@camstack/types 0.1.30 → 0.1.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/dist/addon/build-addon-route-provider.d.ts +55 -0
  2. package/dist/addon/build-addon-route-provider.d.ts.map +1 -0
  3. package/dist/capabilities/addon-routes.cap.d.ts +64 -0
  4. package/dist/capabilities/addon-routes.cap.d.ts.map +1 -1
  5. package/dist/capabilities/auth-provider.cap.d.ts +4 -4
  6. package/dist/capabilities/auth-provider.cap.d.ts.map +1 -1
  7. package/dist/capabilities/authentication.cap.d.ts +4 -0
  8. package/dist/capabilities/authentication.cap.d.ts.map +1 -1
  9. package/dist/capabilities/home-assistant.cap.d.ts +138 -0
  10. package/dist/capabilities/home-assistant.cap.d.ts.map +1 -0
  11. package/dist/capabilities/index.d.ts +16 -1
  12. package/dist/capabilities/index.d.ts.map +1 -1
  13. package/dist/capabilities/mesh-network.cap.d.ts +18 -0
  14. package/dist/capabilities/mesh-network.cap.d.ts.map +1 -1
  15. package/dist/capabilities/mqtt-provider.cap.d.ts +91 -0
  16. package/dist/capabilities/mqtt-provider.cap.d.ts.map +1 -0
  17. package/dist/capabilities/settings-store.cap.d.ts +8 -2
  18. package/dist/capabilities/settings-store.cap.d.ts.map +1 -1
  19. package/dist/capabilities/smtp-provider.cap.d.ts +62 -0
  20. package/dist/capabilities/smtp-provider.cap.d.ts.map +1 -0
  21. package/dist/capabilities/sso-bridge.cap.d.ts +58 -0
  22. package/dist/capabilities/sso-bridge.cap.d.ts.map +1 -0
  23. package/dist/capabilities/user-management.cap.d.ts +513 -184
  24. package/dist/capabilities/user-management.cap.d.ts.map +1 -1
  25. package/dist/capabilities/user-passkeys.cap.d.ts +92 -0
  26. package/dist/capabilities/user-passkeys.cap.d.ts.map +1 -0
  27. package/dist/enums/event-category.d.ts +8 -1
  28. package/dist/enums/event-category.d.ts.map +1 -1
  29. package/dist/generated/addon-api.d.ts +472 -86
  30. package/dist/generated/addon-api.d.ts.map +1 -1
  31. package/dist/generated/capability-router-map.d.ts +19 -4
  32. package/dist/generated/capability-router-map.d.ts.map +1 -1
  33. package/dist/generated/method-access-map.d.ts +6 -1
  34. package/dist/generated/method-access-map.d.ts.map +1 -1
  35. package/dist/generated/scope-presets.d.ts +17 -0
  36. package/dist/generated/scope-presets.d.ts.map +1 -0
  37. package/dist/generated/system-proxy.d.ts +2 -2
  38. package/dist/generated/system-proxy.d.ts.map +1 -1
  39. package/dist/{index-s8uJNgNs.js → index-BKifir_y.js} +557 -48
  40. package/dist/index-BKifir_y.js.map +1 -0
  41. package/dist/{index-DVKPWMwv.mjs → index-BKnvgAep.mjs} +852 -343
  42. package/dist/index-BKnvgAep.mjs.map +1 -0
  43. package/dist/index.d.ts +7 -3
  44. package/dist/index.d.ts.map +1 -1
  45. package/dist/index.js +781 -498
  46. package/dist/index.js.map +1 -1
  47. package/dist/index.mjs +1038 -755
  48. package/dist/index.mjs.map +1 -1
  49. package/dist/interfaces/addon-routes.d.ts +8 -2
  50. package/dist/interfaces/addon-routes.d.ts.map +1 -1
  51. package/dist/interfaces/api-responses.d.ts +2 -3
  52. package/dist/interfaces/api-responses.d.ts.map +1 -1
  53. package/dist/interfaces/auth.d.ts +14 -11
  54. package/dist/interfaces/auth.d.ts.map +1 -1
  55. package/dist/interfaces/storage.d.ts +15 -2
  56. package/dist/interfaces/storage.d.ts.map +1 -1
  57. package/dist/node.js +1 -1
  58. package/dist/node.mjs +1 -1
  59. package/dist/schemas/auth-records.d.ts +105 -50
  60. package/dist/schemas/auth-records.d.ts.map +1 -1
  61. package/package.json +1 -1
  62. package/dist/index-DVKPWMwv.mjs.map +0 -1
  63. package/dist/index-s8uJNgNs.js.map +0 -1
  64. package/dist/interfaces/auth-provider.d.ts +0 -39
  65. package/dist/interfaces/auth-provider.d.ts.map +0 -1
package/dist/capabilities/user-management.cap.d.ts CHANGED
@@ -3,85 +3,137 @@ import { type InferProvider } from './capability-definition.js';
3
3
  declare const UserSummarySchema: z.ZodObject<{
4
4
  id: z.ZodString;
5
5
  username: z.ZodString;
6
- role: z.ZodEnum<{
7
- admin: "admin";
8
- viewer: "viewer";
9
- agent: "agent";
10
- scoped: "scoped";
11
- }>;
6
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
12
7
  allowedProviders: z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>;
13
8
  allowedDevices: z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
14
- scopes: z.ZodDefault<z.ZodArray<z.ZodObject<{
15
- type: z.ZodEnum<{
16
- addon: "addon";
17
- capability: "capability";
9
+ scopes: z.ZodDefault<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
10
+ type: z.ZodLiteral<"category">;
11
+ target: z.ZodEnum<{
12
+ system: "system";
13
+ device: "device";
18
14
  }>;
15
+ access: z.ZodArray<z.ZodEnum<{
16
+ view: "view";
17
+ create: "create";
18
+ delete: "delete";
19
+ }>>;
20
+ }, z.core.$strip>, z.ZodObject<{
21
+ type: z.ZodLiteral<"capability">;
22
+ target: z.ZodString;
23
+ access: z.ZodArray<z.ZodEnum<{
24
+ view: "view";
25
+ create: "create";
26
+ delete: "delete";
27
+ }>>;
28
+ }, z.core.$strip>, z.ZodObject<{
29
+ type: z.ZodLiteral<"addon">;
19
30
  target: z.ZodString;
20
31
  access: z.ZodArray<z.ZodEnum<{
21
32
  view: "view";
22
33
  create: "create";
23
34
  delete: "delete";
24
35
  }>>;
25
- }, z.core.$strip>>>;
36
+ }, z.core.$strip>, z.ZodObject<{
37
+ type: z.ZodLiteral<"device">;
38
+ targets: z.ZodArray<z.ZodString>;
39
+ access: z.ZodArray<z.ZodEnum<{
40
+ view: "view";
41
+ create: "create";
42
+ delete: "delete";
43
+ }>>;
44
+ }, z.core.$strip>], "type">>>;
26
45
  createdAt: z.ZodNumber;
27
46
  updatedAt: z.ZodNumber;
28
47
  }, z.core.$strip>;
29
48
  declare const CreateUserInputSchema: z.ZodObject<{
30
49
  username: z.ZodString;
31
50
  password: z.ZodString;
32
- role: z.ZodEnum<{
33
- admin: "admin";
34
- viewer: "viewer";
35
- agent: "agent";
36
- scoped: "scoped";
37
- }>;
51
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
38
52
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
39
53
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
40
- scopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
41
- type: z.ZodEnum<{
42
- addon: "addon";
43
- capability: "capability";
54
+ scopes: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
55
+ type: z.ZodLiteral<"category">;
56
+ target: z.ZodEnum<{
57
+ system: "system";
58
+ device: "device";
44
59
  }>;
60
+ access: z.ZodArray<z.ZodEnum<{
61
+ view: "view";
62
+ create: "create";
63
+ delete: "delete";
64
+ }>>;
65
+ }, z.core.$strip>, z.ZodObject<{
66
+ type: z.ZodLiteral<"capability">;
67
+ target: z.ZodString;
68
+ access: z.ZodArray<z.ZodEnum<{
69
+ view: "view";
70
+ create: "create";
71
+ delete: "delete";
72
+ }>>;
73
+ }, z.core.$strip>, z.ZodObject<{
74
+ type: z.ZodLiteral<"addon">;
45
75
  target: z.ZodString;
46
76
  access: z.ZodArray<z.ZodEnum<{
47
77
  view: "view";
48
78
  create: "create";
49
79
  delete: "delete";
50
80
  }>>;
51
- }, z.core.$strip>>>;
81
+ }, z.core.$strip>, z.ZodObject<{
82
+ type: z.ZodLiteral<"device">;
83
+ targets: z.ZodArray<z.ZodString>;
84
+ access: z.ZodArray<z.ZodEnum<{
85
+ view: "view";
86
+ create: "create";
87
+ delete: "delete";
88
+ }>>;
89
+ }, z.core.$strip>], "type">>>;
52
90
  }, z.core.$strip>;
53
91
  declare const UpdateUserInputSchema: z.ZodObject<{
54
92
  id: z.ZodString;
55
- role: z.ZodOptional<z.ZodEnum<{
56
- admin: "admin";
57
- viewer: "viewer";
58
- agent: "agent";
59
- scoped: "scoped";
60
- }>>;
93
+ isAdmin: z.ZodOptional<z.ZodBoolean>;
61
94
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
62
95
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
63
- scopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
64
- type: z.ZodEnum<{
65
- addon: "addon";
66
- capability: "capability";
96
+ scopes: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
97
+ type: z.ZodLiteral<"category">;
98
+ target: z.ZodEnum<{
99
+ system: "system";
100
+ device: "device";
67
101
  }>;
102
+ access: z.ZodArray<z.ZodEnum<{
103
+ view: "view";
104
+ create: "create";
105
+ delete: "delete";
106
+ }>>;
107
+ }, z.core.$strip>, z.ZodObject<{
108
+ type: z.ZodLiteral<"capability">;
68
109
  target: z.ZodString;
69
110
  access: z.ZodArray<z.ZodEnum<{
70
111
  view: "view";
71
112
  create: "create";
72
113
  delete: "delete";
73
114
  }>>;
74
- }, z.core.$strip>>>;
115
+ }, z.core.$strip>, z.ZodObject<{
116
+ type: z.ZodLiteral<"addon">;
117
+ target: z.ZodString;
118
+ access: z.ZodArray<z.ZodEnum<{
119
+ view: "view";
120
+ create: "create";
121
+ delete: "delete";
122
+ }>>;
123
+ }, z.core.$strip>, z.ZodObject<{
124
+ type: z.ZodLiteral<"device">;
125
+ targets: z.ZodArray<z.ZodString>;
126
+ access: z.ZodArray<z.ZodEnum<{
127
+ view: "view";
128
+ create: "create";
129
+ delete: "delete";
130
+ }>>;
131
+ }, z.core.$strip>], "type">>>;
75
132
  }, z.core.$strip>;
76
133
  declare const ApiKeySummarySchema: z.ZodObject<{
77
134
  id: z.ZodString;
78
135
  label: z.ZodString;
79
- role: z.ZodEnum<{
80
- admin: "admin";
81
- viewer: "viewer";
82
- agent: "agent";
83
- scoped: "scoped";
84
- }>;
136
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
85
137
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
86
138
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
87
139
  tokenPrefix: z.ZodString;
@@ -90,12 +142,7 @@ declare const ApiKeySummarySchema: z.ZodObject<{
90
142
  }, z.core.$strip>;
91
143
  declare const CreateApiKeyInputSchema: z.ZodObject<{
92
144
  label: z.ZodString;
93
- role: z.ZodEnum<{
94
- admin: "admin";
95
- viewer: "viewer";
96
- agent: "agent";
97
- scoped: "scoped";
98
- }>;
145
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
99
146
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
100
147
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
101
148
  }, z.core.$strip>;
@@ -104,12 +151,7 @@ declare const CreateApiKeyResultSchema: z.ZodObject<{
104
151
  record: z.ZodObject<{
105
152
  id: z.ZodString;
106
153
  label: z.ZodString;
107
- role: z.ZodEnum<{
108
- admin: "admin";
109
- viewer: "viewer";
110
- agent: "agent";
111
- scoped: "scoped";
112
- }>;
154
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
113
155
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
114
156
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
115
157
  tokenPrefix: z.ZodString;
@@ -122,18 +164,42 @@ declare const ScopedTokenSummarySchema: z.ZodObject<{
122
164
  userId: z.ZodString;
123
165
  name: z.ZodString;
124
166
  tokenPrefix: z.ZodString;
125
- scopes: z.ZodArray<z.ZodObject<{
126
- type: z.ZodEnum<{
127
- addon: "addon";
128
- capability: "capability";
167
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
168
+ type: z.ZodLiteral<"category">;
169
+ target: z.ZodEnum<{
170
+ system: "system";
171
+ device: "device";
129
172
  }>;
173
+ access: z.ZodArray<z.ZodEnum<{
174
+ view: "view";
175
+ create: "create";
176
+ delete: "delete";
177
+ }>>;
178
+ }, z.core.$strip>, z.ZodObject<{
179
+ type: z.ZodLiteral<"capability">;
130
180
  target: z.ZodString;
131
181
  access: z.ZodArray<z.ZodEnum<{
132
182
  view: "view";
133
183
  create: "create";
134
184
  delete: "delete";
135
185
  }>>;
136
- }, z.core.$strip>>;
186
+ }, z.core.$strip>, z.ZodObject<{
187
+ type: z.ZodLiteral<"addon">;
188
+ target: z.ZodString;
189
+ access: z.ZodArray<z.ZodEnum<{
190
+ view: "view";
191
+ create: "create";
192
+ delete: "delete";
193
+ }>>;
194
+ }, z.core.$strip>, z.ZodObject<{
195
+ type: z.ZodLiteral<"device">;
196
+ targets: z.ZodArray<z.ZodString>;
197
+ access: z.ZodArray<z.ZodEnum<{
198
+ view: "view";
199
+ create: "create";
200
+ delete: "delete";
201
+ }>>;
202
+ }, z.core.$strip>], "type">>;
137
203
  expiresAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
138
204
  lastUsedAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
139
205
  createdAt: z.ZodNumber;
@@ -141,18 +207,42 @@ declare const ScopedTokenSummarySchema: z.ZodObject<{
141
207
  declare const CreateScopedTokenInputSchema: z.ZodObject<{
142
208
  userId: z.ZodString;
143
209
  name: z.ZodString;
144
- scopes: z.ZodArray<z.ZodObject<{
145
- type: z.ZodEnum<{
146
- addon: "addon";
147
- capability: "capability";
210
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
211
+ type: z.ZodLiteral<"category">;
212
+ target: z.ZodEnum<{
213
+ system: "system";
214
+ device: "device";
148
215
  }>;
216
+ access: z.ZodArray<z.ZodEnum<{
217
+ view: "view";
218
+ create: "create";
219
+ delete: "delete";
220
+ }>>;
221
+ }, z.core.$strip>, z.ZodObject<{
222
+ type: z.ZodLiteral<"capability">;
223
+ target: z.ZodString;
224
+ access: z.ZodArray<z.ZodEnum<{
225
+ view: "view";
226
+ create: "create";
227
+ delete: "delete";
228
+ }>>;
229
+ }, z.core.$strip>, z.ZodObject<{
230
+ type: z.ZodLiteral<"addon">;
149
231
  target: z.ZodString;
150
232
  access: z.ZodArray<z.ZodEnum<{
151
233
  view: "view";
152
234
  create: "create";
153
235
  delete: "delete";
154
236
  }>>;
155
- }, z.core.$strip>>;
237
+ }, z.core.$strip>, z.ZodObject<{
238
+ type: z.ZodLiteral<"device">;
239
+ targets: z.ZodArray<z.ZodString>;
240
+ access: z.ZodArray<z.ZodEnum<{
241
+ view: "view";
242
+ create: "create";
243
+ delete: "delete";
244
+ }>>;
245
+ }, z.core.$strip>], "type">>;
156
246
  expiresAt: z.ZodOptional<z.ZodNumber>;
157
247
  }, z.core.$strip>;
158
248
  declare const CreateScopedTokenResultSchema: z.ZodObject<{
@@ -162,18 +252,42 @@ declare const CreateScopedTokenResultSchema: z.ZodObject<{
162
252
  userId: z.ZodString;
163
253
  name: z.ZodString;
164
254
  tokenPrefix: z.ZodString;
165
- scopes: z.ZodArray<z.ZodObject<{
166
- type: z.ZodEnum<{
167
- addon: "addon";
168
- capability: "capability";
255
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
256
+ type: z.ZodLiteral<"category">;
257
+ target: z.ZodEnum<{
258
+ system: "system";
259
+ device: "device";
169
260
  }>;
261
+ access: z.ZodArray<z.ZodEnum<{
262
+ view: "view";
263
+ create: "create";
264
+ delete: "delete";
265
+ }>>;
266
+ }, z.core.$strip>, z.ZodObject<{
267
+ type: z.ZodLiteral<"capability">;
268
+ target: z.ZodString;
269
+ access: z.ZodArray<z.ZodEnum<{
270
+ view: "view";
271
+ create: "create";
272
+ delete: "delete";
273
+ }>>;
274
+ }, z.core.$strip>, z.ZodObject<{
275
+ type: z.ZodLiteral<"addon">;
170
276
  target: z.ZodString;
171
277
  access: z.ZodArray<z.ZodEnum<{
172
278
  view: "view";
173
279
  create: "create";
174
280
  delete: "delete";
175
281
  }>>;
176
- }, z.core.$strip>>;
282
+ }, z.core.$strip>, z.ZodObject<{
283
+ type: z.ZodLiteral<"device">;
284
+ targets: z.ZodArray<z.ZodString>;
285
+ access: z.ZodArray<z.ZodEnum<{
286
+ view: "view";
287
+ create: "create";
288
+ delete: "delete";
289
+ }>>;
290
+ }, z.core.$strip>], "type">>;
177
291
  expiresAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
178
292
  lastUsedAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
179
293
  createdAt: z.ZodNumber;
@@ -183,16 +297,11 @@ declare const CreateScopedTokenResultSchema: z.ZodObject<{
183
297
  * user-management — singleton capability for user accounts, API keys,
184
298
  * and scoped tokens.
185
299
  *
186
- * Implemented by the `local-auth` addon. Covers all CRUD operations
187
- * that were previously hand-written in `users.router.ts` and
188
- * `scoped-tokens.router.ts`.
189
- *
190
- * Login/logout/me stay in the server's core auth router because they
191
- * depend on JWT signing (a server-level concern, not an addon concern).
192
- *
193
- * `superAdmin` auth modifier was retired alongside the role itself —
194
- * destructive ops are now gated by `auth: 'admin'` (the unscoped role),
195
- * which the middleware lets through unconditionally.
300
+ * v2 model: every method gated by `auth: 'admin'`. Admin-only delegation
301
+ * the subset check on `setUserScopes` / `createScopedToken` is moot
302
+ * because non-admins never reach these. If/when we open non-admin
303
+ * delegation, structural caller-scope subset check goes inside the
304
+ * provider.
196
305
  */
197
306
  export declare const userManagementCapability: {
198
307
  readonly name: "user-management";
@@ -202,100 +311,176 @@ export declare const userManagementCapability: {
202
311
  readonly listUsers: import("./capability-definition.js").CapabilityMethodSchema<z.ZodVoid, z.ZodArray<z.ZodObject<{
203
312
  id: z.ZodString;
204
313
  username: z.ZodString;
205
- role: z.ZodEnum<{
206
- admin: "admin";
207
- viewer: "viewer";
208
- agent: "agent";
209
- scoped: "scoped";
210
- }>;
314
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
211
315
  allowedProviders: z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>;
212
316
  allowedDevices: z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
213
- scopes: z.ZodDefault<z.ZodArray<z.ZodObject<{
214
- type: z.ZodEnum<{
215
- addon: "addon";
216
- capability: "capability";
317
+ scopes: z.ZodDefault<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
318
+ type: z.ZodLiteral<"category">;
319
+ target: z.ZodEnum<{
320
+ system: "system";
321
+ device: "device";
217
322
  }>;
323
+ access: z.ZodArray<z.ZodEnum<{
324
+ view: "view";
325
+ create: "create";
326
+ delete: "delete";
327
+ }>>;
328
+ }, z.core.$strip>, z.ZodObject<{
329
+ type: z.ZodLiteral<"capability">;
218
330
  target: z.ZodString;
219
331
  access: z.ZodArray<z.ZodEnum<{
220
332
  view: "view";
221
333
  create: "create";
222
334
  delete: "delete";
223
335
  }>>;
224
- }, z.core.$strip>>>;
336
+ }, z.core.$strip>, z.ZodObject<{
337
+ type: z.ZodLiteral<"addon">;
338
+ target: z.ZodString;
339
+ access: z.ZodArray<z.ZodEnum<{
340
+ view: "view";
341
+ create: "create";
342
+ delete: "delete";
343
+ }>>;
344
+ }, z.core.$strip>, z.ZodObject<{
345
+ type: z.ZodLiteral<"device">;
346
+ targets: z.ZodArray<z.ZodString>;
347
+ access: z.ZodArray<z.ZodEnum<{
348
+ view: "view";
349
+ create: "create";
350
+ delete: "delete";
351
+ }>>;
352
+ }, z.core.$strip>], "type">>>;
225
353
  createdAt: z.ZodNumber;
226
354
  updatedAt: z.ZodNumber;
227
355
  }, z.core.$strip>>, import("./capability-definition.js").CapabilityMethodKind>;
228
356
  readonly createUser: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
229
357
  username: z.ZodString;
230
358
  password: z.ZodString;
231
- role: z.ZodEnum<{
232
- admin: "admin";
233
- viewer: "viewer";
234
- agent: "agent";
235
- scoped: "scoped";
236
- }>;
359
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
237
360
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
238
361
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
239
- scopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
240
- type: z.ZodEnum<{
241
- addon: "addon";
242
- capability: "capability";
362
+ scopes: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
363
+ type: z.ZodLiteral<"category">;
364
+ target: z.ZodEnum<{
365
+ system: "system";
366
+ device: "device";
243
367
  }>;
368
+ access: z.ZodArray<z.ZodEnum<{
369
+ view: "view";
370
+ create: "create";
371
+ delete: "delete";
372
+ }>>;
373
+ }, z.core.$strip>, z.ZodObject<{
374
+ type: z.ZodLiteral<"capability">;
375
+ target: z.ZodString;
376
+ access: z.ZodArray<z.ZodEnum<{
377
+ view: "view";
378
+ create: "create";
379
+ delete: "delete";
380
+ }>>;
381
+ }, z.core.$strip>, z.ZodObject<{
382
+ type: z.ZodLiteral<"addon">;
244
383
  target: z.ZodString;
245
384
  access: z.ZodArray<z.ZodEnum<{
246
385
  view: "view";
247
386
  create: "create";
248
387
  delete: "delete";
249
388
  }>>;
250
- }, z.core.$strip>>>;
389
+ }, z.core.$strip>, z.ZodObject<{
390
+ type: z.ZodLiteral<"device">;
391
+ targets: z.ZodArray<z.ZodString>;
392
+ access: z.ZodArray<z.ZodEnum<{
393
+ view: "view";
394
+ create: "create";
395
+ delete: "delete";
396
+ }>>;
397
+ }, z.core.$strip>], "type">>>;
251
398
  }, z.core.$strip>, z.ZodObject<{
252
399
  id: z.ZodString;
253
400
  username: z.ZodString;
254
- role: z.ZodEnum<{
255
- admin: "admin";
256
- viewer: "viewer";
257
- agent: "agent";
258
- scoped: "scoped";
259
- }>;
401
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
260
402
  allowedProviders: z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>;
261
403
  allowedDevices: z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
262
- scopes: z.ZodDefault<z.ZodArray<z.ZodObject<{
263
- type: z.ZodEnum<{
264
- addon: "addon";
265
- capability: "capability";
404
+ scopes: z.ZodDefault<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
405
+ type: z.ZodLiteral<"category">;
406
+ target: z.ZodEnum<{
407
+ system: "system";
408
+ device: "device";
266
409
  }>;
410
+ access: z.ZodArray<z.ZodEnum<{
411
+ view: "view";
412
+ create: "create";
413
+ delete: "delete";
414
+ }>>;
415
+ }, z.core.$strip>, z.ZodObject<{
416
+ type: z.ZodLiteral<"capability">;
267
417
  target: z.ZodString;
268
418
  access: z.ZodArray<z.ZodEnum<{
269
419
  view: "view";
270
420
  create: "create";
271
421
  delete: "delete";
272
422
  }>>;
273
- }, z.core.$strip>>>;
423
+ }, z.core.$strip>, z.ZodObject<{
424
+ type: z.ZodLiteral<"addon">;
425
+ target: z.ZodString;
426
+ access: z.ZodArray<z.ZodEnum<{
427
+ view: "view";
428
+ create: "create";
429
+ delete: "delete";
430
+ }>>;
431
+ }, z.core.$strip>, z.ZodObject<{
432
+ type: z.ZodLiteral<"device">;
433
+ targets: z.ZodArray<z.ZodString>;
434
+ access: z.ZodArray<z.ZodEnum<{
435
+ view: "view";
436
+ create: "create";
437
+ delete: "delete";
438
+ }>>;
439
+ }, z.core.$strip>], "type">>>;
274
440
  createdAt: z.ZodNumber;
275
441
  updatedAt: z.ZodNumber;
276
442
  }, z.core.$strip>, "mutation">;
277
443
  readonly updateUser: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
278
444
  id: z.ZodString;
279
- role: z.ZodOptional<z.ZodEnum<{
280
- admin: "admin";
281
- viewer: "viewer";
282
- agent: "agent";
283
- scoped: "scoped";
284
- }>>;
445
+ isAdmin: z.ZodOptional<z.ZodBoolean>;
285
446
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
286
447
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
287
- scopes: z.ZodOptional<z.ZodArray<z.ZodObject<{
288
- type: z.ZodEnum<{
289
- addon: "addon";
290
- capability: "capability";
448
+ scopes: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
449
+ type: z.ZodLiteral<"category">;
450
+ target: z.ZodEnum<{
451
+ system: "system";
452
+ device: "device";
291
453
  }>;
454
+ access: z.ZodArray<z.ZodEnum<{
455
+ view: "view";
456
+ create: "create";
457
+ delete: "delete";
458
+ }>>;
459
+ }, z.core.$strip>, z.ZodObject<{
460
+ type: z.ZodLiteral<"capability">;
461
+ target: z.ZodString;
462
+ access: z.ZodArray<z.ZodEnum<{
463
+ view: "view";
464
+ create: "create";
465
+ delete: "delete";
466
+ }>>;
467
+ }, z.core.$strip>, z.ZodObject<{
468
+ type: z.ZodLiteral<"addon">;
292
469
  target: z.ZodString;
293
470
  access: z.ZodArray<z.ZodEnum<{
294
471
  view: "view";
295
472
  create: "create";
296
473
  delete: "delete";
297
474
  }>>;
298
- }, z.core.$strip>>>;
475
+ }, z.core.$strip>, z.ZodObject<{
476
+ type: z.ZodLiteral<"device">;
477
+ targets: z.ZodArray<z.ZodString>;
478
+ access: z.ZodArray<z.ZodEnum<{
479
+ view: "view";
480
+ create: "create";
481
+ delete: "delete";
482
+ }>>;
483
+ }, z.core.$strip>], "type">>>;
299
484
  }, z.core.$strip>, z.ZodObject<{
300
485
  success: z.ZodLiteral<true>;
301
486
  }, z.core.$strip>, "mutation">;
@@ -310,24 +495,44 @@ export declare const userManagementCapability: {
310
495
  }, z.core.$strip>, z.ZodObject<{
311
496
  success: z.ZodLiteral<true>;
312
497
  }, z.core.$strip>, "mutation">;
313
- /**
314
- * Replace the scope set on a user. Subset check: the caller's scopes
315
- * must include every requested scope+access (admin bypasses).
316
- */
317
498
  readonly setUserScopes: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
318
499
  userId: z.ZodString;
319
- scopes: z.ZodArray<z.ZodObject<{
320
- type: z.ZodEnum<{
321
- addon: "addon";
322
- capability: "capability";
500
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
501
+ type: z.ZodLiteral<"category">;
502
+ target: z.ZodEnum<{
503
+ system: "system";
504
+ device: "device";
323
505
  }>;
506
+ access: z.ZodArray<z.ZodEnum<{
507
+ view: "view";
508
+ create: "create";
509
+ delete: "delete";
510
+ }>>;
511
+ }, z.core.$strip>, z.ZodObject<{
512
+ type: z.ZodLiteral<"capability">;
513
+ target: z.ZodString;
514
+ access: z.ZodArray<z.ZodEnum<{
515
+ view: "view";
516
+ create: "create";
517
+ delete: "delete";
518
+ }>>;
519
+ }, z.core.$strip>, z.ZodObject<{
520
+ type: z.ZodLiteral<"addon">;
324
521
  target: z.ZodString;
325
522
  access: z.ZodArray<z.ZodEnum<{
326
523
  view: "view";
327
524
  create: "create";
328
525
  delete: "delete";
329
526
  }>>;
330
- }, z.core.$strip>>;
527
+ }, z.core.$strip>, z.ZodObject<{
528
+ type: z.ZodLiteral<"device">;
529
+ targets: z.ZodArray<z.ZodString>;
530
+ access: z.ZodArray<z.ZodEnum<{
531
+ view: "view";
532
+ create: "create";
533
+ delete: "delete";
534
+ }>>;
535
+ }, z.core.$strip>], "type">>;
331
536
  }, z.core.$strip>, z.ZodObject<{
332
537
  success: z.ZodLiteral<true>;
333
538
  }, z.core.$strip>, "mutation">;
@@ -337,26 +542,45 @@ export declare const userManagementCapability: {
337
542
  }, z.core.$strip>, z.ZodNullable<z.ZodObject<{
338
543
  id: z.ZodString;
339
544
  username: z.ZodString;
340
- role: z.ZodEnum<{
341
- admin: "admin";
342
- viewer: "viewer";
343
- agent: "agent";
344
- scoped: "scoped";
345
- }>;
545
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
346
546
  allowedProviders: z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>;
347
547
  allowedDevices: z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
348
- scopes: z.ZodDefault<z.ZodArray<z.ZodObject<{
349
- type: z.ZodEnum<{
350
- addon: "addon";
351
- capability: "capability";
548
+ scopes: z.ZodDefault<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
549
+ type: z.ZodLiteral<"category">;
550
+ target: z.ZodEnum<{
551
+ system: "system";
552
+ device: "device";
352
553
  }>;
554
+ access: z.ZodArray<z.ZodEnum<{
555
+ view: "view";
556
+ create: "create";
557
+ delete: "delete";
558
+ }>>;
559
+ }, z.core.$strip>, z.ZodObject<{
560
+ type: z.ZodLiteral<"capability">;
561
+ target: z.ZodString;
562
+ access: z.ZodArray<z.ZodEnum<{
563
+ view: "view";
564
+ create: "create";
565
+ delete: "delete";
566
+ }>>;
567
+ }, z.core.$strip>, z.ZodObject<{
568
+ type: z.ZodLiteral<"addon">;
353
569
  target: z.ZodString;
354
570
  access: z.ZodArray<z.ZodEnum<{
355
571
  view: "view";
356
572
  create: "create";
357
573
  delete: "delete";
358
574
  }>>;
359
- }, z.core.$strip>>>;
575
+ }, z.core.$strip>, z.ZodObject<{
576
+ type: z.ZodLiteral<"device">;
577
+ targets: z.ZodArray<z.ZodString>;
578
+ access: z.ZodArray<z.ZodEnum<{
579
+ view: "view";
580
+ create: "create";
581
+ delete: "delete";
582
+ }>>;
583
+ }, z.core.$strip>], "type">>>;
360
584
  createdAt: z.ZodNumber;
361
585
  updatedAt: z.ZodNumber;
362
586
  passwordHash: z.ZodString;
@@ -364,12 +588,7 @@ export declare const userManagementCapability: {
364
588
  readonly listApiKeys: import("./capability-definition.js").CapabilityMethodSchema<z.ZodVoid, z.ZodArray<z.ZodObject<{
365
589
  id: z.ZodString;
366
590
  label: z.ZodString;
367
- role: z.ZodEnum<{
368
- admin: "admin";
369
- viewer: "viewer";
370
- agent: "agent";
371
- scoped: "scoped";
372
- }>;
591
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
373
592
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
374
593
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
375
594
  tokenPrefix: z.ZodString;
@@ -378,12 +597,7 @@ export declare const userManagementCapability: {
378
597
  }, z.core.$strip>>, import("./capability-definition.js").CapabilityMethodKind>;
379
598
  readonly createApiKey: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
380
599
  label: z.ZodString;
381
- role: z.ZodEnum<{
382
- admin: "admin";
383
- viewer: "viewer";
384
- agent: "agent";
385
- scoped: "scoped";
386
- }>;
600
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
387
601
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
388
602
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
389
603
  }, z.core.$strip>, z.ZodObject<{
@@ -391,12 +605,7 @@ export declare const userManagementCapability: {
391
605
  record: z.ZodObject<{
392
606
  id: z.ZodString;
393
607
  label: z.ZodString;
394
- role: z.ZodEnum<{
395
- admin: "admin";
396
- viewer: "viewer";
397
- agent: "agent";
398
- scoped: "scoped";
399
- }>;
608
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
400
609
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
401
610
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
402
611
  tokenPrefix: z.ZodString;
@@ -414,12 +623,7 @@ export declare const userManagementCapability: {
414
623
  }, z.core.$strip>, z.ZodNullable<z.ZodObject<{
415
624
  id: z.ZodString;
416
625
  label: z.ZodString;
417
- role: z.ZodEnum<{
418
- admin: "admin";
419
- viewer: "viewer";
420
- agent: "agent";
421
- scoped: "scoped";
422
- }>;
626
+ isAdmin: z.ZodDefault<z.ZodBoolean>;
423
627
  allowedProviders: z.ZodOptional<z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>;
424
628
  allowedDevices: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodArray<z.ZodString>, z.ZodLiteral<"*">]>>>;
425
629
  tokenPrefix: z.ZodString;
@@ -429,18 +633,42 @@ export declare const userManagementCapability: {
429
633
  readonly createScopedToken: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
430
634
  userId: z.ZodString;
431
635
  name: z.ZodString;
432
- scopes: z.ZodArray<z.ZodObject<{
433
- type: z.ZodEnum<{
434
- addon: "addon";
435
- capability: "capability";
636
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
637
+ type: z.ZodLiteral<"category">;
638
+ target: z.ZodEnum<{
639
+ system: "system";
640
+ device: "device";
436
641
  }>;
642
+ access: z.ZodArray<z.ZodEnum<{
643
+ view: "view";
644
+ create: "create";
645
+ delete: "delete";
646
+ }>>;
647
+ }, z.core.$strip>, z.ZodObject<{
648
+ type: z.ZodLiteral<"capability">;
437
649
  target: z.ZodString;
438
650
  access: z.ZodArray<z.ZodEnum<{
439
651
  view: "view";
440
652
  create: "create";
441
653
  delete: "delete";
442
654
  }>>;
443
- }, z.core.$strip>>;
655
+ }, z.core.$strip>, z.ZodObject<{
656
+ type: z.ZodLiteral<"addon">;
657
+ target: z.ZodString;
658
+ access: z.ZodArray<z.ZodEnum<{
659
+ view: "view";
660
+ create: "create";
661
+ delete: "delete";
662
+ }>>;
663
+ }, z.core.$strip>, z.ZodObject<{
664
+ type: z.ZodLiteral<"device">;
665
+ targets: z.ZodArray<z.ZodString>;
666
+ access: z.ZodArray<z.ZodEnum<{
667
+ view: "view";
668
+ create: "create";
669
+ delete: "delete";
670
+ }>>;
671
+ }, z.core.$strip>], "type">>;
444
672
  expiresAt: z.ZodOptional<z.ZodNumber>;
445
673
  }, z.core.$strip>, z.ZodObject<{
446
674
  token: z.ZodString;
@@ -449,18 +677,42 @@ export declare const userManagementCapability: {
449
677
  userId: z.ZodString;
450
678
  name: z.ZodString;
451
679
  tokenPrefix: z.ZodString;
452
- scopes: z.ZodArray<z.ZodObject<{
453
- type: z.ZodEnum<{
454
- addon: "addon";
455
- capability: "capability";
680
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
681
+ type: z.ZodLiteral<"category">;
682
+ target: z.ZodEnum<{
683
+ system: "system";
684
+ device: "device";
456
685
  }>;
686
+ access: z.ZodArray<z.ZodEnum<{
687
+ view: "view";
688
+ create: "create";
689
+ delete: "delete";
690
+ }>>;
691
+ }, z.core.$strip>, z.ZodObject<{
692
+ type: z.ZodLiteral<"capability">;
693
+ target: z.ZodString;
694
+ access: z.ZodArray<z.ZodEnum<{
695
+ view: "view";
696
+ create: "create";
697
+ delete: "delete";
698
+ }>>;
699
+ }, z.core.$strip>, z.ZodObject<{
700
+ type: z.ZodLiteral<"addon">;
457
701
  target: z.ZodString;
458
702
  access: z.ZodArray<z.ZodEnum<{
459
703
  view: "view";
460
704
  create: "create";
461
705
  delete: "delete";
462
706
  }>>;
463
- }, z.core.$strip>>;
707
+ }, z.core.$strip>, z.ZodObject<{
708
+ type: z.ZodLiteral<"device">;
709
+ targets: z.ZodArray<z.ZodString>;
710
+ access: z.ZodArray<z.ZodEnum<{
711
+ view: "view";
712
+ create: "create";
713
+ delete: "delete";
714
+ }>>;
715
+ }, z.core.$strip>], "type">>;
464
716
  expiresAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
465
717
  lastUsedAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
466
718
  createdAt: z.ZodNumber;
@@ -478,18 +730,42 @@ export declare const userManagementCapability: {
478
730
  userId: z.ZodString;
479
731
  name: z.ZodString;
480
732
  tokenPrefix: z.ZodString;
481
- scopes: z.ZodArray<z.ZodObject<{
482
- type: z.ZodEnum<{
483
- addon: "addon";
484
- capability: "capability";
733
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
734
+ type: z.ZodLiteral<"category">;
735
+ target: z.ZodEnum<{
736
+ system: "system";
737
+ device: "device";
485
738
  }>;
739
+ access: z.ZodArray<z.ZodEnum<{
740
+ view: "view";
741
+ create: "create";
742
+ delete: "delete";
743
+ }>>;
744
+ }, z.core.$strip>, z.ZodObject<{
745
+ type: z.ZodLiteral<"capability">;
486
746
  target: z.ZodString;
487
747
  access: z.ZodArray<z.ZodEnum<{
488
748
  view: "view";
489
749
  create: "create";
490
750
  delete: "delete";
491
751
  }>>;
492
- }, z.core.$strip>>;
752
+ }, z.core.$strip>, z.ZodObject<{
753
+ type: z.ZodLiteral<"addon">;
754
+ target: z.ZodString;
755
+ access: z.ZodArray<z.ZodEnum<{
756
+ view: "view";
757
+ create: "create";
758
+ delete: "delete";
759
+ }>>;
760
+ }, z.core.$strip>, z.ZodObject<{
761
+ type: z.ZodLiteral<"device">;
762
+ targets: z.ZodArray<z.ZodString>;
763
+ access: z.ZodArray<z.ZodEnum<{
764
+ view: "view";
765
+ create: "create";
766
+ delete: "delete";
767
+ }>>;
768
+ }, z.core.$strip>], "type">>;
493
769
  expiresAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
494
770
  lastUsedAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
495
771
  createdAt: z.ZodNumber;
@@ -501,22 +777,75 @@ export declare const userManagementCapability: {
501
777
  userId: z.ZodString;
502
778
  name: z.ZodString;
503
779
  tokenPrefix: z.ZodString;
504
- scopes: z.ZodArray<z.ZodObject<{
505
- type: z.ZodEnum<{
506
- addon: "addon";
507
- capability: "capability";
780
+ scopes: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
781
+ type: z.ZodLiteral<"category">;
782
+ target: z.ZodEnum<{
783
+ system: "system";
784
+ device: "device";
508
785
  }>;
786
+ access: z.ZodArray<z.ZodEnum<{
787
+ view: "view";
788
+ create: "create";
789
+ delete: "delete";
790
+ }>>;
791
+ }, z.core.$strip>, z.ZodObject<{
792
+ type: z.ZodLiteral<"capability">;
793
+ target: z.ZodString;
794
+ access: z.ZodArray<z.ZodEnum<{
795
+ view: "view";
796
+ create: "create";
797
+ delete: "delete";
798
+ }>>;
799
+ }, z.core.$strip>, z.ZodObject<{
800
+ type: z.ZodLiteral<"addon">;
509
801
  target: z.ZodString;
510
802
  access: z.ZodArray<z.ZodEnum<{
511
803
  view: "view";
512
804
  create: "create";
513
805
  delete: "delete";
514
806
  }>>;
515
- }, z.core.$strip>>;
807
+ }, z.core.$strip>, z.ZodObject<{
808
+ type: z.ZodLiteral<"device">;
809
+ targets: z.ZodArray<z.ZodString>;
810
+ access: z.ZodArray<z.ZodEnum<{
811
+ view: "view";
812
+ create: "create";
813
+ delete: "delete";
814
+ }>>;
815
+ }, z.core.$strip>], "type">>;
516
816
  expiresAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
517
817
  lastUsedAt: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
518
818
  createdAt: z.ZodNumber;
519
819
  }, z.core.$strip>>, import("./capability-definition.js").CapabilityMethodKind>;
820
+ readonly setupTotp: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
821
+ userId: z.ZodString;
822
+ }, z.core.$strip>, z.ZodObject<{
823
+ secret: z.ZodString;
824
+ otpauthUrl: z.ZodString;
825
+ }, z.core.$strip>, "mutation">;
826
+ readonly confirmTotp: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
827
+ userId: z.ZodString;
828
+ code: z.ZodString;
829
+ }, z.core.$strip>, z.ZodObject<{
830
+ success: z.ZodLiteral<true>;
831
+ }, z.core.$strip>, "mutation">;
832
+ readonly disableTotp: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
833
+ userId: z.ZodString;
834
+ }, z.core.$strip>, z.ZodObject<{
835
+ success: z.ZodLiteral<true>;
836
+ }, z.core.$strip>, "mutation">;
837
+ readonly getTotpStatus: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
838
+ userId: z.ZodString;
839
+ }, z.core.$strip>, z.ZodObject<{
840
+ enabled: z.ZodBoolean;
841
+ confirmedAt: z.ZodNullable<z.ZodNumber>;
842
+ }, z.core.$strip>, import("./capability-definition.js").CapabilityMethodKind>;
843
+ readonly verifyTotp: import("./capability-definition.js").CapabilityMethodSchema<z.ZodObject<{
844
+ userId: z.ZodString;
845
+ code: z.ZodString;
846
+ }, z.core.$strip>, z.ZodObject<{
847
+ valid: z.ZodBoolean;
848
+ }, z.core.$strip>, "mutation">;
520
849
  };
521
850
  };
522
851
  export type IUserManagementProvider = InferProvider<typeof userManagementCapability>;