heldar-kernel 0.1.8

Heldar kernel — media/DVR control plane, perception ingest + sampler, zone engine, auth, and the worker SDK contract. The open, domain-agnostic platform that domain apps build on.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

use axum::extract::State;
use axum::routing::post;
use axum::{Json, Router};
use serde_json::{json, Value};

use crate::auth::{self, Principal};
use crate::error::{AppError, AppResult};
use crate::services::discovery::{self, DiscoverOptions};
use crate::state::AppState;

pub fn router() -> Router<AppState> {
    Router::new().route("/api/v1/discover", post(discover_handler))
}

/// Scan a network range for cameras; optionally verify credentials and auto-register them.
async fn discover_handler(
    State(st): State<AppState>,
    principal: Principal,
    Json(opts): Json<DiscoverOptions>,
) -> AppResult<Json<Value>> {
    // Scanning the LAN is an operational action (viewer+); auto-registering the cameras it finds is a
    // registry mutation, so it additionally requires manage-registry.
    principal.require(principal.can_view(), "scan for cameras")?;
    if opts.auto_add {
        principal.require(
            principal.can_manage_registry(),
            "auto-register discovered cameras",
        )?;
    }
    let devices = discovery::discover(&st.pool, &st.cfg, &st.http, &opts)
        .await
        .map_err(AppError::BadRequest)?;

    let mut added: Vec<String> = Vec::new();
    if opts.auto_add {
        for d in devices
            .iter()
            .filter(|d| d.verified && !d.already_registered)
        {
            match discovery::add_device(&st.pool, d).await {
                Ok(id) => {
                    st.recorder.reconcile(&id).await;
                    added.push(id);
                }
                Err(e) => {
                    tracing::error!(addr = %d.address, error = %e, "discover: auto-add failed")
                }
            }
        }
    }

    if !added.is_empty() {
        auth::audit(
            &st.pool,
            &principal,
            "discover_auto_add",
            "discovery",
            "auto_add",
            json!({ "added": &added }),
        )
        .await;
    }

    Ok(Json(json!({
        "scanned": opts.targets,
        "found": devices.len(),
        "verified": devices.iter().filter(|d| d.verified).count(),
        "added": added,
        "devices": devices,
    })))
}