npm - @openmdm/core - Versions diffs - 0.2.0 - Mend

@openmdm/core 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,899 @@
+/**
+ * OpenMDM Core Types
+ *
+ * These types define the core data structures for the MDM system.
+ * Designed to be database-agnostic and framework-agnostic.
+ */
+type DeviceStatus = 'pending' | 'enrolled' | 'unenrolled' | 'blocked';
+interface Device {
+    id: string;
+    externalId?: string | null;
+    enrollmentId: string;
+    status: DeviceStatus;
+    model?: string | null;
+    manufacturer?: string | null;
+    osVersion?: string | null;
+    serialNumber?: string | null;
+    imei?: string | null;
+    macAddress?: string | null;
+    androidId?: string | null;
+    policyId?: string | null;
+    lastHeartbeat?: Date | null;
+    lastSync?: Date | null;
+    batteryLevel?: number | null;
+    storageUsed?: number | null;
+    storageTotal?: number | null;
+    location?: DeviceLocation | null;
+    installedApps?: InstalledApp[] | null;
+    tags?: Record<string, string> | null;
+    metadata?: Record<string, unknown> | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+interface DeviceLocation {
+    latitude: number;
+    longitude: number;
+    accuracy?: number;
+    timestamp: Date;
+}
+interface InstalledApp {
+    packageName: string;
+    version: string;
+    versionCode?: number;
+    installedAt?: Date;
+}
+interface CreateDeviceInput {
+    enrollmentId: string;
+    externalId?: string;
+    model?: string;
+    manufacturer?: string;
+    osVersion?: string;
+    serialNumber?: string;
+    imei?: string;
+    macAddress?: string;
+    androidId?: string;
+    policyId?: string;
+    tags?: Record<string, string>;
+    metadata?: Record<string, unknown>;
+}
+interface UpdateDeviceInput {
+    externalId?: string | null;
+    status?: DeviceStatus;
+    policyId?: string | null;
+    model?: string;
+    manufacturer?: string;
+    osVersion?: string;
+    batteryLevel?: number | null;
+    storageUsed?: number | null;
+    storageTotal?: number | null;
+    lastHeartbeat?: Date;
+    lastSync?: Date;
+    installedApps?: InstalledApp[];
+    location?: DeviceLocation;
+    tags?: Record<string, string>;
+    metadata?: Record<string, unknown>;
+}
+interface DeviceFilter {
+    status?: DeviceStatus | DeviceStatus[];
+    policyId?: string;
+    groupId?: string;
+    search?: string;
+    tags?: Record<string, string>;
+    limit?: number;
+    offset?: number;
+}
+interface DeviceListResult {
+    devices: Device[];
+    total: number;
+    limit: number;
+    offset: number;
+}
+interface Policy {
+    id: string;
+    name: string;
+    description?: string | null;
+    isDefault: boolean;
+    settings: PolicySettings;
+    createdAt: Date;
+    updatedAt: Date;
+}
+interface PolicySettings {
+    kioskMode?: boolean;
+    mainApp?: string;
+    allowedApps?: string[];
+    kioskExitPassword?: string;
+    lockStatusBar?: boolean;
+    lockNavigationBar?: boolean;
+    lockSettings?: boolean;
+    lockPowerButton?: boolean;
+    blockInstall?: boolean;
+    blockUninstall?: boolean;
+    bluetooth?: HardwareControl;
+    wifi?: HardwareControl;
+    gps?: HardwareControl;
+    mobileData?: HardwareControl;
+    camera?: HardwareControl;
+    microphone?: HardwareControl;
+    usb?: HardwareControl;
+    nfc?: HardwareControl;
+    systemUpdatePolicy?: SystemUpdatePolicy;
+    updateWindow?: TimeWindow;
+    passwordPolicy?: PasswordPolicy;
+    encryptionRequired?: boolean;
+    factoryResetProtection?: boolean;
+    safeBootDisabled?: boolean;
+    heartbeatInterval?: number;
+    locationReportInterval?: number;
+    locationEnabled?: boolean;
+    wifiConfigs?: WifiConfig[];
+    vpnConfig?: VpnConfig;
+    applications?: PolicyApplication[];
+    custom?: Record<string, unknown>;
+}
+type HardwareControl = 'on' | 'off' | 'user';
+type SystemUpdatePolicy = 'auto' | 'windowed' | 'postpone' | 'manual';
+interface TimeWindow {
+    start: string;
+    end: string;
+}
+interface PasswordPolicy {
+    required: boolean;
+    minLength?: number;
+    complexity?: 'none' | 'numeric' | 'alphanumeric' | 'complex';
+    maxFailedAttempts?: number;
+    expirationDays?: number;
+    historyLength?: number;
+}
+interface WifiConfig {
+    ssid: string;
+    securityType: 'none' | 'wep' | 'wpa' | 'wpa2' | 'wpa3';
+    password?: string;
+    hidden?: boolean;
+    autoConnect?: boolean;
+}
+interface VpnConfig {
+    type: 'pptp' | 'l2tp' | 'ipsec' | 'openvpn' | 'wireguard';
+    server: string;
+    username?: string;
+    password?: string;
+    certificate?: string;
+    config?: Record<string, unknown>;
+}
+interface PolicyApplication {
+    packageName: string;
+    action: 'install' | 'update' | 'uninstall';
+    version?: string;
+    required?: boolean;
+    autoUpdate?: boolean;
+}
+interface CreatePolicyInput {
+    name: string;
+    description?: string;
+    isDefault?: boolean;
+    settings: PolicySettings;
+}
+interface UpdatePolicyInput {
+    name?: string;
+    description?: string | null;
+    isDefault?: boolean;
+    settings?: PolicySettings;
+}
+interface Application {
+    id: string;
+    name: string;
+    packageName: string;
+    version: string;
+    versionCode: number;
+    url: string;
+    hash?: string | null;
+    size?: number | null;
+    minSdkVersion?: number | null;
+    showIcon: boolean;
+    runAfterInstall: boolean;
+    runAtBoot: boolean;
+    isSystem: boolean;
+    isActive: boolean;
+    metadata?: Record<string, unknown> | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+interface CreateApplicationInput {
+    name: string;
+    packageName: string;
+    version: string;
+    versionCode: number;
+    url: string;
+    hash?: string;
+    size?: number;
+    minSdkVersion?: number;
+    showIcon?: boolean;
+    runAfterInstall?: boolean;
+    runAtBoot?: boolean;
+    isSystem?: boolean;
+    metadata?: Record<string, unknown>;
+}
+interface UpdateApplicationInput {
+    name?: string;
+    version?: string;
+    versionCode?: number;
+    url?: string;
+    hash?: string | null;
+    size?: number | null;
+    minSdkVersion?: number | null;
+    showIcon?: boolean;
+    runAfterInstall?: boolean;
+    runAtBoot?: boolean;
+    isActive?: boolean;
+    metadata?: Record<string, unknown> | null;
+}
+interface DeployTarget {
+    devices?: string[];
+    policies?: string[];
+    groups?: string[];
+}
+interface AppVersion {
+    id: string;
+    applicationId: string;
+    packageName: string;
+    version: string;
+    versionCode: number;
+    url: string;
+    hash?: string | null;
+    size?: number | null;
+    releaseNotes?: string | null;
+    isMinimumVersion: boolean;
+    createdAt: Date;
+}
+interface AppRollback {
+    id: string;
+    deviceId: string;
+    packageName: string;
+    fromVersion: string;
+    fromVersionCode: number;
+    toVersion: string;
+    toVersionCode: number;
+    reason?: string | null;
+    status: 'pending' | 'in_progress' | 'completed' | 'failed';
+    error?: string | null;
+    initiatedBy?: string | null;
+    createdAt: Date;
+    completedAt?: Date | null;
+}
+interface CreateAppRollbackInput {
+    deviceId: string;
+    packageName: string;
+    toVersionCode: number;
+    reason?: string;
+    initiatedBy?: string;
+}
+type CommandType = 'reboot' | 'shutdown' | 'sync' | 'lock' | 'unlock' | 'wipe' | 'factoryReset' | 'installApp' | 'uninstallApp' | 'updateApp' | 'runApp' | 'clearAppData' | 'clearAppCache' | 'shell' | 'setPolicy' | 'grantPermissions' | 'exitKiosk' | 'enterKiosk' | 'setWifi' | 'screenshot' | 'getLocation' | 'setVolume' | 'sendNotification' | 'whitelistBattery' | 'enablePermissiveMode' | 'setTimeZone' | 'enableAdb' | 'rollbackApp' | 'custom';
+type CommandStatus = 'pending' | 'sent' | 'acknowledged' | 'completed' | 'failed' | 'cancelled';
+interface Command {
+    id: string;
+    deviceId: string;
+    type: CommandType;
+    payload?: Record<string, unknown> | null;
+    status: CommandStatus;
+    result?: CommandResult | null;
+    error?: string | null;
+    createdAt: Date;
+    sentAt?: Date | null;
+    acknowledgedAt?: Date | null;
+    completedAt?: Date | null;
+}
+interface CommandResult {
+    success: boolean;
+    message?: string;
+    data?: unknown;
+}
+interface SendCommandInput {
+    deviceId: string;
+    type: CommandType;
+    payload?: Record<string, unknown>;
+}
+interface CommandFilter {
+    deviceId?: string;
+    status?: CommandStatus | CommandStatus[];
+    type?: CommandType | CommandType[];
+    limit?: number;
+    offset?: number;
+}
+type EventType = 'device.enrolled' | 'device.unenrolled' | 'device.blocked' | 'device.heartbeat' | 'device.locationUpdated' | 'device.statusChanged' | 'device.policyChanged' | 'app.installed' | 'app.uninstalled' | 'app.updated' | 'app.crashed' | 'app.started' | 'app.stopped' | 'policy.applied' | 'policy.failed' | 'command.received' | 'command.acknowledged' | 'command.completed' | 'command.failed' | 'security.tamper' | 'security.rootDetected' | 'security.screenLocked' | 'security.screenUnlocked' | 'custom';
+interface MDMEvent<T = unknown> {
+    id: string;
+    deviceId: string;
+    type: EventType;
+    payload: T;
+    createdAt: Date;
+}
+interface EventFilter {
+    deviceId?: string;
+    type?: EventType | EventType[];
+    startDate?: Date;
+    endDate?: Date;
+    limit?: number;
+    offset?: number;
+}
+interface Group {
+    id: string;
+    name: string;
+    description?: string | null;
+    policyId?: string | null;
+    parentId?: string | null;
+    metadata?: Record<string, unknown> | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+interface CreateGroupInput {
+    name: string;
+    description?: string;
+    policyId?: string;
+    parentId?: string;
+    metadata?: Record<string, unknown>;
+}
+interface UpdateGroupInput {
+    name?: string;
+    description?: string | null;
+    policyId?: string | null;
+    parentId?: string | null;
+    metadata?: Record<string, unknown> | null;
+}
+type EnrollmentMethod = 'qr' | 'nfc' | 'zero-touch' | 'knox' | 'manual' | 'app-only' | 'adb';
+interface EnrollmentRequest {
+    macAddress?: string;
+    serialNumber?: string;
+    imei?: string;
+    androidId?: string;
+    model: string;
+    manufacturer: string;
+    osVersion: string;
+    sdkVersion?: number;
+    agentVersion?: string;
+    agentPackage?: string;
+    method: EnrollmentMethod;
+    timestamp: string;
+    signature: string;
+    policyId?: string;
+    groupId?: string;
+}
+interface EnrollmentResponse {
+    deviceId: string;
+    enrollmentId: string;
+    policyId?: string;
+    policy?: Policy;
+    serverUrl: string;
+    pushConfig: PushConfig;
+    token: string;
+    refreshToken?: string;
+    tokenExpiresAt?: Date;
+}
+interface PushConfig {
+    provider: 'fcm' | 'mqtt' | 'websocket' | 'polling';
+    fcmSenderId?: string;
+    mqttUrl?: string;
+    mqttTopic?: string;
+    mqttUsername?: string;
+    mqttPassword?: string;
+    wsUrl?: string;
+    pollingInterval?: number;
+}
+interface Heartbeat {
+    deviceId: string;
+    timestamp: Date;
+    batteryLevel: number;
+    isCharging: boolean;
+    batteryHealth?: 'good' | 'overheat' | 'dead' | 'cold' | 'unknown';
+    storageUsed: number;
+    storageTotal: number;
+    memoryUsed: number;
+    memoryTotal: number;
+    networkType?: 'wifi' | 'cellular' | 'ethernet' | 'none';
+    networkName?: string;
+    signalStrength?: number;
+    ipAddress?: string;
+    location?: DeviceLocation;
+    installedApps: InstalledApp[];
+    runningApps?: string[];
+    isRooted?: boolean;
+    isEncrypted?: boolean;
+    screenLockEnabled?: boolean;
+    agentVersion?: string;
+    policyVersion?: string;
+    lastPolicySync?: Date;
+}
+interface PushToken {
+    id: string;
+    deviceId: string;
+    provider: 'fcm' | 'mqtt' | 'websocket';
+    token: string;
+    isActive: boolean;
+    createdAt: Date;
+    updatedAt: Date;
+}
+interface RegisterPushTokenInput {
+    deviceId: string;
+    provider: 'fcm' | 'mqtt' | 'websocket';
+    token: string;
+}
+interface MDMConfig {
+    /** Database adapter for persistence */
+    database: DatabaseAdapter;
+    /** Authentication/authorization configuration */
+    auth?: AuthConfig;
+    /** Push notification provider configuration */
+    push?: PushProviderConfig;
+    /** Device enrollment configuration */
+    enrollment?: EnrollmentConfig;
+    /** Server URL (used in enrollment responses) */
+    serverUrl?: string;
+    /** APK/file storage configuration */
+    storage?: StorageConfig;
+    /** Outbound webhook configuration */
+    webhooks?: WebhookConfig;
+    /** Plugins to extend functionality */
+    plugins?: MDMPlugin[];
+    /** Event handlers */
+    onDeviceEnrolled?: (device: Device) => Promise<void>;
+    onDeviceUnenrolled?: (device: Device) => Promise<void>;
+    onDeviceBlocked?: (device: Device) => Promise<void>;
+    onHeartbeat?: (device: Device, heartbeat: Heartbeat) => Promise<void>;
+    onCommand?: (command: Command) => Promise<void>;
+    onEvent?: (event: MDMEvent) => Promise<void>;
+}
+interface StorageConfig {
+    /** Storage provider (s3, local, custom) */
+    provider: 's3' | 'local' | 'custom';
+    /** S3 configuration */
+    s3?: {
+        bucket: string;
+        region: string;
+        accessKeyId?: string;
+        secretAccessKey?: string;
+        endpoint?: string;
+        presignedUrlExpiry?: number;
+    };
+    /** Local storage path */
+    localPath?: string;
+    /** Custom storage adapter */
+    customAdapter?: {
+        upload: (file: Buffer, key: string) => Promise<string>;
+        getUrl: (key: string) => Promise<string>;
+        delete: (key: string) => Promise<void>;
+    };
+}
+interface WebhookConfig {
+    /** Webhook endpoints to notify */
+    endpoints?: WebhookEndpoint[];
+    /** Retry configuration */
+    retry?: {
+        maxRetries?: number;
+        initialDelay?: number;
+        maxDelay?: number;
+    };
+    /** Sign webhooks with HMAC secret */
+    signingSecret?: string;
+}
+interface WebhookEndpoint {
+    /** Unique identifier */
+    id: string;
+    /** Webhook URL */
+    url: string;
+    /** Events to trigger this webhook */
+    events: (EventType | '*')[];
+    /** Custom headers */
+    headers?: Record<string, string>;
+    /** Whether endpoint is active */
+    enabled: boolean;
+}
+interface AuthConfig {
+    /** Get current user from request context */
+    getUser: <T = unknown>(context: unknown) => Promise<T | null>;
+    /** Check if user has admin privileges */
+    isAdmin?: (user: unknown) => Promise<boolean>;
+    /** Check if user can access specific device */
+    canAccessDevice?: (user: unknown, deviceId: string) => Promise<boolean>;
+    /** Device JWT secret (for device auth tokens) */
+    deviceTokenSecret?: string;
+    /** Device token expiration in seconds (default: 365 days) */
+    deviceTokenExpiration?: number;
+}
+interface PushProviderConfig {
+    provider: 'fcm' | 'mqtt' | 'websocket' | 'polling';
+    fcmCredentials?: string | Record<string, unknown>;
+    fcmProjectId?: string;
+    mqttUrl?: string;
+    mqttUsername?: string;
+    mqttPassword?: string;
+    mqttTopicPrefix?: string;
+    wsPath?: string;
+    wsPingInterval?: number;
+    pollingInterval?: number;
+}
+interface EnrollmentConfig {
+    /** Auto-enroll devices with valid signature */
+    autoEnroll?: boolean;
+    /** HMAC secret for device signature verification */
+    deviceSecret: string;
+    /** Allowed enrollment methods */
+    allowedMethods?: EnrollmentMethod[];
+    /** Default policy for new devices */
+    defaultPolicyId?: string;
+    /** Default group for new devices */
+    defaultGroupId?: string;
+    /** Require manual approval for enrollment */
+    requireApproval?: boolean;
+    /** Custom enrollment validation */
+    validate?: (request: EnrollmentRequest) => Promise<boolean>;
+}
+interface DatabaseAdapter {
+    findDevice(id: string): Promise<Device | null>;
+    findDeviceByEnrollmentId(enrollmentId: string): Promise<Device | null>;
+    listDevices(filter?: DeviceFilter): Promise<DeviceListResult>;
+    createDevice(data: CreateDeviceInput): Promise<Device>;
+    updateDevice(id: string, data: UpdateDeviceInput): Promise<Device>;
+    deleteDevice(id: string): Promise<void>;
+    countDevices(filter?: DeviceFilter): Promise<number>;
+    findPolicy(id: string): Promise<Policy | null>;
+    findDefaultPolicy(): Promise<Policy | null>;
+    listPolicies(): Promise<Policy[]>;
+    createPolicy(data: CreatePolicyInput): Promise<Policy>;
+    updatePolicy(id: string, data: UpdatePolicyInput): Promise<Policy>;
+    deletePolicy(id: string): Promise<void>;
+    findApplication(id: string): Promise<Application | null>;
+    findApplicationByPackage(packageName: string, version?: string): Promise<Application | null>;
+    listApplications(activeOnly?: boolean): Promise<Application[]>;
+    createApplication(data: CreateApplicationInput): Promise<Application>;
+    updateApplication(id: string, data: UpdateApplicationInput): Promise<Application>;
+    deleteApplication(id: string): Promise<void>;
+    findCommand(id: string): Promise<Command | null>;
+    listCommands(filter?: CommandFilter): Promise<Command[]>;
+    createCommand(data: SendCommandInput): Promise<Command>;
+    updateCommand(id: string, data: Partial<Command>): Promise<Command>;
+    getPendingCommands(deviceId: string): Promise<Command[]>;
+    createEvent(event: Omit<MDMEvent, 'id' | 'createdAt'>): Promise<MDMEvent>;
+    listEvents(filter?: EventFilter): Promise<MDMEvent[]>;
+    findGroup(id: string): Promise<Group | null>;
+    listGroups(): Promise<Group[]>;
+    createGroup(data: CreateGroupInput): Promise<Group>;
+    updateGroup(id: string, data: UpdateGroupInput): Promise<Group>;
+    deleteGroup(id: string): Promise<void>;
+    listDevicesInGroup(groupId: string): Promise<Device[]>;
+    addDeviceToGroup(deviceId: string, groupId: string): Promise<void>;
+    removeDeviceFromGroup(deviceId: string, groupId: string): Promise<void>;
+    getDeviceGroups(deviceId: string): Promise<Group[]>;
+    findPushToken(deviceId: string, provider: string): Promise<PushToken | null>;
+    upsertPushToken(data: RegisterPushTokenInput): Promise<PushToken>;
+    deletePushToken(deviceId: string, provider?: string): Promise<void>;
+    listAppVersions?(packageName: string): Promise<AppVersion[]>;
+    createAppVersion?(data: Omit<AppVersion, 'id' | 'createdAt'>): Promise<AppVersion>;
+    setMinimumVersion?(packageName: string, versionCode: number): Promise<void>;
+    getMinimumVersion?(packageName: string): Promise<AppVersion | null>;
+    createRollback?(data: CreateAppRollbackInput): Promise<AppRollback>;
+    updateRollback?(id: string, data: Partial<AppRollback>): Promise<AppRollback>;
+    listRollbacks?(filter?: {
+        deviceId?: string;
+        packageName?: string;
+    }): Promise<AppRollback[]>;
+    transaction?<T>(fn: () => Promise<T>): Promise<T>;
+}
+interface PushAdapter {
+    /** Send push message to a device */
+    send(deviceId: string, message: PushMessage): Promise<PushResult>;
+    /** Send push message to multiple devices */
+    sendBatch(deviceIds: string[], message: PushMessage): Promise<PushBatchResult>;
+    /** Register device push token */
+    registerToken?(deviceId: string, token: string): Promise<void>;
+    /** Unregister device push token */
+    unregisterToken?(deviceId: string): Promise<void>;
+    /** Subscribe device to topic */
+    subscribe?(deviceId: string, topic: string): Promise<void>;
+    /** Unsubscribe device from topic */
+    unsubscribe?(deviceId: string, topic: string): Promise<void>;
+}
+interface PushMessage {
+    type: string;
+    payload?: Record<string, unknown>;
+    priority?: 'high' | 'normal';
+    ttl?: number;
+    collapseKey?: string;
+}
+interface PushResult {
+    success: boolean;
+    messageId?: string;
+    error?: string;
+}
+interface PushBatchResult {
+    successCount: number;
+    failureCount: number;
+    results: Array<{
+        deviceId: string;
+        result: PushResult;
+    }>;
+}
+interface MDMPlugin {
+    /** Unique plugin name */
+    name: string;
+    /** Plugin version */
+    version: string;
+    /** Called when MDM is initialized */
+    onInit?(mdm: MDMInstance): Promise<void>;
+    /** Called when MDM is destroyed */
+    onDestroy?(): Promise<void>;
+    /** Additional routes to mount */
+    routes?: PluginRoute[];
+    /** Middleware to apply to all routes */
+    middleware?: PluginMiddleware[];
+    /** Extend enrollment process */
+    onEnroll?(device: Device, request: EnrollmentRequest): Promise<void>;
+    /** Extend device processing */
+    onDeviceEnrolled?(device: Device): Promise<void>;
+    onDeviceUnenrolled?(device: Device): Promise<void>;
+    onHeartbeat?(device: Device, heartbeat: Heartbeat): Promise<void>;
+    /** Extend policy processing */
+    policySchema?: Record<string, unknown>;
+    validatePolicy?(settings: PolicySettings): Promise<{
+        valid: boolean;
+        errors?: string[];
+    }>;
+    applyPolicy?(device: Device, policy: Policy): Promise<void>;
+    /** Extend command processing */
+    commandTypes?: CommandType[];
+    executeCommand?(device: Device, command: Command): Promise<CommandResult>;
+}
+interface PluginRoute {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+    path: string;
+    handler: (context: unknown) => Promise<unknown>;
+    auth?: boolean;
+    admin?: boolean;
+}
+type PluginMiddleware = (context: unknown, next: () => Promise<unknown>) => Promise<unknown>;
+interface WebhookManager {
+    /** Deliver an event to all matching webhook endpoints */
+    deliver<T>(event: MDMEvent<T>): Promise<WebhookDeliveryResult[]>;
+    /** Add a webhook endpoint at runtime */
+    addEndpoint(endpoint: WebhookEndpoint): void;
+    /** Remove a webhook endpoint */
+    removeEndpoint(endpointId: string): void;
+    /** Update a webhook endpoint */
+    updateEndpoint(endpointId: string, updates: Partial<WebhookEndpoint>): void;
+    /** Get all configured endpoints */
+    getEndpoints(): WebhookEndpoint[];
+    /** Test a webhook endpoint with a test payload */
+    testEndpoint(endpointId: string): Promise<WebhookDeliveryResult>;
+}
+interface WebhookDeliveryResult {
+    endpointId: string;
+    success: boolean;
+    statusCode?: number;
+    error?: string;
+    retryCount: number;
+    deliveredAt?: Date;
+}
+interface MDMInstance {
+    /** Device management */
+    devices: DeviceManager;
+    /** Policy management */
+    policies: PolicyManager;
+    /** Application management */
+    apps: ApplicationManager;
+    /** Command management */
+    commands: CommandManager;
+    /** Group management */
+    groups: GroupManager;
+    /** Push notification service */
+    push: PushAdapter;
+    /** Webhook delivery (if configured) */
+    webhooks?: WebhookManager;
+    /** Database adapter */
+    db: DatabaseAdapter;
+    /** Configuration */
+    config: MDMConfig;
+    /** Subscribe to events */
+    on<T extends EventType>(event: T, handler: EventHandler<T>): () => void;
+    /** Emit an event */
+    emit<T extends EventType>(event: T, data: EventPayloadMap[T]): Promise<void>;
+    /** Process device enrollment */
+    enroll(request: EnrollmentRequest): Promise<EnrollmentResponse>;
+    /** Process device heartbeat */
+    processHeartbeat(deviceId: string, heartbeat: Heartbeat): Promise<void>;
+    /** Verify device token */
+    verifyDeviceToken(token: string): Promise<{
+        deviceId: string;
+    } | null>;
+    /** Get loaded plugins */
+    getPlugins(): MDMPlugin[];
+    /** Get plugin by name */
+    getPlugin(name: string): MDMPlugin | undefined;
+}
+interface DeviceManager {
+    get(id: string): Promise<Device | null>;
+    getByEnrollmentId(enrollmentId: string): Promise<Device | null>;
+    list(filter?: DeviceFilter): Promise<DeviceListResult>;
+    create(data: CreateDeviceInput): Promise<Device>;
+    update(id: string, data: UpdateDeviceInput): Promise<Device>;
+    delete(id: string): Promise<void>;
+    assignPolicy(deviceId: string, policyId: string | null): Promise<Device>;
+    addToGroup(deviceId: string, groupId: string): Promise<void>;
+    removeFromGroup(deviceId: string, groupId: string): Promise<void>;
+    getGroups(deviceId: string): Promise<Group[]>;
+    sendCommand(deviceId: string, input: Omit<SendCommandInput, 'deviceId'>): Promise<Command>;
+    sync(deviceId: string): Promise<Command>;
+    reboot(deviceId: string): Promise<Command>;
+    lock(deviceId: string, message?: string): Promise<Command>;
+    wipe(deviceId: string, preserveData?: boolean): Promise<Command>;
+}
+interface PolicyManager {
+    get(id: string): Promise<Policy | null>;
+    getDefault(): Promise<Policy | null>;
+    list(): Promise<Policy[]>;
+    create(data: CreatePolicyInput): Promise<Policy>;
+    update(id: string, data: UpdatePolicyInput): Promise<Policy>;
+    delete(id: string): Promise<void>;
+    setDefault(id: string): Promise<Policy>;
+    getDevices(policyId: string): Promise<Device[]>;
+    applyToDevice(policyId: string, deviceId: string): Promise<void>;
+}
+interface ApplicationManager {
+    get(id: string): Promise<Application | null>;
+    getByPackage(packageName: string, version?: string): Promise<Application | null>;
+    list(activeOnly?: boolean): Promise<Application[]>;
+    register(data: CreateApplicationInput): Promise<Application>;
+    update(id: string, data: UpdateApplicationInput): Promise<Application>;
+    delete(id: string): Promise<void>;
+    activate(id: string): Promise<Application>;
+    deactivate(id: string): Promise<Application>;
+    deploy(packageName: string, target: DeployTarget): Promise<void>;
+    installOnDevice(packageName: string, deviceId: string, version?: string): Promise<Command>;
+    uninstallFromDevice(packageName: string, deviceId: string): Promise<Command>;
+}
+interface CommandManager {
+    get(id: string): Promise<Command | null>;
+    list(filter?: CommandFilter): Promise<Command[]>;
+    send(input: SendCommandInput): Promise<Command>;
+    cancel(id: string): Promise<Command>;
+    acknowledge(id: string): Promise<Command>;
+    complete(id: string, result: CommandResult): Promise<Command>;
+    fail(id: string, error: string): Promise<Command>;
+    getPending(deviceId: string): Promise<Command[]>;
+}
+interface GroupManager {
+    get(id: string): Promise<Group | null>;
+    list(): Promise<Group[]>;
+    create(data: CreateGroupInput): Promise<Group>;
+    update(id: string, data: UpdateGroupInput): Promise<Group>;
+    delete(id: string): Promise<void>;
+    getDevices(groupId: string): Promise<Device[]>;
+    addDevice(groupId: string, deviceId: string): Promise<void>;
+    removeDevice(groupId: string, deviceId: string): Promise<void>;
+    getChildren(groupId: string): Promise<Group[]>;
+}
+type EventHandler<T extends EventType> = (event: MDMEvent<EventPayloadMap[T]>) => Promise<void> | void;
+interface EventPayloadMap {
+    'device.enrolled': {
+        device: Device;
+    };
+    'device.unenrolled': {
+        device: Device;
+        reason?: string;
+    };
+    'device.blocked': {
+        device: Device;
+        reason: string;
+    };
+    'device.heartbeat': {
+        device: Device;
+        heartbeat: Heartbeat;
+    };
+    'device.locationUpdated': {
+        device: Device;
+        location: DeviceLocation;
+    };
+    'device.statusChanged': {
+        device: Device;
+        oldStatus: DeviceStatus;
+        newStatus: DeviceStatus;
+    };
+    'device.policyChanged': {
+        device: Device;
+        oldPolicyId?: string;
+        newPolicyId?: string;
+    };
+    'app.installed': {
+        device: Device;
+        app: InstalledApp;
+    };
+    'app.uninstalled': {
+        device: Device;
+        packageName: string;
+    };
+    'app.updated': {
+        device: Device;
+        app: InstalledApp;
+        oldVersion: string;
+    };
+    'app.crashed': {
+        device: Device;
+        packageName: string;
+        error?: string;
+    };
+    'app.started': {
+        device: Device;
+        packageName: string;
+    };
+    'app.stopped': {
+        device: Device;
+        packageName: string;
+    };
+    'policy.applied': {
+        device: Device;
+        policy: Policy;
+    };
+    'policy.failed': {
+        device: Device;
+        policy: Policy;
+        error: string;
+    };
+    'command.received': {
+        device: Device;
+        command: Command;
+    };
+    'command.acknowledged': {
+        device: Device;
+        command: Command;
+    };
+    'command.completed': {
+        device: Device;
+        command: Command;
+        result: CommandResult;
+    };
+    'command.failed': {
+        device: Device;
+        command: Command;
+        error: string;
+    };
+    'security.tamper': {
+        device: Device;
+        type: string;
+        details?: unknown;
+    };
+    'security.rootDetected': {
+        device: Device;
+    };
+    'security.screenLocked': {
+        device: Device;
+    };
+    'security.screenUnlocked': {
+        device: Device;
+    };
+    custom: Record<string, unknown>;
+}
+declare class MDMError extends Error {
+    code: string;
+    statusCode: number;
+    details?: unknown | undefined;
+    constructor(message: string, code: string, statusCode?: number, details?: unknown | undefined);
+}
+declare class DeviceNotFoundError extends MDMError {
+    constructor(deviceId: string);
+}
+declare class PolicyNotFoundError extends MDMError {
+    constructor(policyId: string);
+}
+declare class ApplicationNotFoundError extends MDMError {
+    constructor(identifier: string);
+}
+declare class EnrollmentError extends MDMError {
+    constructor(message: string, details?: unknown);
+}
+declare class AuthenticationError extends MDMError {
+    constructor(message?: string);
+}
+declare class AuthorizationError extends MDMError {
+    constructor(message?: string);
+}
+declare class ValidationError extends MDMError {
+    constructor(message: string, details?: unknown);
+}
+export { type AppRollback, type AppVersion, type Application, type ApplicationManager, ApplicationNotFoundError, type AuthConfig, AuthenticationError, AuthorizationError, type Command, type CommandFilter, type CommandManager, type CommandResult, type CommandStatus, type CommandType, type CreateAppRollbackInput, type CreateApplicationInput, type CreateDeviceInput, type CreateGroupInput, type CreatePolicyInput, type DatabaseAdapter, type DeployTarget, type Device, type DeviceFilter, type DeviceListResult, type DeviceLocation, type DeviceManager, DeviceNotFoundError, type DeviceStatus, type EnrollmentConfig, EnrollmentError, type EnrollmentMethod, type EnrollmentRequest, type EnrollmentResponse, type EventFilter, type EventHandler, type EventPayloadMap, type EventType, type Group, type GroupManager, type HardwareControl, type Heartbeat, type InstalledApp, type MDMConfig, MDMError, type MDMEvent, type MDMInstance, type MDMPlugin, type PasswordPolicy, type PluginMiddleware, type PluginRoute, type Policy, type PolicyApplication, type PolicyManager, PolicyNotFoundError, type PolicySettings, type PushAdapter, type PushBatchResult, type PushConfig, type PushMessage, type PushProviderConfig, type PushResult, type PushToken, type RegisterPushTokenInput, type SendCommandInput, type StorageConfig, type SystemUpdatePolicy, type TimeWindow, type UpdateApplicationInput, type UpdateDeviceInput, type UpdateGroupInput, type UpdatePolicyInput, ValidationError, type VpnConfig, type WebhookConfig, type WebhookDeliveryResult, type WebhookEndpoint, type WebhookManager, type WifiConfig };