@camstack/server 0.1.8 → 0.2.1

package/src/api/oauth2/__tests__/oauth2-routes.spec.ts

@@ -5,7 +5,12 @@ describe('validateAuthorizeQuery', () => {
   const known = new Set(['export-alexa'])
   it('accepts a well-formed query for a known integration', () => {
     const r = validateAuthorizeQuery(
-      { response_type: 'code', integration: 'export-alexa', redirect_uri: 'https://cb/r', state: 's' },
+      {
+        response_type: 'code',
+        integration: 'export-alexa',
+        redirect_uri: 'https://cb/r',
+        state: 's',
+      },
       known,
     )
     expect(r.ok).toBe(true)
@@ -26,7 +31,12 @@ describe('validateAuthorizeQuery', () => {
   })
   it('rejects a non-code response_type', () => {
     const r = validateAuthorizeQuery(
-      { response_type: 'token', integration: 'export-alexa', redirect_uri: 'https://cb/r', state: 's' },
+      {
+        response_type: 'token',
+        integration: 'export-alexa',
+        redirect_uri: 'https://cb/r',
+        state: 's',
+      },
       known,
     )
     expect(r.ok).toBe(false)

package/src/api/oauth2/consent-page.ts

@@ -1,7 +1,8 @@
 function escapeHtml(s: string): string {
-  return s.replace(/[&<>"']/g, (c) => (
-    { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c]!
-  ))
+  return s.replace(
+    /[&<>"']/g,
+    (c) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' })[c]!,
+  )
 }
 
 interface ConsentPageInput {

package/src/api/oauth2/oauth2-routes.ts

@@ -1,8 +1,17 @@
 import type { FastifyInstance } from 'fastify'
 import type { CapabilityRegistry } from '@camstack/kernel'
-import type { IOauthIntegrationProvider, IUserManagementProvider, OauthIntegrationDescriptor, TokenScope } from '@camstack/types'
+import type {
+  IOauthIntegrationProvider,
+  IUserManagementProvider,
+  OauthIntegrationDescriptor,
+  TokenScope,
+} from '@camstack/types'
 import { renderConsentPage } from './consent-page.js'
-import { SESSION_COOKIE, shouldRedirectToLogin, loginRedirectUrl } from '../../auth/session-cookie.js'
+import {
+  SESSION_COOKIE,
+  shouldRedirectToLogin,
+  loginRedirectUrl,
+} from '../../auth/session-cookie.js'
 
 export interface AuthorizeQuery {
   response_type?: string
@@ -17,16 +26,25 @@ export type AuthorizeValidation =
 
 /** Validate the inbound authorize query. `client_id` is intentionally
  *  NOT checked — that pair is verified only at the Lambda boundary. */
-export function validateAuthorizeQuery(q: AuthorizeQuery, knownIntegrations: ReadonlySet<string>): AuthorizeValidation {
-  if (q.response_type !== 'code') return { ok: false, status: 400, error: 'unsupported_response_type' }
-  if (!q.integration || !knownIntegrations.has(q.integration)) return { ok: false, status: 400, error: 'invalid_request — unknown integration' }
-  if (!q.redirect_uri) return { ok: false, status: 400, error: 'invalid_request — redirect_uri required' }
+export function validateAuthorizeQuery(
+  q: AuthorizeQuery,
+  knownIntegrations: ReadonlySet<string>,
+): AuthorizeValidation {
+  if (q.response_type !== 'code')
+    return { ok: false, status: 400, error: 'unsupported_response_type' }
+  if (!q.integration || !knownIntegrations.has(q.integration))
+    return { ok: false, status: 400, error: 'invalid_request — unknown integration' }
+  if (!q.redirect_uri)
+    return { ok: false, status: 400, error: 'invalid_request — redirect_uri required' }
   if (!q.state) return { ok: false, status: 400, error: 'invalid_request — state required' }
   return { ok: true, integration: q.integration, redirectUri: q.redirect_uri, state: q.state }
 }
 
 /** True if `redirectUri` starts with one of the integration's allowed prefixes. */
-export function isRedirectUriAllowed(redirectUri: string, allowedPrefixes: readonly string[]): boolean {
+export function isRedirectUriAllowed(
+  redirectUri: string,
+  allowedPrefixes: readonly string[],
+): boolean {
   return allowedPrefixes.some((p) => redirectUri.startsWith(p))
 }
 
@@ -121,7 +139,9 @@ export function registerOauth2Routes(fastify: FastifyInstance, deps: Oauth2Deps)
 
     const descriptor = descriptorMap.get(v.integration)!
     if (!isRedirectUriAllowed(v.redirectUri, descriptor.allowedRedirectPrefixes)) {
-      return reply.status(400).send({ error: 'invalid_request — redirect_uri not allowed for this integration' })
+      return reply
+        .status(400)
+        .send({ error: 'invalid_request — redirect_uri not allowed for this integration' })
     }
 
     const html = renderConsentPage({
@@ -178,11 +198,15 @@ export function registerOauth2Routes(fastify: FastifyInstance, deps: Oauth2Deps)
 
     const descriptor = descriptorMap.get(v.integration)!
     if (!isRedirectUriAllowed(v.redirectUri, descriptor.allowedRedirectPrefixes)) {
-      return reply.status(400).send({ error: 'invalid_request — redirect_uri not allowed for this integration' })
+      return reply
+        .status(400)
+        .send({ error: 'invalid_request — redirect_uri not allowed for this integration' })
     }
 
     if (body.consent !== 'allow') {
-      return reply.redirect(`${v.redirectUri}?error=access_denied&state=${encodeURIComponent(v.state)}`)
+      return reply.redirect(
+        `${v.redirectUri}?error=access_denied&state=${encodeURIComponent(v.state)}`,
+      )
     }
 
     const userMgmt = registry.getSingleton<IUserManagementProvider>('user-management')
@@ -203,7 +227,9 @@ export function registerOauth2Routes(fastify: FastifyInstance, deps: Oauth2Deps)
       hubUrl: descriptor.hubUrl ?? deps.publicHubUrl(),
     })
 
-    return reply.redirect(`${v.redirectUri}?code=${encodeURIComponent(code)}&state=${encodeURIComponent(v.state)}`)
+    return reply.redirect(
+      `${v.redirectUri}?code=${encodeURIComponent(code)}&state=${encodeURIComponent(v.state)}`,
+    )
   })
 
   // ─── POST /api/oauth2/token ───────────────────────────────────────────────
@@ -228,7 +254,10 @@ export function registerOauth2Routes(fastify: FastifyInstance, deps: Oauth2Deps)
       if (!body.code || !body.redirect_uri) {
         return reply.status(400).send({ error: 'invalid_request' })
       }
-      tokenResult = await userMgmt.oauthExchangeCode({ code: body.code, redirectUri: body.redirect_uri })
+      tokenResult = await userMgmt.oauthExchangeCode({
+        code: body.code,
+        redirectUri: body.redirect_uri,
+      })
     } else if (body.grant_type === 'refresh_token') {
       if (!body.refresh_token) {
         return reply.status(400).send({ error: 'invalid_request' })

package/src/api/trpc/__tests__/scope-access-device.spec.ts

@@ -38,13 +38,13 @@ interface DeviceNode {
 }
 
 const TREE: readonly DeviceNode[] = [
-  { id: 5,  parentDeviceId: null }, // Reolink (parent)
-  { id: 51, parentDeviceId: 5 },    // siren child
-  { id: 52, parentDeviceId: 5 },    // floodlight child
-  { id: 53, parentDeviceId: 5 },    // PIR child
-  { id: 7,  parentDeviceId: null }, // Hikvision (parent)
-  { id: 71, parentDeviceId: 7 },    // hik siren child
-  { id: 9,  parentDeviceId: null }, // Frigate (parent, NOT granted)
+  { id: 5, parentDeviceId: null }, // Reolink (parent)
+  { id: 51, parentDeviceId: 5 }, // siren child
+  { id: 52, parentDeviceId: 5 }, // floodlight child
+  { id: 53, parentDeviceId: 5 }, // PIR child
+  { id: 7, parentDeviceId: null }, // Hikvision (parent)
+  { id: 71, parentDeviceId: 7 }, // hik siren child
+  { id: 9, parentDeviceId: null }, // Frigate (parent, NOT granted)
 ]
 
 /** Walks the parent chain — mirrors the real lookup in trpc.context.ts. */
@@ -69,15 +69,15 @@ function deviceScope(targets: readonly string[], access: TokenScope['access']):
  * just on the matcher's logic.
  */
 const VIEW_METHODS = [
-  'webrtcSession.listStreams',       // view, webrtc-session cap
-  'cameraStreams.getCameraStreams',  // view, camera-streams cap
+  'webrtcSession.listStreams', // view, webrtc-session cap
+  'cameraStreams.getCameraStreams', // view, camera-streams cap
   'audioMetrics.getCurrentSnapshot', // view, audio-metrics cap
 ] as const
 
 const CREATE_METHODS = [
   'webrtcSession.createSession', // create, webrtc-session cap
-  'switch.setState',             // create, switch cap (accessory typical)
-  'reboot.reboot',               // create, reboot cap
+  'switch.setState', // create, switch cap (accessory typical)
+  'reboot.reboot', // create, reboot cap
 ] as const
 
 // ── Direct match — granted device, any cap method ──────────────────
@@ -102,7 +102,12 @@ describe('checkScopeAccess — device scope, direct grant', () => {
   it('admits multiple deviceIds listed in a single scope row', () => {
     const scopes = [deviceScope(['5', '7'], ['view'])]
     for (const id of [5, 7]) {
-      const result = checkScopeAccess(scopes, 'webrtcSession.listStreams', { deviceId: id }, lookupAncestors)
+      const result = checkScopeAccess(
+        scopes,
+        'webrtcSession.listStreams',
+        { deviceId: id },
+        lookupAncestors,
+      )
       expect(result.ok, `device ${id} should be allowed`).toBe(true)
     }
   })
@@ -125,14 +130,24 @@ describe('checkScopeAccess — device scope, accessory inheritance', () => {
 
   it('grant on parent 5 covers PIR 53 (read-only)', () => {
     const scopes = [deviceScope(['5'], ['view'])]
-    const result = checkScopeAccess(scopes, 'cameraStreams.getCameraStreams', { deviceId: 53 }, lookupAncestors)
+    const result = checkScopeAccess(
+      scopes,
+      'cameraStreams.getCameraStreams',
+      { deviceId: 53 },
+      lookupAncestors,
+    )
     expect(result.ok).toBe(true)
   })
 
   it('grant on parent 5 does NOT cover Hikvision parent 7 nor its siren 71', () => {
     const scopes = [deviceScope(['5'], ['view', 'create'])]
     for (const orphanId of [7, 71]) {
-      const result = checkScopeAccess(scopes, 'webrtcSession.listStreams', { deviceId: orphanId }, lookupAncestors)
+      const result = checkScopeAccess(
+        scopes,
+        'webrtcSession.listStreams',
+        { deviceId: orphanId },
+        lookupAncestors,
+      )
       expect(result.ok, `device ${orphanId} should NOT be allowed`).toBe(false)
     }
   })
@@ -143,14 +158,24 @@ describe('checkScopeAccess — device scope, accessory inheritance', () => {
 describe('checkScopeAccess — device scope, denial cases', () => {
   it('denies access to a sibling device not in the grant', () => {
     const scopes = [deviceScope(['5'], ['view'])]
-    const result = checkScopeAccess(scopes, 'webrtcSession.listStreams', { deviceId: 9 }, lookupAncestors)
+    const result = checkScopeAccess(
+      scopes,
+      'webrtcSession.listStreams',
+      { deviceId: 9 },
+      lookupAncestors,
+    )
     expect(result.ok).toBe(false)
     if (!result.ok) expect(result.reason).toContain('device=9')
   })
 
   it('denies create-flavoured methods when the grant is view-only', () => {
     const scopes = [deviceScope(['5'], ['view'])]
-    const result = checkScopeAccess(scopes, 'webrtcSession.createSession', { deviceId: 5 }, lookupAncestors)
+    const result = checkScopeAccess(
+      scopes,
+      'webrtcSession.createSession',
+      { deviceId: 5 },
+      lookupAncestors,
+    )
     expect(result.ok).toBe(false)
   })
 
@@ -162,11 +187,16 @@ describe('checkScopeAccess — device scope, denial cases', () => {
   })
 
   it('denies when the user has no scopes at all', () => {
-    const result = checkScopeAccess([], 'webrtcSession.listStreams', { deviceId: 5 }, lookupAncestors)
+    const result = checkScopeAccess(
+      [],
+      'webrtcSession.listStreams',
+      { deviceId: 5 },
+      lookupAncestors,
+    )
     expect(result.ok).toBe(false)
   })
 
-  it('does not leak across system-scope caps — device grant doesn\'t cover `addons.list`', () => {
+  it("does not leak across system-scope caps — device grant doesn't cover `addons.list`", () => {
     const scopes = [deviceScope(['5'], ['view', 'create', 'delete'])]
     // `addons.list` is system-scope; device scope shouldn't help.
     const result = checkScopeAccess(scopes, 'addons.list')
@@ -182,21 +212,36 @@ describe('checkScopeAccess — device scope mixed with other types', () => {
     // Operator hands out a broad viewer access. No `device` scope needed.
     const scopes: TokenScope[] = [{ type: 'category', target: 'device', access: ['view'] }]
     for (const id of [5, 7, 9, 51, 71]) {
-      const result = checkScopeAccess(scopes, 'cameraStreams.getCameraStreams', { deviceId: id }, lookupAncestors)
+      const result = checkScopeAccess(
+        scopes,
+        'cameraStreams.getCameraStreams',
+        { deviceId: id },
+        lookupAncestors,
+      )
       expect(result.ok, `category grant should cover device ${id}`).toBe(true)
     }
   })
 
   it('disjunction — device grant + capability grant compose by union', () => {
     const scopes: TokenScope[] = [
-      deviceScope(['5'], ['view', 'create']),                                    // PTZ, WebRTC on device 5 + accessories
-      { type: 'capability', target: 'camera-streams', access: ['view'] },        // read streams on any device
+      deviceScope(['5'], ['view', 'create']), // PTZ, WebRTC on device 5 + accessories
+      { type: 'capability', target: 'camera-streams', access: ['view'] }, // read streams on any device
     ]
     // Device 9 not in device grant, but capability grant lets streams through:
-    const streamRead = checkScopeAccess(scopes, 'cameraStreams.getCameraStreams', { deviceId: 9 }, lookupAncestors)
+    const streamRead = checkScopeAccess(
+      scopes,
+      'cameraStreams.getCameraStreams',
+      { deviceId: 9 },
+      lookupAncestors,
+    )
     expect(streamRead.ok).toBe(true)
     // But a create-flavoured method on device 9 still blocked:
-    const ptzMove = checkScopeAccess(scopes, 'webrtcSession.createSession', { deviceId: 9 }, lookupAncestors)
+    const ptzMove = checkScopeAccess(
+      scopes,
+      'webrtcSession.createSession',
+      { deviceId: 9 },
+      lookupAncestors,
+    )
     expect(ptzMove.ok).toBe(false)
   })
 })

package/src/api/trpc/__tests__/scope-access.spec.ts

@@ -11,7 +11,11 @@ import { describe, it, expect } from 'vitest'
 import { checkScopeAccess } from '../scope-access.js'
 import type { TokenScope } from '@camstack/types'
 
-function scope(type: 'addon' | 'capability', target: string, access: TokenScope['access']): TokenScope {
+function scope(
+  type: 'addon' | 'capability',
+  target: string,
+  access: TokenScope['access'],
+): TokenScope {
   return { type, target, access }
 }
 
@@ -29,20 +33,14 @@ describe('checkScopeAccess', () => {
   // ── Capability-typed scopes ─────────────────────────────────────
 
   it('accepts when capability scope matches target + access', () => {
-    const result = checkScopeAccess(
-      [scope('capability', 'backup', ['view'])],
-      'backup.list',
-    )
+    const result = checkScopeAccess([scope('capability', 'backup', ['view'])], 'backup.list')
     expect(result.ok).toBe(true)
     if (result.ok) expect(result.access).toBe('view')
   })
 
   it('rejects when capability scope matches target but lacks the required access', () => {
     // backup.trigger requires `create`; the scope only grants `view`.
-    const result = checkScopeAccess(
-      [scope('capability', 'backup', ['view'])],
-      'backup.trigger',
-    )
+    const result = checkScopeAccess([scope('capability', 'backup', ['view'])], 'backup.trigger')
     expect(result.ok).toBe(false)
     if (!result.ok) {
       // Matcher's reason format: "No scope grants <access> on '<cap>' (<scope>-scope cap)"
@@ -93,10 +91,7 @@ describe('checkScopeAccess', () => {
   // ── Reason string contains debug-friendly diff ──────────────────
 
   it('reason string surfaces what the caller actually has', () => {
-    const result = checkScopeAccess(
-      [scope('capability', 'devices', ['view'])],
-      'backup.trigger',
-    )
+    const result = checkScopeAccess([scope('capability', 'devices', ['view'])], 'backup.trigger')
     expect(result.ok).toBe(false)
     if (!result.ok) {
       // Format: "No scope grants create on 'backup' (system-scope cap). Have: capability:devices[view]"

package/src/api/trpc/__tests__/webrtc-session-ua-enrich.spec.ts

@@ -31,7 +31,11 @@ describe('enrichInputWithUserAgent', () => {
     const attribution: BrokerConsumerAttribution = { kind: 'webrtc-browser', label: 'alice' }
     const input = { deviceId: 1, consumerAttribution: attribution }
     const out = enrichInputWithUserAgent(input, 'Chrome/120')
-    expect(out.consumerAttribution).toEqual({ kind: 'webrtc-browser', label: 'alice', userAgent: 'Chrome/120' })
+    expect(out.consumerAttribution).toEqual({
+      kind: 'webrtc-browser',
+      label: 'alice',
+      userAgent: 'Chrome/120',
+    })
     // Immutability: the original attribution is untouched.
     expect(attribution.userAgent).toBeUndefined()
   })
@@ -105,7 +109,11 @@ describe('wrapWebrtcSessionProviderWithRelay — UA enrichment', () => {
     })
 
     const arg = vi.mocked(provider.createSession).mock.calls[0]![0]
-    expect(arg.consumerAttribution).toEqual({ kind: 'webrtc-browser', label: 'bob', userAgent: 'TrustedUA/1' })
+    expect(arg.consumerAttribution).toEqual({
+      kind: 'webrtc-browser',
+      label: 'bob',
+      userAgent: 'TrustedUA/1',
+    })
   })
 
   it('does not alter the call when no UA header is present', async () => {

package/src/api/trpc/cap-mount-helpers.ts

@@ -64,49 +64,60 @@ export function requireDeviceScoped<K extends keyof CapabilityProviderMap>(
   // a function that, on call, looks up the per-device native and
   // forwards the call. No caching — the lookup is cheap (Map.get) and
   // re-doing it per call lets devices come/go without stale refs.
-  const dispatcher = new Proxy({}, {
-    get(_target, prop: string | symbol) {
-      if (typeof prop !== 'string') return undefined
-      return async (input: { deviceId?: number } & Record<string, unknown>) => {
-        const deviceId = input?.deviceId
-        if (typeof deviceId !== 'number') {
-          throw new TRPCError({
-            code: 'BAD_REQUEST',
-            message: `${String(capName)}.${prop}: input must carry numeric "deviceId"`,
-          })
+  const dispatcher = new Proxy(
+    {},
+    {
+      get(_target, prop: string | symbol) {
+        if (typeof prop !== 'string') return undefined
+        return async (input: { deviceId?: number } & Record<string, unknown>) => {
+          const deviceId = input?.deviceId
+          if (typeof deviceId !== 'number') {
+            throw new TRPCError({
+              code: 'BAD_REQUEST',
+              message: `${String(capName)}.${prop}: input must carry numeric "deviceId"`,
+            })
+          }
+          const native = registry.getNativeProvider<Record<string, (i: unknown) => unknown>>(
+            capName,
+            deviceId,
+          )
+          if (!native) {
+            throw new TRPCError({
+              code: 'PRECONDITION_FAILED',
+              message: `Capability "${String(capName)}" not registered for device ${deviceId}`,
+            })
+          }
+          const fn = native[prop]
+          if (typeof fn !== 'function') {
+            throw new TRPCError({
+              code: 'NOT_IMPLEMENTED',
+              message: `Capability "${String(capName)}" provider for device ${deviceId} does not implement "${prop}"`,
+            })
+          }
+          const result = await fn.call(native, input)
+          // Device-property-wiring overlay (read-time): only `getStatus`, and only
+          // when the device has links for this cap (resolveLinkedStatus returns
+          // null otherwise → base result untouched). One in-process singleton hop.
+          if (prop === 'getStatus') {
+            const deviceManager = registry.getSingleton<{
+              resolveLinkedStatus?: (i: {
+                deviceId: number
+                cap: string
+                baseStatus: unknown
+              }) => Promise<Record<string, unknown> | null>
+            }>('device-manager')
+            const overlaid = await deviceManager?.resolveLinkedStatus?.({
+              deviceId,
+              cap: String(capName),
+              baseStatus: result,
+            })
+            if (overlaid != null) return overlaid
+          }
+          return result
         }
-        const native = registry.getNativeProvider<Record<string, (i: unknown) => unknown>>(
-          capName,
-          deviceId,
-        )
-        if (!native) {
-          throw new TRPCError({
-            code: 'PRECONDITION_FAILED',
-            message: `Capability "${String(capName)}" not registered for device ${deviceId}`,
-          })
-        }
-        const fn = native[prop]
-        if (typeof fn !== 'function') {
-          throw new TRPCError({
-            code: 'NOT_IMPLEMENTED',
-            message: `Capability "${String(capName)}" provider for device ${deviceId} does not implement "${prop}"`,
-          })
-        }
-        const result = await fn.call(native, input)
-        // Device-property-wiring overlay (read-time): only `getStatus`, and only
-        // when the device has links for this cap (resolveLinkedStatus returns
-        // null otherwise → base result untouched). One in-process singleton hop.
-        if (prop === 'getStatus') {
-          const deviceManager = registry.getSingleton<{
-            resolveLinkedStatus?: (i: { deviceId: number; cap: string; baseStatus: unknown }) => Promise<Record<string, unknown> | null>
-          }>('device-manager')
-          const overlaid = await deviceManager?.resolveLinkedStatus?.({ deviceId, cap: String(capName), baseStatus: result })
-          if (overlaid != null) return overlaid
-        }
-        return result
-      }
+      },
     },
-  })
+  )
   return dispatcher as unknown as CapabilityProviderMap[K]
 }
 
@@ -114,16 +125,16 @@ export function requireDeviceScoped<K extends keyof CapabilityProviderMap>(
 
 /** A key on T whose value is a function with array / promise-array return. */
 type ArrayReturningMethodKey<T> = {
-  [K in keyof T]: T[K] extends (...args: infer _A) => readonly unknown[] | Promise<readonly unknown[]>
+  [K in keyof T]: T[K] extends (
+    ...args: infer _A
+  ) => readonly unknown[] | Promise<readonly unknown[]>
     ? K
     : never
 }[keyof T]
 
 /** A key on T whose value is a function returning boolean / promise-boolean. */
 type BoolReturningMethodKey<T> = {
-  [K in keyof T]: T[K] extends (...args: infer _A) => boolean | Promise<boolean>
-    ? K
-    : never
+  [K in keyof T]: T[K] extends (...args: infer _A) => boolean | Promise<boolean> ? K : never
 }[keyof T]
 
 /**
@@ -131,10 +142,7 @@ type BoolReturningMethodKey<T> = {
  * and concatenates their array results. Useful for contribution-style
  * caps where each provider adds to a shared pool.
  */
-export function concatCollection<
-  T extends object,
-  K extends ArrayReturningMethodKey<T>,
->(
+export function concatCollection<T extends object, K extends ArrayReturningMethodKey<T>>(
   providers: readonly T[],
   method: K,
 ): T[K] extends (...args: infer A) => readonly (infer R)[] | Promise<readonly (infer R)[]>
@@ -158,7 +166,9 @@ export function concatCollection<
   // matches the declared generic conditional return; TypeScript's
   // conditional types can't be narrowed inside a function body, so this
   // boundary assertion is required.
-  return wrapper as T[K] extends (...args: infer A) => readonly (infer R)[] | Promise<readonly (infer R)[]>
+  return wrapper as T[K] extends (
+    ...args: infer A
+  ) => readonly (infer R)[] | Promise<readonly (infer R)[]>
     ? (...args: A) => Promise<readonly R[]>
     : never
 }
@@ -209,10 +219,7 @@ export function firstSupported<
  * Convenience for collection caps that want a "logical OR of probes"
  * (e.g. `supportsDevice` across every snapshot-provider).
  */
-export function anySupports<
-  T extends object,
-  K extends BoolReturningMethodKey<T>,
->(
+export function anySupports<T extends object, K extends BoolReturningMethodKey<T>>(
   providers: readonly T[],
   probe: K,
 ): T[K] extends (...args: infer A) => boolean | Promise<boolean>
@@ -225,7 +232,9 @@ export function anySupports<
       try {
         const result: unknown = await Reflect.apply(member, p, args)
         if (result === true) return true
-      } catch { /* next */ }
+      } catch {
+        /* next */
+      }
     }
     return false
   }

package/src/api/trpc/cap-route-error-formatter.ts

@@ -38,7 +38,12 @@ export interface AugmentedErrorShape extends DefaultErrorShape {
 // ---------------------------------------------------------------------------
 
 /** Known CapRouteError reason values — used as a runtime safety rail. */
-const KNOWN_REASONS = new Set<string>(['no-provider', 'node-offline', 'cap-unknown', 'transport-failed'])
+const KNOWN_REASONS = new Set<string>([
+  'no-provider',
+  'node-offline',
+  'cap-unknown',
+  'transport-failed',
+])
 
 /** Narrows a plain string to the `CapRouteError['reason']` union. */
 function isCapRouteReason(r: string): r is CapRouteError['reason'] {
@@ -101,14 +106,17 @@ function extractCapRouteError(err: unknown): CapRouteError | null {
         const capName: string = typeof rawCapName === 'string' ? rawCapName : '(unknown)'
 
         // Build a minimal object with the same shape — enough for the formatter.
-        const synthetic = Object.assign(new CapRouteError(capName, undefined, {
-          reason,
-          rejected,
-          ...(typeof nodeId === 'string' ? { nodeId } : {}),
-        }), {
-          // Override message from the original if available
-          message: typeof message === 'string' ? message : '(duck-typed CapRouteError)',
-        })
+        const synthetic = Object.assign(
+          new CapRouteError(capName, undefined, {
+            reason,
+            rejected,
+            ...(typeof nodeId === 'string' ? { nodeId } : {}),
+          }),
+          {
+            // Override message from the original if available
+            message: typeof message === 'string' ? message : '(duck-typed CapRouteError)',
+          },
+        )
         return synthetic
       }
     }

package/src/api/trpc/core-cap-bridge.ts

@@ -73,7 +73,9 @@ function isProcedureNode(value: unknown): value is ProcedureNode {
   // stores the procedure function directly, not a wrapper object.
   if (value === null || (typeof value !== 'object' && typeof value !== 'function')) return false
   const def: unknown = (value as { _def?: unknown })._def
-  return def !== null && typeof def === 'object' && (def as { procedure?: unknown }).procedure === true
+  return (
+    def !== null && typeof def === 'object' && (def as { procedure?: unknown }).procedure === true
+  )
 }
 
 interface DiscoveredProcedure {