tslocal 0.1.0

package/dist/index.cjs

@@ -0,0 +1,695 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+//#region \0rolldown/runtime.js
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+
+//#endregion
+let node_http = require("node:http");
+node_http = __toESM(node_http);
+let node_child_process = require("node:child_process");
+let node_fs_promises = require("node:fs/promises");
+let node_os = require("node:os");
+let node_path = require("node:path");
+let node_util = require("node:util");
+let zod = require("zod");
+
+//#region ts/src/json.ts
+/** JSON reviver that converts large integers to BigInt to avoid precision loss. */
+const jsonReviver = (_key, value, context) => {
+	if (typeof value === "number" && context?.source && !Number.isSafeInteger(value) && /^-?\d+$/.test(context.source)) return BigInt(context.source);
+	return value;
+};
+/** Parse a JSON string using {@link jsonReviver} for BigInt-safe integer handling. */
+const parseJSON = (str) => JSON.parse(str, jsonReviver);
+/** JSON replacer that serializes BigInt values as raw JSON numbers. */
+const jsonReplacer = (_key, value) => typeof value === "bigint" ? JSON.rawJSON(value.toString()) : value;
+
+//#endregion
+//#region ts/src/errors.ts
+/** Base error for all Tailscale Local API errors. */
+var TailscaleError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "TailscaleError";
+	}
+};
+/** Raised when the server returns HTTP 403. */
+var AccessDeniedError = class extends TailscaleError {
+	constructor(message) {
+		super(`Access denied: ${message}`);
+		this.name = "AccessDeniedError";
+	}
+};
+/** Raised when the server returns HTTP 412. */
+var PreconditionsFailedError = class extends TailscaleError {
+	constructor(message) {
+		super(`Preconditions failed: ${message}`);
+		this.name = "PreconditionsFailedError";
+	}
+};
+/** Raised when a WhoIs lookup returns HTTP 404. */
+var PeerNotFoundError = class extends TailscaleError {
+	constructor(message) {
+		super(`Peer not found: ${message}`);
+		this.name = "PeerNotFoundError";
+	}
+};
+/** Raised when the connection to tailscaled fails. */
+var ConnectionError = class extends TailscaleError {
+	constructor(message) {
+		super(message);
+		this.name = "ConnectionError";
+	}
+};
+/** Raised when tailscaled is not running. */
+var DaemonNotRunningError = class extends ConnectionError {
+	constructor(message) {
+		super(message);
+		this.name = "DaemonNotRunningError";
+	}
+};
+/** Raised for unexpected HTTP status codes. */
+var HttpError = class extends TailscaleError {
+	status;
+	constructor(status, message) {
+		super(`HTTP ${status}: ${message}`);
+		this.name = "HttpError";
+		this.status = status;
+	}
+};
+/** Extract error message from a JSON body like Go's errorMessageFromBody. */
+function errorMessageFromBody(body) {
+	try {
+		return JSON.parse(body)?.error;
+	} catch {
+		return;
+	}
+}
+
+//#endregion
+//#region ts/src/safesocket.ts
+const LOCAL_API_HOST = "local-tailscaled.sock";
+const CURRENT_CAP_VERSION = 131;
+/** Return the default socket path for the current platform. */
+function defaultSocketPath() {
+	if ((0, node_os.platform)() === "darwin") return "/var/run/tailscaled.socket";
+	return "/var/run/tailscale/tailscaled.sock";
+}
+/** Attempt to discover macOS TCP port and token for tailscaled. */
+async function localTcpPortAndToken() {
+	if ((0, node_os.platform)() !== "darwin") return;
+	const result = await readMacosSameUserProof();
+	if (result) return result;
+	return readMacsysSameUserProof();
+}
+const execFileP = (0, node_util.promisify)(node_child_process.execFile);
+async function readMacosSameUserProof() {
+	try {
+		const uid = process.getuid?.();
+		if (uid === void 0) return void 0;
+		const { stdout: output } = await execFileP("lsof", [
+			"-n",
+			"-a",
+			`-u${uid}`,
+			"-c",
+			"IPNExtension",
+			"-F"
+		]);
+		return parseLsofOutput(output);
+	} catch {
+		return;
+	}
+}
+/** Parse lsof -F output looking for sameuserproof-PORT-TOKEN. */
+function parseLsofOutput(output) {
+	const needle = ".tailscale.ipn.macos/sameuserproof-";
+	for (const line of output.split("\n")) {
+		const idx = line.indexOf(needle);
+		if (idx === -1) continue;
+		const rest = line.slice(idx + 35);
+		const dash = rest.indexOf("-");
+		if (dash === -1) continue;
+		const portStr = rest.slice(0, dash);
+		const token = rest.slice(dash + 1);
+		const port = parseInt(portStr, 10);
+		if (!isNaN(port)) return {
+			port,
+			token
+		};
+	}
+}
+async function readMacsysSameUserProof(sharedDir = "/Library/Tailscale") {
+	try {
+		const portStr = await (0, node_fs_promises.readlink)((0, node_path.join)(sharedDir, "ipnport"), "utf-8");
+		const port = parseInt(portStr, 10);
+		if (isNaN(port)) return void 0;
+		return {
+			port,
+			token: (await (0, node_fs_promises.readFile)((0, node_path.join)(sharedDir, `sameuserproof-${port}`), "utf-8")).trim()
+		};
+	} catch {
+		return;
+	}
+}
+
+//#endregion
+//#region ts/src/transport.ts
+/**
+* Discover TCP port and token for this request.
+*/
+async function resolvePortAndToken(useSocketOnly) {
+	if (useSocketOnly) return void 0;
+	return localTcpPortAndToken();
+}
+/**
+* HTTP transport that connects to tailscaled.
+* Reuses connections via Node.js http.Agent keep-alive.
+* Port and token are discovered per-request (matching Go's behavior),
+* so the client adapts to daemon restarts and late starts.
+*/
+var Transport = class {
+	socketPath;
+	useSocketOnly;
+	agent;
+	constructor(opts = {}) {
+		this.socketPath = opts.socketPath ?? defaultSocketPath();
+		this.useSocketOnly = opts.useSocketOnly ?? false;
+		this.agent = new node_http.Agent({
+			keepAlive: true,
+			keepAliveMsecs: 6e4
+		});
+	}
+	async request(method, path, body, extraHeaders) {
+		const portAndToken = await resolvePortAndToken(this.useSocketOnly);
+		return new Promise((resolve, reject) => {
+			const headers = {
+				Host: LOCAL_API_HOST,
+				"Tailscale-Cap": String(CURRENT_CAP_VERSION),
+				...extraHeaders
+			};
+			if (portAndToken) headers["Authorization"] = `Basic ${Buffer.from(`:${portAndToken.token}`).toString("base64")}`;
+			const options = {
+				method,
+				path,
+				headers,
+				agent: this.agent
+			};
+			if (portAndToken) {
+				options.host = "127.0.0.1";
+				options.port = portAndToken.port;
+			} else options.socketPath = this.socketPath;
+			const req = node_http.request(options, (res) => {
+				const chunks = [];
+				res.on("data", (chunk) => chunks.push(chunk));
+				res.on("end", () => {
+					resolve({
+						status: res.statusCode ?? 0,
+						body: Buffer.concat(chunks),
+						headers: res.headers
+					});
+				});
+				res.on("error", reject);
+			});
+			req.on("error", reject);
+			if (body !== void 0) req.write(body);
+			req.end();
+		});
+	}
+	destroy() {
+		this.agent.destroy();
+	}
+};
+
+//#endregion
+//#region ts/src/types.ts
+const goSlice = (item) => zod.z.array(item).nullish().transform((v) => v ?? []);
+const goMap = (val) => zod.z.record(zod.z.string(), val).nullish().transform((v) => v ?? {});
+const int64 = zod.z.union([zod.z.number().int(), zod.z.bigint()]).transform((v) => BigInt(v));
+/**
+* Location represents geographical location data about a
+* Tailscale host. Location is optional and only set if
+* explicitly declared by a node.
+*/
+const LocationSchema = zod.z.object({
+	Country: zod.z.string().nullish(),
+	CountryCode: zod.z.string().nullish(),
+	City: zod.z.string().nullish(),
+	CityCode: zod.z.string().nullish(),
+	Latitude: zod.z.number().nullish(),
+	Longitude: zod.z.number().nullish(),
+	Priority: int64.nullish()
+});
+/**
+* PeerStatus describes a peer node and its current state.
+* WARNING: The fields in PeerStatus are merged by the AddPeer method in the StatusBuilder.
+* When adding a new field to PeerStatus, you must update AddPeer to handle merging
+* the new field. The AddPeer function is responsible for combining multiple updates
+* to the same peer, and any new field that is not merged properly may lead to
+* inconsistencies or lost data in the peer status.
+*/
+const PeerStatusSchema = zod.z.object({
+	ID: zod.z.string().default(""),
+	PublicKey: zod.z.string().default(""),
+	HostName: zod.z.string().default(""),
+	DNSName: zod.z.string().default(""),
+	OS: zod.z.string().default(""),
+	UserID: int64.default(0n),
+	AltSharerUserID: int64.nullish(),
+	TailscaleIPs: goSlice(zod.z.string()),
+	AllowedIPs: goSlice(zod.z.string()),
+	Tags: goSlice(zod.z.string()),
+	PrimaryRoutes: goSlice(zod.z.string()),
+	Addrs: goSlice(zod.z.string()),
+	CurAddr: zod.z.string().default(""),
+	Relay: zod.z.string().default(""),
+	PeerRelay: zod.z.string().default(""),
+	RxBytes: int64.default(0n),
+	TxBytes: int64.default(0n),
+	Created: zod.z.string().default(""),
+	LastWrite: zod.z.string().default(""),
+	LastSeen: zod.z.string().default(""),
+	LastHandshake: zod.z.string().default(""),
+	Online: zod.z.boolean().default(false),
+	ExitNode: zod.z.boolean().default(false),
+	ExitNodeOption: zod.z.boolean().default(false),
+	Active: zod.z.boolean().default(false),
+	PeerAPIURL: goSlice(zod.z.string()),
+	TaildropTarget: int64.default(0n),
+	NoFileSharingReason: zod.z.string().default(""),
+	Capabilities: goSlice(zod.z.string()),
+	CapMap: goMap(goSlice(zod.z.unknown())),
+	sshHostKeys: goSlice(zod.z.string()),
+	ShareeNode: zod.z.boolean().nullish(),
+	InNetworkMap: zod.z.boolean().default(false),
+	InMagicSock: zod.z.boolean().default(false),
+	InEngine: zod.z.boolean().default(false),
+	Expired: zod.z.boolean().nullish(),
+	KeyExpiry: zod.z.string().nullish(),
+	Location: LocationSchema.nullish()
+});
+/** ExitNodeStatus describes the current exit node. */
+const ExitNodeStatusSchema = zod.z.object({
+	ID: zod.z.string().default(""),
+	Online: zod.z.boolean().default(false),
+	TailscaleIPs: goSlice(zod.z.string())
+});
+/** TailnetStatus is information about a Tailscale network ("tailnet"). */
+const TailnetStatusSchema = zod.z.object({
+	Name: zod.z.string().default(""),
+	MagicDNSSuffix: zod.z.string().default(""),
+	MagicDNSEnabled: zod.z.boolean().default(false)
+});
+/**
+* A UserProfile is display-friendly data for a [User].
+* It includes the LoginName for display purposes but *not* the Provider.
+* It also includes derived data from one of the user's logins.
+*/
+const UserProfileSchema = zod.z.object({
+	ID: int64.default(0n),
+	LoginName: zod.z.string().default(""),
+	DisplayName: zod.z.string().default(""),
+	ProfilePicURL: zod.z.string().nullish()
+});
+/**
+* ClientVersion is information about the latest client version that's available
+* for the client (and whether they're already running it).
+* 
+* It does not include a URL to download the client, as that varies by platform.
+*/
+const ClientVersionSchema = zod.z.object({
+	RunningLatest: zod.z.boolean().nullish(),
+	LatestVersion: zod.z.string().nullish(),
+	UrgentSecurityUpdate: zod.z.boolean().nullish(),
+	Notify: zod.z.boolean().nullish(),
+	NotifyURL: zod.z.string().nullish(),
+	NotifyText: zod.z.string().nullish()
+});
+/** Status represents the entire state of the IPN network. */
+const StatusSchema = zod.z.object({
+	Version: zod.z.string().default(""),
+	TUN: zod.z.boolean().default(false),
+	BackendState: zod.z.string().default(""),
+	HaveNodeKey: zod.z.boolean().nullish(),
+	AuthURL: zod.z.string().default(""),
+	TailscaleIPs: goSlice(zod.z.string()),
+	Self: PeerStatusSchema.nullish(),
+	ExitNodeStatus: ExitNodeStatusSchema.nullish(),
+	Health: goSlice(zod.z.string()),
+	MagicDNSSuffix: zod.z.string().default(""),
+	CurrentTailnet: TailnetStatusSchema.nullish(),
+	CertDomains: goSlice(zod.z.string()),
+	Peer: goMap(PeerStatusSchema),
+	User: goMap(UserProfileSchema),
+	ClientVersion: ClientVersionSchema.nullish()
+});
+/** Service represents a service running on a node. */
+const ServiceSchema = zod.z.object({
+	Proto: zod.z.string().default(""),
+	Port: zod.z.number().default(0),
+	Description: zod.z.string().nullish()
+});
+/** NetInfo contains information about the host's network state. */
+const NetInfoSchema = zod.z.object({
+	MappingVariesByDestIP: zod.z.boolean().nullish(),
+	WorkingIPv6: zod.z.boolean().nullish(),
+	OSHasIPv6: zod.z.boolean().nullish(),
+	WorkingUDP: zod.z.boolean().nullish(),
+	WorkingICMPv4: zod.z.boolean().nullish(),
+	HavePortMap: zod.z.boolean().nullish(),
+	UPnP: zod.z.boolean().nullish(),
+	PMP: zod.z.boolean().nullish(),
+	PCP: zod.z.boolean().nullish(),
+	PreferredDERP: int64.nullish(),
+	LinkType: zod.z.string().nullish(),
+	DERPLatency: goMap(zod.z.number()),
+	FirewallMode: zod.z.string().nullish()
+});
+/**
+* TPMInfo contains information about a TPM 2.0 device present on a node.
+* All fields are read from TPM_CAP_TPM_PROPERTIES, see Part 2, section 6.13 of
+* https://trustedcomputinggroup.org/resource/tpm-library-specification/.
+*/
+const TPMInfoSchema = zod.z.object({
+	Manufacturer: zod.z.string().nullish(),
+	Vendor: zod.z.string().nullish(),
+	Model: int64.nullish(),
+	FirmwareVersion: int64.nullish(),
+	SpecRevision: int64.nullish(),
+	FamilyIndicator: zod.z.string().nullish()
+});
+/**
+* Hostinfo contains a summary of a Tailscale host.
+* 
+* Because it contains pointers (slices), this type should not be used
+* as a value type.
+*/
+const HostinfoSchema = zod.z.object({
+	IPNVersion: zod.z.string().nullish(),
+	FrontendLogID: zod.z.string().nullish(),
+	BackendLogID: zod.z.string().nullish(),
+	OS: zod.z.string().nullish(),
+	OSVersion: zod.z.string().nullish(),
+	Container: zod.z.boolean().nullish(),
+	Env: zod.z.string().nullish(),
+	Distro: zod.z.string().nullish(),
+	DistroVersion: zod.z.string().nullish(),
+	DistroCodeName: zod.z.string().nullish(),
+	App: zod.z.string().nullish(),
+	Desktop: zod.z.boolean().nullish(),
+	Package: zod.z.string().nullish(),
+	DeviceModel: zod.z.string().nullish(),
+	PushDeviceToken: zod.z.string().nullish(),
+	Hostname: zod.z.string().nullish(),
+	ShieldsUp: zod.z.boolean().nullish(),
+	ShareeNode: zod.z.boolean().nullish(),
+	NoLogsNoSupport: zod.z.boolean().nullish(),
+	WireIngress: zod.z.boolean().nullish(),
+	IngressEnabled: zod.z.boolean().nullish(),
+	AllowsUpdate: zod.z.boolean().nullish(),
+	Machine: zod.z.string().nullish(),
+	GoArch: zod.z.string().nullish(),
+	GoArchVar: zod.z.string().nullish(),
+	GoVersion: zod.z.string().nullish(),
+	RoutableIPs: goSlice(zod.z.string()),
+	RequestTags: goSlice(zod.z.string()),
+	WoLMACs: goSlice(zod.z.string()),
+	Services: goSlice(ServiceSchema),
+	NetInfo: NetInfoSchema.nullish(),
+	sshHostKeys: goSlice(zod.z.string()),
+	Cloud: zod.z.string().nullish(),
+	Userspace: zod.z.boolean().nullish(),
+	UserspaceRouter: zod.z.boolean().nullish(),
+	AppConnector: zod.z.boolean().nullish(),
+	ServicesHash: zod.z.string().nullish(),
+	ExitNodeID: zod.z.string().nullish(),
+	Location: LocationSchema.nullish(),
+	TPM: TPMInfoSchema.nullish(),
+	StateEncrypted: zod.z.boolean().nullish()
+});
+/** Resolver is the configuration for one DNS resolver. */
+const ResolverSchema = zod.z.object({
+	Addr: zod.z.string().nullish(),
+	BootstrapResolution: goSlice(zod.z.string()),
+	UseWithExitNode: zod.z.boolean().nullish()
+});
+/** Node is a Tailscale device in a tailnet. */
+const NodeSchema = zod.z.object({
+	ID: int64.default(0n),
+	StableID: zod.z.string().default(""),
+	Name: zod.z.string().default(""),
+	User: int64.default(0n),
+	Sharer: int64.nullish(),
+	Key: zod.z.string().default(""),
+	KeyExpiry: zod.z.string().nullish(),
+	KeySignature: zod.z.string().nullish(),
+	Machine: zod.z.string().nullish(),
+	DiscoKey: zod.z.string().nullish(),
+	Addresses: goSlice(zod.z.string()),
+	AllowedIPs: goSlice(zod.z.string()),
+	Endpoints: goSlice(zod.z.string()),
+	DERP: zod.z.string().nullish(),
+	HomeDERP: int64.nullish(),
+	Hostinfo: HostinfoSchema.nullish(),
+	Created: zod.z.string().nullish(),
+	Cap: int64.nullish(),
+	Tags: goSlice(zod.z.string()),
+	PrimaryRoutes: goSlice(zod.z.string()),
+	LastSeen: zod.z.string().nullish(),
+	Online: zod.z.boolean().nullish(),
+	MachineAuthorized: zod.z.boolean().nullish(),
+	Capabilities: goSlice(zod.z.string()),
+	CapMap: goMap(goSlice(zod.z.unknown())),
+	UnsignedPeerAPIOnly: zod.z.boolean().nullish(),
+	ComputedName: zod.z.string().nullish(),
+	ComputedNameWithHost: zod.z.string().nullish(),
+	DataPlaneAuditLogID: zod.z.string().nullish(),
+	Expired: zod.z.boolean().nullish(),
+	SelfNodeV4MasqAddrForThisPeer: zod.z.string().nullish(),
+	SelfNodeV6MasqAddrForThisPeer: zod.z.string().nullish(),
+	IsWireGuardOnly: zod.z.boolean().nullish(),
+	IsJailed: zod.z.boolean().nullish(),
+	ExitNodeDNSResolvers: goSlice(ResolverSchema)
+});
+/**
+* TCPPortHandler describes what to do when handling a TCP
+* connection.
+*/
+const TCPPortHandlerSchema = zod.z.object({
+	HTTPS: zod.z.boolean().nullish(),
+	HTTP: zod.z.boolean().nullish(),
+	TCPForward: zod.z.string().nullish(),
+	TerminateTLS: zod.z.string().nullish(),
+	ProxyProtocol: int64.nullish()
+});
+/** HTTPHandler is either a path or a proxy to serve. */
+const HTTPHandlerSchema = zod.z.object({
+	Path: zod.z.string().nullish(),
+	Proxy: zod.z.string().nullish(),
+	Text: zod.z.string().nullish(),
+	AcceptAppCaps: goSlice(zod.z.string()),
+	Redirect: zod.z.string().nullish()
+});
+/** WebServerConfig describes a web server's configuration. */
+const WebServerConfigSchema = zod.z.object({ Handlers: goMap(HTTPHandlerSchema) });
+/**
+* ServiceConfig contains the config information for a single service.
+* it contains a bool to indicate if the service is in Tun mode (L3 forwarding).
+* If the service is not in Tun mode, the service is configured by the L4 forwarding
+* (TCP ports) and/or the L7 forwarding (http handlers) information.
+*/
+const ServiceConfigSchema = zod.z.object({
+	TCP: goMap(TCPPortHandlerSchema),
+	Web: goMap(WebServerConfigSchema),
+	Tun: zod.z.boolean().nullish()
+});
+const _ServeConfigRef = zod.z.lazy(() => ServeConfigSchema);
+/**
+* ServeConfig is the JSON type stored in the StateStore for
+* StateKey "_serve/$PROFILE_ID" as returned by ServeConfigKey.
+*/
+const ServeConfigSchema = zod.z.object({
+	TCP: goMap(TCPPortHandlerSchema),
+	Web: goMap(WebServerConfigSchema),
+	Services: goMap(ServiceConfigSchema),
+	AllowFunnel: goMap(zod.z.boolean()),
+	Foreground: goMap(_ServeConfigRef)
+});
+/**
+* WhoIsResponse is the JSON type returned by tailscaled debug server's /whois?ip=$IP handler.
+* In successful whois responses, Node and UserProfile are never nil.
+*/
+const WhoIsResponseSchema = zod.z.object({
+	Node: NodeSchema.nullish(),
+	UserProfile: UserProfileSchema.nullish(),
+	CapMap: goMap(goSlice(zod.z.unknown()))
+});
+/** Alias for TailnetStatus for backward compatibility. */
+const CurrentTailnetSchema = zod.z.object({
+	Name: zod.z.string(),
+	MagicDNSSuffix: zod.z.string(),
+	MagicDNSEnabled: zod.z.boolean()
+});
+
+//#endregion
+//#region ts/src/client.ts
+/**
+* Client for the Tailscale Local API.
+*
+* Connections are reused via HTTP keep-alive.
+*/
+var LocalClient = class {
+	transport;
+	constructor(opts = {}) {
+		this.transport = new Transport(opts);
+	}
+	async doRequest(method, path, body, headers) {
+		try {
+			return await this.transport.request(method, path, body, headers);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			if (msg.includes("ECONNREFUSED") || msg.includes("ENOENT")) throw new DaemonNotRunningError(msg);
+			throw new ConnectionError(msg);
+		}
+	}
+	async doRequestNice(method, path, body, headers) {
+		const resp = await this.doRequest(method, path, body, headers);
+		if (resp.status >= 200 && resp.status < 300) return resp.body;
+		const bodyStr = resp.body.toString("utf-8");
+		const msg = errorMessageFromBody(bodyStr) ?? bodyStr;
+		if (resp.status === 403) throw new AccessDeniedError(msg);
+		if (resp.status === 412) throw new PreconditionsFailedError(msg);
+		throw new HttpError(resp.status, msg);
+	}
+	async get200(path) {
+		return this.doRequestNice("GET", path);
+	}
+	async post200(path, body) {
+		return this.doRequestNice("POST", path, body);
+	}
+	/** Get the current tailscaled status. */
+	async status() {
+		const data = await this.get200("/localapi/v0/status");
+		return StatusSchema.parse(parseJSON(data.toString("utf-8")));
+	}
+	/** Get the current tailscaled status without peer information. */
+	async statusWithoutPeers() {
+		const data = await this.get200("/localapi/v0/status?peers=false");
+		return StatusSchema.parse(parseJSON(data.toString("utf-8")));
+	}
+	async doWhoIs(params) {
+		const resp = await this.doRequest("GET", `/localapi/v0/whois?${params}`);
+		if (resp.status === 404) throw new PeerNotFoundError(params);
+		if (resp.status !== 200) {
+			const bodyStr = resp.body.toString("utf-8");
+			const msg = errorMessageFromBody(bodyStr) ?? bodyStr;
+			if (resp.status === 403) throw new AccessDeniedError(msg);
+			throw new HttpError(resp.status, msg);
+		}
+		return WhoIsResponseSchema.parse(parseJSON(resp.body.toString("utf-8")));
+	}
+	/** Look up the owner of an IP address or IP:port. */
+	async whoIs(remoteAddr) {
+		return this.doWhoIs(`addr=${encodeURIComponent(remoteAddr)}`);
+	}
+	/** Look up a peer by node key. */
+	async whoIsNodeKey(nodeKey) {
+		return this.whoIs(nodeKey);
+	}
+	/** Look up the owner of an IP address with a specific protocol ("tcp" or "udp"). */
+	async whoIsProto(proto, remoteAddr) {
+		return this.doWhoIs(`proto=${encodeURIComponent(proto)}&addr=${encodeURIComponent(remoteAddr)}`);
+	}
+	/** Get a TLS certificate and private key for the given domain. */
+	async certPair(domain) {
+		return this.certPairWithValidity(domain, 0);
+	}
+	/** Get a TLS certificate with minimum validity duration (in seconds). */
+	async certPairWithValidity(domain, minValiditySecs) {
+		const body = await this.get200(`/localapi/v0/cert/${encodeURIComponent(domain)}?type=pair&min_validity=${minValiditySecs}s`);
+		const delimiter = Buffer.from("--\n--");
+		const pos = body.indexOf(delimiter);
+		if (pos === -1) throw new Error("unexpected cert response: no delimiter");
+		const split = pos + 3;
+		const key = body.subarray(0, split);
+		return {
+			cert: body.subarray(split),
+			key
+		};
+	}
+	/**
+	* Get the current serve configuration.
+	*
+	* The returned ServeConfig has its ETag field populated from the
+	* HTTP Etag response header.
+	*/
+	async getServeConfig() {
+		const resp = await this.doRequest("GET", "/localapi/v0/serve-config");
+		if (resp.status !== 200) {
+			const bodyStr = resp.body.toString("utf-8");
+			const msg = errorMessageFromBody(bodyStr) ?? bodyStr;
+			if (resp.status === 403) throw new AccessDeniedError(msg);
+			if (resp.status === 412) throw new PreconditionsFailedError(msg);
+			throw new HttpError(resp.status, msg);
+		}
+		const config = ServeConfigSchema.parse(parseJSON(resp.body.toString("utf-8")));
+		config.ETag = resp.headers["etag"] ?? "";
+		return config;
+	}
+	/**
+	* Set the serve configuration.
+	*
+	* The ETag field on the config is sent as the If-Match header
+	* for conditional updates.
+	*/
+	async setServeConfig(config) {
+		const headers = {};
+		if (config.ETag) headers["If-Match"] = config.ETag;
+		const body = JSON.stringify(config, jsonReplacer);
+		await this.doRequestNice("POST", "/localapi/v0/serve-config", body, headers);
+	}
+	/** Close the underlying transport and release resources. */
+	destroy() {
+		this.transport.destroy();
+	}
+};
+
+//#endregion
+exports.AccessDeniedError = AccessDeniedError;
+exports.ClientVersionSchema = ClientVersionSchema;
+exports.ConnectionError = ConnectionError;
+exports.CurrentTailnetSchema = CurrentTailnetSchema;
+exports.DaemonNotRunningError = DaemonNotRunningError;
+exports.HttpError = HttpError;
+exports.LocalClient = LocalClient;
+exports.PeerNotFoundError = PeerNotFoundError;
+exports.PeerStatusSchema = PeerStatusSchema;
+exports.PreconditionsFailedError = PreconditionsFailedError;
+exports.ServeConfigSchema = ServeConfigSchema;
+exports.StatusSchema = StatusSchema;
+exports.TailnetStatusSchema = TailnetStatusSchema;
+exports.TailscaleError = TailscaleError;
+exports.UserProfileSchema = UserProfileSchema;
+exports.WhoIsResponseSchema = WhoIsResponseSchema;
+//# sourceMappingURL=index.cjs.map