@camstack/types 0.1.30 → 0.1.32

package/dist/{index-DVKPWMwv.mjs → index-BBVUwOlZ.mjs}

@@ -1069,9 +1069,9 @@ const DecodedFrameSchema = z.object({
   format: z.enum(["jpeg", "rgb", "bgr", "yuv420", "gray"]),
   timestamp: z.number()
 });
-const BrokerStatusSchema = z.enum(["idle", "connecting", "streaming", "error", "stopped"]);
+const BrokerStatusSchema$1 = z.enum(["idle", "connecting", "streaming", "error", "stopped"]);
 const BrokerStatsSchema = z.object({
-  status: BrokerStatusSchema,
+  status: BrokerStatusSchema$1,
   inputFps: z.number(),
   decodeFps: z.number(),
   encodedSubscribers: z.number(),
@@ -1177,22 +1177,34 @@ const PlaceholderReasonSchema = z.enum([
   "disabled",
   "waking"
 ]);
+const VideoCodecTargetSchema = z.enum(["H264", "H265", "auto"]);
+const AudioCodecTargetSchema = z.enum(["AAC", "Opus", "PCMU", "none"]);
+const MaxResolutionSchema = z.object({
+  width: z.number().int().positive(),
+  height: z.number().int().positive()
+});
+const GetStreamWithCodecInputSchema = z.object({
+  deviceId: z.number().int().nonnegative(),
+  videoCodec: VideoCodecTargetSchema,
+  audioCodec: AudioCodecTargetSchema.optional(),
+  maxResolution: MaxResolutionSchema.optional(),
+  tag: z.string().optional()
+});
+const RtpSourceSchema = z.object({
+  url: z.string(),
+  videoCodec: z.enum(["H264", "H265"]),
+  audioCodec: z.string(),
+  resolution: MaxResolutionSchema,
+  transcoded: z.boolean(),
+  encoder: z.string(),
+  pipelineKey: z.string()
+});
 const streamBrokerCapability = {
   name: "stream-broker",
   scope: "system",
   mode: "singleton",
   exposesDeviceSettings: true,
   methods: {
-    // ── Cam stream lifecycle (publish / retract) ─────────────────────
-    /**
-     * Register a physical camera stream as an input option. Idempotent
-     * for (deviceId, camStreamId) — re-publishing updates metadata
-     * without disturbing profile assignments. The provider calls this
-     * in `onInitialize` for each stream it offers. Third-party addons
-     * may also publish (e.g. an RTMP discovery layer) — camstack has
-     * no notion of "owner" beyond the (deviceId, camStreamId) key.
-     */
-    /* — see STREAM_BROKER_CAP_EVENTS below for cap-event category strings — */
     publishCameraStream: method(
       z.object({
         deviceId: z.number().int().nonnegative(),
@@ -1203,28 +1215,8 @@ const streamBrokerCapability = {
         resolution: CamStreamResolutionSchema.optional(),
         fps: z.number().positive().optional(),
         label: z.string().optional(),
-        /**
-         * Device-level features that the broker / manager / snapshot
-         * orchestrator consult to derive per-stream policy (e.g.
-         * `BatteryOperated` → relax stall watchdog, default pre-buffer
-         * to off, raise snapshot rate-limit). Single source of truth —
-         * publishers no longer set per-stream flags like `allowStall`.
-         */
         deviceFeatures: z.array(z.string()).optional(),
-        /**
-         * Whether this stream participates in the broker's automatic
-         * profile assignment. Defaults `true`. Publishers set `false` for
-         * streams that should be SELECTABLE but not auto-picked — e.g.
-         * Reolink publishes native Baichuan as eligible and RTSP/RTMP
-         * mirrors as ineligible (still assignable manually via
-         * `assignProfile`).
-         */
         autoEligible: z.boolean().optional(),
-        /**
-         * Transport-specific opaque metadata stashed alongside the stream
-         * record. `pull-rfc4571` publishers put the SDP here so the broker
-         * reader can route packets without an in-band DESCRIBE phase.
-         */
         metadata: z.record(z.string(), z.unknown()).optional()
       }),
       z.object({ success: z.literal(true) }),
@@ -1238,12 +1230,6 @@ const streamBrokerCapability = {
       z.object({ success: z.literal(true) }),
       { kind: "mutation", auth: "admin" }
     ),
-    // ── Profile assignment ───────────────────────────────────────────
-    /**
-     * Assign a cam stream to a profile slot. Tears down any existing
-     * broker for that slot and rebuilds against the new source. Persists
-     * the choice — survives reboots.
-     */
     assignProfile: method(
       z.object({
         deviceId: z.number().int().nonnegative(),
@@ -1261,12 +1247,6 @@ const streamBrokerCapability = {
       z.object({ success: z.literal(true) }),
       { kind: "mutation", auth: "admin" }
     ),
-    // ── System-wide views ────────────────────────────────────────────
-    /**
-     * Full dump of every published cam stream across every device.
-     * For dashboards and cross-device tooling; per-device reads go
-     * through the `camera-streams` cap on the device proxy.
-     */
     listAllCameraStreams: method(
       z.void(),
       z.array(CameraStreamSchema).readonly()
@@ -1275,7 +1255,6 @@ const streamBrokerCapability = {
       z.void(),
       z.array(ProfileSlotSchema).readonly()
     ),
-    // ── Broker runtime (stats + client inventory) ────────────────────
     getBrokerStats: method(
       z.object({ brokerId: z.string() }),
       BrokerStatsSchema
@@ -1293,7 +1272,6 @@ const streamBrokerCapability = {
       z.object({ killed: z.boolean() }),
       { kind: "mutation", auth: "admin" }
     ),
-    /** Rebuild the broker for a profile slot in place (re-dial source). */
     restartProfile: method(
       z.object({
         deviceId: z.number().int().nonnegative(),
@@ -1302,24 +1280,28 @@ const streamBrokerCapability = {
       z.object({ success: z.boolean() }),
       { kind: "mutation", auth: "admin" }
     ),
-    // ── Stream URLs ──────────────────────────────────────────────────
     getStreamUrl: method(
       z.object({ streamId: z.string(), format: StreamFormatSchema }),
       z.object({ url: z.string() })
     ),
-    // ── In-process broker access ─────────────────────────────────────
     /**
-     * Return the live IStreamBroker instance for a given brokerId. Same
-     * LOCAL-ONLY contract as before: callers (pipeline-runner) must be
-     * co-located. BrokerId is `${deviceId}/${camStreamId}` — profile
-     * lookup goes through `assignments` if a caller starts from a
-     * profile.
+     * Shared codec-targeted stream API — see Task #184.
+     * Resolution order: source-select → HW transcode → libx264/libx265.
      */
+    getStreamWithCodec: method(
+      GetStreamWithCodecInputSchema,
+      RtpSourceSchema,
+      { kind: "mutation", auth: "admin" }
+    ),
+    releaseStreamWithCodec: method(
+      z.object({ pipelineKey: z.string() }),
+      z.object({ released: z.boolean(), refcount: z.number().int().nonnegative() }),
+      { kind: "mutation", auth: "admin" }
+    ),
     getBroker: method(
       z.object({ brokerId: z.string() }),
       z.custom()
     ),
-    // ── Pre-buffer ───────────────────────────────────────────────────
     setPreBufferDuration: method(
       z.object({ brokerId: z.string(), seconds: z.number().min(0).max(30) }),
       z.void(),
@@ -1329,7 +1311,6 @@ const streamBrokerCapability = {
       z.object({ brokerId: z.string() }),
       z.object({ configuredSec: z.number(), bufferedMs: z.number(), packetCount: z.number() })
     ),
-    // ── RTSP restream ────────────────────────────────────────────────
     getRtspPort: method(z.void(), z.number()),
     getAllRtspEntries: method(
       z.object({ hostname: z.string().optional() }),
@@ -1355,37 +1336,15 @@ const streamBrokerCapability = {
     )
   },
   events: {
-    /**
-     * Emitted when a profile starts consuming a push-kind cam stream.
-     * Push-kind providers (e.g. Reolink Baichuan native streams)
-     * subscribe and begin emitting packets only on demand — battery
-     * cams stay asleep until someone actually watches.
-     */
     onCamStreamDemand: event(z.object({
       deviceId: z.number().int().nonnegative(),
       camStreamId: z.string(),
       profile: CamProfileSchema
     })),
-    /**
-     * Emitted when the last profile consuming a push-kind cam stream
-     * releases it. Providers tear down upstream connections on this
-     * signal.
-     */
     onCamStreamIdle: event(z.object({
       deviceId: z.number().int().nonnegative(),
       camStreamId: z.string()
     })),
-    /**
-     * Emitted by a broker that failed to dial a managed-loopback
-     * source (today: `pull-rfc4571`). The publisher's transport (e.g.
-     * the Reolink lib's RFC 4571 TCP server) idle-tears-down after
-     * ~15s with no clients and may rebind to a different port on
-     * recreate, leaving the URL the broker has cached stale. The owning
-     * camera provider re-runs its publish pipeline on receipt — that
-     * call self-heals the loopback server (`ensureRfc4571Server`) and
-     * `publishCameraStream` propagates the fresh URL back into the
-     * broker's source resolver.
-     */
     onRequestStreamSourceRefresh: event(z.object({
       deviceId: z.number().int().nonnegative(),
       camStreamId: z.string(),
@@ -3544,7 +3503,7 @@ const SettingsRecordSchema = z.object({
 });
 const CollectionColumnSchema = z.object({
   name: z.string(),
-  type: z.enum(["TEXT", "INTEGER", "REAL", "JSON"]),
+  type: z.enum(["TEXT", "INTEGER", "REAL", "JSON", "BOOLEAN"]),
   primaryKey: z.boolean().optional(),
   notNull: z.boolean().optional(),
   unique: z.boolean().optional()
@@ -3659,14 +3618,293 @@ const logDestinationCapability = {
     )
   }
 };
+const StaticDirOutputSchema = z.object({ staticDir: z.string() });
+const VersionOutputSchema = z.object({ version: z.string() });
 const adminUiCapability = {
   name: "admin-ui",
   scope: "system",
   mode: "singleton",
   internal: true,
   methods: {
-    getStaticDir: method(z.void(), z.string()),
-    getVersion: method(z.void(), z.string())
+    getStaticDir: method(z.void(), StaticDirOutputSchema),
+    getVersion: method(z.void(), VersionOutputSchema)
+  }
+};
+const SsoBridgeClaimsSchema = z.object({
+  userId: z.string(),
+  username: z.string(),
+  isAdmin: z.boolean(),
+  provider: z.string(),
+  email: z.string().optional(),
+  displayName: z.string().optional(),
+  /**
+   * Public HTTPS URL of the hub that issued this token. Used by
+   * cloud-mode OAuth proxies (Alexa Smart Home Lambda, future Google
+   * Home Lambda) to route a request back to the originating hub
+   * without holding routing state of their own. The Lambda decodes the
+   * JWT WITHOUT verifying the signature — the hub re-verifies on every
+   * inbound call so trust still rests with the signing hub.
+   */
+  hubUrl: z.string().optional()
+});
+const ssoBridgeCapability = {
+  name: "sso-bridge",
+  scope: "system",
+  mode: "singleton",
+  internal: true,
+  methods: {
+    signBridgeToken: method(
+      z.object({
+        claims: SsoBridgeClaimsSchema,
+        ttlSec: z.number().int().positive().optional()
+      }),
+      z.object({ token: z.string() })
+    ),
+    verifyBridgeToken: method(
+      z.object({ token: z.string() }),
+      SsoBridgeClaimsSchema.nullable()
+    )
+  }
+};
+const PasskeySummarySchema = z.object({
+  credentialId: z.string(),
+  label: z.string(),
+  createdAt: z.number(),
+  lastUsedAt: z.number().nullable(),
+  transports: z.array(z.string()).default([])
+});
+const userPasskeysCapability = {
+  name: "user-passkeys",
+  scope: "system",
+  mode: "collection",
+  internal: true,
+  methods: {
+    beginRegistration: method(
+      z.object({ userId: z.string(), username: z.string() }),
+      // PublicKeyCredentialCreationOptionsJSON — opaque JSON shape from
+      // @simplewebauthn. The browser passes it straight to credentials.create().
+      z.object({ optionsJSON: z.record(z.string(), z.unknown()) }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    finishRegistration: method(
+      z.object({
+        userId: z.string(),
+        /** RegistrationResponseJSON from the browser. */
+        response: z.record(z.string(), z.unknown()),
+        /** Operator-visible label (e.g. "MacBook Touch ID"). */
+        label: z.string()
+      }),
+      z.object({ success: z.literal(true), credentialId: z.string() }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    beginAuthentication: method(
+      // userId optional — when absent, the addon emits a "passkey discovery"
+      // (`allowCredentials: []`) so the browser shows every available
+      // credential. When present, only the user's credentials are allowed.
+      z.object({ userId: z.string().optional() }),
+      z.object({ optionsJSON: z.record(z.string(), z.unknown()) }),
+      { kind: "mutation", access: "view" }
+    ),
+    finishAuthentication: method(
+      z.object({
+        /** Required — the user the assertion belongs to (verified). */
+        userId: z.string(),
+        /** AuthenticationResponseJSON from the browser. */
+        response: z.record(z.string(), z.unknown())
+      }),
+      z.object({ verified: z.boolean() }),
+      { kind: "mutation", access: "view" }
+    ),
+    listPasskeys: method(
+      z.object({ userId: z.string() }),
+      z.array(PasskeySummarySchema),
+      { auth: "admin" }
+    ),
+    removePasskey: method(
+      z.object({ userId: z.string(), credentialId: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "delete" }
+    )
+  }
+};
+const EmailAddressSchema = z.email();
+const SendEmailInputSchema = z.object({
+  to: z.union([EmailAddressSchema, z.array(EmailAddressSchema).min(1)]),
+  cc: z.array(EmailAddressSchema).optional(),
+  bcc: z.array(EmailAddressSchema).optional(),
+  /** RFC 5322 `From` field. Most relays will reject if the domain
+   *  isn't authorised — the addon is responsible for substituting a
+   *  sane default when omitted. */
+  from: z.string().optional(),
+  /** Optional `Reply-To` override. */
+  replyTo: z.string().optional(),
+  subject: z.string(),
+  /** Plain-text body. Required even when `html` is present (fallback
+   *  for clients that strip HTML — including most spam filters). */
+  text: z.string(),
+  /** Optional HTML body. Renders alongside `text` as multi-part. */
+  html: z.string().optional()
+});
+const SendEmailResultSchema = z.object({
+  messageId: z.string(),
+  accepted: z.array(EmailAddressSchema).default([]),
+  rejected: z.array(EmailAddressSchema).default([])
+});
+const SmtpStatusSchema = z.object({
+  /** True iff the addon has successfully verified the relay. */
+  ready: z.boolean(),
+  /** Operator-visible host string (no credentials). */
+  host: z.string(),
+  /** Last error message reported by the relay, when not ready. */
+  error: z.string().optional(),
+  /** Last successful verify timestamp (unix ms). */
+  lastVerifiedAt: z.number().optional()
+});
+const smtpProviderCapability = {
+  name: "smtp-provider",
+  scope: "system",
+  mode: "collection",
+  internal: true,
+  providerKind: "email",
+  methods: {
+    sendEmail: method(
+      SendEmailInputSchema,
+      SendEmailResultSchema,
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    /** Round-trip ping against the SMTP relay (EHLO + AUTH if configured).
+     *  Used by the operator's "Test connection" button. */
+    verify: method(
+      z.void(),
+      SmtpStatusSchema,
+      { kind: "mutation", auth: "admin", access: "view" }
+    ),
+    getStatus: method(
+      z.void(),
+      SmtpStatusSchema,
+      { auth: "admin" }
+    )
+  }
+};
+const BrokerKindSchema = z.enum(["external", "embedded"]);
+const BrokerStatusSchema = z.enum([
+  "connected",
+  "disconnected",
+  "auth-failed",
+  "unreachable",
+  "tls-error"
+]);
+const BrokerInfoSchema = z.object({
+  id: z.string(),
+  name: z.string(),
+  url: z.string(),
+  kind: BrokerKindSchema,
+  status: BrokerStatusSchema,
+  latencyMs: z.number().nullable(),
+  error: z.string().optional(),
+  /** Embedded brokers only: number of MQTT clients currently connected. */
+  connectedClients: z.number().int().nonnegative().optional(),
+  /** Epoch ms of the last live probe (external) or aedes snapshot (embedded). */
+  lastCheckedAt: z.number().optional()
+});
+const BrokerConnectionDetailsSchema = z.object({
+  url: z.string(),
+  username: z.string().optional(),
+  password: z.string().optional(),
+  /**
+   * Suggested prefix for `clientId`. Each consumer should suffix this
+   * with its own discriminator (addon id, instance id) so reconnects
+   * don't kick each other off (MQTT spec: clientId must be unique per
+   * broker).
+   */
+  clientIdPrefix: z.string().optional()
+});
+const AddBrokerInputSchema = z.object({
+  name: z.string().min(1),
+  url: z.string().regex(/^(mqtt|mqtts|ws|wss):\/\//, "URL must start with mqtt(s):// or ws(s)://"),
+  username: z.string().optional(),
+  password: z.string().optional(),
+  clientIdPrefix: z.string().optional()
+});
+const AddBrokerResultSchema = z.object({
+  id: z.string()
+});
+const IdInputSchema = z.object({ id: z.string() });
+const TestResultSchema = z.discriminatedUnion("ok", [
+  z.object({ ok: z.literal(true), latencyMs: z.number() }),
+  z.object({ ok: z.literal(false), error: z.string() })
+]);
+const StartEmbeddedInputSchema = z.object({
+  port: z.number().int().min(1).max(65535).default(1883),
+  /** Allow anonymous connect (no username/password). Default: false. */
+  allowAnonymous: z.boolean().default(false),
+  /** Optional shared username/password for clients. */
+  username: z.string().optional(),
+  password: z.string().optional()
+});
+const StartEmbeddedResultSchema = z.object({
+  id: z.string(),
+  url: z.string()
+});
+const StatusSchema = z.object({
+  brokerCount: z.number(),
+  embeddedRunning: z.boolean()
+});
+const mqttBrokerCapability = {
+  name: "mqtt-broker",
+  scope: "system",
+  mode: "collection",
+  providerKind: "broker",
+  status: { schema: StatusSchema, kind: "poll" },
+  methods: {
+    listBrokers: method(z.void(), z.array(BrokerInfoSchema)),
+    getBrokerConfig: method(IdInputSchema, BrokerConnectionDetailsSchema),
+    addBroker: method(AddBrokerInputSchema, AddBrokerResultSchema, { kind: "mutation" }),
+    removeBroker: method(IdInputSchema, z.void(), { kind: "mutation" }),
+    testConnection: method(IdInputSchema, TestResultSchema, { kind: "mutation" }),
+    startEmbeddedBroker: method(StartEmbeddedInputSchema, StartEmbeddedResultSchema, { kind: "mutation" }),
+    stopEmbeddedBroker: method(IdInputSchema, z.void(), { kind: "mutation" }),
+    getStatus: method(z.void(), StatusSchema)
+  }
+};
+const LinkStateSchema = z.enum(["unlinked", "linked", "error"]);
+const DeviceExportStatusSchema = z.object({
+  linkState: LinkStateSchema,
+  exposedDeviceCount: z.number(),
+  error: z.string().optional()
+});
+const DeviceKindSchema = z.string();
+const ExposedDeviceSchema = z.object({
+  deviceId: z.string(),
+  exposedAs: z.string().optional(),
+  capabilities: z.array(z.string()).optional()
+});
+const ExposeInputSchema = z.object({
+  deviceId: z.string(),
+  capabilities: z.array(z.string()).optional()
+});
+const UnexposeInputSchema = z.object({ deviceId: z.string() });
+const deviceExportCapability = {
+  name: "device-export",
+  scope: "system",
+  mode: "collection",
+  providerKind: "device-export",
+  status: { schema: DeviceExportStatusSchema, kind: "poll" },
+  /**
+   * Each export provider contributes its own per-device "Export" panel
+   * (enabled toggle, preferred stream, addon-specific knobs like the
+   * HA-MQTT discovery prefix). The three framework methods
+   * `getDeviceSettingsContribution` / `getDeviceLiveContribution` /
+   * `applyDeviceSettingsPatch` are auto-injected on the provider
+   * interface and routed to the device-details aggregator.
+   */
+  exposesDeviceSettings: true,
+  methods: {
+    getStatus: method(z.void(), DeviceExportStatusSchema),
+    listSupportedDeviceKinds: method(z.void(), z.array(DeviceKindSchema)),
+    listExposedDevices: method(z.void(), z.array(ExposedDeviceSchema)),
+    exposeDevice: method(ExposeInputSchema, z.void(), { kind: "mutation" }),
+    unexposeDevice: method(UnexposeInputSchema, z.void(), { kind: "mutation" })
   }
 };
 const AddonPageDeclarationSchema$1 = z.object({
@@ -3782,7 +4020,35 @@ const addonWidgetsCapability = {
 };
 const AddonHttpRouteSchema = z.object({
   method: z.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]),
-  path: z.string()
+  path: z.string(),
+  access: z.enum(["public", "authenticated", "admin"]).optional(),
+  description: z.string().optional()
+});
+const InvokeRequestSchema = z.object({
+  method: z.string(),
+  path: z.string(),
+  params: z.record(z.string(), z.string()),
+  query: z.record(z.string(), z.string()),
+  body: z.unknown(),
+  headers: z.record(z.string(), z.string()),
+  user: z.object({
+    id: z.string(),
+    username: z.string(),
+    isAdmin: z.boolean()
+  }).optional(),
+  scopedToken: z.unknown().optional()
+});
+const InvokeReplyEnvelopeSchema = z.object({
+  status: z.number().int(),
+  headers: z.record(z.string(), z.string()),
+  /** When set, the hub MUST `reply.redirect(redirectUrl)` instead of
+   *  sending `body`. Status defaults to 302 when this is set unless
+   *  the handler called `reply.code(...)` explicitly. */
+  redirectUrl: z.string().nullable(),
+  /** JSON-serializable body. `undefined` is treated as "no body". */
+  body: z.unknown().optional(),
+  /** Set when the handler called `reply.type(mime)`. */
+  contentType: z.string().optional()
 });
 const addonRoutesCapability = {
   name: "addon-routes",
@@ -3790,7 +4056,16 @@ const addonRoutesCapability = {
   mode: "collection",
   internal: true,
   methods: {
-    getRoutes: method(z.void(), z.array(AddonHttpRouteSchema))
+    getRoutes: method(z.void(), z.array(AddonHttpRouteSchema)),
+    /**
+     * Cross-process dispatch entry point. Forked addons implement this
+     * (via `buildAddonRouteProvider`) so the hub's Fastify catch-all
+     * can route through Moleculer when the handler lives in a worker.
+     *
+     * Local addons can implement it for free with the same helper;
+     * the hub bypasses the wire on co-located addons.
+     */
+    invoke: method(InvokeRequestSchema, InvokeReplyEnvelopeSchema, { kind: "mutation" })
   }
 };
 const HWACCEL_OPTIONS = [
@@ -4031,6 +4306,29 @@ const webrtcSessionCapability = {
       z.object({ sessionId: z.string(), sdpOffer: z.string() }),
       { kind: "mutation" }
     ),
+    /**
+     * Accept a CLIENT-generated SDP offer and return the server's
+     * SDP answer. Mirrors the WHEP / Alexa
+     * `Alexa.RTCSessionController.InitiateSessionWithOffer` direction
+     * (client offers, server answers) — the dual of `createSession`,
+     * which has the server offer first.
+     *
+     * `target` defaults to the device's adaptive selection when
+     * omitted; an optional `sessionId` lets the client provide its
+     * own correlation id (Alexa supplies one in the directive
+     * payload). The returned `sessionId` is whatever the server uses
+     * to track the session and accepts via `closeSession`.
+     */
+    handleOffer: method(
+      z.object({
+        deviceId: z.number().int().nonnegative(),
+        target: WebrtcStreamTargetSchema.optional(),
+        sdpOffer: z.string(),
+        sessionId: z.string().optional()
+      }),
+      z.object({ sessionId: z.string(), sdpAnswer: z.string() }),
+      { kind: "mutation" }
+    ),
     handleAnswer: method(
       z.object({
         deviceId: z.number().int().nonnegative(),
@@ -4670,12 +4968,12 @@ const audioCodecCapability = {
 };
 const EmbeddingResultSchema = z.object({
   embedding: z.array(z.number()),
-  dimensions: z.number()
+  inferenceMs: z.number()
 });
 const EmbeddingInfoSchema = z.object({
   modelId: z.string(),
-  dimensions: z.number(),
-  inputSize: z.number()
+  embeddingDim: z.number(),
+  ready: z.boolean()
 });
 const embeddingEncoderCapability = {
   name: "embedding-encoder",
@@ -5326,7 +5624,14 @@ const AuthResultSchema = z.object({
   username: z.string(),
   email: z.string().optional(),
   displayName: z.string().optional(),
-  roles: z.array(z.string()).optional()
+  /**
+   * Whether the authenticating user is an admin. The auth-provider
+   * surface returns this so the server's login flow can mint a JWT
+   * with the correct bypass flag. Non-admin users authenticated via
+   * an external IdP still need their scopes assigned by an admin via
+   * `setUserScopes` — the SSO flow doesn't carry permissions.
+   */
+  isAdmin: z.boolean().default(false)
 });
 const authProviderCapability = {
   name: "auth-provider",
@@ -5347,6 +5652,14 @@ const authProviderCapability = {
 const AuthProviderInfoSchema = z.object({
   /** Stable id matching the addon id (used for `getLoginUrl({addonId,…})`). */
   addonId: z.string(),
+  /**
+   * Per-instance id when one addon registers multiple "logical"
+   * providers (e.g. OIDC with Google + Microsoft + custom). The login
+   * URL becomes `/addon/${addonId}/${instanceId}/start` — handler reads
+   * `:instanceId` from the route. Empty/unset means the addon is a
+   * single-instance provider; the URL is `/addon/${addonId}/start`.
+   */
+  instanceId: z.string().optional(),
   /** Display label shown on the login button + admin row. */
   displayName: z.string(),
   /** Optional iconography hint (lucide-react icon name OR emoji). */
@@ -5357,6 +5670,8 @@ const AuthProviderInfoSchema = z.object({
   /** When true, the provider exposes a credential-form login flow
    *  (`validateCredentials` accepts username + password). */
   hasCredentialFlow: z.boolean(),
+  /** Provider kind, drives admin-UI hint dispatch (oidc / saml / totp / …). */
+  kind: z.string().optional(),
   /** Operator-facing status string (e.g. "Connected to https://login.acme.com"). */
   status: z.string().optional(),
   /** When false, the provider is registered but disabled by config; the
@@ -5393,16 +5708,36 @@ const NetworkAccessStatusSchema = z.object({
   endpoint: NetworkEndpointSchema.nullable(),
   error: z.string().optional()
 });
+const NetworkEndpointEntrySchema = NetworkEndpointSchema.extend({
+  /**
+   * Stable id within the provider — typically `<mode>-<sourcePort>` so
+   * the orchestrator can dedupe across `listEndpoints` polls.
+   */
+  id: z.string(),
+  /** Operator-facing label (mirrors `MeshEndpoint.label`). */
+  label: z.string(),
+  /** Optional provider-specific mode tag, used for icon/colour in admin UI. */
+  mode: z.string().optional(),
+  /** Originating local port the ingress fronts (informational). */
+  sourcePort: z.number().optional()
+});
 const networkAccessCapability = {
   name: "network-access",
   scope: "system",
   mode: "collection",
   internal: true,
+  providerKind: "ingress",
   methods: {
     start: method(z.void(), NetworkEndpointSchema, { kind: "mutation" }),
     stop: method(z.void(), z.void(), { kind: "mutation" }),
     getEndpoint: method(z.void(), NetworkEndpointSchema.nullable()),
-    getStatus: method(z.void(), NetworkAccessStatusSchema)
+    getStatus: method(z.void(), NetworkAccessStatusSchema),
+    /**
+     * Enumerate every active ingress entry. Default implementation (when
+     * the provider omits this method) is derived from `getEndpoint()` —
+     * see the remote-access orchestrator for the fallback path.
+     */
+    listEndpoints: method(z.void(), z.array(NetworkEndpointEntrySchema).readonly())
   }
 };
 const RemoteAccessEndpointSchema = z.object({
@@ -5606,20 +5941,59 @@ const notificationOutputCapability = {
     )
   }
 };
+const NotificationRuleConditionsSchema = z.object({
+  deviceIds: z.array(z.number()).readonly().optional(),
+  classNames: z.array(z.string()).readonly().optional(),
+  zoneIds: z.array(z.string()).readonly().optional(),
+  minConfidence: z.number().optional(),
+  source: z.enum(["pipeline", "onboard", "any"]).optional(),
+  schedule: z.object({
+    days: z.array(z.number()).readonly(),
+    startHour: z.number(),
+    endHour: z.number()
+  }).optional(),
+  cooldownSeconds: z.number().optional(),
+  minDwellSeconds: z.number().optional()
+});
+const NotificationRuleTemplateSchema = z.object({
+  title: z.string(),
+  body: z.string(),
+  imageMode: z.enum(["crop", "annotated", "full", "none"])
+});
 const NotificationRuleSchema = z.object({
   id: z.string(),
   name: z.string(),
   enabled: z.boolean(),
-  conditions: z.record(z.string(), z.unknown()),
-  actions: z.array(z.record(z.string(), z.unknown()))
+  eventTypes: z.array(z.string()).readonly(),
+  conditions: NotificationRuleConditionsSchema,
+  outputs: z.array(z.string()).readonly(),
+  template: NotificationRuleTemplateSchema.optional(),
+  priority: z.enum(["low", "normal", "high", "critical"])
+});
+const NotificationTestResultSchema = z.object({
+  ruleId: z.string(),
+  eventId: z.string(),
+  timestamp: z.number(),
+  wouldFire: z.boolean(),
+  reason: z.string().optional()
 });
 const NotificationHistoryEntrySchema = z.object({
   id: z.string(),
   ruleId: z.string(),
+  ruleName: z.string(),
+  eventId: z.string(),
   timestamp: z.number(),
-  deviceId: z.number().optional(),
+  outputs: z.array(z.string()).readonly(),
   success: z.boolean(),
-  error: z.string().optional()
+  error: z.string().optional(),
+  deviceId: z.number().optional()
+});
+const NotificationHistoryFilterSchema = z.object({
+  ruleId: z.string().optional(),
+  deviceId: z.number().optional(),
+  from: z.number().optional(),
+  to: z.number().optional(),
+  limit: z.number().optional()
 });
 const advancedNotifierCapability = {
   name: "advanced-notifier",
@@ -5627,17 +6001,28 @@ const advancedNotifierCapability = {
   mode: "singleton",
   internal: true,
   methods: {
-    getRules: method(z.void(), z.array(NotificationRuleSchema).readonly()),
-    upsertRule: method(NotificationRuleSchema, z.void(), { kind: "mutation" }),
-    deleteRule: method(z.object({ ruleId: z.string() }), z.void(), { kind: "mutation" }),
+    getRules: method(
+      z.void(),
+      z.object({ rules: z.array(NotificationRuleSchema).readonly() })
+    ),
+    upsertRule: method(
+      z.object({ rule: NotificationRuleSchema }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation" }
+    ),
+    deleteRule: method(
+      z.object({ ruleId: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation" }
+    ),
     testRule: method(
       z.object({ ruleId: z.string(), lookbackMinutes: z.number() }),
-      z.array(z.record(z.string(), z.unknown())),
+      z.object({ results: z.array(NotificationTestResultSchema).readonly() }),
       { kind: "mutation" }
     ),
     getHistory: method(
-      z.object({ ruleId: z.string().optional(), limit: z.number().optional() }),
-      z.array(NotificationHistoryEntrySchema)
+      z.object({ filter: NotificationHistoryFilterSchema.optional() }),
+      z.object({ entries: z.array(NotificationHistoryEntrySchema).readonly() })
     )
   }
 };
@@ -6659,6 +7044,47 @@ const intercomCapability = {
       z.object({ deviceId: z.number(), sessionId: z.string() }),
       z.void(),
       { kind: "mutation", auth: "admin" }
+    ),
+    /**
+     * Open a raw-PCM talk session (no WebRTC SDP plumbing). Used by
+     * non-WebRTC consumers (HomeKit export, Alexa raw audio, test
+     * harnesses) that already have decoded PCM frames and just need a
+     * direct path onto the camera's talk channel. Mutually exclusive
+     * with `startSession` (an active WebRTC session must be stopped
+     * before a raw-PCM session can be opened on the same device, and
+     * vice versa).
+     */
+    startTalkSession: method(
+      z.object({ deviceId: z.number() }),
+      z.object({ sessionId: z.string() }),
+      { kind: "mutation", auth: "admin" }
+    ),
+    /**
+     * Push a chunk of PCM s16le mono onto the active raw-PCM talk
+     * session. Frames are encoded to the firmware's expected codec
+     * (Reolink: IMA ADPCM @ camera sample rate; Hikvision: G.711 @
+     * 8 kHz) inside the provider — callers must resample upstream to
+     * the rate the camera negotiated (typical: 16 kHz Reolink,
+     * 8 kHz Hikvision). PCM is shipped base64-encoded so the payload
+     * survives JSON serialization across tRPC.
+     */
+    pushTalkPcm: method(
+      z.object({
+        deviceId: z.number(),
+        /** PCM frames as little-endian s16, mono. Base64-encoded so
+         *  the payload survives tRPC JSON serialization. */
+        pcmBase64: z.string(),
+        /** Sequence number for ordering / dropping out-of-order frames. */
+        sequenceNumber: z.number().int()
+      }),
+      z.object({ accepted: z.boolean() }),
+      { kind: "mutation", auth: "admin" }
+    ),
+    /** Close the raw-PCM talk session. Idempotent. */
+    endTalkSession: method(
+      z.object({ deviceId: z.number() }),
+      z.void(),
+      { kind: "mutation", auth: "admin" }
     )
   },
   events: {
@@ -6734,6 +7160,33 @@ const HwAccelBackendInputSchema = z.enum([
 const HwAccelResolutionSchema = z.object({
   preferred: z.array(z.string()).readonly()
 });
+const HardwareEncoderIdSchema = z.enum([
+  "h264_videotoolbox",
+  "hevc_videotoolbox",
+  "h264_vaapi",
+  "hevc_vaapi",
+  "h264_nvenc",
+  "hevc_nvenc",
+  "h264_qsv",
+  "hevc_qsv",
+  "h264_amf",
+  "hevc_amf",
+  "libx264",
+  "libx265"
+]);
+const HardwareEncoderProbeSchema = z.object({
+  encoder: HardwareEncoderIdSchema,
+  codec: z.enum(["H264", "H265"]),
+  family: z.enum(["videotoolbox", "vaapi", "nvenc", "qsv", "amf", "software"]),
+  available: z.boolean(),
+  reason: z.string().optional()
+});
+const HardwareEncodersSchema = z.object({
+  encoders: z.array(HardwareEncoderProbeSchema).readonly(),
+  defaultH264: HardwareEncoderIdSchema,
+  defaultH265: HardwareEncoderIdSchema,
+  probedAt: z.number()
+});
 const HardwarePlatformSchema = z.enum(["darwin", "linux", "win32"]);
 const HardwareArchSchema = z.enum(["arm64", "x64"]);
 const GpuInfoSchema = z.object({
@@ -6787,41 +7240,24 @@ const platformProbeCapability = {
   scope: "system",
   mode: "singleton",
   methods: {
-    /** Return cached hardware + scored backends for this node. */
-    getCapabilities: method(
-      z.void(),
-      PlatformCapabilitiesSchema
-    ),
-    /** Convenience getter — hardware only. */
-    getHardware: method(
-      z.void(),
-      HardwareInfoSchema
-    ),
-    /**
-     * Resolve the best (model, runtime, backend, format) for a given list
-     * of requirements, using this node's scored backends as the candidate
-     * pool. Always returns a config — falls back to CPU when no preferred
-     * backend matches.
-     */
+    getCapabilities: method(z.void(), PlatformCapabilitiesSchema),
+    getHardware: method(z.void(), HardwareInfoSchema),
     resolveInferenceConfig: method(
-      z.object({
-        requirements: z.array(ModelRequirementSchema).readonly()
-      }),
+      z.object({ requirements: z.array(ModelRequirementSchema).readonly() }),
       ResolvedInferenceConfigSchema
     ),
-    /**
-     * Resolve the ordered HW acceleration backend list for this node.
-     * Pass `prefer` to hint a specific backend; pass `null` or omit
-     * for auto-detection. Replaces the legacy `$hwaccel.resolve`
-     * Moleculer action — cap routing handles per-node dispatch via
-     * `nodeId`.
-     */
     resolveHwAccel: method(
-      z.object({
-        prefer: HwAccelBackendInputSchema,
-        nodeId: z.string().optional()
-      }),
+      z.object({ prefer: HwAccelBackendInputSchema, nodeId: z.string().optional() }),
       HwAccelResolutionSchema
+    ),
+    /**
+     * Hardware-encoder probe — see Task #185. Cached after first call.
+     */
+    getHardwareEncoders: method(z.void(), HardwareEncodersSchema),
+    refreshHardwareEncoders: method(
+      z.void(),
+      HardwareEncodersSchema,
+      { kind: "mutation", auth: "admin" }
     )
   }
 };
@@ -7058,25 +7494,11 @@ const MeshStatusSchema = z.object({
   /** Last error from the daemon, when not joined. */
   error: z.string().optional()
 });
-const PublicIngressConfigSchema = z.object({
-  /** Whether the provider should expose CamStack via its public
-   *  ingress (Tailscale Funnel, etc.). */
-  enabled: z.boolean(),
-  /** Local port to forward. Auto-detected from the hub HTTP port
-   *  when omitted. */
-  port: z.number().int().min(1).max(65535).optional()
-});
-const MeshIngressConfigSchema = z.object({
-  /** Whether the provider should expose CamStack inside the mesh
-   *  via HTTPS (Tailscale Serve, etc.) instead of just raw IP. */
-  enabled: z.boolean(),
-  /** Local port to forward. Auto-detected when omitted. */
-  port: z.number().int().min(1).max(65535).optional()
-});
 const meshNetworkCapability = {
   name: "mesh-network",
   scope: "system",
   mode: "collection",
+  providerKind: "mesh",
   methods: {
     /** Return the current join state + endpoints + peer count. Cheap
      *  poll-target — admin UI hits this every few seconds. */
@@ -7098,6 +7520,29 @@ const meshNetworkCapability = {
       z.object({ joined: z.literal(true) }),
       { kind: "mutation" }
     ),
+    /**
+     * Start an interactive browser-redirect login flow.
+     *
+     * The provider spawns its daemon's join command without a pre-auth
+     * key, captures the verification URL the daemon prints, and returns
+     * it. The admin UI opens the URL in a new tab; the user completes
+     * authentication in the provider's web console and the background
+     * process self-terminates. The caller then polls `getStatus()` until
+     * `joined: true`.
+     *
+     * Mirrors the `tailscale up` (no `--auth-key`) flow.
+     */
+    startLogin: method(
+      z.object({
+        /** Optional hostname override the host should advertise once joined. */
+        hostname: z.string().optional()
+      }),
+      z.object({
+        /** Authentication URL the operator should open in a browser. */
+        loginUrl: z.string()
+      }),
+      { kind: "mutation" }
+    ),
     /** Leave the mesh. After this the meshIp/magicDnsHostname/etc.
      *  vanish until the next `join`. */
     leave: method(
@@ -7110,21 +7555,32 @@ const meshNetworkCapability = {
       peers: z.array(MeshPeerSchema).readonly()
     })),
     /**
-     * Toggle the public ingress (e.g. Tailscale Funnel) that maps a
-     * local port to the open internet via the provider's edge. Idempotent.
-     */
-    setPublicIngress: method(
-      PublicIngressConfigSchema,
-      z.object({ success: z.literal(true) }),
-      { kind: "mutation" }
-    ),
-    /**
-     * Toggle the in-mesh HTTPS ingress (e.g. Tailscale Serve) so peers
-     * inside the mesh hit a valid TLS endpoint instead of the raw IP.
+     * Probe the mesh daemon / API for a sanity check WITHOUT joining.
+     * Operator-facing "test connection" button: validates the auth key
+     * + reaches the control plane and reports back what would happen
+     * on join.
+     *
+     * Tailscale: dry-runs `tailscale up --auth-key=… --reset` against
+     * an idempotency probe; for an already-joined node it just returns
+     * the current status.
      */
-    setMeshIngress: method(
-      MeshIngressConfigSchema,
-      z.object({ success: z.literal(true) }),
+    testConnection: method(
+      z.object({
+        /** Optional auth key — when provided, probes the key validity
+         *  against the provider's API. Omit when already joined to
+         *  just ping the daemon. */
+        authKey: z.string().optional()
+      }),
+      z.object({
+        ok: z.boolean(),
+        /** Provider-side identifier resolved by the probe (tailnet
+         *  name for Tailscale, network id for ZeroTier, etc.). */
+        tenant: z.string().optional(),
+        /** Daemon binary version, when reachable. */
+        daemonVersion: z.string().optional(),
+        /** Human-readable error when `ok: false`. */
+        error: z.string().optional()
+      }),
       { kind: "mutation" }
     )
   }
@@ -7183,26 +7639,54 @@ const meshOrchestratorCapability = {
     )
   }
 };
-const UserRoleSchema = z.enum(["admin", "viewer", "agent", "scoped"]);
+const MethodAccessSchema = z.enum(["view", "create", "delete"]);
 const AllowedProviderSchema = z.union([z.literal("*"), z.array(z.string())]);
 const AllowedDevicesSchema = z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]));
-const MethodAccessSchema = z.enum(["view", "create", "delete"]);
-const TokenScopeSchema = z.object({
-  type: z.enum(["addon", "capability"]),
-  target: z.string(),
-  access: z.array(MethodAccessSchema).min(1)
-});
+const CapScopeSchema = z.enum(["device", "system"]);
+const TokenScopeSchema = z.discriminatedUnion("type", [
+  z.object({
+    type: z.literal("category"),
+    target: CapScopeSchema,
+    access: z.array(MethodAccessSchema).min(1)
+  }),
+  z.object({
+    type: z.literal("capability"),
+    target: z.string(),
+    access: z.array(MethodAccessSchema).min(1)
+  }),
+  z.object({
+    type: z.literal("addon"),
+    target: z.string(),
+    access: z.array(MethodAccessSchema).min(1)
+  }),
+  z.object({
+    type: z.literal("device"),
+    /**
+     * One or more deviceIds (serialised as strings for wire-format
+     * consistency with the rest of the union). Matcher accepts if
+     * `input.deviceId` ∈ `targets`. Array shape avoids the row-explosion
+     * of one scope-per-device when granting access to a set of cameras.
+     */
+    targets: z.array(z.string()).min(1),
+    access: z.array(MethodAccessSchema).min(1)
+  })
+]);
 const UserRecordSchema = z.object({
   id: z.string(),
   username: z.string(),
   passwordHash: z.string(),
-  role: UserRoleSchema,
+  /**
+   * Admin bypass. When true, the middleware skips the scope-access
+   * check entirely. There is no other axis of privilege; the legacy
+   * role enum collapsed onto this boolean in v2.
+   */
+  isAdmin: z.boolean().default(false),
   allowedProviders: AllowedProviderSchema,
   allowedDevices: AllowedDevicesSchema,
   /**
-   * Scopes granted to this user. Admins bypass; their `scopes` is ignored.
-   * Non-admins (`viewer`, `agent`, `scoped`) without scopes are locked out
-   * of every protected call.
+   * Scopes granted to this user. Admins bypass; their `scopes` is
+   * ignored. Non-admins without scopes are locked out of every
+   * protected call.
    */
   scopes: z.array(TokenScopeSchema).default([]),
   createdAt: z.number(),
@@ -7211,7 +7695,7 @@ const UserRecordSchema = z.object({
 const ApiKeyRecordSchema = z.object({
   id: z.string(),
   label: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: AllowedProviderSchema,
   allowedDevices: AllowedDevicesSchema,
   tokenHash: z.string(),
@@ -7235,7 +7719,7 @@ const ScopedTokenSchema = z.object({
 const UserSummarySchema = z.object({
   id: z.string(),
   username: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])),
   scopes: z.array(TokenScopeSchema).default([]),
@@ -7245,14 +7729,14 @@ const UserSummarySchema = z.object({
 const CreateUserInputSchema = z.object({
   username: z.string(),
   password: z.string().min(6),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
   scopes: z.array(TokenScopeSchema).optional()
 });
 const UpdateUserInputSchema = z.object({
   id: z.string(),
-  role: UserRoleSchema.optional(),
+  isAdmin: z.boolean().optional(),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
   scopes: z.array(TokenScopeSchema).optional()
@@ -7260,7 +7744,7 @@ const UpdateUserInputSchema = z.object({
 const ApiKeySummarySchema = z.object({
   id: z.string(),
   label: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional(),
   tokenPrefix: z.string(),
@@ -7269,7 +7753,7 @@ const ApiKeySummarySchema = z.object({
 });
 const CreateApiKeyInputSchema = z.object({
   label: z.string(),
-  role: UserRoleSchema,
+  isAdmin: z.boolean().default(false),
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]).optional(),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])).optional()
 });
@@ -7283,16 +7767,11 @@ const ScopedTokenSummarySchema = z.object({
   name: z.string(),
   tokenPrefix: z.string(),
   scopes: z.array(TokenScopeSchema),
-  // Mirror the storage schema: `.nullish()` accepts the SQLite-native
-  // `null` for absent timestamps as well as in-memory `undefined`.
   expiresAt: z.number().nullish(),
   lastUsedAt: z.number().nullish(),
   createdAt: z.number()
 });
 const CreateScopedTokenInputSchema = z.object({
-  // The owner the token is issued on behalf of. `adminProcedure` gates
-  // this call so an admin can mint tokens for any user; the CLI passes
-  // its own logged-in `user.id` here.
   userId: z.string(),
   name: z.string(),
   scopes: z.array(TokenScopeSchema),
@@ -7302,45 +7781,85 @@ const CreateScopedTokenResultSchema = z.object({
   token: z.string(),
   record: ScopedTokenSummarySchema
 });
+const TotpSetupResultSchema = z.object({
+  secret: z.string(),
+  otpauthUrl: z.string()
+});
+const TotpStatusSchema = z.object({
+  /** True iff `confirmedAt != null` — a pending half-enrollment is reported as `enabled: false`. */
+  enabled: z.boolean(),
+  /** Null when no row exists OR the row is still pending confirmation. */
+  confirmedAt: z.number().nullable()
+});
 const userManagementCapability = {
   name: "user-management",
   scope: "system",
   mode: "singleton",
   methods: {
-    // ── Users ──────────────────────────────────────────────────────
     listUsers: method(z.void(), z.array(UserSummarySchema), { auth: "admin" }),
-    createUser: method(CreateUserInputSchema, UserSummarySchema, { kind: "mutation", auth: "admin" }),
-    updateUser: method(UpdateUserInputSchema, z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
-    deleteUser: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
+    createUser: method(CreateUserInputSchema, UserSummarySchema, { kind: "mutation", auth: "admin", access: "create" }),
+    updateUser: method(UpdateUserInputSchema, z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "create" }),
+    deleteUser: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "delete" }),
     resetPassword: method(
       z.object({ id: z.string(), newPassword: z.string().min(6) }),
       z.object({ success: z.literal(true) }),
-      { kind: "mutation", auth: "admin" }
+      { kind: "mutation", auth: "admin", access: "create" }
     ),
-    /**
-     * Replace the scope set on a user. Subset check: the caller's scopes
-     * must include every requested scope+access (admin bypasses).
-     */
     setUserScopes: method(
       z.object({ userId: z.string(), scopes: z.array(TokenScopeSchema) }),
       z.object({ success: z.literal(true) }),
-      { kind: "mutation", auth: "admin" }
+      { kind: "mutation", auth: "admin", access: "create" }
     ),
     validateCredentials: method(
       z.object({ username: z.string(), password: z.string() }),
       UserSummarySchema.extend({ passwordHash: z.string() }).nullable(),
-      { kind: "mutation" }
+      { kind: "mutation", access: "view" }
     ),
-    // ── API Keys ──────────────────────────────────────────────────
     listApiKeys: method(z.void(), z.array(ApiKeySummarySchema), { auth: "admin" }),
-    createApiKey: method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, { kind: "mutation", auth: "admin" }),
-    revokeApiKey: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
-    validateApiKey: method(z.object({ token: z.string() }), ApiKeySummarySchema.nullable(), { kind: "mutation" }),
-    // ── Scoped Tokens ─────────────────────────────────────────────
-    createScopedToken: method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, { kind: "mutation", auth: "admin" }),
-    revokeScopedToken: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin" }),
-    validateScopedToken: method(z.object({ token: z.string() }), ScopedTokenSummarySchema.nullable()),
-    listScopedTokens: method(z.object({ userId: z.string() }), z.array(ScopedTokenSummarySchema), { auth: "admin" })
+    createApiKey: method(CreateApiKeyInputSchema, CreateApiKeyResultSchema, { kind: "mutation", auth: "admin", access: "create" }),
+    revokeApiKey: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "delete" }),
+    validateApiKey: method(z.object({ token: z.string() }), ApiKeySummarySchema.nullable(), { kind: "mutation", access: "view" }),
+    createScopedToken: method(CreateScopedTokenInputSchema, CreateScopedTokenResultSchema, { kind: "mutation", auth: "admin", access: "create" }),
+    revokeScopedToken: method(z.object({ id: z.string() }), z.object({ success: z.literal(true) }), { kind: "mutation", auth: "admin", access: "delete" }),
+    validateScopedToken: method(z.object({ token: z.string() }), ScopedTokenSummarySchema.nullable(), { access: "view" }),
+    listScopedTokens: method(z.object({ userId: z.string() }), z.array(ScopedTokenSummarySchema), { auth: "admin" }),
+    // ── TOTP / 2FA ─────────────────────────────────────────────────
+    //
+    // Setup → Confirm → (Verify on login) → Disable.
+    //
+    // Admin-only for now: operator enrolls TOTP on a user's behalf by
+    // pairing their authenticator with the returned QR. Self-service
+    // enrollment is a follow-up (needs the cap framework to expose the
+    // caller's identity to the provider so the provider can enforce
+    // self-or-admin).
+    setupTotp: method(
+      z.object({ userId: z.string() }),
+      TotpSetupResultSchema,
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    confirmTotp: method(
+      z.object({ userId: z.string(), code: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "create" }
+    ),
+    disableTotp: method(
+      z.object({ userId: z.string() }),
+      z.object({ success: z.literal(true) }),
+      { kind: "mutation", auth: "admin", access: "delete" }
+    ),
+    getTotpStatus: method(
+      z.object({ userId: z.string() }),
+      TotpStatusSchema,
+      { auth: "admin" }
+    ),
+    // Public (no `auth`) — used by the login flow's second-step
+    // challenge endpoint. The userId comes from the password-validation
+    // step (signed bridge token), so this method is not a free oracle.
+    verifyTotp: method(
+      z.object({ userId: z.string(), code: z.string() }),
+      z.object({ valid: z.boolean() }),
+      { kind: "mutation", access: "view" }
+    )
   }
 };
 const FeatureManifestSchema = z.object({
@@ -7962,7 +8481,7 @@ const PIPELINE_OWNER_CAPABILITY_NAMES = [
   "pipeline-runner"
 ];
 export {
-  networkQualityCapability as $,
+  nativeObjectDetectionCapability as $,
   adminUiCapability as A,
   advancedNotifierCapability as B,
   alertsCapability as C,
@@ -7975,311 +8494,332 @@ export {
   cameraCredentialsCapability as J,
   decoderCapability as K,
   detectionPipelineCapability as L,
-  deviceManagerCapability as M,
-  deviceOpsCapability as N,
-  deviceStateCapability as O,
-  embeddingEncoderCapability as P,
-  eventsCapability as Q,
-  integrationsCapability as R,
-  intercomCapability as S,
-  localNetworkCapability as T,
-  logDestinationCapability as U,
-  meshNetworkCapability as V,
-  meshOrchestratorCapability as W,
-  metricsProviderCapability as X,
-  motionDetectionCapability as Y,
-  nativeObjectDetectionCapability as Z,
-  networkAccessCapability as _,
+  deviceExportCapability as M,
+  deviceManagerCapability as N,
+  deviceOpsCapability as O,
+  deviceStateCapability as P,
+  embeddingEncoderCapability as Q,
+  eventsCapability as R,
+  integrationsCapability as S,
+  intercomCapability as T,
+  localNetworkCapability as U,
+  logDestinationCapability as V,
+  meshNetworkCapability as W,
+  meshOrchestratorCapability as X,
+  metricsProviderCapability as Y,
+  motionDetectionCapability as Z,
+  mqttBrokerCapability as _,
   zoneRulesCapability as a,
-  AuthProviderInfoSchema as a$,
-  nodesCapability as a0,
-  notificationOutputCapability as a1,
-  osdCapability as a2,
-  pipelineAnalyticsCapability as a3,
-  pipelineExecutorCapability as a4,
-  pipelineOrchestratorCapability as a5,
-  pipelineRunnerCapability as a6,
-  platformProbeCapability as a7,
-  ptzCapability as a8,
-  rebootCapability as a9,
-  AddonPageDeclarationSchema as aA,
-  AddonPageInfoSchema as aB,
-  AgentLoadSummarySchema as aC,
-  AlertSchema as aD,
-  AlertSeveritySchema as aE,
-  AlertSourceSchema as aF,
-  AlertStatusSchema as aG,
-  ApiKeyRecordSchema as aH,
-  ApiKeySummarySchema as aI,
-  ArchiveEntrySchema as aJ,
-  ArchiveManifestSchema as aK,
-  AudioAnalysisResultSchema as aL,
-  AudioAnalysisSettingsSchema as aM,
-  AudioChunkInputSchema as aN,
-  AudioClassSummarySchema as aO,
-  AudioClassificationLabelSchema as aP,
-  AudioClassificationResultSchema as aQ,
-  AudioCodecInfoSchema as aR,
-  AudioDecodeSessionConfigSchema as aS,
-  AudioEncodeSessionConfigSchema as aT,
-  AudioEncodedChunkSchema as aU,
-  AudioEventSchema as aV,
-  AudioLevelSchema as aW,
-  AudioMetricsHistoryPointSchema as aX,
-  AudioMetricsHistorySchema as aY,
-  AudioMetricsSnapshotSchema as aZ,
-  AudioPcmChunkSchema as a_,
-  recordingCapability as aa,
-  recordingEngineCapability as ab,
-  remoteAccessCapability as ac,
-  restreamerCapability as ad,
-  settingsStoreCapability as ae,
-  snapshotCapability as af,
-  snapshotProviderCapability as ag,
-  storageCapability as ah,
-  storageProviderCapability as ai,
-  streamBrokerCapability as aj,
-  streamingEngineCapability as ak,
-  systemCapability as al,
-  toastCapability as am,
-  turnOrchestratorCapability as an,
-  turnProviderCapability as ao,
-  userManagementCapability as ap,
-  webrtcCapability as aq,
-  webrtcSessionCapability as ar,
-  ACCESSORY_LABEL as as,
-  APPLE_SA_TO_MACRO as at,
-  AUDIO_BACKEND_CHOICES as au,
-  AUDIO_MACRO_LABELS as av,
-  AccessoriesStatusSchema as aw,
-  AccessoryKind as ax,
-  AddonAutoUpdateSchema as ay,
-  AddonListItemSchema as az,
+  AudioEventSchema as a$,
+  networkAccessCapability as a0,
+  networkQualityCapability as a1,
+  nodesCapability as a2,
+  notificationOutputCapability as a3,
+  osdCapability as a4,
+  pipelineAnalyticsCapability as a5,
+  pipelineExecutorCapability as a6,
+  pipelineOrchestratorCapability as a7,
+  pipelineRunnerCapability as a8,
+  platformProbeCapability as a9,
+  AUDIO_MACRO_LABELS as aA,
+  AccessoriesStatusSchema as aB,
+  AccessoryKind as aC,
+  AddBrokerInputSchema as aD,
+  AddonAutoUpdateSchema as aE,
+  AddonListItemSchema as aF,
+  AddonPageDeclarationSchema as aG,
+  AddonPageInfoSchema as aH,
+  AgentLoadSummarySchema as aI,
+  AlertSchema as aJ,
+  AlertSeveritySchema as aK,
+  AlertSourceSchema as aL,
+  AlertStatusSchema as aM,
+  ApiKeyRecordSchema as aN,
+  ApiKeySummarySchema as aO,
+  ArchiveEntrySchema as aP,
+  ArchiveManifestSchema as aQ,
+  AudioAnalysisResultSchema as aR,
+  AudioAnalysisSettingsSchema as aS,
+  AudioChunkInputSchema as aT,
+  AudioClassSummarySchema as aU,
+  AudioClassificationLabelSchema as aV,
+  AudioClassificationResultSchema as aW,
+  AudioCodecInfoSchema as aX,
+  AudioDecodeSessionConfigSchema as aY,
+  AudioEncodeSessionConfigSchema as aZ,
+  AudioEncodedChunkSchema as a_,
+  ptzCapability as aa,
+  rebootCapability as ab,
+  recordingCapability as ac,
+  recordingEngineCapability as ad,
+  remoteAccessCapability as ae,
+  restreamerCapability as af,
+  settingsStoreCapability as ag,
+  smtpProviderCapability as ah,
+  snapshotCapability as ai,
+  snapshotProviderCapability as aj,
+  ssoBridgeCapability as ak,
+  storageCapability as al,
+  storageProviderCapability as am,
+  streamBrokerCapability as an,
+  streamingEngineCapability as ao,
+  systemCapability as ap,
+  toastCapability as aq,
+  turnOrchestratorCapability as ar,
+  turnProviderCapability as as,
+  userManagementCapability as at,
+  userPasskeysCapability as au,
+  webrtcCapability as av,
+  webrtcSessionCapability as aw,
+  ACCESSORY_LABEL as ax,
+  APPLE_SA_TO_MACRO as ay,
+  AUDIO_BACKEND_CHOICES as az,
   zoneAnalyticsCapability as b,
-  DoorbellStatusSchema as b$,
-  AuthResultSchema as b0,
-  AutoUpdateSettingsSchema as b1,
-  AvailableIntegrationTypeSchema as b2,
-  BATTERY_DEVICE_PROFILE as b3,
-  BackupDestinationInfoSchema as b4,
-  BackupEntrySchema as b5,
-  BatteryStatusSchema as b6,
-  BoundingBoxSchema as b7,
-  BrightnessStatusSchema as b8,
-  BrokerAudioClientSchema as b9,
-  CreateIntegrationInputSchema as bA,
-  CreateScopedTokenInputSchema as bB,
-  CreateScopedTokenResultSchema as bC,
-  CreateUserInputSchema as bD,
-  CustomActionInputSchema as bE,
-  DEFAULT_AUDIO_ANALYZER_CONFIG as bF,
-  DEFAULT_DECODER_HWACCEL_CONFIG as bG,
-  DEVICE_PROFILES as bH,
-  DEVICE_SETTINGS_CONTRIBUTION_METHODS as bI,
-  DEVICE_STATUS_METHOD as bJ,
-  DecodedFrameSchema as bK,
-  DecoderAssignmentSchema as bL,
-  DecoderSessionConfigSchema as bM,
-  DecoderStatsSchema as bN,
-  DeleteIntegrationResultSchema as bO,
-  DetectorOutputSchema as bP,
-  DeviceDiscoveryStatusSchema as bQ,
-  DeviceFeature as bR,
-  DeviceInfoSchema as bS,
-  DeviceNetworkStatsSchema as bT,
-  DeviceRole as bU,
-  DeviceStatusSchema as bV,
-  DeviceType as bW,
-  DiscoveredChildDeviceSchema as bX,
-  DiscoveredChildStatusSchema as bY,
-  DiscoveredDeviceSchema as bZ,
-  DoorbellPressEventSchema as b_,
-  BrokerClientsSchema as ba,
-  BrokerDecodedClientSchema as bb,
-  BrokerRtspClientSchema as bc,
-  BrokerStatsSchema as bd,
-  BrokerStatusSchema as be,
-  CAM_PROFILE_ORDER as bf,
-  CamProfileSchema as bg,
-  CamStreamKindSchema as bh,
-  CamStreamResolutionSchema as bi,
-  CameraCredentialsSchema as bj,
-  CameraCredentialsStatusSchema as bk,
-  CameraMetricsSchema as bl,
-  CameraMetricsWithDeviceIdSchema as bm,
-  CameraStreamSchema as bn,
-  CapabilityBindingsSchema as bo,
-  ChargingStatus as bp,
-  ClientNetworkStatsSchema as bq,
-  ClusterAddonNodeDeploymentSchema as br,
-  ClusterAddonStatusEntrySchema as bs,
-  CollectionColumnSchema as bt,
-  CollectionIndexSchema as bu,
-  ConfigEntrySchema$1 as bv,
-  ConfigSectionWithValuesSchema as bw,
-  ConfigTabDeclarationSchema as bx,
-  CreateApiKeyInputSchema as by,
-  CreateApiKeyResultSchema as bz,
+  DeviceExportStatusSchema as b$,
+  AudioLevelSchema as b0,
+  AudioMetricsHistoryPointSchema as b1,
+  AudioMetricsHistorySchema as b2,
+  AudioMetricsSnapshotSchema as b3,
+  AudioPcmChunkSchema as b4,
+  AuthProviderInfoSchema as b5,
+  AuthResultSchema as b6,
+  AutoUpdateSettingsSchema as b7,
+  AvailableIntegrationTypeSchema as b8,
+  BATTERY_DEVICE_PROFILE as b9,
+  ClusterAddonNodeDeploymentSchema as bA,
+  ClusterAddonStatusEntrySchema as bB,
+  CollectionColumnSchema as bC,
+  CollectionIndexSchema as bD,
+  ConfigEntrySchema$1 as bE,
+  ConfigSectionWithValuesSchema as bF,
+  ConfigTabDeclarationSchema as bG,
+  CreateApiKeyInputSchema as bH,
+  CreateApiKeyResultSchema as bI,
+  CreateIntegrationInputSchema as bJ,
+  CreateScopedTokenInputSchema as bK,
+  CreateScopedTokenResultSchema as bL,
+  CreateUserInputSchema as bM,
+  CustomActionInputSchema as bN,
+  DEFAULT_AUDIO_ANALYZER_CONFIG as bO,
+  DEFAULT_DECODER_HWACCEL_CONFIG as bP,
+  DEVICE_PROFILES as bQ,
+  DEVICE_SETTINGS_CONTRIBUTION_METHODS as bR,
+  DEVICE_STATUS_METHOD as bS,
+  DecodedFrameSchema as bT,
+  DecoderAssignmentSchema as bU,
+  DecoderSessionConfigSchema as bV,
+  DecoderStatsSchema as bW,
+  DeleteIntegrationResultSchema as bX,
+  DetectorOutputSchema as bY,
+  DeviceDiscoveryStatusSchema as bZ,
+  ExposeInputSchema as b_,
+  BackupDestinationInfoSchema as ba,
+  BackupEntrySchema as bb,
+  BatteryStatusSchema as bc,
+  BoundingBoxSchema as bd,
+  BrightnessStatusSchema as be,
+  BrokerAudioClientSchema as bf,
+  BrokerClientsSchema as bg,
+  BrokerConnectionDetailsSchema as bh,
+  BrokerDecodedClientSchema as bi,
+  BrokerInfoSchema as bj,
+  BrokerRtspClientSchema as bk,
+  BrokerStatsSchema as bl,
+  BrokerStatusSchema$1 as bm,
+  CAM_PROFILE_ORDER as bn,
+  CamProfileSchema as bo,
+  CamStreamKindSchema as bp,
+  CamStreamResolutionSchema as bq,
+  CameraCredentialsSchema as br,
+  CameraCredentialsStatusSchema as bs,
+  CameraMetricsSchema as bt,
+  CameraMetricsWithDeviceIdSchema as bu,
+  CameraStreamSchema as bv,
+  CapScopeSchema as bw,
+  CapabilityBindingsSchema as bx,
+  ChargingStatus as by,
+  ClientNetworkStatsSchema as bz,
   motionCapability as c,
-  PlaceholderReasonSchema as c$,
-  EmbeddingInfoSchema as c0,
-  EmbeddingResultSchema as c1,
-  EncodedPacketSchema as c2,
-  EnrichedWidgetMetadataSchema as c3,
-  EventItemSchema as c4,
-  EventKindSchema as c5,
-  ExposedResourceSchema as c6,
-  FeatureManifestSchema as c7,
-  FeatureProbeStatusSchema as c8,
-  FrameInputSchema as c9,
-  NativeDetectionSchema as cA,
-  NativeObjectClassEnum as cB,
-  NativeObjectDetectionStatusSchema as cC,
-  NetworkAccessStatusSchema as cD,
-  NetworkAddressSchema as cE,
-  NetworkEndpointSchema as cF,
-  NotificationHistoryEntrySchema as cG,
-  NotificationRuleSchema as cH,
-  NotificationSchema as cI,
-  ObjectEventSchema as cJ,
-  OrchestratorMetricsSchema as cK,
-  OsdOverlayKindEnum as cL,
-  OsdOverlayPatchSchema as cM,
-  OsdOverlaySchema as cN,
-  OsdPositionEnum as cO,
-  OsdStatusSchema as cP,
-  PIPELINE_FLOW_CAPABILITY_NAMES as cQ,
-  PIPELINE_OWNER_CAPABILITY_NAMES as cR,
-  PackageUpdateSchema as cS,
-  PackageVersionInfoSchema as cT,
-  PcmSampleFormatSchema as cU,
-  PerScopeBreakdownSchema as cV,
-  PipelineAssignmentSchema as cW,
-  PipelineDefaultStepSchema as cX,
-  PipelineEngineChoiceSchema as cY,
-  PipelineRunResultBridge as cZ,
-  PipelineStepInputSchema as c_,
-  GlobalMetricsSchema as ca,
-  HWACCEL_OPTIONS as cb,
-  HealthStatusSchema as cc,
-  HistoryPointSchema as cd,
-  HistoryResolutionEnum as ce,
-  InstalledPackageSchema as cf,
-  IntegrationLiteSchema as cg,
-  IntegrationWithStateSchema as ch,
-  IntercomAbilitySchema as ci,
-  IntercomStatusSchema as cj,
-  LocationStatSchema as ck,
-  LogEntrySchema as cl,
-  LogLevelSchema$1 as cm,
-  LogStreamEntrySchema as cn,
-  MODEL_FORMATS as co,
-  MediaFileSchema as cp,
-  MethodAccessSchema as cq,
-  MotionAnalysisResultSchema as cr,
-  MotionEventSchema as cs,
-  MotionOnMotionChangedDataSchema as ct,
-  MotionRegionSchema as cu,
-  MotionSourceEnum as cv,
-  MotionSourcesSchema as cw,
-  MotionStatusSchema as cx,
-  MotionTriggerRuntimeStateSchema as cy,
-  MotionTriggerStatusSchema as cz,
+  OsdOverlayPatchSchema as c$,
+  UnexposeInputSchema as c0,
+  DeviceFeature as c1,
+  DeviceInfoSchema as c2,
+  DeviceNetworkStatsSchema as c3,
+  DeviceRole as c4,
+  DeviceStatusSchema as c5,
+  DeviceType as c6,
+  DiscoveredChildDeviceSchema as c7,
+  DiscoveredChildStatusSchema as c8,
+  DiscoveredDeviceSchema as c9,
+  LogLevelSchema$1 as cA,
+  LogStreamEntrySchema as cB,
+  MODEL_FORMATS as cC,
+  MediaFileSchema as cD,
+  MethodAccessSchema as cE,
+  MotionAnalysisResultSchema as cF,
+  MotionEventSchema as cG,
+  MotionOnMotionChangedDataSchema as cH,
+  MotionRegionSchema as cI,
+  MotionSourceEnum as cJ,
+  MotionSourcesSchema as cK,
+  MotionStatusSchema as cL,
+  MotionTriggerRuntimeStateSchema as cM,
+  MotionTriggerStatusSchema as cN,
+  StatusSchema as cO,
+  NativeDetectionSchema as cP,
+  NativeObjectClassEnum as cQ,
+  NativeObjectDetectionStatusSchema as cR,
+  NetworkAccessStatusSchema as cS,
+  NetworkAddressSchema as cT,
+  NetworkEndpointSchema as cU,
+  NotificationHistoryEntrySchema as cV,
+  NotificationRuleSchema as cW,
+  NotificationSchema as cX,
+  ObjectEventSchema as cY,
+  OrchestratorMetricsSchema as cZ,
+  OsdOverlayKindEnum as c_,
+  DoorbellPressEventSchema as ca,
+  DoorbellStatusSchema as cb,
+  EmbeddingInfoSchema as cc,
+  EmbeddingResultSchema as cd,
+  EncodedPacketSchema as ce,
+  EnrichedWidgetMetadataSchema as cf,
+  EventItemSchema as cg,
+  EventKindSchema as ch,
+  ExposedDeviceSchema as ci,
+  ExposedResourceSchema as cj,
+  FeatureManifestSchema as ck,
+  FeatureProbeStatusSchema as cl,
+  FrameInputSchema as cm,
+  GetStreamWithCodecInputSchema as cn,
+  GlobalMetricsSchema as co,
+  HWACCEL_OPTIONS as cp,
+  HealthStatusSchema as cq,
+  HistoryPointSchema as cr,
+  HistoryResolutionEnum as cs,
+  InstalledPackageSchema as ct,
+  IntegrationLiteSchema as cu,
+  IntegrationWithStateSchema as cv,
+  IntercomAbilitySchema as cw,
+  IntercomStatusSchema as cx,
+  LocationStatSchema as cy,
+  LogEntrySchema as cz,
   doorbellCapability as d,
-  TurnProviderInfoSchema as d$,
-  PolygonPointSchema as d0,
-  ProfileSlotSchema as d1,
-  ProfileSlotStatusSchema as d2,
-  ProviderStatusSchema as d3,
-  PtzAutotrackRuntimeStateSchema as d4,
-  PtzAutotrackSettingsSchema as d5,
-  PtzAutotrackStatusSchema as d6,
-  PtzAutotrackTargetOptionSchema as d7,
-  PtzMoveCommandSchema as d8,
-  PtzPositionSchema as d9,
-  BeginUploadInputSchema as dA,
-  BeginUploadResultSchema as dB,
-  EndDownloadInputSchema as dC,
-  FinalizeUploadInputSchema as dD,
-  StorageLocationRefSchema as dE,
-  StorageLocationSchema as dF,
-  StorageLocationTypeSchema as dG,
-  ProviderInfoSchema as dH,
-  ReadChunkInputSchema as dI,
-  TestLocationResultSchema as dJ,
-  WriteChunkInputSchema as dK,
-  StreamFormatSchema as dL,
-  StreamInfoSchema as dM,
-  StreamNetworkStatsSchema as dN,
-  StreamSourceEntrySchema$1 as dO,
-  StreamSourceSchema as dP,
-  SwitchStatusSchema as dQ,
-  SystemMetricsSchema as dR,
-  TestConnectionResultSchema as dS,
-  ToastSchema as dT,
-  TokenScopeSchema as dU,
-  TopologyNodeSchema as dV,
-  TopologyProcessSchema as dW,
-  TopologyServiceSchema as dX,
-  TrackSchema as dY,
-  TrackStateSchema as dZ,
-  TrackedDetectionSchema as d_,
-  PtzPresetSchema as da,
-  QueryFilterSchema as db,
-  RegisteredStreamSchema as dc,
-  RemoteAccessEndpointSchema as dd,
-  RemoteAccessProviderInfoSchema as de,
-  ReportMotionInputSchema as df,
-  RtspRestreamEntrySchema as dg,
-  RunnerCameraConfigSchema as dh,
-  RunnerCameraDeviceUIFields as di,
-  RunnerLocalLoadSchema as dj,
-  RunnerLocalMetricsSchema as dk,
-  STORAGE_LOCATION_CARDINALITY as dl,
-  ScopedTokenSchema as dm,
-  ScopedTokenSummarySchema as dn,
-  SearchResultSchema as dp,
-  SegmentSchema as dq,
-  SettingsPatchSchema as dr,
-  SettingsRecordSchema as ds,
-  SettingsSchemaWithValuesSchema as dt,
-  SettingsUpdateResultSchema as du,
-  SnapshotImageSchema as dv,
-  SpatialDetectionSchema as dw,
-  AbortUploadInputSchema as dx,
-  BeginDownloadInputSchema as dy,
-  BeginDownloadResultSchema as dz,
+  StorageLocationSchema as d$,
+  OsdOverlaySchema as d0,
+  OsdPositionEnum as d1,
+  OsdStatusSchema as d2,
+  PIPELINE_FLOW_CAPABILITY_NAMES as d3,
+  PIPELINE_OWNER_CAPABILITY_NAMES as d4,
+  PackageUpdateSchema as d5,
+  PackageVersionInfoSchema as d6,
+  PasskeySummarySchema as d7,
+  PcmSampleFormatSchema as d8,
+  PerScopeBreakdownSchema as d9,
+  RunnerCameraDeviceUIFields as dA,
+  RunnerLocalLoadSchema as dB,
+  RunnerLocalMetricsSchema as dC,
+  STORAGE_LOCATION_CARDINALITY as dD,
+  ScopedTokenSchema as dE,
+  ScopedTokenSummarySchema as dF,
+  SearchResultSchema as dG,
+  SegmentSchema as dH,
+  SendEmailInputSchema as dI,
+  SendEmailResultSchema as dJ,
+  SettingsPatchSchema as dK,
+  SettingsRecordSchema as dL,
+  SettingsSchemaWithValuesSchema as dM,
+  SettingsUpdateResultSchema as dN,
+  SmtpStatusSchema as dO,
+  SnapshotImageSchema as dP,
+  SpatialDetectionSchema as dQ,
+  SsoBridgeClaimsSchema as dR,
+  StartEmbeddedInputSchema as dS,
+  AbortUploadInputSchema as dT,
+  BeginDownloadInputSchema as dU,
+  BeginDownloadResultSchema as dV,
+  BeginUploadInputSchema as dW,
+  BeginUploadResultSchema as dX,
+  EndDownloadInputSchema as dY,
+  FinalizeUploadInputSchema as dZ,
+  StorageLocationRefSchema as d_,
+  PipelineAssignmentSchema as da,
+  PipelineDefaultStepSchema as db,
+  PipelineEngineChoiceSchema as dc,
+  PipelineRunResultBridge as dd,
+  PipelineStepInputSchema as de,
+  PlaceholderReasonSchema as df,
+  PolygonPointSchema as dg,
+  ProfileSlotSchema as dh,
+  ProfileSlotStatusSchema as di,
+  ProviderStatusSchema as dj,
+  PtzAutotrackRuntimeStateSchema as dk,
+  PtzAutotrackSettingsSchema as dl,
+  PtzAutotrackStatusSchema as dm,
+  PtzAutotrackTargetOptionSchema as dn,
+  PtzMoveCommandSchema as dp,
+  PtzPositionSchema as dq,
+  PtzPresetSchema as dr,
+  QueryFilterSchema as ds,
+  RegisteredStreamSchema as dt,
+  RemoteAccessEndpointSchema as du,
+  RemoteAccessProviderInfoSchema as dv,
+  ReportMotionInputSchema as dw,
+  RtpSourceSchema as dx,
+  RtspRestreamEntrySchema as dy,
+  RunnerCameraConfigSchema as dz,
   errMsg as e,
-  TurnServerSchema as e0,
-  UpdateIntegrationInputSchema as e1,
-  UpdateUserInputSchema as e2,
-  UserRecordSchema as e3,
-  UserRoleSchema as e4,
-  UserSummarySchema as e5,
-  WELL_KNOWN_TABS as e6,
-  WELL_KNOWN_TAB_MAP as e7,
-  WebrtcStreamChoiceSchema as e8,
-  WebrtcStreamTargetSchema as e9,
-  WidgetHostEnum as ea,
-  WidgetMetadataSchema as eb,
-  WidgetSizeEnum as ec,
-  YAMNET_TO_MACRO as ed,
-  ZoneKindEnum as ee,
-  ZoneRuleModeEnum as ef,
-  ZoneRuleSchema as eg,
-  ZoneRuleStageEnum as eh,
-  ZoneRulesArraySchema as ei,
-  ZoneSchema as ej,
-  ZoneScopeBreakdownSchema as ek,
-  accessoryStableId as el,
-  deviceMatchesProfile as em,
-  event as en,
-  expandCapMethods as eo,
-  getAudioMacroClassIds as ep,
-  mapAudioLabelToMacro as eq,
-  method as er,
-  resolveDeviceProfile as es,
-  webrtcClientHintsSchema as et,
+  StorageLocationTypeSchema as e0,
+  ProviderInfoSchema as e1,
+  ReadChunkInputSchema as e2,
+  TestLocationResultSchema as e3,
+  WriteChunkInputSchema as e4,
+  StreamFormatSchema as e5,
+  StreamInfoSchema as e6,
+  StreamNetworkStatsSchema as e7,
+  StreamSourceEntrySchema$1 as e8,
+  StreamSourceSchema as e9,
+  ZoneRuleModeEnum as eA,
+  ZoneRuleSchema as eB,
+  ZoneRuleStageEnum as eC,
+  ZoneRulesArraySchema as eD,
+  ZoneSchema as eE,
+  ZoneScopeBreakdownSchema as eF,
+  accessoryStableId as eG,
+  deviceMatchesProfile as eH,
+  event as eI,
+  expandCapMethods as eJ,
+  getAudioMacroClassIds as eK,
+  mapAudioLabelToMacro as eL,
+  method as eM,
+  resolveDeviceProfile as eN,
+  webrtcClientHintsSchema as eO,
+  SwitchStatusSchema as ea,
+  SystemMetricsSchema as eb,
+  TestConnectionResultSchema as ec,
+  ToastSchema as ed,
+  TokenScopeSchema as ee,
+  TopologyNodeSchema as ef,
+  TopologyProcessSchema as eg,
+  TopologyServiceSchema as eh,
+  TrackSchema as ei,
+  TrackStateSchema as ej,
+  TrackedDetectionSchema as ek,
+  TurnProviderInfoSchema as el,
+  TurnServerSchema as em,
+  UpdateIntegrationInputSchema as en,
+  UpdateUserInputSchema as eo,
+  UserRecordSchema as ep,
+  UserSummarySchema as eq,
+  WELL_KNOWN_TABS as er,
+  WELL_KNOWN_TAB_MAP as es,
+  WebrtcStreamChoiceSchema as et,
+  WebrtcStreamTargetSchema as eu,
+  WidgetHostEnum as ev,
+  WidgetMetadataSchema as ew,
+  WidgetSizeEnum as ex,
+  YAMNET_TO_MACRO as ey,
+  ZoneKindEnum as ez,
   featureProbeCapability as f,
   deviceStatusCapability as g,
   hydrateSchema as h,
@@ -8302,4 +8842,4 @@ export {
   addonsCapability as y,
   zonesCapability as z
 };
-//# sourceMappingURL=index-DVKPWMwv.mjs.map
+//# sourceMappingURL=index-BBVUwOlZ.mjs.map