@camstack/types 0.1.30 → 0.1.31

package/dist/{index-DVKPWMwv.mjs → index-BKnvgAep.mjs}

@@ -3544,7 +3544,7 @@ const SettingsRecordSchema = z.object({
 });
 const CollectionColumnSchema = z.object({
   name: z.string(),
-  type: z.enum(["TEXT", "INTEGER", "REAL", "JSON"]),
+  type: z.enum(["TEXT", "INTEGER", "REAL", "JSON", "BOOLEAN"]),
   primaryKey: z.boolean().optional(),
   notNull: z.boolean().optional(),
   unique: z.boolean().optional()
@@ -3669,6 +3669,352 @@ const adminUiCapability = {
     getVersion: method(z.void(), z.string())
   }
 };
+const SsoBridgeClaimsSchema = z.object({
+  userId: z.string(),
+  username: z.string(),
+  isAdmin: z.boolean(),
+  provider: z.string(),
+  email: z.string().optional(),
+  displayName: z.string().optional()
+});
+const ssoBridgeCapability = {
+  name: "sso-bridge",
+  scope: "system",
+  mode: "singleton",
+  internal: true,
+  methods: {
+    signBridgeToken: method(
+      z.object({
+        claims: SsoBridgeClaimsSchema,
+        ttlSec: z.number().int().positive().optional()
+      }),
+      z.object({ token: z.string() })
+    ),
+    verifyBridgeToken: method(
+      z.object({ token: z.string() }),
+      SsoBridgeClaimsSchema.nullable()
+    )
+  }
+};
+const PasskeySummarySchema = z.object({
+  credentialId: z.string(),
+  label: z.string(),
+  createdAt: z.number(),
+  lastUsedAt: z.number().nullable(),
+  transports: z.array(z.string()).default([])
+});
+const userPasskeysCapability = {
+  name: "user-passkeys",
+  scope: "system",
+  mode: "collection",
+  internal: true,
+  methods: {
+    beginRegistration: method(
+      z.object({ userId: z.string(), username: z.string() }),
+      // PublicKeyCredentialCreationOptionsJSON — opaque JSON shape from
+      // @simplewebauthn. The browser passes it straight to credentials.create().
+      z.object({ optionsJSON: z.record(z.string(), z.unknown()) }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    finishRegistration: method(
+      z.object({
+        userId: z.string(),
+        /** RegistrationResponseJSON from the browser. */
+        response: z.record(z.string(), z.unknown()),
+        /** Operator-visible label (e.g. "MacBook Touch ID"). */
+        label: z.string()
+      }),
+      z.object({ success: z.literal(true), credentialId: z.string() }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    beginAuthentication: method(
+      // userId optional — when absent, the addon emits a "passkey discovery"
+      // (`allowCredentials: []`) so the browser shows every available
+      // credential. When present, only the user's credentials are allowed.
+      z.object({ userId: z.string().optional() }),
+      z.object({ optionsJSON: z.record(z.string(), z.unknown()) }),
+      { kind: "mutation", access: "view" }
+    ),
+    finishAuthentication: method(
+      z.object({
+        /** Required — the user the assertion belongs to (verified). */
+        userId: z.string(),
+        /** AuthenticationResponseJSON from the browser. */
+        response: z.record(z.string(), z.unknown())
+      }),
+      z.object({ verified: z.boolean() }),
+      { kind: "mutation", access: "view" }
+    ),
+    listPasskeys: method(
+      z.object({ userId: z.string() }),
+      z.array(PasskeySummarySchema),
+      { auth: "admin" }
+    ),
+    removePasskey: method(
+      z.object({ userId: z.string(), credentialId: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "delete" }
+    )
+  }
+};
+const EmailAddressSchema = z.string().email();
+const SendEmailInputSchema = z.object({
+  to: z.union([EmailAddressSchema, z.array(EmailAddressSchema).min(1)]),
+  cc: z.array(EmailAddressSchema).optional(),
+  bcc: z.array(EmailAddressSchema).optional(),
+  /** RFC 5322 `From` field. Most relays will reject if the domain
+   *  isn't authorised — the addon is responsible for substituting a
+   *  sane default when omitted. */
+  from: z.string().optional(),
+  /** Optional `Reply-To` override. */
+  replyTo: z.string().optional(),
+  subject: z.string(),
+  /** Plain-text body. Required even when `html` is present (fallback
+   *  for clients that strip HTML — including most spam filters). */
+  text: z.string(),
+  /** Optional HTML body. Renders alongside `text` as multi-part. */
+  html: z.string().optional()
+});
+const SendEmailResultSchema = z.object({
+  messageId: z.string(),
+  accepted: z.array(EmailAddressSchema).default([]),
+  rejected: z.array(EmailAddressSchema).default([])
+});
+const SmtpStatusSchema = z.object({
+  /** True iff the addon has successfully verified the relay. */
+  ready: z.boolean(),
+  /** Operator-visible host string (no credentials). */
+  host: z.string(),
+  /** Last error message reported by the relay, when not ready. */
+  error: z.string().optional(),
+  /** Last successful verify timestamp (unix ms). */
+  lastVerifiedAt: z.number().optional()
+});
+const smtpProviderCapability = {
+  name: "smtp-provider",
+  scope: "system",
+  mode: "collection",
+  internal: true,
+  methods: {
+    sendEmail: method(
+      SendEmailInputSchema,
+      SendEmailResultSchema,
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    /** Round-trip ping against the SMTP relay (EHLO + AUTH if configured).
+     *  Used by the operator's "Test connection" button. */
+    verify: method(
+      z.void(),
+      SmtpStatusSchema,
+      { kind: "mutation", auth: "admin", access: "view" }
+    ),
+    getStatus: method(
+      z.void(),
+      SmtpStatusSchema,
+      { auth: "admin" }
+    )
+  }
+};
+const QosSchema = z.union([z.literal(0), z.literal(1), z.literal(2)]);
+const PublishInputSchema = z.object({
+  topic: z.string(),
+  /** UTF-8 payload. Binary payloads must be base64-encoded by the caller. */
+  payload: z.string(),
+  qos: QosSchema.default(0),
+  retain: z.boolean().default(false)
+});
+const SubscribeInputSchema = z.object({
+  /** MQTT topic filter (supports `+` single-level and `#` multi-level wildcards). */
+  topic: z.string(),
+  qos: QosSchema.default(0),
+  /**
+   * Caller-supplied owner tag. Useful for debugging + the
+   * `listSubscriptions` admin view ("which consumer owns this?").
+   * When omitted, the addon synthesizes one from the caller's addon id.
+   */
+  owner: z.string().optional()
+});
+const SubscribeResultSchema = z.object({
+  success: z.literal(true),
+  /** Server-generated subscription id. Pass to `unsubscribe` to release. */
+  subscriptionId: z.string()
+});
+const UnsubscribeInputSchema = z.object({
+  /** Subscription id from `subscribe`. */
+  subscriptionId: z.string()
+});
+const MqttStatusSchema = z.object({
+  /** True iff the addon has an active connection to the broker. */
+  connected: z.boolean(),
+  /** Operator-visible host string (e.g. `mqtt://broker.example:1883`). */
+  brokerUrl: z.string(),
+  /** Active subscription count (per-owner, NOT broker-side topic count). */
+  subscriptionCount: z.number().int(),
+  /** Last error reported by the broker. */
+  error: z.string().optional(),
+  /** Last successful connection timestamp (unix ms). */
+  connectedAt: z.number().optional()
+});
+const SubscriptionInfoSchema = z.object({
+  subscriptionId: z.string(),
+  topic: z.string(),
+  qos: QosSchema,
+  owner: z.string(),
+  /** When this individual subscription was created. */
+  createdAt: z.number()
+});
+const mqttProviderCapability = {
+  name: "mqtt-provider",
+  scope: "system",
+  mode: "collection",
+  internal: true,
+  methods: {
+    /** Publish a message. Lazy-opens the connection if not yet active. */
+    publish: method(
+      PublishInputSchema,
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    /**
+     * Subscribe to a topic. Returns a `subscriptionId` to pass to
+     * `unsubscribe`. The addon refcounts broker subscriptions —
+     * multiple consumers on the same topic share one upstream sub.
+     * Messages arrive on `mqtt.message` events with `subscriptionIds[]`
+     * listing which subscriptions matched.
+     */
+    subscribe: method(
+      SubscribeInputSchema,
+      SubscribeResultSchema,
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    /** Release a specific subscription. Tears down the broker sub
+     *  only when the last owner releases. Idempotent. */
+    unsubscribe: method(
+      UnsubscribeInputSchema,
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "delete" }
+    ),
+    /** List active per-owner subscriptions on this provider. */
+    listSubscriptions: method(
+      z.void(),
+      z.array(SubscriptionInfoSchema),
+      { auth: "admin" }
+    ),
+    getStatus: method(
+      z.void(),
+      MqttStatusSchema,
+      { auth: "admin" }
+    )
+  }
+};
+const HaServiceCallSchema = z.object({
+  /** HA domain (e.g. `light`, `switch`, `notify`). */
+  domain: z.string(),
+  /** HA service (e.g. `turn_on`, `toggle`). */
+  service: z.string(),
+  /** Service-specific data payload (e.g. `{entity_id: 'light.kitchen', brightness: 200}`). */
+  serviceData: z.record(z.string(), z.unknown()).optional(),
+  /** Optional target spec (entity_id / device_id / area_id). */
+  target: z.record(z.string(), z.unknown()).optional()
+});
+const HaStateSchema = z.object({
+  entity_id: z.string(),
+  state: z.string(),
+  attributes: z.record(z.string(), z.unknown()).default({}),
+  last_changed: z.string().optional(),
+  last_updated: z.string().optional()
+});
+const HaStatusSchema = z.object({
+  connected: z.boolean(),
+  host: z.string(),
+  /** Active per-owner subscription count. */
+  subscriptionCount: z.number().int(),
+  /** Last error reported by the WebSocket. */
+  error: z.string().optional(),
+  /** HA version reported during the auth handshake, when reachable. */
+  haVersion: z.string().optional(),
+  connectedAt: z.number().optional()
+});
+const HaSubscribeInputSchema = z.object({
+  /**
+   * Specific HA event type to subscribe to (`state_changed`,
+   * `service_called`, etc.). Empty string = all events (firehose —
+   * only for debugging).
+   */
+  eventType: z.string().optional(),
+  /** Caller-supplied tag for listSubscriptions debugging. */
+  owner: z.string().optional()
+});
+const HaSubscribeResultSchema = z.object({
+  success: z.literal(true),
+  subscriptionId: z.string()
+});
+const HaUnsubscribeInputSchema = z.object({
+  subscriptionId: z.string()
+});
+const HaSubscriptionInfoSchema = z.object({
+  subscriptionId: z.string(),
+  /** Empty string when subscribed to ALL events. */
+  eventType: z.string(),
+  owner: z.string(),
+  createdAt: z.number()
+});
+const homeAssistantCapability = {
+  name: "home-assistant",
+  scope: "system",
+  mode: "collection",
+  internal: true,
+  methods: {
+    /**
+     * Subscribe to HA events. Returns a `subscriptionId` to pass to
+     * `unsubscribeEvents`. The addon refcounts upstream subscriptions
+     * so multiple consumers share one HA-side event stream.
+     * Events arrive on the kernel bus under `home-assistant.event`
+     * with `subscriptionIds[]` listing which subs matched.
+     */
+    subscribeEvents: method(
+      HaSubscribeInputSchema,
+      HaSubscribeResultSchema,
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    /** Release a specific subscription. Tears down the upstream sub
+     *  only when the last owner releases. Idempotent. */
+    unsubscribeEvents: method(
+      HaUnsubscribeInputSchema,
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "delete" }
+    ),
+    /**
+     * Call an HA service (turn light on, run a script, etc.). Returns
+     * the HA response object — usually `{context, response: ...}`.
+     */
+    callService: method(
+      HaServiceCallSchema,
+      z.object({ result: z.unknown() }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    /** Fetch all entity states. Cheap snapshot — HA returns the full
+     *  state registry on every call. */
+    getStates: method(
+      z.void(),
+      z.array(HaStateSchema).readonly(),
+      { auth: "admin" }
+    ),
+    /** Fetch a single entity's current state. `null` when not found. */
+    getState: method(
+      z.object({ entityId: z.string() }),
+      HaStateSchema.nullable(),
+      { auth: "admin" }
+    ),
+    /** List active per-owner subscriptions. */
+    listSubscriptions: method(
+      z.void(),
+      z.array(HaSubscriptionInfoSchema).readonly(),
+      { auth: "admin" }
+    ),
+    getStatus: method(z.void(), HaStatusSchema, { auth: "admin" })
+  }
+};
 const AddonPageDeclarationSchema$1 = z.object({
   id: z.string(),
   label: z.string(),
@@ -3782,7 +4128,35 @@ const addonWidgetsCapability = {
 };
 const AddonHttpRouteSchema = z.object({
   method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]),
-  path: z.string()
+  path: z.string(),
+  access: z.enum(["public", "authenticated", "admin"]).optional(),
+  description: z.string().optional()
+});
+const InvokeRequestSchema = z.object({
+  method: z.string(),
+  path: z.string(),
+  params: z.record(z.string(), z.string()),
+  query: z.record(z.string(), z.string()),
+  body: z.unknown(),
+  headers: z.record(z.string(), z.string()),
+  user: z.object({
+    id: z.string(),
+    username: z.string(),
+    isAdmin: z.boolean()
+  }).optional(),
+  scopedToken: z.unknown().optional()
+});
+const InvokeReplyEnvelopeSchema = z.object({
+  status: z.number().int(),
+  headers: z.record(z.string(), z.string()),
+  /** When set, the hub MUST `reply.redirect(redirectUrl)` instead of
+   *  sending `body`. Status defaults to 302 when this is set unless
+   *  the handler called `reply.code(...)` explicitly. */
+  redirectUrl: z.string().nullable(),
+  /** JSON-serializable body. `undefined` is treated as "no body". */
+  body: z.unknown().optional(),
+  /** Set when the handler called `reply.type(mime)`. */
+  contentType: z.string().optional()
 });
 const addonRoutesCapability = {
   name: "addon-routes",
@@ -3790,7 +4164,16 @@ const addonRoutesCapability = {
   mode: "collection",
   internal: true,
   methods: {
-    getRoutes: method(z.void(), z.array(AddonHttpRouteSchema))
+    getRoutes: method(z.void(), z.array(AddonHttpRouteSchema)),
+    /**
+     * Cross-process dispatch entry point. Forked addons implement this
+     * (via `buildAddonRouteProvider`) so the hub's Fastify catch-all
+     * can route through Moleculer when the handler lives in a worker.
+     *
+     * Local addons can implement it for free with the same helper;
+     * the hub bypasses the wire on co-located addons.
+     */
+    invoke: method(InvokeRequestSchema, InvokeReplyEnvelopeSchema, { kind: "mutation" })
   }
 };
 const HWACCEL_OPTIONS = [
@@ -5326,7 +5709,14 @@ const AuthResultSchema = z.object({
   username: z.string(),
   email: z.string().optional(),
   displayName: z.string().optional(),
-  roles: z.array(z.string()).optional()
+  /**
+   * Whether the authenticating user is an admin. The auth-provider
+   * surface returns this so the server's login flow can mint a JWT
+   * with the correct bypass flag. Non-admin users authenticated via
+   * an external IdP still need their scopes assigned by an admin via
+   * `setUserScopes` — the SSO flow doesn't carry permissions.
+   */
+  isAdmin: z.boolean().default(false)
 });
 const authProviderCapability = {
   name: "auth-provider",
@@ -5347,6 +5737,14 @@ const authProviderCapability = {
 const AuthProviderInfoSchema = z.object({
   /** Stable id matching the addon id (used for `getLoginUrl({addonId,…})`). */
   addonId: z.string(),
+  /**
+   * Per-instance id when one addon registers multiple "logical"
+   * providers (e.g. OIDC with Google + Microsoft + custom). The login
+   * URL becomes `/addon/${addonId}/${instanceId}/start` — handler reads
+   * `:instanceId` from the route. Empty/unset means the addon is a
+   * single-instance provider; the URL is `/addon/${addonId}/start`.
+   */
+  instanceId: z.string().optional(),
   /** Display label shown on the login button + admin row. */
   displayName: z.string(),
   /** Optional iconography hint (lucide-react icon name OR emoji). */
@@ -5357,6 +5755,8 @@ const AuthProviderInfoSchema = z.object({
   /** When true, the provider exposes a credential-form login flow
    *  (`validateCredentials` accepts username + password). */
   hasCredentialFlow: z.boolean(),
+  /** Provider kind, drives admin-UI hint dispatch (oidc / saml / totp / …). */
+  kind: z.string().optional(),
   /** Operator-facing status string (e.g. "Connected to https://login.acme.com"). */
   status: z.string().optional(),
   /** When false, the provider is registered but disabled by config; the
@@ -7126,6 +7526,35 @@ const meshNetworkCapability = {
       MeshIngressConfigSchema,
       z.object({ success: z.literal(true) }),
       { kind: "mutation" }
+    ),
+    /**
+     * Probe the mesh daemon / API for a sanity check WITHOUT joining.
+     * Operator-facing "test connection" button: validates the auth key
+     * + reaches the control plane and reports back what would happen
+     * on join.
+     *
+     * Tailscale: dry-runs `tailscale up --auth-key=… --reset` against
+     * an idempotency probe; for an already-joined node it just returns
+     * the current status.
+     */
+    testConnection: method(
+      z.object({
+        /** Optional auth key — when provided, probes the key validity
+         *  against the provider's API. Omit when already joined to
+         *  just ping the daemon. */
+        authKey: z.string().optional()
+      }),
+      z.object({
+        ok: z.boolean(),
+        /** Provider-side identifier resolved by the probe (tailnet
+         *  name for Tailscale, network id for ZeroTier, etc.). */
+        tenant: z.string().optional(),
+        /** Daemon binary version, when reachable. */
+        daemonVersion: z.string().optional(),
+        /** Human-readable error when `ok: false`. */
+        error: z.string().optional()
+      }),
+      { kind: "mutation" }
     )
   }
 };
@@ -7183,26 +7612,54 @@ const meshOrchestratorCapability = {
     )
   }
 };
-const UserRoleSchema = z.enum(["admin", "viewer", "agent", "scoped"]);
+const MethodAccessSchema = z.enum(["view", "create", "delete"]);
 const AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
 const AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
-const MethodAccessSchema = z.enum(["view", "create", "delete"]);
-const TokenScopeSchema = z.object({
-  type: z.enum(["addon", "capability"]),
-  target: z.string(),
-  access: z.array(MethodAccessSchema).min(1)
-});
+const CapScopeSchema = z.enum(["device", "system"]);
+const TokenScopeSchema = z.discriminatedUnion("type", [
+  z.object({
+    type: z.literal("category"),
+    target: CapScopeSchema,
+    access: z.array(MethodAccessSchema).min(1)
+  }),
+  z.object({
+    type: z.literal("capability"),
+    target: z.string(),
+    access: z.array(MethodAccessSchema).min(1)
+  }),
+  z.object({
+    type: z.literal("addon"),
+    target: z.string(),
+    access: z.array(MethodAccessSchema).min(1)
+  }),
+  z.object({
+    type: z.literal("device"),
+    /**
+     * One or more deviceIds (serialised as strings for wire-format
+     * consistency with the rest of the union). Matcher accepts if
+     * `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
+     * of one scope-per-device when granting access to a set of cameras.
+     */
+    targets: z.array(z.string()).min(1),
+    access: z.array(MethodAccessSchema).min(1)
+  })
+]);
 const UserRecordSchema = z.object({
   id: z.string(),
   username: z.string(),
   passwordHash: z.string(),
-  role: UserRoleSchema,
+  /**
+   * Admin bypass. When true, the middleware skips the scope-access
+   * check entirely. There is no other axis of privilege; the legacy
+   * role enum collapsed onto this boolean in v2.
+   */
+  isAdmin: z.boolean().default(false),
   allowedProviders: AllowedProviderSchema,
   allowedDevices: AllowedDevicesSchema,
   /**
-   * Scopes granted to this user. Admins bypass; their `scopes` is ignored.
-   * Non-admins (`viewer`, `agent`, `scoped`) without scopes are locked out
-   * of every protected call.
+   * Scopes granted to this user. Admins bypass; their `scopes` is
+   * ignored. Non-admins without scopes are locked out of every
+   * protected call.
    */
   scopes: z.array(TokenScopeSchema).default([]),
   createdAt: z.number(),
@@ -7211,7 +7668,7 @@ const UserRecordSchema = z.object({
 const ApiKeyRecordSchema = z.object({
   id: z.string(),
   label: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: AllowedProviderSchema,
   allowedDevices: AllowedDevicesSchema,
   tokenHash: z.string(),
@@ -7235,7 +7692,7 @@ const ScopedTokenSchema = z.object({
 const UserSummarySchema = z.object({
   id: z.string(),
   username: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])),
   scopes: z.array(TokenScopeSchema).default([]),
@@ -7245,14 +7702,14 @@ const UserSummarySchema = z.object({
 const CreateUserInputSchema = z.object({
   username: z.string(),
   password: z.string().min(6),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
   scopes: z.array(TokenScopeSchema).optional()
 });
 const UpdateUserInputSchema = z.object({
   id: z.string(),
-  role: UserRoleSchema.optional(),
+  isAdmin: z.boolean().optional(),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
   scopes: z.array(TokenScopeSchema).optional()
@@ -7260,7 +7717,7 @@ const UpdateUserInputSchema = z.object({
 const ApiKeySummarySchema = z.object({
   id: z.string(),
   label: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
   tokenPrefix: z.string(),
@@ -7269,7 +7726,7 @@ const ApiKeySummarySchema = z.object({
 });
 const CreateApiKeyInputSchema = z.object({
   label: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional()
 });
@@ -7283,16 +7740,11 @@ const ScopedTokenSummarySchema = z.object({
   name: z.string(),
   tokenPrefix: z.string(),
   scopes: z.array(TokenScopeSchema),
-  // Mirror the storage schema: `.nullish()` accepts the SQLite-native
-  // `null` for absent timestamps as well as in-memory `undefined`.
   expiresAt: z.number().nullish(),
   lastUsedAt: z.number().nullish(),
   createdAt: z.number()
 });
 const CreateScopedTokenInputSchema = z.object({
-  // The owner the token is issued on behalf of. `adminProcedure` gates
-  // this call so an admin can mint tokens for any user; the CLI passes
-  // its own logged-in `user.id` here.
   userId: z.string(),
   name: z.string(),
   scopes: z.array(TokenScopeSchema),
@@ -7302,45 +7754,85 @@ const CreateScopedTokenResultSchema = z.object({
   token: z.string(),
   record: ScopedTokenSummarySchema
 });
+const TotpSetupResultSchema = z.object({
+  secret: z.string(),
+  otpauthUrl: z.string()
+});
+const TotpStatusSchema = z.object({
+  /** True iff `confirmedAt != null` — a pending half-enrollment is reported as `enabled: false`. */
+  enabled: z.boolean(),
+  /** Null when no row exists OR the row is still pending confirmation. */
+  confirmedAt: z.number().nullable()
+});
 const userManagementCapability = {
   name: "user-management",
   scope: "system",
   mode: "singleton",
   methods: {
-    // ── Users ──────────────────────────────────────────────────────
     listUsers: method(z.void(), z.array(UserSummarySchema), { auth: "admin" }),
-    createUser: method(CreateUserInputSchema, UserSummarySchema, { kind: "mutation", auth: "admin" }),
-    updateUser: method(UpdateUserInputSchema, z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
-    deleteUser: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
+    createUser: method(CreateUserInputSchema, UserSummarySchema, { kind: "mutation", auth: "admin", access: "create" }),
+    updateUser: method(UpdateUserInputSchema, z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "create" }),
+    deleteUser: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "delete" }),
     resetPassword: method(
       z.object({ id: z.string(), newPassword: z.string().min(6) }),
       z.object({ success: z.literal(true) }),
-      { kind: "mutation", auth: "admin" }
+      { kind: "mutation", auth: "admin", access: "create" }
     ),
-    /**
-     * Replace the scope set on a user. Subset check: the caller's scopes
-     * must include every requested scope+access (admin bypasses).
-     */
     setUserScopes: method(
       z.object({ userId: z.string(), scopes: z.array(TokenScopeSchema) }),
       z.object({ success: z.literal(true) }),
-      { kind: "mutation", auth: "admin" }
+      { kind: "mutation", auth: "admin", access: "create" }
     ),
     validateCredentials: method(
       z.object({ username: z.string(), password: z.string() }),
       UserSummarySchema.extend({ passwordHash: z.string() }).nullable(),
-      { kind: "mutation" }
+      { kind: "mutation", access: "view" }
     ),
-    // ── API Keys ──────────────────────────────────────────────────
     listApiKeys: method(z.void(), z.array(ApiKeySummarySchema), { auth: "admin" }),
-    createApiKey: method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, { kind: "mutation", auth: "admin" }),
-    revokeApiKey: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
-    validateApiKey: method(z.object({ token: z.string() }), ApiKeySummarySchema.nullable(), { kind: "mutation" }),
-    // ── Scoped Tokens ─────────────────────────────────────────────
-    createScopedToken: method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, { kind: "mutation", auth: "admin" }),
-    revokeScopedToken: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
-    validateScopedToken: method(z.object({ token: z.string() }), ScopedTokenSummarySchema.nullable()),
-    listScopedTokens: method(z.object({ userId: z.string() }), z.array(ScopedTokenSummarySchema), { auth: "admin" })
+    createApiKey: method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, { kind: "mutation", auth: "admin", access: "create" }),
+    revokeApiKey: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "delete" }),
+    validateApiKey: method(z.object({ token: z.string() }), ApiKeySummarySchema.nullable(), { kind: "mutation", access: "view" }),
+    createScopedToken: method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, { kind: "mutation", auth: "admin", access: "create" }),
+    revokeScopedToken: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "delete" }),
+    validateScopedToken: method(z.object({ token: z.string() }), ScopedTokenSummarySchema.nullable(), { access: "view" }),
+    listScopedTokens: method(z.object({ userId: z.string() }), z.array(ScopedTokenSummarySchema), { auth: "admin" }),
+    // ── TOTP / 2FA ─────────────────────────────────────────────────
+    //
+    // Setup → Confirm → (Verify on login) → Disable.
+    //
+    // Admin-only for now: operator enrolls TOTP on a user's behalf by
+    // pairing their authenticator with the returned QR. Self-service
+    // enrollment is a follow-up (needs the cap framework to expose the
+    // caller's identity to the provider so the provider can enforce
+    // self-or-admin).
+    setupTotp: method(
+      z.object({ userId: z.string() }),
+      TotpSetupResultSchema,
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    confirmTotp: method(
+      z.object({ userId: z.string(), code: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    disableTotp: method(
+      z.object({ userId: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "delete" }
+    ),
+    getTotpStatus: method(
+      z.object({ userId: z.string() }),
+      TotpStatusSchema,
+      { auth: "admin" }
+    ),
+    // Public (no `auth`) — used by the login flow's second-step
+    // challenge endpoint. The userId comes from the password-validation
+    // step (signed bridge token), so this method is not a free oracle.
+    verifyTotp: method(
+      z.object({ userId: z.string(), code: z.string() }),
+      z.object({ valid: z.boolean() }),
+      { kind: "mutation", access: "view" }
+    )
   }
 };
 const FeatureManifestSchema = z.object({
@@ -7962,7 +8454,7 @@ const PIPELINE_OWNER_CAPABILITY_NAMES = [
   "pipeline-runner"
 ];
 export {
-  networkQualityCapability as $,
+  nativeObjectDetectionCapability as $,
   adminUiCapability as A,
   advancedNotifierCapability as B,
   alertsCapability as C,
@@ -7980,306 +8472,323 @@ export {
   deviceStateCapability as O,
   embeddingEncoderCapability as P,
   eventsCapability as Q,
-  integrationsCapability as R,
-  intercomCapability as S,
-  localNetworkCapability as T,
-  logDestinationCapability as U,
-  meshNetworkCapability as V,
-  meshOrchestratorCapability as W,
-  metricsProviderCapability as X,
-  motionDetectionCapability as Y,
-  nativeObjectDetectionCapability as Z,
-  networkAccessCapability as _,
+  homeAssistantCapability as R,
+  integrationsCapability as S,
+  intercomCapability as T,
+  localNetworkCapability as U,
+  logDestinationCapability as V,
+  meshNetworkCapability as W,
+  meshOrchestratorCapability as X,
+  metricsProviderCapability as Y,
+  motionDetectionCapability as Z,
+  mqttProviderCapability as _,
   zoneRulesCapability as a,
-  AuthProviderInfoSchema as a$,
-  nodesCapability as a0,
-  notificationOutputCapability as a1,
-  osdCapability as a2,
-  pipelineAnalyticsCapability as a3,
-  pipelineExecutorCapability as a4,
-  pipelineOrchestratorCapability as a5,
-  pipelineRunnerCapability as a6,
-  platformProbeCapability as a7,
-  ptzCapability as a8,
-  rebootCapability as a9,
-  AddonPageDeclarationSchema as aA,
-  AddonPageInfoSchema as aB,
-  AgentLoadSummarySchema as aC,
-  AlertSchema as aD,
-  AlertSeveritySchema as aE,
-  AlertSourceSchema as aF,
-  AlertStatusSchema as aG,
-  ApiKeyRecordSchema as aH,
-  ApiKeySummarySchema as aI,
-  ArchiveEntrySchema as aJ,
-  ArchiveManifestSchema as aK,
-  AudioAnalysisResultSchema as aL,
-  AudioAnalysisSettingsSchema as aM,
-  AudioChunkInputSchema as aN,
-  AudioClassSummarySchema as aO,
-  AudioClassificationLabelSchema as aP,
-  AudioClassificationResultSchema as aQ,
-  AudioCodecInfoSchema as aR,
-  AudioDecodeSessionConfigSchema as aS,
-  AudioEncodeSessionConfigSchema as aT,
-  AudioEncodedChunkSchema as aU,
-  AudioEventSchema as aV,
-  AudioLevelSchema as aW,
-  AudioMetricsHistoryPointSchema as aX,
-  AudioMetricsHistorySchema as aY,
-  AudioMetricsSnapshotSchema as aZ,
-  AudioPcmChunkSchema as a_,
-  recordingCapability as aa,
-  recordingEngineCapability as ab,
-  remoteAccessCapability as ac,
-  restreamerCapability as ad,
-  settingsStoreCapability as ae,
-  snapshotCapability as af,
-  snapshotProviderCapability as ag,
-  storageCapability as ah,
-  storageProviderCapability as ai,
-  streamBrokerCapability as aj,
-  streamingEngineCapability as ak,
-  systemCapability as al,
-  toastCapability as am,
-  turnOrchestratorCapability as an,
-  turnProviderCapability as ao,
-  userManagementCapability as ap,
-  webrtcCapability as aq,
-  webrtcSessionCapability as ar,
-  ACCESSORY_LABEL as as,
-  APPLE_SA_TO_MACRO as at,
-  AUDIO_BACKEND_CHOICES as au,
-  AUDIO_MACRO_LABELS as av,
-  AccessoriesStatusSchema as aw,
-  AccessoryKind as ax,
-  AddonAutoUpdateSchema as ay,
-  AddonListItemSchema as az,
+  AudioLevelSchema as a$,
+  networkAccessCapability as a0,
+  networkQualityCapability as a1,
+  nodesCapability as a2,
+  notificationOutputCapability as a3,
+  osdCapability as a4,
+  pipelineAnalyticsCapability as a5,
+  pipelineExecutorCapability as a6,
+  pipelineOrchestratorCapability as a7,
+  pipelineRunnerCapability as a8,
+  platformProbeCapability as a9,
+  AUDIO_MACRO_LABELS as aA,
+  AccessoriesStatusSchema as aB,
+  AccessoryKind as aC,
+  AddonAutoUpdateSchema as aD,
+  AddonListItemSchema as aE,
+  AddonPageDeclarationSchema as aF,
+  AddonPageInfoSchema as aG,
+  AgentLoadSummarySchema as aH,
+  AlertSchema as aI,
+  AlertSeveritySchema as aJ,
+  AlertSourceSchema as aK,
+  AlertStatusSchema as aL,
+  ApiKeyRecordSchema as aM,
+  ApiKeySummarySchema as aN,
+  ArchiveEntrySchema as aO,
+  ArchiveManifestSchema as aP,
+  AudioAnalysisResultSchema as aQ,
+  AudioAnalysisSettingsSchema as aR,
+  AudioChunkInputSchema as aS,
+  AudioClassSummarySchema as aT,
+  AudioClassificationLabelSchema as aU,
+  AudioClassificationResultSchema as aV,
+  AudioCodecInfoSchema as aW,
+  AudioDecodeSessionConfigSchema as aX,
+  AudioEncodeSessionConfigSchema as aY,
+  AudioEncodedChunkSchema as aZ,
+  AudioEventSchema as a_,
+  ptzCapability as aa,
+  rebootCapability as ab,
+  recordingCapability as ac,
+  recordingEngineCapability as ad,
+  remoteAccessCapability as ae,
+  restreamerCapability as af,
+  settingsStoreCapability as ag,
+  smtpProviderCapability as ah,
+  snapshotCapability as ai,
+  snapshotProviderCapability as aj,
+  ssoBridgeCapability as ak,
+  storageCapability as al,
+  storageProviderCapability as am,
+  streamBrokerCapability as an,
+  streamingEngineCapability as ao,
+  systemCapability as ap,
+  toastCapability as aq,
+  turnOrchestratorCapability as ar,
+  turnProviderCapability as as,
+  userManagementCapability as at,
+  userPasskeysCapability as au,
+  webrtcCapability as av,
+  webrtcSessionCapability as aw,
+  ACCESSORY_LABEL as ax,
+  APPLE_SA_TO_MACRO as ay,
+  AUDIO_BACKEND_CHOICES as az,
   zoneAnalyticsCapability as b,
-  DoorbellStatusSchema as b$,
-  AuthResultSchema as b0,
-  AutoUpdateSettingsSchema as b1,
-  AvailableIntegrationTypeSchema as b2,
-  BATTERY_DEVICE_PROFILE as b3,
-  BackupDestinationInfoSchema as b4,
-  BackupEntrySchema as b5,
-  BatteryStatusSchema as b6,
-  BoundingBoxSchema as b7,
-  BrightnessStatusSchema as b8,
-  BrokerAudioClientSchema as b9,
-  CreateIntegrationInputSchema as bA,
-  CreateScopedTokenInputSchema as bB,
-  CreateScopedTokenResultSchema as bC,
-  CreateUserInputSchema as bD,
-  CustomActionInputSchema as bE,
-  DEFAULT_AUDIO_ANALYZER_CONFIG as bF,
-  DEFAULT_DECODER_HWACCEL_CONFIG as bG,
-  DEVICE_PROFILES as bH,
-  DEVICE_SETTINGS_CONTRIBUTION_METHODS as bI,
-  DEVICE_STATUS_METHOD as bJ,
-  DecodedFrameSchema as bK,
-  DecoderAssignmentSchema as bL,
-  DecoderSessionConfigSchema as bM,
-  DecoderStatsSchema as bN,
-  DeleteIntegrationResultSchema as bO,
-  DetectorOutputSchema as bP,
-  DeviceDiscoveryStatusSchema as bQ,
-  DeviceFeature as bR,
-  DeviceInfoSchema as bS,
-  DeviceNetworkStatsSchema as bT,
-  DeviceRole as bU,
-  DeviceStatusSchema as bV,
-  DeviceType as bW,
-  DiscoveredChildDeviceSchema as bX,
-  DiscoveredChildStatusSchema as bY,
-  DiscoveredDeviceSchema as bZ,
-  DoorbellPressEventSchema as b_,
-  BrokerClientsSchema as ba,
-  BrokerDecodedClientSchema as bb,
-  BrokerRtspClientSchema as bc,
-  BrokerStatsSchema as bd,
-  BrokerStatusSchema as be,
-  CAM_PROFILE_ORDER as bf,
-  CamProfileSchema as bg,
-  CamStreamKindSchema as bh,
-  CamStreamResolutionSchema as bi,
-  CameraCredentialsSchema as bj,
-  CameraCredentialsStatusSchema as bk,
-  CameraMetricsSchema as bl,
-  CameraMetricsWithDeviceIdSchema as bm,
-  CameraStreamSchema as bn,
-  CapabilityBindingsSchema as bo,
-  ChargingStatus as bp,
-  ClientNetworkStatsSchema as bq,
-  ClusterAddonNodeDeploymentSchema as br,
-  ClusterAddonStatusEntrySchema as bs,
-  CollectionColumnSchema as bt,
-  CollectionIndexSchema as bu,
-  ConfigEntrySchema$1 as bv,
-  ConfigSectionWithValuesSchema as bw,
-  ConfigTabDeclarationSchema as bx,
-  CreateApiKeyInputSchema as by,
-  CreateApiKeyResultSchema as bz,
+  DeviceStatusSchema as b$,
+  AudioMetricsHistoryPointSchema as b0,
+  AudioMetricsHistorySchema as b1,
+  AudioMetricsSnapshotSchema as b2,
+  AudioPcmChunkSchema as b3,
+  AuthProviderInfoSchema as b4,
+  AuthResultSchema as b5,
+  AutoUpdateSettingsSchema as b6,
+  AvailableIntegrationTypeSchema as b7,
+  BATTERY_DEVICE_PROFILE as b8,
+  BackupDestinationInfoSchema as b9,
+  CollectionIndexSchema as bA,
+  ConfigEntrySchema$1 as bB,
+  ConfigSectionWithValuesSchema as bC,
+  ConfigTabDeclarationSchema as bD,
+  CreateApiKeyInputSchema as bE,
+  CreateApiKeyResultSchema as bF,
+  CreateIntegrationInputSchema as bG,
+  CreateScopedTokenInputSchema as bH,
+  CreateScopedTokenResultSchema as bI,
+  CreateUserInputSchema as bJ,
+  CustomActionInputSchema as bK,
+  DEFAULT_AUDIO_ANALYZER_CONFIG as bL,
+  DEFAULT_DECODER_HWACCEL_CONFIG as bM,
+  DEVICE_PROFILES as bN,
+  DEVICE_SETTINGS_CONTRIBUTION_METHODS as bO,
+  DEVICE_STATUS_METHOD as bP,
+  DecodedFrameSchema as bQ,
+  DecoderAssignmentSchema as bR,
+  DecoderSessionConfigSchema as bS,
+  DecoderStatsSchema as bT,
+  DeleteIntegrationResultSchema as bU,
+  DetectorOutputSchema as bV,
+  DeviceDiscoveryStatusSchema as bW,
+  DeviceFeature as bX,
+  DeviceInfoSchema as bY,
+  DeviceNetworkStatsSchema as bZ,
+  DeviceRole as b_,
+  BackupEntrySchema as ba,
+  BatteryStatusSchema as bb,
+  BoundingBoxSchema as bc,
+  BrightnessStatusSchema as bd,
+  BrokerAudioClientSchema as be,
+  BrokerClientsSchema as bf,
+  BrokerDecodedClientSchema as bg,
+  BrokerRtspClientSchema as bh,
+  BrokerStatsSchema as bi,
+  BrokerStatusSchema as bj,
+  CAM_PROFILE_ORDER as bk,
+  CamProfileSchema as bl,
+  CamStreamKindSchema as bm,
+  CamStreamResolutionSchema as bn,
+  CameraCredentialsSchema as bo,
+  CameraCredentialsStatusSchema as bp,
+  CameraMetricsSchema as bq,
+  CameraMetricsWithDeviceIdSchema as br,
+  CameraStreamSchema as bs,
+  CapScopeSchema as bt,
+  CapabilityBindingsSchema as bu,
+  ChargingStatus as bv,
+  ClientNetworkStatsSchema as bw,
+  ClusterAddonNodeDeploymentSchema as bx,
+  ClusterAddonStatusEntrySchema as by,
+  CollectionColumnSchema as bz,
   motionCapability as c,
-  PlaceholderReasonSchema as c$,
-  EmbeddingInfoSchema as c0,
-  EmbeddingResultSchema as c1,
-  EncodedPacketSchema as c2,
-  EnrichedWidgetMetadataSchema as c3,
-  EventItemSchema as c4,
-  EventKindSchema as c5,
-  ExposedResourceSchema as c6,
-  FeatureManifestSchema as c7,
-  FeatureProbeStatusSchema as c8,
-  FrameInputSchema as c9,
-  NativeDetectionSchema as cA,
-  NativeObjectClassEnum as cB,
-  NativeObjectDetectionStatusSchema as cC,
-  NetworkAccessStatusSchema as cD,
-  NetworkAddressSchema as cE,
-  NetworkEndpointSchema as cF,
-  NotificationHistoryEntrySchema as cG,
-  NotificationRuleSchema as cH,
-  NotificationSchema as cI,
-  ObjectEventSchema as cJ,
-  OrchestratorMetricsSchema as cK,
-  OsdOverlayKindEnum as cL,
-  OsdOverlayPatchSchema as cM,
-  OsdOverlaySchema as cN,
-  OsdPositionEnum as cO,
-  OsdStatusSchema as cP,
-  PIPELINE_FLOW_CAPABILITY_NAMES as cQ,
-  PIPELINE_OWNER_CAPABILITY_NAMES as cR,
-  PackageUpdateSchema as cS,
-  PackageVersionInfoSchema as cT,
-  PcmSampleFormatSchema as cU,
-  PerScopeBreakdownSchema as cV,
-  PipelineAssignmentSchema as cW,
-  PipelineDefaultStepSchema as cX,
-  PipelineEngineChoiceSchema as cY,
-  PipelineRunResultBridge as cZ,
-  PipelineStepInputSchema as c_,
-  GlobalMetricsSchema as ca,
-  HWACCEL_OPTIONS as cb,
-  HealthStatusSchema as cc,
-  HistoryPointSchema as cd,
-  HistoryResolutionEnum as ce,
-  InstalledPackageSchema as cf,
-  IntegrationLiteSchema as cg,
-  IntegrationWithStateSchema as ch,
-  IntercomAbilitySchema as ci,
-  IntercomStatusSchema as cj,
-  LocationStatSchema as ck,
-  LogEntrySchema as cl,
-  LogLevelSchema$1 as cm,
-  LogStreamEntrySchema as cn,
-  MODEL_FORMATS as co,
-  MediaFileSchema as cp,
-  MethodAccessSchema as cq,
-  MotionAnalysisResultSchema as cr,
-  MotionEventSchema as cs,
-  MotionOnMotionChangedDataSchema as ct,
-  MotionRegionSchema as cu,
-  MotionSourceEnum as cv,
-  MotionSourcesSchema as cw,
-  MotionStatusSchema as cx,
-  MotionTriggerRuntimeStateSchema as cy,
-  MotionTriggerStatusSchema as cz,
+  PIPELINE_OWNER_CAPABILITY_NAMES as c$,
+  DeviceType as c0,
+  DiscoveredChildDeviceSchema as c1,
+  DiscoveredChildStatusSchema as c2,
+  DiscoveredDeviceSchema as c3,
+  DoorbellPressEventSchema as c4,
+  DoorbellStatusSchema as c5,
+  EmbeddingInfoSchema as c6,
+  EmbeddingResultSchema as c7,
+  EncodedPacketSchema as c8,
+  EnrichedWidgetMetadataSchema as c9,
+  MotionAnalysisResultSchema as cA,
+  MotionEventSchema as cB,
+  MotionOnMotionChangedDataSchema as cC,
+  MotionRegionSchema as cD,
+  MotionSourceEnum as cE,
+  MotionSourcesSchema as cF,
+  MotionStatusSchema as cG,
+  MotionTriggerRuntimeStateSchema as cH,
+  MotionTriggerStatusSchema as cI,
+  MqttStatusSchema as cJ,
+  NativeDetectionSchema as cK,
+  NativeObjectClassEnum as cL,
+  NativeObjectDetectionStatusSchema as cM,
+  NetworkAccessStatusSchema as cN,
+  NetworkAddressSchema as cO,
+  NetworkEndpointSchema as cP,
+  NotificationHistoryEntrySchema as cQ,
+  NotificationRuleSchema as cR,
+  NotificationSchema as cS,
+  ObjectEventSchema as cT,
+  OrchestratorMetricsSchema as cU,
+  OsdOverlayKindEnum as cV,
+  OsdOverlayPatchSchema as cW,
+  OsdOverlaySchema as cX,
+  OsdPositionEnum as cY,
+  OsdStatusSchema as cZ,
+  PIPELINE_FLOW_CAPABILITY_NAMES as c_,
+  EventItemSchema as ca,
+  EventKindSchema as cb,
+  ExposedResourceSchema as cc,
+  FeatureManifestSchema as cd,
+  FeatureProbeStatusSchema as ce,
+  FrameInputSchema as cf,
+  GlobalMetricsSchema as cg,
+  HWACCEL_OPTIONS as ch,
+  HaServiceCallSchema as ci,
+  HaStateSchema as cj,
+  HaStatusSchema as ck,
+  HealthStatusSchema as cl,
+  HistoryPointSchema as cm,
+  HistoryResolutionEnum as cn,
+  InstalledPackageSchema as co,
+  IntegrationLiteSchema as cp,
+  IntegrationWithStateSchema as cq,
+  IntercomAbilitySchema as cr,
+  IntercomStatusSchema as cs,
+  LocationStatSchema as ct,
+  LogEntrySchema as cu,
+  LogLevelSchema$1 as cv,
+  LogStreamEntrySchema as cw,
+  MODEL_FORMATS as cx,
+  MediaFileSchema as cy,
+  MethodAccessSchema as cz,
   doorbellCapability as d,
-  TurnProviderInfoSchema as d$,
-  PolygonPointSchema as d0,
-  ProfileSlotSchema as d1,
-  ProfileSlotStatusSchema as d2,
-  ProviderStatusSchema as d3,
-  PtzAutotrackRuntimeStateSchema as d4,
-  PtzAutotrackSettingsSchema as d5,
-  PtzAutotrackStatusSchema as d6,
-  PtzAutotrackTargetOptionSchema as d7,
-  PtzMoveCommandSchema as d8,
-  PtzPositionSchema as d9,
-  BeginUploadInputSchema as dA,
-  BeginUploadResultSchema as dB,
-  EndDownloadInputSchema as dC,
-  FinalizeUploadInputSchema as dD,
-  StorageLocationRefSchema as dE,
-  StorageLocationSchema as dF,
-  StorageLocationTypeSchema as dG,
-  ProviderInfoSchema as dH,
-  ReadChunkInputSchema as dI,
-  TestLocationResultSchema as dJ,
-  WriteChunkInputSchema as dK,
-  StreamFormatSchema as dL,
-  StreamInfoSchema as dM,
-  StreamNetworkStatsSchema as dN,
-  StreamSourceEntrySchema$1 as dO,
-  StreamSourceSchema as dP,
-  SwitchStatusSchema as dQ,
-  SystemMetricsSchema as dR,
-  TestConnectionResultSchema as dS,
-  ToastSchema as dT,
-  TokenScopeSchema as dU,
-  TopologyNodeSchema as dV,
-  TopologyProcessSchema as dW,
-  TopologyServiceSchema as dX,
-  TrackSchema as dY,
-  TrackStateSchema as dZ,
-  TrackedDetectionSchema as d_,
-  PtzPresetSchema as da,
-  QueryFilterSchema as db,
-  RegisteredStreamSchema as dc,
-  RemoteAccessEndpointSchema as dd,
-  RemoteAccessProviderInfoSchema as de,
-  ReportMotionInputSchema as df,
-  RtspRestreamEntrySchema as dg,
-  RunnerCameraConfigSchema as dh,
-  RunnerCameraDeviceUIFields as di,
-  RunnerLocalLoadSchema as dj,
-  RunnerLocalMetricsSchema as dk,
-  STORAGE_LOCATION_CARDINALITY as dl,
-  ScopedTokenSchema as dm,
-  ScopedTokenSummarySchema as dn,
-  SearchResultSchema as dp,
-  SegmentSchema as dq,
-  SettingsPatchSchema as dr,
-  SettingsRecordSchema as ds,
-  SettingsSchemaWithValuesSchema as dt,
-  SettingsUpdateResultSchema as du,
-  SnapshotImageSchema as dv,
-  SpatialDetectionSchema as dw,
-  AbortUploadInputSchema as dx,
-  BeginDownloadInputSchema as dy,
-  BeginDownloadResultSchema as dz,
+  StreamFormatSchema as d$,
+  PackageUpdateSchema as d0,
+  PackageVersionInfoSchema as d1,
+  PasskeySummarySchema as d2,
+  PcmSampleFormatSchema as d3,
+  PerScopeBreakdownSchema as d4,
+  PipelineAssignmentSchema as d5,
+  PipelineDefaultStepSchema as d6,
+  PipelineEngineChoiceSchema as d7,
+  PipelineRunResultBridge as d8,
+  PipelineStepInputSchema as d9,
+  ScopedTokenSummarySchema as dA,
+  SearchResultSchema as dB,
+  SegmentSchema as dC,
+  SendEmailInputSchema as dD,
+  SendEmailResultSchema as dE,
+  SettingsPatchSchema as dF,
+  SettingsRecordSchema as dG,
+  SettingsSchemaWithValuesSchema as dH,
+  SettingsUpdateResultSchema as dI,
+  SmtpStatusSchema as dJ,
+  SnapshotImageSchema as dK,
+  SpatialDetectionSchema as dL,
+  SsoBridgeClaimsSchema as dM,
+  AbortUploadInputSchema as dN,
+  BeginDownloadInputSchema as dO,
+  BeginDownloadResultSchema as dP,
+  BeginUploadInputSchema as dQ,
+  BeginUploadResultSchema as dR,
+  EndDownloadInputSchema as dS,
+  FinalizeUploadInputSchema as dT,
+  StorageLocationRefSchema as dU,
+  StorageLocationSchema as dV,
+  StorageLocationTypeSchema as dW,
+  ProviderInfoSchema as dX,
+  ReadChunkInputSchema as dY,
+  TestLocationResultSchema as dZ,
+  WriteChunkInputSchema as d_,
+  PlaceholderReasonSchema as da,
+  PolygonPointSchema as db,
+  ProfileSlotSchema as dc,
+  ProfileSlotStatusSchema as dd,
+  ProviderStatusSchema as de,
+  PtzAutotrackRuntimeStateSchema as df,
+  PtzAutotrackSettingsSchema as dg,
+  PtzAutotrackStatusSchema as dh,
+  PtzAutotrackTargetOptionSchema as di,
+  PtzMoveCommandSchema as dj,
+  PtzPositionSchema as dk,
+  PtzPresetSchema as dl,
+  PublishInputSchema as dm,
+  QueryFilterSchema as dn,
+  RegisteredStreamSchema as dp,
+  RemoteAccessEndpointSchema as dq,
+  RemoteAccessProviderInfoSchema as dr,
+  ReportMotionInputSchema as ds,
+  RtspRestreamEntrySchema as dt,
+  RunnerCameraConfigSchema as du,
+  RunnerCameraDeviceUIFields as dv,
+  RunnerLocalLoadSchema as dw,
+  RunnerLocalMetricsSchema as dx,
+  STORAGE_LOCATION_CARDINALITY as dy,
+  ScopedTokenSchema as dz,
   errMsg as e,
-  TurnServerSchema as e0,
-  UpdateIntegrationInputSchema as e1,
-  UpdateUserInputSchema as e2,
-  UserRecordSchema as e3,
-  UserRoleSchema as e4,
-  UserSummarySchema as e5,
-  WELL_KNOWN_TABS as e6,
-  WELL_KNOWN_TAB_MAP as e7,
-  WebrtcStreamChoiceSchema as e8,
-  WebrtcStreamTargetSchema as e9,
-  WidgetHostEnum as ea,
-  WidgetMetadataSchema as eb,
-  WidgetSizeEnum as ec,
-  YAMNET_TO_MACRO as ed,
-  ZoneKindEnum as ee,
-  ZoneRuleModeEnum as ef,
-  ZoneRuleSchema as eg,
-  ZoneRuleStageEnum as eh,
-  ZoneRulesArraySchema as ei,
-  ZoneSchema as ej,
-  ZoneScopeBreakdownSchema as ek,
-  accessoryStableId as el,
-  deviceMatchesProfile as em,
-  event as en,
-  expandCapMethods as eo,
-  getAudioMacroClassIds as ep,
-  mapAudioLabelToMacro as eq,
-  method as er,
-  resolveDeviceProfile as es,
-  webrtcClientHintsSchema as et,
+  StreamInfoSchema as e0,
+  StreamNetworkStatsSchema as e1,
+  StreamSourceEntrySchema$1 as e2,
+  StreamSourceSchema as e3,
+  SubscribeInputSchema as e4,
+  SubscriptionInfoSchema as e5,
+  SwitchStatusSchema as e6,
+  SystemMetricsSchema as e7,
+  TestConnectionResultSchema as e8,
+  ToastSchema as e9,
+  ZoneSchema as eA,
+  ZoneScopeBreakdownSchema as eB,
+  accessoryStableId as eC,
+  deviceMatchesProfile as eD,
+  event as eE,
+  expandCapMethods as eF,
+  getAudioMacroClassIds as eG,
+  mapAudioLabelToMacro as eH,
+  method as eI,
+  resolveDeviceProfile as eJ,
+  webrtcClientHintsSchema as eK,
+  TokenScopeSchema as ea,
+  TopologyNodeSchema as eb,
+  TopologyProcessSchema as ec,
+  TopologyServiceSchema as ed,
+  TrackSchema as ee,
+  TrackStateSchema as ef,
+  TrackedDetectionSchema as eg,
+  TurnProviderInfoSchema as eh,
+  TurnServerSchema as ei,
+  UpdateIntegrationInputSchema as ej,
+  UpdateUserInputSchema as ek,
+  UserRecordSchema as el,
+  UserSummarySchema as em,
+  WELL_KNOWN_TABS as en,
+  WELL_KNOWN_TAB_MAP as eo,
+  WebrtcStreamChoiceSchema as ep,
+  WebrtcStreamTargetSchema as eq,
+  WidgetHostEnum as er,
+  WidgetMetadataSchema as es,
+  WidgetSizeEnum as et,
+  YAMNET_TO_MACRO as eu,
+  ZoneKindEnum as ev,
+  ZoneRuleModeEnum as ew,
+  ZoneRuleSchema as ex,
+  ZoneRuleStageEnum as ey,
+  ZoneRulesArraySchema as ez,
   featureProbeCapability as f,
   deviceStatusCapability as g,
   hydrateSchema as h,
@@ -8302,4 +8811,4 @@ export {
   addonsCapability as y,
   zonesCapability as z
 };
-//# sourceMappingURL=index-DVKPWMwv.mjs.map
+//# sourceMappingURL=index-BKnvgAep.mjs.map