@camstack/types 0.1.32 → 0.1.33

package/dist/{index-BBVUwOlZ.mjs → index-YnRVILXN.mjs}

@@ -7469,7 +7469,9 @@ const MeshPeerSchema = z.object({
   id: z.string(),
   /** Hostname / device name as shown in the mesh dashboard. */
   hostname: z.string(),
-  /** Mesh IP(s). Multiple when the peer is dual-stacked. */
+  /** MagicDNS / mesh DNS name (e.g. `peer-foo.tail-abc.ts.net`). Empty when the provider doesn't support DNS or peer-side resolution is disabled. */
+  magicDns: z.string(),
+  /** Mesh IPv4 / IPv6 addresses combined. Multiple when dual-stacked. */
   addresses: z.array(z.string()).readonly(),
   /** Operating system reported by the peer (informational). */
   os: z.string().optional(),
@@ -7478,7 +7480,32 @@ const MeshPeerSchema = z.object({
   /** Last-seen timestamp (epoch ms). 0 when never seen. */
   lastSeenMs: z.number(),
   /** True for the row representing the current host. */
-  isSelf: z.boolean()
+  isSelf: z.boolean(),
+  /**
+   * Connection mode to this peer:
+   *   - `direct`: NAT-traversed P2P (UDP punched)
+   *   - `relay`: traffic relayed through provider edge (Tailscale DERP)
+   *   - `idle`: peer reachable but no recent traffic / handshake
+   */
+  connection: z.enum(["direct", "relay", "idle"]),
+  /** DERP region / relay node identifier when `connection: relay`. Null otherwise. */
+  relay: z.string().nullable(),
+  /** Last successful handshake timestamp (epoch ms). 0 when never. */
+  lastHandshakeMs: z.number(),
+  /** Bytes received from this peer since the daemon started. */
+  rxBytes: z.number(),
+  /** Bytes transmitted to this peer since the daemon started. */
+  txBytes: z.number(),
+  /** ACL tags this peer carries (e.g. `["tag:server"]`). Empty when human-owned. */
+  tags: z.array(z.string()).readonly(),
+  /** True when the peer advertises itself as an exit-node candidate. */
+  exitNodeOption: z.boolean(),
+  /** Subnet routes the peer advertises (e.g. `["192.168.1.0/24"]`). */
+  advertisedRoutes: z.array(z.string()).readonly(),
+  /** Owner account login (e.g. `foo@example.com`). Null for tagged peers. */
+  userLogin: z.string().nullable(),
+  /** Pre-auth key / machine-key expiry (epoch ms). Null when keys don't expire. */
+  keyExpiry: z.number().nullable()
 });
 const MeshStatusSchema = z.object({
   /** True when the host is joined and the daemon reports healthy. */
@@ -7492,7 +7519,38 @@ const MeshStatusSchema = z.object({
   /** Every endpoint this provider exposes for the current host. */
   endpoints: z.array(MeshEndpointSchema$1).readonly(),
   /** Last error from the daemon, when not joined. */
-  error: z.string().optional()
+  error: z.string().optional(),
+  // ── Account / tenant identity (generic across providers) ────────
+  /**
+   * Tenant / tailnet / network display name (Tailscale = tailnet
+   * domain, Headscale = namespace, ZeroTier = network name). Empty
+   * pre-join. Per-provider semantics, common slot.
+   */
+  tenantName: z.string(),
+  /**
+   * Mesh DNS suffix when the provider exposes peer-resolvable DNS
+   * (Tailscale MagicDNS, Headscale MagicDNS, …). Empty when the
+   * provider doesn't ship DNS (e.g. ZeroTier).
+   */
+  magicDnsSuffix: z.string(),
+  /**
+   * Authenticated user / account login bound to this host. Null when
+   * the provider authenticates with a long-lived network token rather
+   * than a user account (e.g. ZeroTier API token).
+   */
+  userLogin: z.string().nullable(),
+  /**
+   * Provider control-plane URL (Tailscale SaaS `https://login.tailscale.com`,
+   * self-hosted Headscale, ZeroTier Central, …). Empty when not
+   * applicable (rare).
+   */
+  controlPlaneUrl: z.string(),
+  /**
+   * Machine-key / node-key expiry (epoch ms). Null when the provider
+   * doesn't rotate keys for the bound host. Operator-facing surface
+   * for "your access expires on …" banners.
+   */
+  keyExpiry: z.number().nullable()
 });
 const meshNetworkCapability = {
   name: "mesh-network",
@@ -7544,12 +7602,26 @@ const meshNetworkCapability = {
       { kind: "mutation" }
     ),
     /** Leave the mesh. After this the meshIp/magicDnsHostname/etc.
-     *  vanish until the next `join`. */
+     *  vanish until the next `join`. The bound account stays — a
+     *  subsequent `join` reuses it without prompting for a new login. */
     leave: method(
       z.void(),
       z.object({ left: z.literal(true) }),
       { kind: "mutation" }
     ),
+    /**
+     * Sign out of the mesh account entirely. Distinct from `leave`:
+     * `leave` only takes the host off-mesh (`tailscale down`) while the
+     * account binding survives, so the next `join` reconnects silently.
+     * `logout` (`tailscale logout`) wipes the daemon's stored
+     * credentials — the next `startLogin` MUST go through a fresh
+     * browser-redirect flow to bind a new account.
+     */
+    logout: method(
+      z.void(),
+      z.object({ loggedOut: z.literal(true) }),
+      { kind: "mutation" }
+    ),
     /** Enumerate every peer the daemon currently knows about. */
     listPeers: method(z.void(), z.object({
       peers: z.array(MeshPeerSchema).readonly()
@@ -7583,6 +7655,15 @@ const meshNetworkCapability = {
       }),
       { kind: "mutation" }
     )
+    // Provider-specific runtime knobs (accept-routes / advertise-routes /
+    // shields-up / ssh / exit-node, …) live on the addon's own
+    // `getSettingsUISchema` (form-builder), NOT here. Different mesh
+    // providers (Tailscale, Headscale, ZeroTier, Nebula) have very
+    // different config surfaces — picking one shape and forcing all
+    // implementations to honour it would either lose options or
+    // misrepresent them. The Mesh page renders the addon's settings
+    // schema as a "Settings" tab next to the generic Status / Peers
+    // tabs driven by this cap.
   }
 };
 const MeshEndpointSchema = z.object({
@@ -7610,7 +7691,18 @@ const MeshProviderInfoSchema = z.object({
   /** Active endpoints (mesh IP + MagicDNS + optional public Funnel). */
   endpoints: z.array(MeshEndpointSchema).readonly(),
   /** Last error reported by the provider. */
-  error: z.string().optional()
+  error: z.string().optional(),
+  // ── Generic identity fields mirrored from MeshStatus ─────────────
+  /** Tenant / tailnet / network display name. Empty pre-join. */
+  tenantName: z.string(),
+  /** Mesh DNS suffix (e.g. tailXXXX.ts.net). Empty when not configured. */
+  magicDnsSuffix: z.string(),
+  /** Authenticated user / account login. Null for token-only providers. */
+  userLogin: z.string().nullable(),
+  /** Provider control-plane URL. */
+  controlPlaneUrl: z.string(),
+  /** Machine-key expiry (epoch ms). Null when keys don't rotate. */
+  keyExpiry: z.number().nullable()
 });
 const meshOrchestratorCapability = {
   name: "mesh-orchestrator",
@@ -7636,6 +7728,43 @@ const meshOrchestratorCapability = {
       z.object({ addonId: z.string() }),
       z.object({ success: z.literal(true) }),
       { kind: "mutation" }
+    ),
+    /**
+     * Browser-redirect login flow. Forwards to the named provider's
+     * `mesh-network.startLogin` and returns the URL the daemon
+     * prints. UI opens it in a new tab, then polls `listProviders`
+     * for `joined: true`.
+     */
+    startLoginProvider: method(
+      z.object({
+        addonId: z.string(),
+        hostname: z.string().optional()
+      }),
+      z.object({ loginUrl: z.string() }),
+      { kind: "mutation" }
+    ),
+    /**
+     * Sign out of the provider's account entirely (`mesh-network.logout`).
+     * Distinct from `leaveProvider` which only takes the host off-mesh;
+     * `logoutProvider` wipes credentials so the next start requires a
+     * fresh login.
+     */
+    logoutProvider: method(
+      z.object({ addonId: z.string() }),
+      z.object({ loggedOut: z.literal(true) }),
+      { kind: "mutation" }
+    ),
+    /**
+     * Per-provider peer list. Forwards to `mesh-network.listPeers` on
+     * the addressed provider. Separate from `listProviders` because
+     * peer payloads can be large on a heavily-populated tailnet —
+     * fetch only when the operator opens the Peers tab.
+     */
+    listProviderPeers: method(
+      z.object({ addonId: z.string() }),
+      z.object({
+        peers: z.array(MeshPeerSchema).readonly()
+      })
     )
   }
 };
@@ -7723,6 +7852,13 @@ const UserSummarySchema = z.object({
   allowedProviders: z.union([z.array(z.string()), z.literal("*")]),
   allowedDevices: z.record(z.string(), z.union([z.array(z.string()), z.literal("*")])),
   scopes: z.array(TokenScopeSchema).default([]),
+  /**
+   * True iff this user has a CONFIRMED TOTP enrollment. Surfaced on
+   * `listUsers` so the admin Users page can render the "Remove 2FA"
+   * action conditionally without firing one `getTotpStatus` query per
+   * row. Self-service enrollment lives on the user's profile page.
+   */
+  totpEnabled: z.boolean().default(false),
   createdAt: z.number(),
   updatedAt: z.number()
 });
@@ -8021,6 +8157,12 @@ const NodeAddonInputSchema = z.object({
   nodeId: z.string(),
   addonId: z.string()
 });
+const NodeAddonEntrySchema = z.object({
+  id: z.string(),
+  status: z.string(),
+  version: z.string().optional(),
+  packageName: z.string().optional()
+});
 const SuccessSchema = z.object({ success: z.boolean() });
 const RestartProcessResultSchema = z.object({
   success: z.boolean(),
@@ -8081,6 +8223,19 @@ const nodesCapability = {
       z.record(z.string(), ClusterAddonStatusEntrySchema),
       { auth: "admin" }
     ),
+    /**
+     * Direct per-node addon listing — calls `$agent.status` on the target
+     * node (or returns the hub registry for `nodeId === 'hub'`) and surfaces
+     * the full addon roster including `version` + `packageName`. The
+     * `topology` cap also includes addons but strips them down to
+     * `{id, capabilities, status}` for the cluster diagram; this method
+     * is the one the per-node "Addons" tab should call.
+     */
+    getNodeAddons: method(
+      z.object({ nodeId: z.string() }),
+      z.array(NodeAddonEntrySchema).readonly(),
+      { auth: "admin" }
+    ),
     setProcessLogLevel: method(
       z.object({ nodeId: z.string(), level: z.string() }),
       SuccessSchema,
@@ -8842,4 +8997,4 @@ export {
   addonsCapability as y,
   zonesCapability as z
 };
-//# sourceMappingURL=index-BBVUwOlZ.mjs.map
+//# sourceMappingURL=index-YnRVILXN.mjs.map