npm - @camstack/system - Versions diffs - 1.0.2 - Mend

@camstack/system 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

package/dist/addon/addon-api-factory.d.ts +35 -0
package/dist/addon-routes/addon-route-registry.d.ts +37 -0
package/dist/addon-runner.js +599 -0
package/dist/addon-runner.mjs +597 -0
package/dist/auth/api-key-manager.d.ts +26 -0
package/dist/auth/auth-manager.d.ts +109 -0
package/dist/auth/parse-record.d.ts +18 -0
package/dist/auth/scope-matcher.d.ts +7 -0
package/dist/auth/scoped-token-manager.d.ts +40 -0
package/dist/auth/totp-manager.d.ts +51 -0
package/dist/auth/user-manager.d.ts +34 -0
package/dist/builtins/addon-pages-aggregator/addon-pages-aggregator.addon.d.ts +53 -0
package/dist/builtins/addon-pages-aggregator/addon-pages-aggregator.addon.js +259 -0
package/dist/builtins/addon-pages-aggregator/addon-pages-aggregator.addon.mjs +251 -0
package/dist/builtins/addon-pages-aggregator/dedupe-pages.d.ts +6 -0
package/dist/builtins/addon-pages-aggregator/index.d.ts +1 -0
package/dist/builtins/addon-pages-aggregator/index.js +8 -0
package/dist/builtins/addon-pages-aggregator/index.mjs +2 -0
package/dist/builtins/addon-widgets-aggregator/addon-widgets-aggregator.addon.d.ts +47 -0
package/dist/builtins/addon-widgets-aggregator/addon-widgets-aggregator.addon.js +228 -0
package/dist/builtins/addon-widgets-aggregator/addon-widgets-aggregator.addon.mjs +220 -0
package/dist/builtins/addon-widgets-aggregator/index.d.ts +1 -0
package/dist/builtins/addon-widgets-aggregator/index.js +8 -0
package/dist/builtins/addon-widgets-aggregator/index.mjs +2 -0
package/dist/builtins/alerts/alerts.addon.d.ts +81 -0
package/dist/builtins/alerts/alerts.addon.js +601 -0
package/dist/builtins/alerts/alerts.addon.mjs +595 -0
package/dist/builtins/alerts/index.d.ts +1 -0
package/dist/builtins/alerts/index.js +4 -0
package/dist/builtins/alerts/index.mjs +2 -0
package/dist/builtins/backup-orchestrator/backup-orchestrator.addon.d.ts +147 -0
package/dist/builtins/backup-orchestrator/backup-orchestrator.addon.js +2229 -0
package/dist/builtins/backup-orchestrator/backup-orchestrator.addon.mjs +2220 -0
package/dist/builtins/backup-orchestrator/cron-helpers.d.ts +23 -0
package/dist/builtins/backup-orchestrator/destination-policy.d.ts +72 -0
package/dist/builtins/backup-orchestrator/download-helpers.d.ts +12 -0
package/dist/builtins/backup-orchestrator/index.d.ts +2 -0
package/dist/builtins/backup-orchestrator/index.js +8 -0
package/dist/builtins/backup-orchestrator/index.mjs +2 -0
package/dist/builtins/backup-orchestrator/manifest-store.d.ts +77 -0
package/dist/builtins/console-logging/console-destination.d.ts +13 -0
package/dist/builtins/console-logging/console-logging.addon.d.ts +25 -0
package/dist/builtins/console-logging/index.d.ts +3 -0
package/dist/builtins/console-logging/index.js +104 -0
package/dist/builtins/console-logging/index.mjs +95 -0
package/dist/builtins/device-manager/device-config-contribution.d.ts +32 -0
package/dist/builtins/device-manager/device-event-propagator.d.ts +26 -0
package/dist/builtins/device-manager/device-link-overlay.d.ts +23 -0
package/dist/builtins/device-manager/device-link-resolver.d.ts +15 -0
package/dist/builtins/device-manager/device-manager.addon.d.ts +452 -0
package/dist/builtins/device-manager/device-manager.addon.js +3299 -0
package/dist/builtins/device-manager/device-manager.addon.mjs +3292 -0
package/dist/builtins/device-manager/index.d.ts +2 -0
package/dist/builtins/device-manager/index.js +8 -0
package/dist/builtins/device-manager/index.mjs +2 -0
package/dist/builtins/hub-forwarder/hub-forwarder-destination.d.ts +44 -0
package/dist/builtins/hub-forwarder/hub-forwarder.addon.d.ts +15 -0
package/dist/builtins/hub-forwarder/index.d.ts +3 -0
package/dist/builtins/hub-forwarder/index.js +154 -0
package/dist/builtins/hub-forwarder/index.mjs +145 -0
package/dist/builtins/local-auth/auth-schema.d.ts +26 -0
package/dist/builtins/local-auth/index.d.ts +1 -0
package/dist/builtins/local-auth/index.js +4 -0
package/dist/builtins/local-auth/index.mjs +2 -0
package/dist/builtins/local-auth/local-auth.addon.d.ts +18 -0
package/dist/builtins/local-auth/local-auth.addon.js +8094 -0
package/dist/builtins/local-auth/local-auth.addon.mjs +8063 -0
package/dist/builtins/local-auth/oauth-grants.d.ts +45 -0
package/dist/builtins/local-auth/oauth-session-manager.d.ts +50 -0
package/dist/builtins/local-network/index.d.ts +2 -0
package/dist/builtins/local-network/index.js +10 -0
package/dist/builtins/local-network/index.mjs +2 -0
package/dist/builtins/local-network/local-network.addon.d.ts +150 -0
package/dist/builtins/local-network/local-network.addon.js +489 -0
package/dist/builtins/local-network/local-network.addon.mjs +477 -0
package/dist/builtins/native-metrics/index.d.ts +2 -0
package/dist/builtins/native-metrics/native-metrics-provider.d.ts +48 -0
package/dist/builtins/native-metrics/native-metrics.addon.d.ts +73 -0
package/dist/builtins/native-metrics/native-metrics.addon.js +922 -0
package/dist/builtins/native-metrics/native-metrics.addon.mjs +914 -0
package/dist/builtins/platform-probe/hardware-decode-accel-probe.d.ts +37 -0
package/dist/builtins/platform-probe/hardware-encoder-probe.d.ts +13 -0
package/dist/builtins/platform-probe/index.d.ts +22 -0
package/dist/builtins/platform-probe/index.js +834 -0
package/dist/builtins/platform-probe/index.mjs +822 -0
package/dist/builtins/platform-probe/inference-config-resolver.d.ts +29 -0
package/dist/builtins/platform-probe/intel-accelerators.d.ts +11 -0
package/dist/builtins/platform-probe/platform-scorer.d.ts +30 -0
package/dist/builtins/platform-probe/runtime-packages.d.ts +6 -0
package/dist/builtins/remote-access-orchestrator/enabled-providers-reconcile.d.ts +96 -0
package/dist/builtins/remote-access-orchestrator/index.d.ts +1 -0
package/dist/builtins/remote-access-orchestrator/index.js +8 -0
package/dist/builtins/remote-access-orchestrator/index.mjs +2 -0
package/dist/builtins/remote-access-orchestrator/remote-access-orchestrator.addon.d.ts +40 -0
package/dist/builtins/remote-access-orchestrator/remote-access-orchestrator.addon.js +214 -0
package/dist/builtins/remote-access-orchestrator/remote-access-orchestrator.addon.mjs +208 -0
package/dist/builtins/shared/settle-sources.d.ts +22 -0
package/dist/builtins/snapshot/index.d.ts +2 -0
package/dist/builtins/snapshot/index.js +494 -0
package/dist/builtins/snapshot/index.mjs +488 -0
package/dist/builtins/snapshot/snapshot.addon.d.ts +120 -0
package/dist/builtins/sqlite-storage/config-store.d.ts +8 -0
package/dist/builtins/sqlite-storage/device-store.d.ts +23 -0
package/dist/builtins/sqlite-storage/filesystem-browse-provider.d.ts +25 -0
package/dist/builtins/sqlite-storage/filesystem-storage-provider.d.ts +83 -0
package/dist/builtins/sqlite-storage/filesystem-storage.addon.d.ts +32 -0
package/dist/builtins/sqlite-storage/filesystem-storage.addon.js +396 -0
package/dist/builtins/sqlite-storage/filesystem-storage.addon.mjs +388 -0
package/dist/builtins/sqlite-storage/index.d.ts +8 -0
package/dist/builtins/sqlite-storage/index.js +62 -0
package/dist/builtins/sqlite-storage/index.mjs +49 -0
package/dist/builtins/sqlite-storage/integration-registry.d.ts +27 -0
package/dist/builtins/sqlite-storage/path-guard.d.ts +4 -0
package/dist/builtins/sqlite-storage/sqlite-settings-backend.d.ts +102 -0
package/dist/builtins/sqlite-storage/sqlite-settings.addon.d.ts +14 -0
package/dist/builtins/sqlite-storage/sqlite-settings.addon.js +644 -0
package/dist/builtins/sqlite-storage/sqlite-settings.addon.mjs +636 -0
package/dist/builtins/storage-orchestrator/index.d.ts +6 -0
package/dist/builtins/storage-orchestrator/index.js +10 -0
package/dist/builtins/storage-orchestrator/index.mjs +2 -0
package/dist/builtins/storage-orchestrator/location-store.d.ts +49 -0
package/dist/builtins/storage-orchestrator/provider-discovery.d.ts +10 -0
package/dist/builtins/storage-orchestrator/storage-orchestrator.addon.d.ts +103 -0
package/dist/builtins/storage-orchestrator/storage-orchestrator.addon.js +1138 -0
package/dist/builtins/storage-orchestrator/storage-orchestrator.addon.mjs +1128 -0
package/dist/builtins/storage-orchestrator/storage-orchestrator.service.d.ts +236 -0
package/dist/builtins/storage-orchestrator/storage-pressure-manager.d.ts +38 -0
package/dist/builtins/system-backup/system-backup.service.d.ts +137 -0
package/dist/builtins/system-config/index.d.ts +1 -0
package/dist/builtins/system-config/index.js +8 -0
package/dist/builtins/system-config/index.mjs +2 -0
package/dist/builtins/system-config/system-config.addon.d.ts +10 -0
package/dist/builtins/system-config/system-config.addon.js +232 -0
package/dist/builtins/system-config/system-config.addon.mjs +226 -0
package/dist/builtins/winston-logging/index.d.ts +3 -0
package/dist/builtins/winston-logging/index.js +156 -0
package/dist/builtins/winston-logging/index.mjs +144 -0
package/dist/builtins/winston-logging/winston-destination.d.ts +21 -0
package/dist/builtins/winston-logging/winston-logging.addon.d.ts +19 -0
package/dist/chunk-CNf5ZN-e.mjs +37 -0
package/dist/chunk-Cek0wNdY.js +64 -0
package/dist/download/model-download-service.d.ts +41 -0
package/dist/download/model-downloader.d.ts +31 -0
package/dist/events/event-bus.d.ts +10 -0
package/dist/events/system-event-bus.d.ts +14 -0
package/dist/feature/feature-manager.d.ts +11 -0
package/dist/formatter-B7qW8bPJ.mjs +162 -0
package/dist/formatter-DqAKDlvN.js +167 -0
package/dist/http/authenticated-file-server.d.ts +53 -0
package/dist/http/data-plane-registry.d.ts +23 -0
package/dist/http/file-data-plane.d.ts +10 -0
package/dist/http/reverse-proxy.d.ts +15 -0
package/dist/index.d.ts +82 -0
package/dist/index.js +93485 -0
package/dist/index.mjs +93179 -0
package/dist/intel-accelerators-Gg0P5mnl.js +20 -0
package/dist/intel-accelerators-hGgpZ0pX.mjs +19 -0
package/dist/kernel/addon-class-resolver.d.ts +4 -0
package/dist/kernel/addon-engine-manager.d.ts +22 -0
package/dist/kernel/addon-health-monitor.d.ts +154 -0
package/dist/kernel/addon-installer.d.ts +208 -0
package/dist/kernel/addon-loader.d.ts +106 -0
package/dist/kernel/addon-manifest.d.ts +77 -0
package/dist/kernel/capability-handle.d.ts +46 -0
package/dist/kernel/capability-registry.d.ts +412 -0
package/dist/kernel/config-manager.d.ts +212 -0
package/dist/kernel/config-schema.d.ts +93 -0
package/dist/kernel/custom-action-registry.d.ts +23 -0
package/dist/kernel/deps/addon-deps-manager.d.ts +19 -0
package/dist/kernel/deps/manifest-native-deps.d.ts +25 -0
package/dist/kernel/deps/manifest-python-deps.d.ts +20 -0
package/dist/kernel/device-registry.d.ts +29 -0
package/dist/kernel/fs-utils.d.ts +41 -0
package/dist/kernel/hwaccel/hwaccel-resolver.d.ts +19 -0
package/dist/kernel/hwaccel/hwaccel-service.d.ts +4 -0
package/dist/kernel/index.d.ts +74 -0
package/dist/kernel/infra-capabilities.d.ts +13 -0
package/dist/kernel/moleculer/addon-context-factory.d.ts +91 -0
package/dist/kernel/moleculer/addon-data-plane-facility.d.ts +19 -0
package/dist/kernel/moleculer/addon-runner.d.ts +1 -0
package/dist/kernel/moleculer/addon-service-factory.d.ts +50 -0
package/dist/kernel/moleculer/broker-factory.d.ts +50 -0
package/dist/kernel/moleculer/cap-usage-registry.d.ts +46 -0
package/dist/kernel/moleculer/capabilities-access.d.ts +21 -0
package/dist/kernel/moleculer/child-addon-call-dispatch.d.ts +46 -0
package/dist/kernel/moleculer/child-cap-dispatch.d.ts +20 -0
package/dist/kernel/moleculer/cluster-secret.d.ts +15 -0
package/dist/kernel/moleculer/core-cap-service.d.ts +50 -0
package/dist/kernel/moleculer/crash-supervisor.d.ts +50 -0
package/dist/kernel/moleculer/device-cap-proxy.d.ts +79 -0
package/dist/kernel/moleculer/event-bus-core.d.ts +53 -0
package/dist/kernel/moleculer/event-bus.d.ts +53 -0
package/dist/kernel/moleculer/hub-log-forwarder.d.ts +36 -0
package/dist/kernel/moleculer/hub-service.d.ts +35 -0
package/dist/kernel/moleculer/node-registry.d.ts +126 -0
package/dist/kernel/moleculer/process-context.d.ts +4 -0
package/dist/kernel/moleculer/process-service.d.ts +72 -0
package/dist/kernel/moleculer/provider-registry.d.ts +28 -0
package/dist/kernel/moleculer/readiness-context.d.ts +62 -0
package/dist/kernel/moleculer/readiness-service.d.ts +7 -0
package/dist/kernel/moleculer/register-node-client.d.ts +35 -0
package/dist/kernel/moleculer/remote-logger.d.ts +43 -0
package/dist/kernel/moleculer/resilient-cap-call.d.ts +28 -0
package/dist/kernel/moleculer/stream-probe-service.d.ts +9 -0
package/dist/kernel/moleculer/trpc-links.d.ts +189 -0
package/dist/kernel/moleculer/typed-array-serde.d.ts +25 -0
package/dist/kernel/moleculer/worker-device-restore.d.ts +10 -0
package/dist/kernel/provider-kind-drift.d.ts +12 -0
package/dist/kernel/restart-coordinator.d.ts +90 -0
package/dist/kernel/storage-location-registry.d.ts +40 -0
package/dist/kernel/transport/cap-action-name.d.ts +100 -0
package/dist/kernel/transport/cap-route-resolver.d.ts +148 -0
package/dist/kernel/transport/cap-route.d.ts +148 -0
package/dist/kernel/transport/child-cap-protocol.d.ts +136 -0
package/dist/kernel/transport/create-local-transport.d.ts +7 -0
package/dist/kernel/transport/frame-codec.d.ts +7 -0
package/dist/kernel/transport/index.d.ts +27 -0
package/dist/kernel/transport/local-child-client.d.ts +136 -0
package/dist/kernel/transport/local-child-registry.d.ts +179 -0
package/dist/kernel/transport/local-endpoint-path.d.ts +6 -0
package/dist/kernel/transport/local-transport.d.ts +46 -0
package/dist/kernel/transport/parent-unowned-call.d.ts +75 -0
package/dist/kernel/transport/socket-channel.d.ts +27 -0
package/dist/kernel/transport/uds-event-bridge.d.ts +36 -0
package/dist/kernel/transport/uds-event-bus.d.ts +22 -0
package/dist/kernel/transport/uds-local-transport.d.ts +18 -0
package/dist/kernel/transport/uds-log-ingest.d.ts +28 -0
package/dist/kernel/transport/uds-logger.d.ts +44 -0
package/dist/kernel/utils/ring-buffer.d.ts +15 -0
package/dist/kernel/workspace-detect.d.ts +9 -0
package/dist/lifecycle/lifecycle-state-machine.d.ts +28 -0
package/dist/logging/formatter.d.ts +30 -0
package/dist/logging/log-manager.d.ts +54 -0
package/dist/logging/log-ring-buffer.d.ts +47 -0
package/dist/logging/partitioned-log-buffer.d.ts +35 -0
package/dist/logging/scoped-logger.d.ts +17 -0
package/dist/main-DNnMW7Z2.js +9983 -0
package/dist/main-rtjOwPBR.mjs +9976 -0
package/dist/manifest-python-deps-D1DbAQEv.js +6724 -0
package/dist/manifest-python-deps-DZsKTbs1.mjs +6315 -0
package/dist/network/network-quality.d.ts +11 -0
package/dist/notification/notification-service.d.ts +37 -0
package/dist/notification/toast-service.d.ts +22 -0
package/dist/pipeline/engine-manager-resolver.d.ts +15 -0
package/dist/pipeline/pipeline-runner.d.ts +8 -0
package/dist/pipeline/pipeline-validator.d.ts +13 -0
package/dist/process/resource-monitor.d.ts +11 -0
package/dist/python/python-env-manager.d.ts +12 -0
package/dist/repl/interfaces.d.ts +31 -0
package/dist/repl/repl-engine.d.ts +8 -0
package/dist/resource-monitor-ClDGFyf6.mjs +57 -0
package/dist/resource-monitor-IIEanuJt.js +74 -0
package/dist/settle-sources-Bhsy57y-.js +38 -0
package/dist/settle-sources-CDtNC8ub.mjs +33 -0
package/dist/storage/fs-storage-backend.d.ts +40 -0
package/dist/storage/storage-location-manager.d.ts +23 -0
package/dist/storage/storage-manager.d.ts +83 -0
package/dist/tar-BgAEMRBR.js +5434 -0
package/dist/tar-ByMOPNM0.mjs +5429 -0
package/dist/tls/cert-manager.d.ts +26 -0
package/dist/tls/index.d.ts +1 -0
package/package.json +343 -0

package/dist/builtins/local-network/local-network.addon.js ADDED Viewed

@@ -0,0 +1,489 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const require_chunk = require("../../chunk-Cek0wNdY.js");
+let _camstack_types = require("@camstack/types");
+let node_os = require("node:os");
+node_os = require_chunk.__toESM(node_os);
+//#region src/builtins/local-network/local-network.addon.ts
+/**
+* local-network — hub-only system cap implementation.
+*
+* Wraps `os.networkInterfaces()` with:
+*   - Coarse kind classification (lan/wifi/docker/vpn/loopback/other)
+*   - Auto-select heuristic for the outbound interface
+*   - Periodic poll (30s) + diff to emit `LocalNetworkChanged` events
+*     so subscribers can react to DHCP renewals, VPN connect, etc.
+*   - `getConnectionEndpoints()` — ranked URL list for SDK clients
+*
+* Does NOT poll the cloudflare-tunnel state directly; the public
+* tunnel hostname (if any) is provided by `network-access` consumers
+* via `NetworkTunnelStarted/Stopped` events on the bus, so the cap
+* stays free of cross-addon dependencies.
+*/
+/**
+* Forked `mesh-network` provider addon ids `local-network` pull-reconciles
+* against. `mesh-network` is a COLLECTION cap, so a hub builtin's local
+* registry can't enumerate forked providers — we resolve each by addonId
+* via `getProviderByAddon`. New mesh providers (Headscale, ZeroTier) add
+* their id here.
+*/
+var MESH_PROVIDER_ADDON_IDS = ["tailscale-client"];
+var POLL_INTERVAL_MS = 3e4;
+var LocalNetworkAddon = class extends _camstack_types.BaseAddon {
+	pollTimer = null;
+	lastSnapshotKey = "";
+	/** Optional public hostname tracked from `NetworkTunnelStarted`/
+	*  `Stopped` events on the bus. */
+	publicHostname = "";
+	/**
+	* Mesh-reachable endpoint (Tailscale MagicDNS / 100.x), learned from
+	* the `MeshNetworkChanged` event-tail and refreshed by a pull-reconcile
+	* before each `getConnectionEndpoints` build (events are lossy — D8).
+	* `null` when no mesh provider is joined.
+	*/
+	meshEndpoint = null;
+	constructor() {
+		super({
+			allowedAddresses: [],
+			bootSeeded: false
+		});
+	}
+	async onInitialize() {
+		if (!this.config.bootSeeded) {
+			const seed = autoSeedAllowlist(this.enumerate());
+			await this.updateGlobalSettings({
+				allowedAddresses: seed,
+				bootSeeded: true
+			});
+			this.ctx.logger.info("local-network: first-boot auto-seed", { meta: { addresses: seed } });
+		}
+		const provider = {
+			list: async () => ({
+				interfaces: this.enumerate(),
+				probedAt: Date.now()
+			}),
+			getPreferred: async () => pickPreferred(applyAllowlist(this.enumerate(), this.config.allowedAddresses)),
+			getConnectionEndpoints: async (input) => {
+				const includeLoopback = input.includeLoopback ?? true;
+				const ipv4Only = input.ipv4Only ?? false;
+				const scheme = input.scheme ?? "http";
+				const allow = this.config.allowedAddresses;
+				const interfaces = applyAllowlist(this.enumerate(), allow);
+				await this.reconcileMeshEndpoint();
+				return { endpoints: buildEndpoints(interfaces, input.port, includeLoopback, ipv4Only, this.publicHostname, scheme, this.meshEndpoint) };
+			},
+			getAllowedAddresses: async () => ({ addresses: this.config.allowedAddresses }),
+			resetAllowlistToBestMatch: async () => {
+				const seed = autoSeedAllowlist(this.enumerate());
+				await this.updateGlobalSettings({
+					allowedAddresses: seed,
+					bootSeeded: true
+				});
+				this.ctx.logger.info("local-network: allowlist reset to auto-seed", { meta: { count: seed.length } });
+				return { addresses: seed };
+			},
+			setAllowedAddresses: async ({ addresses }) => {
+				const known = new Set(this.enumerate().map((i) => i.address));
+				const cleaned = [...new Set(addresses)].filter((a) => known.has(a));
+				await this.updateGlobalSettings({ allowedAddresses: cleaned });
+				this.ctx.logger.info("local-network: allowlist updated", { meta: {
+					count: cleaned.length,
+					dropped: addresses.length - cleaned.length
+				} });
+				return { success: true };
+			}
+		};
+		this.lastSnapshotKey = snapshotKey(this.enumerate());
+		this.pollTimer = setInterval(() => this.detectChanges(), POLL_INTERVAL_MS);
+		this.pollTimer.unref?.();
+		this.ctx.eventBus?.subscribe({ category: _camstack_types.EventCategory.NetworkTunnelStarted }, (event) => {
+			const data = event.data ?? {};
+			if (typeof data.url === "string") try {
+				const hostname = new URL(data.url).hostname;
+				if (hostname && !hostname.endsWith(".placeholder") && !hostname.startsWith("pending.")) this.setPublicHostname(hostname);
+			} catch {}
+		});
+		this.ctx.eventBus?.subscribe({ category: _camstack_types.EventCategory.NetworkTunnelStopped }, () => this.setPublicHostname(""));
+		this.ctx.eventBus?.subscribe({ category: _camstack_types.EventCategory.MeshNetworkChanged }, (event) => {
+			const data = event.data ?? {};
+			const host = typeof data.host === "string" ? data.host : "";
+			const port = typeof data.port === "number" ? data.port : 0;
+			this.setMeshEndpoint(host && port > 0 ? {
+				host,
+				port
+			} : null);
+		});
+		this.ctx.logger.info("local-network initialized", { meta: { interfaceCount: this.enumerate().length } });
+		return [{
+			capability: _camstack_types.localNetworkCapability,
+			provider
+		}];
+	}
+	async onShutdown() {
+		if (this.pollTimer) {
+			clearInterval(this.pollTimer);
+			this.pollTimer = null;
+		}
+	}
+	/**
+	* Other hub addons (e.g. cloudflare-tunnel) signal the active public
+	* FQDN by emitting `NetworkTunnelStarted` on the bus — handled in
+	* `onInitialize`. This setter exists for tests + future direct
+	* callers; cleared by passing an empty string.
+	*/
+	setPublicHostname(hostname) {
+		if (this.publicHostname === hostname) return;
+		this.publicHostname = hostname;
+		this.ctx.logger.info("local-network: public hostname updated", { meta: { hostname: hostname || "(cleared)" } });
+	}
+	/**
+	* Replace the cached mesh endpoint. Set from the `MeshNetworkChanged`
+	* event-tail + the pull-reconcile; exposed for tests + future direct
+	* callers. Pass `null` to clear (mesh left / no provider joined).
+	*/
+	setMeshEndpoint(endpoint) {
+		const prev = this.meshEndpoint;
+		if (prev?.host === endpoint?.host && prev?.port === endpoint?.port) return;
+		this.meshEndpoint = endpoint;
+		this.ctx.logger.info("local-network: mesh endpoint updated", { meta: {
+			host: endpoint?.host || "(cleared)",
+			port: endpoint?.port ?? 0
+		} });
+	}
+	/**
+	* Refresh the cached mesh endpoint from the authoritative forked
+	* `mesh-network` provider(s). `mesh-network` is a COLLECTION cap on a
+	* forked addon, so the hub builtin can't see it via `ctx.api` /
+	* `getCollectionEntries` — we resolve each provider by addonId through
+	* the hub-side `capabilityRegistry.getProviderByAddon` resolver (the
+	* same mechanism `device-manager` uses for cross-process exporter
+	* contributions). Best-effort: a provider that's absent / errors /
+	* not joined simply contributes nothing.
+	*/
+	async reconcileMeshEndpoint() {
+		const registry = this.ctx.kernel.capabilityRegistry;
+		if (!registry) return;
+		for (const addonId of MESH_PROVIDER_ADDON_IDS) {
+			const provider = registry.getProviderByAddon("mesh-network", addonId);
+			if (!provider) continue;
+			try {
+				const status = await provider.getStatus();
+				if (!status.joined) {
+					this.setMeshEndpoint(null);
+					continue;
+				}
+				const host = status.magicDnsHostname || status.meshIp;
+				const port = (status.endpoints.find((e) => e.id === "magicdns") ?? status.endpoints.find((e) => e.id === "mesh-ipv4"))?.port ?? 0;
+				this.setMeshEndpoint(host && port > 0 ? {
+					host,
+					port
+				} : null);
+				return;
+			} catch (err) {
+				this.ctx.logger.debug("local-network: mesh reconcile skipped", { meta: {
+					addonId,
+					error: err instanceof Error ? err.message : String(err)
+				} });
+			}
+		}
+	}
+	enumerate() {
+		return enumerateOsInterfaces(node_os.networkInterfaces());
+	}
+	detectChanges() {
+		const interfaces = this.enumerate();
+		const key = snapshotKey(interfaces);
+		if (key === this.lastSnapshotKey) return;
+		this.ctx.logger.info("local-network: interface set changed", { meta: {
+			count: interfaces.length,
+			key
+		} });
+		this.lastSnapshotKey = key;
+		this.ctx.eventBus?.emit({
+			id: `local-network-changed-${Date.now()}`,
+			timestamp: /* @__PURE__ */ new Date(),
+			source: {
+				type: "core",
+				id: "local-network"
+			},
+			category: _camstack_types.EventCategory.LocalNetworkChanged,
+			data: { count: interfaces.length }
+		});
+	}
+};
+function enumerateOsInterfaces(ifaces) {
+	const raw = [];
+	for (const [name, addrs] of Object.entries(ifaces)) {
+		if (!addrs) continue;
+		for (const a of addrs) {
+			if (a.family !== "IPv4" && a.family !== "IPv6") continue;
+			raw.push({
+				name,
+				family: a.family,
+				address: a.address,
+				cidr: a.cidr ?? "",
+				netmask: a.netmask,
+				internal: a.internal,
+				mac: a.mac
+			});
+		}
+	}
+	const classified = raw.map((r) => {
+		const kind = classifyKind(r.name, r.address, r.internal);
+		const reachableKind = kind === "lan" || kind === "wifi";
+		const plausible = !r.internal && reachableKind && isPlausibleAutoSeed(r.address, r.family);
+		const plausibleReason = plausible ? "" : explainNonPlausible({
+			kind,
+			family: r.family,
+			address: r.address,
+			internal: r.internal
+		});
+		return {
+			name: r.name,
+			family: r.family,
+			address: r.address,
+			cidr: r.cidr,
+			netmask: r.netmask,
+			internal: r.internal,
+			mac: r.mac,
+			kind,
+			preferred: false,
+			plausible,
+			plausibleReason
+		};
+	});
+	const preferred = pickPreferred(classified);
+	return classified.map((iface) => ({
+		...iface,
+		preferred: preferred !== null && iface.name === preferred.name && iface.address === preferred.address
+	}));
+}
+/**
+* Filter the interface list by the operator's allowlist. Empty
+* allowlist = no-op (every interface passes); otherwise only entries
+* whose `address` matches an allowlist entry remain. Loopback always
+* survives so the SDK keeps `127.0.0.1` as the last-resort fallback.
+*/
+function applyAllowlist(interfaces, allowed) {
+	if (allowed.length === 0) return interfaces;
+	const set = new Set(allowed);
+	return interfaces.filter((i) => i.kind === "loopback" || set.has(i.address));
+}
+/**
+* Rank interfaces and pick the auto-selected outbound one. See the
+* cap's `getPreferred` doc for the heuristic.
+*/
+function pickPreferred(interfaces) {
+	const candidates = interfaces.filter((i) => !i.internal && i.family === "IPv4" && !i.address.startsWith("169.254.") && i.kind !== "loopback");
+	if (candidates.length === 0) return null;
+	const kindRank = {
+		lan: 1,
+		wifi: 2,
+		vpn: 3,
+		docker: 4,
+		other: 5,
+		loopback: 99
+	};
+	return [...candidates].toSorted((a, b) => {
+		const ra = kindRank[a.kind];
+		const rb = kindRank[b.kind];
+		if (ra !== rb) return ra - rb;
+		return prefixLen(b.netmask) - prefixLen(a.netmask);
+	})[0] ?? null;
+}
+/**
+* Build the ordered candidate URL list. Priority schema:
+*   0       — preferred LAN IPv4
+*   10+     — other LAN IPv4
+*   100     — public tunnel hostname (always HTTPS)
+*   150     — mesh endpoint (Tailscale MagicDNS / 100.x, always HTTPS)
+*   200+    — LAN IPv6
+*   1000    — loopback (last resort)
+*
+* The mesh endpoint ranks just below a true public funnel (a Funnel is
+* reachable by ANY client; the mesh needs the peer on the same tailnet)
+* but above the IPv6 / loopback fallbacks — giving remote, mesh-joined
+* clients a working candidate when no public tunnel is up.
+*
+* `scheme` controls LAN + loopback URLs. Browsers running over HTTPS
+* block `http://` candidates as mixed content, so callers loaded over
+* HTTPS should pass `scheme: 'https'` even when probing a LAN IP — the
+* hub's cert manager already issues a SAN-multi cert covering local
+* interfaces. The public tunnel + mesh endpoint always emit `https://`
+* (the tunnel edge / the hub itself terminates TLS).
+*/
+function buildEndpoints(interfaces, port, includeLoopback, ipv4Only, publicHostname, scheme = "http", meshEndpoint = null) {
+	const out = [];
+	let priority = 0;
+	const preferred = pickPreferred(interfaces);
+	const emit = (iface, kind, label, baseUrl, pri) => {
+		out.push({
+			label,
+			baseUrl,
+			kind,
+			interfaceKind: iface.kind,
+			plausible: iface.plausible,
+			plausibleReason: iface.plausibleReason,
+			priority: pri
+		});
+	};
+	if (preferred) emit(preferred, "lan-ipv4", `${formatKind(preferred.kind)} — ${preferred.name}`, `${scheme}://${preferred.address}:${port}`, priority++);
+	for (const iface of interfaces) {
+		if (iface.internal || iface.family !== "IPv4") continue;
+		if (iface.kind === "loopback") continue;
+		if (preferred && iface.name === preferred.name && iface.address === preferred.address) continue;
+		if (iface.address.startsWith("169.254.")) continue;
+		emit(iface, "lan-ipv4", `${formatKind(iface.kind)} — ${iface.name}`, `${scheme}://${iface.address}:${port}`, 10 + priority++);
+	}
+	if (publicHostname) out.push({
+		label: "Public tunnel",
+		baseUrl: `https://${publicHostname}`,
+		kind: "public",
+		interfaceKind: "public",
+		plausible: true,
+		plausibleReason: "",
+		priority: 100
+	});
+	if (meshEndpoint && meshEndpoint.host) out.push({
+		label: "Mesh (Tailscale)",
+		baseUrl: `https://${meshEndpoint.host}:${meshEndpoint.port}`,
+		kind: "public",
+		interfaceKind: "vpn",
+		plausible: true,
+		plausibleReason: "",
+		priority: 150
+	});
+	if (!ipv4Only) {
+		let v6prio = 200;
+		for (const iface of interfaces) {
+			if (iface.internal || iface.family !== "IPv6") continue;
+			if (iface.kind === "loopback") continue;
+			if (iface.address.startsWith("fe80:")) continue;
+			emit(iface, "lan-ipv6", `${formatKind(iface.kind)} — ${iface.name} (IPv6)`, `${scheme}://[${iface.address}]:${port}`, v6prio++);
+		}
+	}
+	if (includeLoopback) out.push({
+		label: "Loopback",
+		baseUrl: `${scheme}://127.0.0.1:${port}`,
+		kind: "loopback",
+		interfaceKind: "loopback",
+		plausible: false,
+		plausibleReason: "Loopback — last-resort fallback when no other endpoint responds.",
+		priority: 1e3
+	});
+	return out.toSorted((a, b) => a.priority - b.priority);
+}
+/**
+* First-boot heuristic: which addresses should the allowlist start
+* with? Includes LAN + Wi-Fi IPv4 addresses + plausible IPv6:
+*
+*   - **IPv4**: skip link-local (`169.254.*`), keep the rest.
+*   - **IPv6**: skip link-local (`fe80::*`), unspecified, and
+*     multicast. Keep ULAs (`fc00::/7` → `fc??:` / `fd??:`) and Global
+*     Unicast addresses (`2000::/3` → `2???`/`3???`). Privacy-extension
+*     temporary addresses get included by default; the operator can
+*     prune them from the Network Addresses tab if the rotating IPs
+*     become a nuisance.
+*
+* Skips docker/vpn/loopback/other entirely — those stay opt-in.
+*/
+function autoSeedAllowlist(interfaces) {
+	return [...new Set(interfaces.filter((i) => !i.internal && (i.kind === "lan" || i.kind === "wifi") && isPlausibleAutoSeed(i.address, i.family)).map((i) => i.address))];
+}
+/**
+* Per-interface tooltip text surfaced on the "Unlikely usable" badge.
+* Server-side so the UI doesn't re-derive the rationale (single source
+* of truth). Returns `''` for plausible entries; the addon overlays
+* this on the `LocalInterface.plausibleReason` field.
+*/
+function explainNonPlausible(input) {
+	if (input.internal) return "Internal interface (loopback) — not reachable from clients.";
+	if (input.kind === "docker") return "Docker bridge — only reachable from inside the container network.";
+	if (input.kind === "vpn") return "VPN tunnel — only reachable while the VPN is connected.";
+	if (input.kind === "other") return "Unrecognised interface kind — verify reachability before pinning.";
+	if (input.family === "IPv6") {
+		const a = input.address.toLowerCase();
+		if (a.startsWith("fe80:")) return "IPv6 link-local — only reachable on the same link, not routed.";
+		if (a.startsWith("ff")) return "IPv6 multicast — not a unicast address.";
+		if (a === "::" || a === "::1") return "IPv6 loopback / unspecified — not a public address.";
+		return "IPv6 address outside the ULA / GUA ranges — verify before pinning.";
+	}
+	if (input.address.startsWith("169.254.")) return "IPv4 link-local (RFC 3927) — only valid when DHCP fails.";
+	return "Address looks unusual for client traffic — verify before pinning.";
+}
+/**
+* Per-address gate used by `autoSeedAllowlist`. Exposed for tests so
+* we can pin every classification rule without standing up the addon.
+*/
+function isPlausibleAutoSeed(address, family) {
+	if (family === "IPv4") {
+		if (address.startsWith("169.254.")) return false;
+		return true;
+	}
+	const a = address.toLowerCase();
+	if (a === "::" || a === "::1") return false;
+	if (a.startsWith("fe80:")) return false;
+	if (a.startsWith("ff")) return false;
+	if (/^f[cd][0-9a-f]{0,2}:/.test(a)) return true;
+	if (/^[23][0-9a-f]{0,3}:/.test(a)) return true;
+	return false;
+}
+function classifyKind(name, address, internal) {
+	if (internal || name === "lo" || name.startsWith("lo")) return "loopback";
+	const n = name.toLowerCase();
+	if (n.startsWith("docker") || n.startsWith("br-") || n.startsWith("veth")) return "docker";
+	if (n.startsWith("tun") || n.startsWith("utun") || n.startsWith("wg") || n.startsWith("tap")) return "vpn";
+	if (n.startsWith("wlan") || n.startsWith("wlp") || n.startsWith("wlx")) return "wifi";
+	if (n.startsWith("eth") || /^en\d+$/.test(n)) {
+		if (process.platform === "darwin" && /^en[1-9]\d*$/.test(n)) return "wifi";
+		return "lan";
+	}
+	if (address === "127.0.0.1" || address === "::1") return "loopback";
+	return "other";
+}
+/** Convert an IPv4/IPv6 netmask string to its prefix length (CIDR). */
+function prefixLen(netmask) {
+	if (!netmask) return 0;
+	if (netmask.includes(":")) {
+		let bits = 0;
+		for (const group of netmask.split(":")) {
+			if (!group) continue;
+			const n = parseInt(group, 16);
+			if (!Number.isFinite(n)) break;
+			for (let mask = 32768; mask; mask >>= 1) if (n & mask) bits++;
+			else return bits;
+		}
+		return bits;
+	}
+	let bits = 0;
+	for (const part of netmask.split(".")) {
+		const n = parseInt(part, 10);
+		if (!Number.isFinite(n)) break;
+		for (let mask = 128; mask; mask >>= 1) if (n & mask) bits++;
+		else return bits;
+	}
+	return bits;
+}
+function snapshotKey(interfaces) {
+	return [...interfaces].map((i) => `${i.name}|${i.family}|${i.address}|${i.netmask}`).toSorted().join("\n");
+}
+function formatKind(kind) {
+	switch (kind) {
+		case "lan": return "LAN";
+		case "wifi": return "Wi-Fi";
+		case "vpn": return "VPN";
+		case "docker": return "Docker";
+		case "loopback": return "Loopback";
+		case "other": return "Other";
+	}
+}
+//#endregion
+exports.LocalNetworkAddon = LocalNetworkAddon;
+exports.applyAllowlist = applyAllowlist;
+exports.autoSeedAllowlist = autoSeedAllowlist;
+exports.buildEndpoints = buildEndpoints;
+exports.classifyKind = classifyKind;
+exports.enumerateOsInterfaces = enumerateOsInterfaces;
+exports.explainNonPlausible = explainNonPlausible;
+exports.isPlausibleAutoSeed = isPlausibleAutoSeed;
+exports.pickPreferred = pickPreferred;
+exports.prefixLen = prefixLen;