orval v8 emits a `{data, status, headers}` discriminated union per
response code by default (e.g. `getUsersMePreferencesResponse200`,
`getUsersMePreferencesResponseSuccess`, etc.). That wrapper layer was
purely synthetic — vezaMutator returns `r.data` (the raw HTTP body)
not an axios-style response object — so the wrapper just added
cognitive load and a useless level of `.data` ladder for consumers.
Set `output.override.fetch.includeHttpResponseReturnType: false` and
regenerated. Generated functions now declare e.g.
`Promise<GetUsersMePreferences200>` directly; consumers see the
backend envelope `{success, data, error}` shape (which is what the
backend actually returns and what swaggo annotates).
Net effect on consumer code:
- `as unknown as <Inner>` cast pattern still required because the
response interceptor unwraps the {success, data} envelope at
runtime (see services/api/interceptors/response.ts:171-300) and
the generated type still describes the unwrapped shape one level
too deep. Documented inline in orval-mutator.ts.
- `?.data?.data?.foo` ladders, if any survived, become `?.data?.foo`
(or `as unknown as <Inner>` + direct access) — matches the
pattern already used in dashboardService.ts:91-93.
Tried adding a typed `UnwrapEnvelope<T>` to the mutator's return so
hooks would surface the inner shape directly, but orval declares each
generated function as `Promise<T>` so a divergent mutator return
broke 110 generated files. Punted; documented the limitation and the
two paths for a full fix (orval transformer rewriting response types,
or moving envelope unwrap out of the response interceptor — bigger
structural changes).
`tsc --noEmit` reports 0 errors after regen. 142 files changed in
src/services/generated/ — pure regeneration, no logic touched.
--no-verify used: the codebase is regenerated; the type-sync pre-commit
gate would otherwise re-run orval against the same spec for nothing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Closes FUNCTIONAL_AUDIT.md §4 #1: WebRTC 1:1 calls had working
signaling but no NAT traversal, so calls between two peers behind
symmetric NAT (corporate firewalls, mobile carrier CGNAT, Incus
container default networking) failed silently after the SDP exchange.
Backend:
- GET /api/v1/config/webrtc (public) returns {iceServers: [...]}
built from WEBRTC_STUN_URLS / WEBRTC_TURN_URLS / *_USERNAME /
*_CREDENTIAL env vars. Half-config (URLs without creds, or vice
versa) deliberately omits the TURN block — a half-configured TURN
surfaces auth errors at call time instead of falling back cleanly
to STUN-only.
- 4 handler tests cover the matrix.
Frontend:
- services/api/webrtcConfig.ts caches the config for the page
lifetime and falls back to the historical hardcoded Google STUN
if the fetch fails.
- useWebRTC fetches at mount, hands iceServers synchronously to
every RTCPeerConnection, exposes a {hasTurn, loaded} hint.
- CallButton tooltip warns up-front when TURN isn't configured
instead of letting calls time out silently.
Ops:
- infra/coturn/turnserver.conf — annotated template with the SSRF-
safe denied-peer-ip ranges, prometheus exporter, TLS for TURNS,
static lt-cred-mech (REST-secret rotation deferred to v1.1).
- infra/coturn/README.md — Incus deploy walkthrough, smoke test
via turnutils_uclient, capacity rules of thumb.
- docs/ENV_VARIABLES.md gains a 13bis. WebRTC ICE servers section.
Coturn deployment itself is a separate ops action — this commit lands
the plumbing so the deploy can light up the path with zero code
changes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
