code; consumed-set enforces single-use. */
+	jti: z.string().optional(),
+	/** OAuth session registry id — set on `oauth-access`/`oauth-refresh`
+	*  tokens so the verify path can check the session is not revoked. */
+	sessionId: z.string().optional()
 });
 method(z.object({
 	claims: SsoBridgeClaimsSchema,
 	ttlSec: z.number().int().positive().optional()
 }), z.object({ token: z.string() })), method(z.object({ token: z.string() }), SsoBridgeClaimsSchema.nullable());
+var OauthIntegrationDescriptorSchema = z.object({
+	/** Stable id used as the `integration=` query param, e.g. 'export-alexa'. */
+	integrationId: z.string(),
+	/** Human label rendered on the consent page. */
+	displayName: z.string(),
+	/** Scopes baked into every token issued for this integration. */
+	requestedScopes: z.array(TokenScopeSchema),
+	/** Allowed redirect_uri prefixes. /api/oauth2/authorize rejects any
+	*  redirect_uri that does not start with one of these. Required —
+	*  an empty list means the integration can never complete linking. */
+	allowedRedirectPrefixes: z.array(z.string()).min(1)
+});
+method(z.void(), OauthIntegrationDescriptorSchema);
 var PasskeySummarySchema = z.object({
 	credentialId: z.string(),
 	label: z.string(),
@@ -2734,22 +3025,29 @@ var WidgetSizeEnum = z.enum([
 	"lg",
 	"xl"
 ]);
+var WidgetRemoteSchema = z.object({
+	remoteName: z.string(),
+	exposedModule: z.string(),
+	componentKey: z.string().optional()
+});
 var WidgetMetadataSchema = z.object({
-	/** Stable id within the addon — kebab-case. */
-	stableId: z.string(),
+	/** Primary host tab — `'dashboard'`, `'device-tab'`, or a device-detail tab id. */
+	tab: z.string(),
+	/** Optional sub-tab within `tab`. */
+	subTab: z.string().optional(),
 	/** Operator-facing label. */
 	label: z.string(),
+	/** Ordering within `(tab, subTab)`, ascending. */
+	order: z.number().optional(),
+	/** Always `'remote'` — a widget is a Module Federation remote. */
+	kind: z.literal("remote"),
+	/** MF remote descriptor. */
+	remote: WidgetRemoteSchema,
+	/** Stable id within the addon — kebab-case. Equals `remote.componentKey`. */
+	stableId: z.string(),
 	description: z.string().optional(),
 	icon: z.string().optional(),
 	/**
-	* Module Federation remote name — must match the `name` field on the
-	* widget addon's `federation()` plugin config. Used by the host's
-	* `<WidgetRegistryProvider>` to call `loadRemote('<remoteName>/widgets')`.
-	* Conventionally `addon_<addonid>_widgets` (snake_case; MF names
-	* cannot contain hyphens).
-	*/
-	remoteName: z.string(),
-	/**
 	* Bundle filename inside the addon's `dist/` dir served at
 	* `/api/addon-widgets/<addonId>/<bundle>`. With Module Federation
 	* this is always `'remoteEntry.js'` — the value is kept on the
@@ -2757,9 +3055,9 @@ var WidgetMetadataSchema = z.object({
 	* cache-buster URL without a separate filesystem stat.
 	*/
 	bundle: z.string(),
-	/** Where the widget makes sense to render. */
+	/** Every host the widget supports. The picker filters on this set. */
 	hosts: z.array(WidgetHostEnum).readonly(),
-	/** Required props the host must supply. Validated at <WidgetSlot> mount. */
+	/** Required props the host must supply. Validated at `<WidgetSlot>` mount. */
 	requires: z.object({
 		deviceContext: z.boolean().default(false),
 		integrationContext: z.boolean().default(false)
@@ -2823,6 +3121,16 @@ var InvokeReplyEnvelopeSchema = z.object({
 	contentType: z.string().optional()
 });
 method(z.void(), z.array(AddonHttpRouteSchema)), method(InvokeRequestSchema, InvokeReplyEnvelopeSchema, { kind: "mutation" });
+var ShmRingStatsSchema = z.object({
+	sessionId: z.string(),
+	slotCount: z.number().int(),
+	slotByteLength: z.number().int(),
+	segmentBytes: z.number().int(),
+	budgetMb: z.number().int(),
+	framesWritten: z.number().int(),
+	getFrameHits: z.number().int(),
+	getFrameMisses: z.number().int()
+});
 method(z.object({ codec: z.string() }), z.boolean()), method(z.void(), z.object({
 	id: z.string(),
 	name: z.string(),
@@ -2841,6 +3149,9 @@ method(z.object({ codec: z.string() }), z.boolean()), method(z.void(), z.object(
 	sessionId: z.string(),
 	maxCount: z.number().default(1)
 }), z.array(DecodedFrameSchema)), method(z.object({
+	sessionId: z.string(),
+	maxCount: z.number().default(1)
+}), z.array(FrameHandleSchema)), method(z.object({ handle: FrameHandleSchema }), DecodedFrameSchema.nullable()), method(z.object({ sessionId: z.string() }), ShmRingStatsSchema.nullable()), method(z.object({
 	sessionId: z.string(),
 	config: DecoderSessionConfigSchema.partial()
 }), z.void()), method(z.object({ sessionId: z.string() }), DecoderStatsSchema), method(z.void(), z.array(z.object({
@@ -3585,42 +3896,6 @@ method(z.object({
 	username: z.string(),
 	password: z.string()
 }), AuthResultSchema.nullable(), { kind: "mutation" }), method(z.object({ state: z.string() }), z.string()), method(z.record(z.string(), z.string()), AuthResultSchema, { kind: "mutation" }), method(z.object({ token: z.string() }), AuthResultSchema.nullable());
-var AuthProviderInfoSchema = z.object({
-	/** Stable id matching the addon id (used for `getLoginUrl({addonId,…})`). */
-	addonId: z.string(),
-	/**
-	* Per-instance id when one addon registers multiple "logical"
-	* providers (e.g. OIDC with Google + Microsoft + custom). The login
-	* URL becomes `/addon/${addonId}/${instanceId}/start` — handler reads
-	* `:instanceId` from the route. Empty/unset means the addon is a
-	* single-instance provider; the URL is `/addon/${addonId}/start`.
-	*/
-	instanceId: z.string().optional(),
-	/** Display label shown on the login button + admin row. */
-	displayName: z.string(),
-	/** Optional iconography hint (lucide-react icon name OR emoji). */
-	icon: z.string().optional(),
-	/** When true, the provider exposes a redirect-based login flow
-	*  (`getLoginUrl` returns a URL the browser navigates to). */
-	hasRedirectFlow: z.boolean(),
-	/** When true, the provider exposes a credential-form login flow
-	*  (`validateCredentials` accepts username + password). */
-	hasCredentialFlow: z.boolean(),
-	/** Provider kind, drives admin-UI hint dispatch (oidc / saml / totp / …). */
-	kind: z.string().optional(),
-	/** Operator-facing status string (e.g. "Connected to https://login.acme.com"). */
-	status: z.string().optional(),
-	/** When false, the provider is registered but disabled by config; the
-	*  UI surfaces it as inactive without enumerating it for login. */
-	enabled: z.boolean()
-});
-method(z.void(), z.array(AuthProviderInfoSchema).readonly()), method(z.object({
-	addonId: z.string(),
-	enabled: z.boolean()
-}), z.object({ success: z.literal(true) }), {
-	kind: "mutation",
-	auth: "admin"
-});
 var NetworkEndpointSchema = z.object({
 	url: z.string(),
 	hostname: z.string(),
@@ -3646,33 +3921,6 @@ var NetworkEndpointEntrySchema = NetworkEndpointSchema.extend({
 	sourcePort: z.number().optional()
 });
 method(z.void(), NetworkEndpointSchema, { kind: "mutation" }), method(z.void(), z.void(), { kind: "mutation" }), method(z.void(), NetworkEndpointSchema.nullable()), method(z.void(), NetworkAccessStatusSchema), method(z.void(), z.array(NetworkEndpointEntrySchema).readonly());
-var RemoteAccessEndpointSchema = z.object({
-	url: z.string(),
-	hostname: z.string(),
-	port: z.number(),
-	protocol: z.enum(["http", "https"])
-});
-var RemoteAccessProviderInfoSchema = z.object({
-	/** Stable id matching the addon id. */
-	addonId: z.string(),
-	/** Display label shown on the admin row — sourced from the addon manifest. */
-	displayName: z.string(),
-	/** When false, the provider is registered but disabled. */
-	enabled: z.boolean(),
-	/** True when the underlying tunnel/connection is up. */
-	connected: z.boolean(),
-	/** Public-facing endpoint, when connected. Null otherwise. */
-	endpoint: RemoteAccessEndpointSchema.nullable(),
-	/** Last error message (when connected=false), if available. */
-	error: z.string().optional()
-});
-method(z.void(), z.array(RemoteAccessProviderInfoSchema).readonly()), method(z.object({ addonId: z.string() }), RemoteAccessEndpointSchema, {
-	kind: "mutation",
-	auth: "admin"
-}), method(z.object({ addonId: z.string() }), z.object({ success: z.literal(true) }), {
-	kind: "mutation",
-	auth: "admin"
-});
 var TurnServerSchema = z.object({
 	/** Single URL or list of URLs (e.g. "turn:turn.example.com:3478?transport=udp"). */
 	urls: z.union([z.string(), z.array(z.string())]),
@@ -3680,33 +3928,6 @@ var TurnServerSchema = z.object({
 	credential: z.string().optional()
 });
 method(z.void(), z.array(TurnServerSchema).readonly());
-var TurnProviderInfoSchema = z.object({
-	/** Stable id matching the addon id. */
-	addonId: z.string(),
-	/** Display label shown on the admin row — sourced from the addon manifest. */
-	displayName: z.string(),
-	/** When false, the provider is registered but disabled. */
-	enabled: z.boolean(),
-	/** Number of servers this provider is currently exposing. */
-	serverCount: z.number(),
-	/**
-	* Flat list of every TURN/STUN URL this provider currently exposes.
-	* One row per URL (multi-URL ICE server entries are flattened). The
-	* admin UI shows this in a compact per-provider list so operators
-	* can verify what's actually being negotiated without having to dig
-	* into the combined `getAllServers` output.
-	*/
-	urls: z.array(z.string()).readonly(),
-	/** Last fetch error (when serverCount=0 due to API failure), if any. */
-	error: z.string().optional()
-});
-method(z.void(), z.array(TurnProviderInfoSchema).readonly()), method(z.void(), z.array(TurnServerSchema).readonly()), method(z.object({
-	addonId: z.string(),
-	enabled: z.boolean()
-}), z.object({ success: z.literal(true) }), {
-	kind: "mutation",
-	auth: "admin"
-});
 var SnapshotImageSchema = z.object({
 	base64: z.string(),
 	contentType: z.string()
@@ -4309,10 +4530,38 @@ var PtzMoveCommandSchema = z.object({
 	zoom: z.number().optional(),
 	speed: z.number().optional()
 });
+PtzPositionSchema.extend({ autofocus: z.boolean() });
+var PtzOptionsSchema = z.object({
+	hasPan: z.boolean(),
+	hasTilt: z.boolean(),
+	hasZoom: z.boolean(),
+	supportsPresets: z.boolean(),
+	/** Max number of named presets the camera supports, when known. */
+	maxPresets: z.number().optional(),
+	/** Whether the camera exposes a controllable autofocus toggle
+	*  (boolean `hasX` per the getOptions availability convention). */
+	hasAutofocus: z.boolean()
+});
 DeviceType$1.Camera, method(PtzMoveCommandSchema.extend({ deviceId: z.number() }), z.void(), { kind: "mutation" }), method(PtzMoveCommandSchema.extend({ deviceId: z.number() }), z.void(), { kind: "mutation" }), method(z.object({ deviceId: z.number() }), z.void(), { kind: "mutation" }), method(z.object({ deviceId: z.number() }), z.array(PtzPresetSchema)), method(z.object({
 	deviceId: z.number(),
 	presetId: z.string()
-}), z.void(), { kind: "mutation" }), method(z.object({ deviceId: z.number() }), z.void(), { kind: "mutation" }), method(z.object({ deviceId: z.number() }), PtzPositionSchema);
+}), z.void(), { kind: "mutation" }), method(z.object({
+	deviceId: z.number(),
+	presetId: z.string(),
+	name: z.string()
+}), z.void(), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({
+	deviceId: z.number(),
+	presetId: z.string()
+}), z.void(), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({ deviceId: z.number() }), PtzOptionsSchema), method(z.object({ deviceId: z.number() }), z.void(), { kind: "mutation" }), method(z.object({ deviceId: z.number() }), PtzPositionSchema), method(z.object({
+	deviceId: z.number(),
+	enabled: z.boolean()
+}), z.void(), { kind: "mutation" });
 var EventItemSchema = z.object({
 	id: z.string(),
 	type: z.string(),
@@ -4803,7 +5052,7 @@ method(z.void(), ListResultSchema), method(z.void(), PreferredSchema), method(z.
 	*  tunnel always emits `https://` regardless. */
 	scheme: z.enum(["http", "https"]).optional()
 }), GetConnectionEndpointsResultSchema), method(z.void(), AllowedAddressesSchema), method(AllowedAddressesSchema, z.object({ success: z.literal(true) }), { kind: "mutation" }), method(z.void(), AllowedAddressesSchema, { kind: "mutation" });
-var MeshEndpointSchema$1 = z.object({
+var MeshEndpointSchema = z.object({
 	/** Stable identifier within the provider (e.g. `mesh-ipv4`, `magicdns`, `funnel`). */
 	id: z.string(),
 	/** Operator-facing label (e.g. "Mesh IPv4", "MagicDNS"). */
@@ -4880,7 +5129,7 @@ var MeshStatusSchema = z.object({
 	/** Number of peers visible to this host (excluding self). */
 	peerCount: z.number(),
 	/** Every endpoint this provider exposes for the current host. */
-	endpoints: z.array(MeshEndpointSchema$1).readonly(),
+	endpoints: z.array(MeshEndpointSchema).readonly(),
 	/** Last error from the daemon, when not joined. */
 	error: z.string().optional(),
 	/**
@@ -4955,130 +5204,6 @@ authKey: z.string().optional() }), z.object({
 	/** Human-readable error when `ok: false`. */
 	error: z.string().optional()
 }), { kind: "mutation" });
-var MeshEndpointSchema = z.object({
-	id: z.string(),
-	label: z.string(),
-	scope: z.enum(["mesh", "public"]),
-	url: z.string(),
-	hostname: z.string(),
-	port: z.number(),
-	protocol: z.enum(["http", "https"])
-});
-var MeshProviderInfoSchema = z.object({
-	/** Stable id matching the addon id. */
-	addonId: z.string(),
-	/** Display label shown on the admin row — sourced from the addon manifest. */
-	displayName: z.string(),
-	/** True when the host is joined to this provider's mesh. */
-	joined: z.boolean(),
-	/** Local mesh IP (empty when not joined). */
-	meshIp: z.string(),
-	/** MagicDNS / mesh hostname (empty when not configured). */
-	magicDnsHostname: z.string(),
-	/** Peer count (excluding self). */
-	peerCount: z.number(),
-	/** Active endpoints (mesh IP + MagicDNS + optional public Funnel). */
-	endpoints: z.array(MeshEndpointSchema).readonly(),
-	/** Last error reported by the provider. */
-	error: z.string().optional(),
-	/** Tenant / tailnet / network display name. Empty pre-join. */
-	tenantName: z.string(),
-	/** Mesh DNS suffix (e.g. tailXXXX.ts.net). Empty when not configured. */
-	magicDnsSuffix: z.string(),
-	/** Authenticated user / account login. Null for token-only providers. */
-	userLogin: z.string().nullable(),
-	/** Provider control-plane URL. */
-	controlPlaneUrl: z.string(),
-	/** Machine-key expiry (epoch ms). Null when keys don't rotate. */
-	keyExpiry: z.number().nullable()
-});
-method(z.void(), z.array(MeshProviderInfoSchema).readonly()), method(z.object({
-	addonId: z.string(),
-	authKey: z.string().min(8),
-	hostname: z.string().optional()
-}), z.object({ joined: z.literal(true) }), { kind: "mutation" }), method(z.object({ addonId: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation" }), method(z.object({
-	addonId: z.string(),
-	hostname: z.string().optional()
-}), z.object({ loginUrl: z.string() }), { kind: "mutation" }), method(z.object({ addonId: z.string() }), z.object({ loggedOut: z.literal(true) }), { kind: "mutation" }), method(z.object({ addonId: z.string() }), z.object({ peers: z.array(MeshPeerSchema).readonly() }));
-var MethodAccessSchema = z.enum([
-	"view",
-	"create",
-	"delete"
-]);
-var AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
-var AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
-var CapScopeSchema = z.enum(["device", "system"]);
-var TokenScopeSchema = z.discriminatedUnion("type", [
-	z.object({
-		type: z.literal("category"),
-		target: CapScopeSchema,
-		access: z.array(MethodAccessSchema).min(1)
-	}),
-	z.object({
-		type: z.literal("capability"),
-		target: z.string(),
-		access: z.array(MethodAccessSchema).min(1)
-	}),
-	z.object({
-		type: z.literal("addon"),
-		target: z.string(),
-		access: z.array(MethodAccessSchema).min(1)
-	}),
-	z.object({
-		type: z.literal("device"),
-		/**
-		* One or more deviceIds (serialised as strings for wire-format
-		* consistency with the rest of the union). Matcher accepts if
-		* `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
-		* of one scope-per-device when granting access to a set of cameras.
-		*/
-		targets: z.array(z.string()).min(1),
-		access: z.array(MethodAccessSchema).min(1)
-	})
-]);
-z.object({
-	id: z.string(),
-	username: z.string(),
-	passwordHash: z.string(),
-	/**
-	* Admin bypass. When true, the middleware skips the scope-access
-	* check entirely. There is no other axis of privilege; the legacy
-	* role enum collapsed onto this boolean in v2.
-	*/
-	isAdmin: z.boolean().default(false),
-	allowedProviders: AllowedProviderSchema,
-	allowedDevices: AllowedDevicesSchema,
-	/**
-	* Scopes granted to this user. Admins bypass; their `scopes` is
-	* ignored. Non-admins without scopes are locked out of every
-	* protected call.
-	*/
-	scopes: z.array(TokenScopeSchema).default([]),
-	createdAt: z.number(),
-	updatedAt: z.number()
-});
-z.object({
-	id: z.string(),
-	label: z.string(),
-	isAdmin: z.boolean().default(false),
-	allowedProviders: AllowedProviderSchema,
-	allowedDevices: AllowedDevicesSchema,
-	tokenHash: z.string(),
-	tokenPrefix: z.string(),
-	createdAt: z.number(),
-	lastUsedAt: z.number().optional()
-});
-z.object({
-	id: z.string(),
-	userId: z.string(),
-	name: z.string(),
-	tokenHash: z.string(),
-	tokenPrefix: z.string(),
-	scopes: z.array(TokenScopeSchema),
-	expiresAt: z.number().nullish(),
-	lastUsedAt: z.number().nullish(),
-	createdAt: z.number()
-});
 var UserSummarySchema = z.object({
 	id: z.string(),
 	username: z.string(),
@@ -5151,6 +5276,16 @@ var CreateScopedTokenResultSchema = z.object({
 	token: z.string(),
 	record: ScopedTokenSummarySchema
 });
+var OauthSessionSummarySchema = z.object({
+	id: z.string(),
+	userId: z.string(),
+	username: z.string(),
+	integrationId: z.string(),
+	scopes: z.array(TokenScopeSchema),
+	createdAt: z.number(),
+	lastUsedAt: z.number(),
+	revokedAt: z.number().nullable()
+});
 var TotpSetupResultSchema = z.object({
 	secret: z.string(),
 	otpauthUrl: z.string()
@@ -5233,6 +5368,41 @@ method(z.void(), z.array(UserSummarySchema), { auth: "admin" }), method(CreateUs
 }), z.object({ valid: z.boolean() }), {
 	kind: "mutation",
 	access: "view"
+}), method(z.object({
+	integrationId: z.string(),
+	userId: z.string(),
+	username: z.string(),
+	scopes: z.array(TokenScopeSchema),
+	redirectUri: z.string(),
+	hubUrl: z.string()
+}), z.object({ code: z.string() }), {
+	kind: "mutation",
+	access: "create"
+}), method(z.object({
+	code: z.string(),
+	redirectUri: z.string()
+}), z.object({
+	accessToken: z.string(),
+	refreshToken: z.string(),
+	expiresIn: z.number()
+}).nullable(), {
+	kind: "mutation",
+	access: "view"
+}), method(z.object({ refreshToken: z.string() }), z.object({
+	accessToken: z.string(),
+	refreshToken: z.string(),
+	expiresIn: z.number()
+}).nullable(), {
+	kind: "mutation",
+	access: "view"
+}), method(z.object({ token: z.string() }), z.object({
+	userId: z.string(),
+	username: z.string(),
+	scopes: z.array(TokenScopeSchema)
+}).nullable(), { access: "view" }), method(z.void(), z.array(OauthSessionSummarySchema), { auth: "admin" }), method(z.object({ id: z.string() }), z.object({ success: z.boolean() }), {
+	kind: "mutation",
+	auth: "admin",
+	access: "delete"
 });
 var FeatureManifestSchema = z.object({
 	streaming: z.boolean(),
@@ -5401,7 +5571,13 @@ method(z.void(), z.array(TopologyNodeSchema).readonly(), { auth: "admin" }), met
 }), RenameNodeResultSchema, {
 	kind: "mutation",
 	auth: "admin"
-}), method(z.void(), z.record(z.string(), ClusterAddonStatusEntrySchema), { auth: "admin" }), method(z.object({ nodeId: z.string() }), z.array(NodeAddonEntrySchema).readonly(), { auth: "admin" }), method(z.object({
+}), method(z.void(), z.record(z.string(), ClusterAddonStatusEntrySchema), { auth: "admin" }), method(z.object({ windowSeconds: z.number().int().positive().max(300).default(60) }), z.array(z.object({
+	callerAddonId: z.string(),
+	providerAddonId: z.string(),
+	capName: z.string(),
+	callsPerMin: z.number(),
+	lastCallAtMs: z.number()
+})).readonly(), { auth: "admin" }), method(z.object({ nodeId: z.string() }), z.array(NodeAddonEntrySchema).readonly(), { auth: "admin" }), method(z.object({
 	nodeId: z.string(),
 	level: z.string()
 }), SuccessSchema, {
@@ -5689,6 +5865,13 @@ method(z.void(), z.array(AddonListItemSchema).readonly()), method(z.object({
 	mode: z.enum(["singleton", "collection"]),
 	isActive: z.boolean()
 })).readonly()), method(z.object({
+	capName: z.string().min(1),
+	addonId: z.string().min(1),
+	enabled: z.boolean()
+}), z.object({ success: z.literal(true) }), {
+	kind: "mutation",
+	auth: "admin"
+}), method(z.object({
 	packageName: z.string().min(1),
 	version: z.string().optional()
 }), UpdateFrameworkPackageResultSchema, {
@@ -7632,6 +7815,16 @@ var StorageManager = class {
 	}
 };
 //#endregion
+//#region src/auth/scope-matcher.ts
+/**
+* True if the scope set grants `access` on device-scoped capabilities.
+* A `category:device` grant covers every device cap (the broad grant).
+* Mirrors the OR-semantics of the existing token scope matcher.
+*/
+function scopesAllowDeviceCap(scopes, access) {
+	return scopes.some((s) => s.type === "category" && s.target === "device" && s.access.includes(access));
+}
+//#endregion
 //#region src/notification/notification-service.ts
 /**
 * Central notification service that routes notifications to configured outputs.
@@ -8384,6 +8577,6 @@ var IntegrationRegistry = class {
 	}
 };
 //#endregion
-export { AddonApiFactory, AddonRouteRegistry, AlertCenterAddon, ApiKeyManager, AuthManager, CORE_TABLE_DDL, ConfigStore, ConsoleDestination, ConsoleLoggingAddon, DeviceManagerAddon, DeviceStore, EngineManagerResolver, EventBus, FeatureManager, FilesystemStorageAddon, FilesystemStorageProvider, FsStorageBackend, HubForwarderAddon, HubForwarderDestination, IntegrationRegistry, LifecycleStateMachine, LocalAuthAddon, LogManager, LogRingBuffer, ModelDownloadService, NativeMetricsAddon, NativeMetricsProvider, NetworkQualityTracker, NotificationService, PYTHON_VERSION, PipelineRunner, PipelineValidator, PythonEnvManager, ReplEngine, ScopedLogger, ScopedTokenManager, SettingsStore, SqliteSettingsAddon, SqliteSettingsBackend, StorageLocationManager, StorageManager, StorageOrchestratorAddon, StorageOrchestratorService, SystemConfigAddon, SystemEventBus, ToastService, UserManager, WinstonDestination, WinstonLoggingAddon, addonTableToDdl, buildBinaryPath, deleteModelFromDisk, downloadBinary, downloadFile, downloadModel, ensureBinary, ensureFfmpeg, ensureModel, ensurePython, ensureTlsCert, fetchJson, findInPath, formatLogLine, getFfmpegDownloadUrl, getModelFilePath, getPidStats, getPlatformInfo, getPythonDownloadUrl, getSinglePidStats, installPythonPackages, installPythonRequirements, isModelDownloaded, loadTlsCert };
+export { AddonApiFactory, AddonRouteRegistry, AlertCenterAddon, ApiKeyManager, AuthManager, CORE_TABLE_DDL, ConfigStore, ConsoleDestination, ConsoleLoggingAddon, DeviceManagerAddon, DeviceStore, EngineManagerResolver, EventBus, FeatureManager, FilesystemStorageAddon, FilesystemStorageProvider, FsStorageBackend, HubForwarderAddon, HubForwarderDestination, IntegrationRegistry, LifecycleStateMachine, LocalAuthAddon, LogManager, LogRingBuffer, ModelDownloadService, NativeMetricsAddon, NativeMetricsProvider, NetworkQualityTracker, NotificationService, PYTHON_VERSION, PipelineRunner, PipelineValidator, PythonEnvManager, ReplEngine, ScopedLogger, ScopedTokenManager, SettingsStore, SqliteSettingsAddon, SqliteSettingsBackend, StorageLocationManager, StorageManager, StorageOrchestratorAddon, StorageOrchestratorService, SystemConfigAddon, SystemEventBus, ToastService, UserManager, WinstonDestination, WinstonLoggingAddon, addonTableToDdl, buildBinaryPath, deleteModelFromDisk, downloadBinary, downloadFile, downloadModel, ensureBinary, ensureFfmpeg, ensureModel, ensurePython, ensureTlsCert, fetchJson, findInPath, formatLogLine, getFfmpegDownloadUrl, getModelFilePath, getPidStats, getPlatformInfo, getPythonDownloadUrl, getSinglePidStats, installPythonPackages, installPythonRequirements, isModelDownloaded, loadTlsCert, scopesAllowDeviceCap };
 
 //# sourceMappingURL=index.mjs.map