@camstack/server 0.1.6 → 0.1.7

package/src/api/trpc/cap-route-error-formatter.ts

@@ -0,0 +1,163 @@
+/**
+ * tRPC error formatter that serializes CapRouteError diagnostic fields
+ * across the server→client boundary.
+ *
+ * tRPC only carries `error.message` by default. This formatter augments
+ * the default shape's `data` block with typed CapRouteError fields so the
+ * admin-UI can read `capRouteReason` instead of substring-matching message text.
+ *
+ * Fields added (all optional — absent when the error is not a CapRouteError):
+ *   - `capRouteReason` — 'no-provider' | 'node-offline' | 'cap-unknown' | 'transport-failed'
+ *   - `capRouteRejected` — array of `{ kind: string; why: string }` route-rejection descriptors
+ *   - `capRouteNodeId` — the target node id, when known
+ *
+ * The formatter is EXPORTED for unit testing (no side-effects, pure function).
+ */
+import { CapRouteError } from '@camstack/kernel'
+import type { RejectedRoute } from '@camstack/kernel'
+import type { TRPCError } from '@trpc/server'
+import type { DefaultErrorShape } from '@trpc/server/unstable-core-do-not-import'
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+/** The augmented data block we attach when a CapRouteError is present. */
+export interface CapRouteErrorData {
+  readonly capRouteReason: string
+  readonly capRouteRejected: readonly RejectedRoute[]
+  readonly capRouteNodeId?: string
+}
+
+export interface AugmentedErrorShape extends DefaultErrorShape {
+  readonly data: DefaultErrorShape['data'] & Partial<CapRouteErrorData>
+}
+
+// ---------------------------------------------------------------------------
+// Type guards
+// ---------------------------------------------------------------------------
+
+/** Known CapRouteError reason values — used as a runtime safety rail. */
+const KNOWN_REASONS = new Set<string>(['no-provider', 'node-offline', 'cap-unknown', 'transport-failed'])
+
+/** Narrows a plain string to the `CapRouteError['reason']` union. */
+function isCapRouteReason(r: string): r is CapRouteError['reason'] {
+  return KNOWN_REASONS.has(r)
+}
+
+/** Narrows an `unknown` value to `RejectedRoute` by checking structural shape. */
+function isRejectedRoute(r: unknown): r is RejectedRoute {
+  if (typeof r !== 'object' || r === null) return false
+  const kind: unknown = Reflect.get(r, 'kind')
+  const why: unknown = Reflect.get(r, 'why')
+  return typeof kind === 'string' && typeof why === 'string'
+}
+
+// ---------------------------------------------------------------------------
+// CapRouteError extraction helpers
+// ---------------------------------------------------------------------------
+
+/**
+ * Walks the `.cause` chain of an error to find a CapRouteError.
+ * Returns the first one found, or null.
+ *
+ * Detection is dual-mode:
+ *   1. `instanceof CapRouteError` — works when the same module is loaded.
+ *   2. Duck-type: `name === 'CapRouteError'` + `typeof reason === 'string'`
+ *      — robust against module-boundary issues (self-contained addons).
+ */
+function extractCapRouteError(err: unknown): CapRouteError | null {
+  let current: unknown = err
+  for (let depth = 0; depth < 8; depth++) {
+    if (current === null || current === undefined) return null
+
+    if (current instanceof CapRouteError) {
+      return current
+    }
+
+    // Duck-type fallback: err.name + err.reason field present
+    if (typeof current === 'object' && Reflect.get(current, 'name') === 'CapRouteError') {
+      const rawReason: unknown = Reflect.get(current, 'reason')
+      if (typeof rawReason === 'string') {
+        // Runtime safety: reject unrecognised reason strings so the formatter
+        // only promotes values it knows are valid CapRouteError reasons.
+        if (!isCapRouteReason(rawReason)) {
+          // Unrecognised reason — treat as a non-CapRouteError and keep walking
+          const cause: unknown = Reflect.get(current, 'cause')
+          if (cause === current) return null
+          current = cause
+          continue
+        }
+        const reason: CapRouteError['reason'] = rawReason
+
+        const rawRejected: unknown = Reflect.get(current, 'rejected')
+        const rejected: readonly RejectedRoute[] = Array.isArray(rawRejected)
+          ? rawRejected.filter(isRejectedRoute)
+          : []
+
+        const nodeId: unknown = Reflect.get(current, 'nodeId')
+        const message: unknown = Reflect.get(current, 'message')
+        const rawCapName: unknown = Reflect.get(current, 'capName')
+        const capName: string = typeof rawCapName === 'string' ? rawCapName : '(unknown)'
+
+        // Build a minimal object with the same shape — enough for the formatter.
+        const synthetic = Object.assign(new CapRouteError(capName, undefined, {
+          reason,
+          rejected,
+          ...(typeof nodeId === 'string' ? { nodeId } : {}),
+        }), {
+          // Override message from the original if available
+          message: typeof message === 'string' ? message : '(duck-typed CapRouteError)',
+        })
+        return synthetic
+      }
+    }
+
+    // Walk the cause chain
+    if (typeof current !== 'object') return null
+    const cause: unknown = Reflect.get(current, 'cause')
+    if (cause === current) return null // Guard against circular refs
+    current = cause
+  }
+  return null
+}
+
+// ---------------------------------------------------------------------------
+// Formatter — exported for unit tests
+// ---------------------------------------------------------------------------
+
+export interface FormatTrpcErrorOpts {
+  readonly error: TRPCError
+  readonly shape: DefaultErrorShape
+}
+
+/**
+ * Augments the default tRPC error shape with CapRouteError diagnostic fields
+ * when the thrown error (or any error in its `.cause` chain) is a CapRouteError.
+ * Returns the shape unchanged for all other errors.
+ */
+export function formatTrpcError(opts: FormatTrpcErrorOpts): AugmentedErrorShape {
+  const { error, shape } = opts
+
+  // extractCapRouteError already walks the full .cause chain, so a single call
+  // starting from `error` covers both `error instanceof CapRouteError` and
+  // `error.cause` (and deeper nesting). No second call needed.
+  const capRouteError = extractCapRouteError(error)
+  if (capRouteError === null) {
+    return { ...shape, data: { ...shape.data } }
+  }
+
+  const extraData: CapRouteErrorData = {
+    capRouteReason: capRouteError.reason,
+    capRouteRejected: capRouteError.rejected,
+    ...(capRouteError.nodeId !== undefined ? { capRouteNodeId: capRouteError.nodeId } : {}),
+  }
+
+  return {
+    ...shape,
+    data: {
+      ...shape.data,
+      ...extraData,
+    },
+  }
+}

package/src/api/trpc/client-ip.ts

@@ -0,0 +1,130 @@
+/**
+ * Client-IP extraction + LAN/remote classification for the tRPC layer.
+ *
+ * Used by the `webrtcSession.createSession` override to decide whether a
+ * live-view session should force TURN-relay-only ICE: a viewer behind
+ * CGNAT/4G (a non-LAN source IP) only ever offers a relay candidate, so
+ * the broker must offer a genuinely relay-only SDP (the patched werift
+ * emits one under `iceTransportPolicy:'relay'`) to get a clean
+ * relay↔relay media path. LAN viewers (private/loopback source IP) keep
+ * the low-latency direct host/srflx path. The SERVER computes this — the
+ * client never sends a relay-only flag.
+ */
+import type { FastifyRequest } from 'fastify'
+import type { IncomingMessage } from 'node:http'
+
+export type ClientRequest = FastifyRequest | IncomingMessage
+
+/**
+ * Best-effort extraction of the originating client IP from a tRPC
+ * request. Order of preference:
+ *   1. `X-Forwarded-For` first hop (when behind a reverse proxy — the
+ *      hub is typically fronted by Caddy/nginx/Cloudflare for remote
+ *      access, so the socket peer is the proxy, not the viewer).
+ *   2. Fastify's `req.ip` (already proxy-aware when `trustProxy` is on).
+ *   3. The raw socket remote address.
+ *
+ * Returns `null` when no address can be determined (e.g. mesh-originated
+ * calls that carry no HTTP request) — the caller treats `null` as "not
+ * remote" so the LAN/direct path stays the safe default.
+ */
+export function extractClientIp(req: ClientRequest | undefined): string | null {
+  if (!req) return null
+
+  // 1. X-Forwarded-For — comma-separated list, client is the FIRST entry.
+  const xff = req.headers['x-forwarded-for']
+  const xffValue = Array.isArray(xff) ? xff[0] : xff
+  if (typeof xffValue === 'string' && xffValue.length > 0) {
+    const first = xffValue.split(',')[0]?.trim()
+    if (first) return normalizeIp(first)
+  }
+
+  // 2. Fastify's parsed `req.ip` (honours `trustProxy` config).
+  if ('ip' in req && typeof req.ip === 'string' && req.ip.length > 0) {
+    return normalizeIp(req.ip)
+  }
+
+  // 3. Raw socket peer (WS / IncomingMessage path).
+  const remote = req.socket?.remoteAddress
+  if (typeof remote === 'string' && remote.length > 0) {
+    return normalizeIp(remote)
+  }
+
+  return null
+}
+
+/**
+ * Strip an IPv4-mapped IPv6 prefix (`::ffff:192.168.1.5` → `192.168.1.5`)
+ * and any zone id (`fe80::1%en0` → `fe80::1`) so the range checks below
+ * see a clean address.
+ */
+function normalizeIp(ip: string): string {
+  let out = ip.trim()
+  if (out.startsWith('::ffff:')) out = out.slice('::ffff:'.length)
+  const pct = out.indexOf('%')
+  if (pct !== -1) out = out.slice(0, pct)
+  return out
+}
+
+/**
+ * True when the address is NOT in a private / loopback / link-local /
+ * Tailscale range — i.e. an internet (remote) viewer. Covers IPv4
+ * (10/8, 172.16/12, 192.168/16, 127/8, 100.64/10 Tailscale CGNAT) and
+ * IPv6 (::1, fc00::/7 unique-local, fe80::/10 link-local — fd7a::/16
+ * Tailscale ULA is a subset of fc00::/7 and is therefore already
+ * covered).
+ *
+ * Tailscale clients (the 100.64.0.0/10 CGNAT overlay or the fd7a::/16
+ * ULA overlay) are deliberately classified LOCAL: over the Tailscale
+ * mesh BOTH peers sit on the 100.x / fd7a:: overlay and are mutually
+ * reachable, so the broker offers ALL candidates (host/srflx/relay)
+ * — including the hub's Tailscale host candidate — and a direct
+ * host↔host pair wins ICE with native (non-re-encoded) media. Forcing
+ * relay-only for Tailscale would push them onto the broken relay path.
+ *
+ * Unparseable or null addresses return `false` (treated as LAN — the
+ * safe default that preserves the existing direct path).
+ */
+export function isRemoteClientIp(ip: string | null): boolean {
+  if (!ip) return false
+  if (ip.includes(':')) return !isPrivateIpv6(ip)
+  if (isIpv4(ip)) return !isPrivateIpv4(ip)
+  // Not a recognisable IP literal — be conservative, treat as LAN.
+  return false
+}
+
+function isIpv4(ip: string): boolean {
+  const parts = ip.split('.')
+  if (parts.length !== 4) return false
+  return parts.every((p) => {
+    if (!/^\d{1,3}$/.test(p)) return false
+    const n = Number.parseInt(p, 10)
+    return n >= 0 && n <= 255
+  })
+}
+
+function isPrivateIpv4(ip: string): boolean {
+  const parts = ip.split('.').map((p) => Number.parseInt(p, 10))
+  const [a, b] = parts
+  if (a === undefined || b === undefined) return false
+  if (a === 10) return true // 10.0.0.0/8
+  if (a === 127) return true // 127.0.0.0/8 loopback
+  if (a === 172 && b >= 16 && b <= 31) return true // 172.16.0.0/12
+  if (a === 192 && b === 168) return true // 192.168.0.0/16
+  if (a === 169 && b === 254) return true // 169.254.0.0/16 link-local
+  // 100.64.0.0/10 — Tailscale CGNAT overlay (100.64.0.0 – 100.127.255.255).
+  // Both Tailscale peers are mutually reachable on this overlay, so treat
+  // it as local (direct host↔host pair, no relay).
+  if (a === 100 && b >= 64 && b <= 127) return true
+  return false
+}
+
+function isPrivateIpv6(ip: string): boolean {
+  const lower = ip.toLowerCase()
+  if (lower === '::1') return true // loopback
+  if (lower === '::') return true // unspecified
+  if (lower.startsWith('fe80')) return true // fe80::/10 link-local
+  // fc00::/7 unique-local — covers fc.. and fd..
+  if (lower.startsWith('fc') || lower.startsWith('fd')) return true
+  return false
+}

package/src/api/trpc/generated-cap-mounts.ts

@@ -1,7 +1,7 @@
 // AUTO-GENERATED by scripts/generate-cap-mounts.ts — DO NOT EDIT
 // Re-run: npx tsx scripts/generate-cap-mounts.ts
 //
-// Mounted: 78    Skipped (legacy): 6
+// Mounted: 81    Skipped (legacy): 6
 
 /**
  * Single auto-mount entrypoint for every codegen'd cap router.
@@ -48,6 +48,7 @@ import {
   batteryCapability,
   brightnessCapability,
   cameraCredentialsCapability,
+  cameraPipelineConfigCapability,
   cameraStreamsCapability,
   decoderCapability,
   detectionPipelineCapability,
@@ -84,6 +85,7 @@ import {
   pipelineOrchestratorCapability,
   pipelineRunnerCapability,
   platformProbeCapability,
+  privacyMaskCapability,
   ptzAutotrackCapability,
   ptzCapability,
   rebootCapability,
@@ -97,6 +99,7 @@ import {
   storageCapability,
   storageProviderCapability,
   streamBrokerCapability,
+  streamCatalogCapability,
   streamParamsCapability,
   switchCapability,
   systemCapability,
@@ -130,6 +133,7 @@ import {
   createCapRouter_battery,
   createCapRouter_brightness,
   createCapRouter_cameraCredentials,
+  createCapRouter_cameraPipelineConfig,
   createCapRouter_cameraStreams,
   createCapRouter_decoder,
   createCapRouter_detectionPipeline,
@@ -166,6 +170,7 @@ import {
   createCapRouter_pipelineOrchestrator,
   createCapRouter_pipelineRunner,
   createCapRouter_platformProbe,
+  createCapRouter_privacyMask,
   createCapRouter_ptz,
   createCapRouter_ptzAutotrack,
   createCapRouter_reboot,
@@ -179,6 +184,7 @@ import {
   createCapRouter_storage,
   createCapRouter_storageProvider,
   createCapRouter_streamBroker,
+  createCapRouter_streamCatalog,
   createCapRouter_streamParams,
   createCapRouter_switch,
   createCapRouter_system,
@@ -328,6 +334,10 @@ export function mountAllCaps(services: MountAllCapsServices) {
       (_ctx) => requireDeviceScoped(reg, 'camera-credentials') as InferProvider<typeof cameraCredentialsCapability> | null,
       remoteCapProxy,
     ),
+    cameraPipelineConfig: createCapRouter_cameraPipelineConfig(
+      (_ctx) => reg?.getSingleton<InferProvider<typeof cameraPipelineConfigCapability>>('camera-pipeline-config') ?? null,
+      remoteCapProxy,
+    ),
     cameraStreams: createCapRouter_cameraStreams(
       (_ctx) => reg?.getSingleton<InferProvider<typeof cameraStreamsCapability>>('camera-streams') ?? null,
       remoteCapProxy,
@@ -554,6 +564,10 @@ export function mountAllCaps(services: MountAllCapsServices) {
       (_ctx) => reg?.getSingleton<InferProvider<typeof platformProbeCapability>>('platform-probe') ?? null,
       remoteCapProxy,
     ),
+    privacyMask: createCapRouter_privacyMask(
+      (_ctx) => requireDeviceScoped(reg, 'privacy-mask') as InferProvider<typeof privacyMaskCapability> | null,
+      remoteCapProxy,
+    ),
     ptz: createCapRouter_ptz(
       (_ctx) => requireDeviceScoped(reg, 'ptz') as InferProvider<typeof ptzCapability> | null,
       remoteCapProxy,
@@ -633,6 +647,10 @@ export function mountAllCaps(services: MountAllCapsServices) {
       (_ctx) => reg?.getSingleton<InferProvider<typeof streamBrokerCapability>>('stream-broker') ?? null,
       remoteCapProxy,
     ),
+    streamCatalog: createCapRouter_streamCatalog(
+      (_ctx) => requireDeviceScoped(reg, 'stream-catalog') as InferProvider<typeof streamCatalogCapability> | null,
+      remoteCapProxy,
+    ),
     streamParams: createCapRouter_streamParams(
       (_ctx) => requireDeviceScoped(reg, 'stream-params') as InferProvider<typeof streamParamsCapability> | null,
       remoteCapProxy,

package/src/api/trpc/generated-cap-routers.ts

@@ -1,9 +1,11 @@
 // AUTO-GENERATED by scripts/generate-cap-routers.ts — DO NOT EDIT
 // Re-run: npx tsx scripts/generate-cap-routers.ts
 //
-// Capabilities: 84
+// Capabilities: 87
+/* eslint-disable */
 
 import { TRPCError } from '@trpc/server'
+import { CapRouteError } from '@camstack/kernel'
 import { z } from 'zod'
 import { adminProcedure, protectedProcedure, iterableSubscription, trpcRouter } from './trpc.middleware.js'
 import type { InferProvider } from '@camstack/types'
@@ -31,6 +33,7 @@ import { backupCapability } from '@camstack/types'
 import { batteryCapability } from '@camstack/types'
 import { brightnessCapability } from '@camstack/types'
 import { cameraCredentialsCapability } from '@camstack/types'
+import { cameraPipelineConfigCapability } from '@camstack/types'
 import { cameraStreamsCapability } from '@camstack/types'
 import { decoderCapability } from '@camstack/types'
 import { detectionPipelineCapability } from '@camstack/types'
@@ -68,6 +71,7 @@ import { pipelineExecutorCapability } from '@camstack/types'
 import { pipelineOrchestratorCapability } from '@camstack/types'
 import { pipelineRunnerCapability } from '@camstack/types'
 import { platformProbeCapability } from '@camstack/types'
+import { privacyMaskCapability } from '@camstack/types'
 import { ptzCapability } from '@camstack/types'
 import { ptzAutotrackCapability } from '@camstack/types'
 import { rebootCapability } from '@camstack/types'
@@ -82,6 +86,7 @@ import { ssoBridgeCapability } from '@camstack/types'
 import { storageCapability } from '@camstack/types'
 import { storageProviderCapability } from '@camstack/types'
 import { streamBrokerCapability } from '@camstack/types'
+import { streamCatalogCapability } from '@camstack/types'
 import { streamParamsCapability } from '@camstack/types'
 import { streamingEngineCapability } from '@camstack/types'
 import { switchCapability } from '@camstack/types'
@@ -104,6 +109,10 @@ export function requireCapProvider<T>(name: string, getProvider: () => T | null)
     throw new TRPCError({
       code: 'PRECONDITION_FAILED',
       message: `Capability "${name}" provider not available`,
+      cause: new CapRouteError(name, undefined, {
+        reason: 'no-provider',
+        rejected: [{ kind: 'hub-in-process', why: 'no provider bound for this cap' }],
+      }),
     })
   }
   return p
@@ -134,6 +143,10 @@ function resolveProvider<T>(
     throw new TRPCError({
       code: 'PRECONDITION_FAILED',
       message: `Capability "${capName}" provider not available`,
+      cause: new CapRouteError(capName, undefined, {
+        reason: 'no-provider',
+        rejected: [{ kind: 'hub-in-process', why: 'no provider bound for this cap/device' }],
+      }),
     })
   }
 
@@ -148,6 +161,11 @@ function resolveProvider<T>(
     throw new TRPCError({
       code: 'PRECONDITION_FAILED',
       message: `Capability "${capName}" not available on node "${nodeId}"`,
+      cause: new CapRouteError(capName, undefined, {
+        reason: 'no-provider',
+        nodeId,
+        rejected: [{ kind: 'remote-moleculer', why: `cap not available on node "${nodeId}"` }],
+      }),
     })
   }
   return proxy
@@ -493,6 +511,38 @@ export function createCapRouter_addons(
         // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
         return p.updateFrameworkPackage(input as any)
       }),
+    startBulkUpdate: adminProcedure
+      .input(addonsCapability.methods.startBulkUpdate.input.loose())
+      .output(addonsCapability.methods.startBulkUpdate.output)
+      .mutation(async ({ input, ctx }) => {
+        const p = requireCapProvider('addons', () => getProvider(ctx))
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.startBulkUpdate(input as any)
+      }),
+    getBulkUpdateState: adminProcedure
+      .input(addonsCapability.methods.getBulkUpdateState.input.loose())
+      .output(addonsCapability.methods.getBulkUpdateState.output)
+      .query(async ({ input, ctx }) => {
+        const p = requireCapProvider('addons', () => getProvider(ctx))
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getBulkUpdateState(input as any)
+      }),
+    cancelBulkUpdate: adminProcedure
+      .input(addonsCapability.methods.cancelBulkUpdate.input.loose())
+      .output(addonsCapability.methods.cancelBulkUpdate.output)
+      .mutation(async ({ input, ctx }) => {
+        const p = requireCapProvider('addons', () => getProvider(ctx))
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.cancelBulkUpdate(input as any)
+      }),
+    listActiveBulkUpdates: adminProcedure
+      .input(addonsCapability.methods.listActiveBulkUpdates.input.loose())
+      .output(addonsCapability.methods.listActiveBulkUpdates.output)
+      .query(async ({ input, ctx }) => {
+        const p = requireCapProvider('addons', () => getProvider(ctx))
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.listActiveBulkUpdates(input as any)
+      }),
     getVersions: protectedProcedure
       .input(addonsCapability.methods.getVersions.input.loose())
       .output(addonsCapability.methods.getVersions.output)
@@ -1183,6 +1233,45 @@ export function createCapRouter_cameraCredentials(
   })
 }
 
+// ── camera-pipeline-config (singleton) ──────────────────────────────
+
+type CameraPipelineConfigProvider = InferProvider<typeof cameraPipelineConfigCapability>
+
+export function createCapRouter_cameraPipelineConfig(
+  getProvider: (ctx: TrpcContext) => CameraPipelineConfigProvider | null,
+  createRemoteProxy?: (capName: string, nodeId: string) => CameraPipelineConfigProvider | null,
+) {
+  return trpcRouter({
+    getDeviceSettingsContribution: protectedProcedure
+      .input(DEVICE_SETTINGS_CONTRIBUTION_METHODS.getDeviceSettingsContribution.input.loose())
+      .output(DEVICE_SETTINGS_CONTRIBUTION_METHODS.getDeviceSettingsContribution.output)
+      .query(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('camera-pipeline-config', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getDeviceSettingsContribution(methodInput as any)
+      }),
+    getDeviceLiveContribution: protectedProcedure
+      .input(DEVICE_SETTINGS_CONTRIBUTION_METHODS.getDeviceLiveContribution.input.loose())
+      .output(DEVICE_SETTINGS_CONTRIBUTION_METHODS.getDeviceLiveContribution.output)
+      .query(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('camera-pipeline-config', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getDeviceLiveContribution(methodInput as any)
+      }),
+    applyDeviceSettingsPatch: adminProcedure
+      .input(DEVICE_SETTINGS_CONTRIBUTION_METHODS.applyDeviceSettingsPatch.input.loose())
+      .output(DEVICE_SETTINGS_CONTRIBUTION_METHODS.applyDeviceSettingsPatch.output)
+      .mutation(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('camera-pipeline-config', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.applyDeviceSettingsPatch(methodInput as any)
+      }),
+  })
+}
+
 // ── camera-streams (singleton) ──────────────────────────────────────
 
 type CameraStreamsProvider = InferProvider<typeof cameraStreamsCapability>
@@ -2976,6 +3065,15 @@ export function createCapRouter_nativeObjectDetection(
         // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
         return p.getStatus(methodInput as any)
       }),
+    setEnabled: adminProcedure
+      .input(nativeObjectDetectionCapability.methods.setEnabled.input.loose())
+      .output(nativeObjectDetectionCapability.methods.setEnabled.output)
+      .mutation(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('native-object-detection', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.setEnabled(methodInput as any)
+      }),
   })
 }
 
@@ -4123,6 +4221,45 @@ export function createCapRouter_platformProbe(
   })
 }
 
+// ── privacy-mask (singleton) ────────────────────────────────────────
+
+type PrivacyMaskProvider = InferProvider<typeof privacyMaskCapability>
+
+export function createCapRouter_privacyMask(
+  getProvider: (ctx: TrpcContext) => PrivacyMaskProvider | null,
+  createRemoteProxy?: (capName: string, nodeId: string) => PrivacyMaskProvider | null,
+) {
+  return trpcRouter({
+    getStatus: protectedProcedure
+      .input(DEVICE_STATUS_METHOD.getStatus.input.loose())
+      .output(DEVICE_STATUS_METHOD.getStatus.output)
+      .query(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('privacy-mask', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getStatus(methodInput as any)
+      }),
+    getOptions: protectedProcedure
+      .input(privacyMaskCapability.methods.getOptions.input.loose())
+      .output(privacyMaskCapability.methods.getOptions.output)
+      .query(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('privacy-mask', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getOptions(methodInput as any)
+      }),
+    setMask: adminProcedure
+      .input(privacyMaskCapability.methods.setMask.input.loose())
+      .output(privacyMaskCapability.methods.setMask.output)
+      .mutation(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('privacy-mask', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.setMask(methodInput as any)
+      }),
+  })
+}
+
 // ── ptz (singleton) ─────────────────────────────────────────────────
 
 type PtzProvider = InferProvider<typeof ptzCapability>
@@ -5443,6 +5580,27 @@ export function createCapRouter_streamBroker(
   })
 }
 
+// ── stream-catalog (singleton) ──────────────────────────────────────
+
+type StreamCatalogProvider = InferProvider<typeof streamCatalogCapability>
+
+export function createCapRouter_streamCatalog(
+  getProvider: (ctx: TrpcContext) => StreamCatalogProvider | null,
+  createRemoteProxy?: (capName: string, nodeId: string) => StreamCatalogProvider | null,
+) {
+  return trpcRouter({
+    getCatalog: protectedProcedure
+      .input(streamCatalogCapability.methods.getCatalog.input.loose())
+      .output(streamCatalogCapability.methods.getCatalog.output)
+      .query(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('stream-catalog', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getCatalog(methodInput as any)
+      }),
+  })
+}
+
 // ── stream-params (singleton) ───────────────────────────────────────
 
 type StreamParamsProvider = InferProvider<typeof streamParamsCapability>
@@ -6102,6 +6260,24 @@ export function createCapRouter_webrtcSession(
         // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
         return p.handleAnswer(methodInput as any)
       }),
+    addIceCandidate: protectedProcedure
+      .input(webrtcSessionCapability.methods.addIceCandidate.input.loose())
+      .output(webrtcSessionCapability.methods.addIceCandidate.output)
+      .mutation(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('webrtc-session', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.addIceCandidate(methodInput as any)
+      }),
+    getIceCandidates: protectedProcedure
+      .input(webrtcSessionCapability.methods.getIceCandidates.input.loose())
+      .output(webrtcSessionCapability.methods.getIceCandidates.output)
+      .query(async ({ input, ctx }) => {
+        const { nodeId, ...methodInput } = input as { nodeId?: string } & Record<string, unknown>
+        const p = resolveProvider('webrtc-session', nodeId, () => getProvider(ctx), createRemoteProxy)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        return p.getIceCandidates(methodInput as any)
+      }),
     closeSession: protectedProcedure
       .input(webrtcSessionCapability.methods.closeSession.input.loose())
       .output(webrtcSessionCapability.methods.closeSession.output)
@@ -6273,6 +6449,7 @@ export interface GeneratedCapabilityRouterMap {
   readonly battery: ReturnType<typeof createCapRouter_battery>
   readonly brightness: ReturnType<typeof createCapRouter_brightness>
   readonly cameraCredentials: ReturnType<typeof createCapRouter_cameraCredentials>
+  readonly cameraPipelineConfig: ReturnType<typeof createCapRouter_cameraPipelineConfig>
   readonly cameraStreams: ReturnType<typeof createCapRouter_cameraStreams>
   readonly decoder: ReturnType<typeof createCapRouter_decoder>
   readonly detectionPipeline: ReturnType<typeof createCapRouter_detectionPipeline>
@@ -6310,6 +6487,7 @@ export interface GeneratedCapabilityRouterMap {
   readonly pipelineOrchestrator: ReturnType<typeof createCapRouter_pipelineOrchestrator>
   readonly pipelineRunner: ReturnType<typeof createCapRouter_pipelineRunner>
   readonly platformProbe: ReturnType<typeof createCapRouter_platformProbe>
+  readonly privacyMask: ReturnType<typeof createCapRouter_privacyMask>
   readonly ptz: ReturnType<typeof createCapRouter_ptz>
   readonly ptzAutotrack: ReturnType<typeof createCapRouter_ptzAutotrack>
   readonly reboot: ReturnType<typeof createCapRouter_reboot>
@@ -6324,6 +6502,7 @@ export interface GeneratedCapabilityRouterMap {
   readonly storage: ReturnType<typeof createCapRouter_storage>
   readonly storageProvider: ReturnType<typeof createCapRouter_storageProvider>
   readonly streamBroker: ReturnType<typeof createCapRouter_streamBroker>
+  readonly streamCatalog: ReturnType<typeof createCapRouter_streamCatalog>
   readonly streamParams: ReturnType<typeof createCapRouter_streamParams>
   readonly streamingEngine: ReturnType<typeof createCapRouter_streamingEngine>
   readonly switch: ReturnType<typeof createCapRouter_switch>