@apicircle/shared 1.0.0

package/dist/index.d.cts

@@ -0,0 +1,1245 @@
+declare function generateId(): string;
+
+/**
+ * Pure validators shared between core and UI. Each returns a discriminated
+ * union so callers can branch cleanly: `.ok ? proceed : showError(reason)`.
+ *
+ * No throws — failures are explicit values. Validators never mutate input.
+ *
+ * Used by:
+ *  - Inline UI feedback (`role="alert"` under inputs, disabled submit)
+ *  - PreSendPanel + Send-time guards
+ *  - Test fixtures that want to check shape without fabricating asserts
+ */
+type ValidationResult = {
+    ok: true;
+} | {
+    ok: false;
+    reason: string;
+};
+/**
+ * Accepts any URL the browser can fetch + the variable-template form
+ * `{{NAME}}/path`. Empty + whitespace-only fail. Schemes other than
+ * http/https/file/{{...}} fail (mailto:/tel: aren't fetchable from
+ * Studio's executor).
+ */
+declare function validateUrl(value: string): ValidationResult;
+declare function validateAwsRegion(value: string): ValidationResult;
+/**
+ * Mock endpoint path pattern: must start with `/`, no whitespace, no
+ * query string (`?` is an error — query matching is a separate concern).
+ * Permits Express-style `:param` segments and `*` wildcards.
+ */
+declare function validateMockPath(value: string): ValidationResult;
+/**
+ * Environment-variable key — the bit between `{{ }}` at resolve time.
+ * Allowed: ASCII letters, digits, underscore, hyphen. First character
+ * must be a letter or underscore (matches POSIX env-var naming).
+ */
+declare function validateEnvVarName(value: string): ValidationResult;
+/**
+ * Plan name — same characters allowed as env-var names plus spaces, but
+ * must be non-empty after trim. Caller is responsible for uniqueness.
+ */
+declare function validatePlanName(value: string): ValidationResult;
+/**
+ * GitHub PR title — non-empty after trim, ≤256 chars (GitHub's hard cap).
+ */
+declare function validatePRTitle(value: string): ValidationResult;
+/**
+ * JSON validity — accepts only object/array roots (string/number/bool/null
+ * are technically valid JSON but rarely what users mean for headers/body
+ * payloads; we surface a clearer message).
+ */
+declare function validateJsonString(value: string, opts?: {
+    allowEmpty?: boolean;
+    allowRoots?: 'object' | 'array' | 'any';
+}): ValidationResult;
+declare function validateHttpHeaderName(value: string): ValidationResult;
+/**
+ * JavaScript-compatible regular-expression body. Lets the user spot
+ * unclosed groups / bad character classes at edit time rather than at
+ * runtime where the rule silently never matches.
+ */
+declare function validateRegex(value: string, flags?: string): ValidationResult;
+declare function validateJsonPath(value: string): ValidationResult;
+/**
+ * Non-negative integer duration in milliseconds (or whatever unit the
+ * caller documents). 0 is allowed for "no wait"; negative values reject.
+ */
+declare function validatePositiveDuration(value: number | string): ValidationResult;
+/**
+ * Returns the URL string if `value` is a syntactically valid URL whose scheme
+ * is `http:` or `https:` — otherwise `null`. Use this at every site that
+ * renders a third-party-supplied URL as `<a href>` or hands one to
+ * `window.open` / `shell.openExternal`. The OAuth2 device-flow
+ * `verification_uri` comes straight from the IdP and could in principle be
+ * `javascript:`, `data:`, `file:`, or a custom OS protocol handler —
+ * rendering any of those is an XSS / RCE foot-gun.
+ *
+ * `null` returns should be rendered as plain text so the user can still see
+ * and copy the value, but cannot one-click execute it.
+ */
+declare function safeExternalHref(value: unknown): string | null;
+
+/**
+ * Human-readable byte size. UTF-8 byte count, base-1024 (KiB/MiB).
+ * 0 → "0 B", 1023 → "1023 B", 1024 → "1.0 KB", 1_500_000 → "1.4 MB".
+ */
+declare function formatBytes(bytes: number): string;
+/** UTF-8 byte length of a string. Falls back to char length if TextEncoder unavailable. */
+declare function utf8ByteLength(s: string): number;
+
+type MockResponseBodyType = 'none' | 'json' | 'text' | 'xml' | 'urlencoded' | 'form-data' | 'binary';
+type MockResponseBody = {
+    type: 'none';
+    content: '';
+} | {
+    type: 'json';
+    content: string;
+} | {
+    type: 'text';
+    content: string;
+} | {
+    type: 'xml';
+    content: string;
+} | {
+    type: 'urlencoded';
+    content: string;
+} | {
+    type: 'form-data';
+    content: '';
+    formRows: Array<{
+        key: string;
+        value: string;
+        enabled: boolean;
+    }>;
+} | {
+    type: 'binary';
+    content: '';
+    /** Attachment ref into Global Assets — same shape as request bodies. */
+    attachment?: AttachmentRef;
+};
+interface MockResponseConfig {
+    status: number;
+    headers: Array<{
+        key: string;
+        value: string;
+        enabled: boolean;
+    }>;
+    body: MockResponseBody;
+    /** Optional artificial latency before responding. */
+    delayMs?: number;
+    /**
+     * Optional response-shape multipliers. At runtime, each multiplier reads a
+     * value from the request (a query/path/header param or a JSON-path slice
+     * of the request body) and repeats the array element at `targetJsonPath`
+     * inside the response body that many times. Used to drive page-size
+     * aware mock responses without templating the body manually.
+     *
+     * Only fires when `body.type === 'json'`; ignored otherwise.
+     */
+    multipliers?: MockResponseMultiplier[];
+}
+type MockMultiplierSourceKind = 'query' | 'pathParam' | 'header' | 'body-json-path';
+interface MockMultiplierSource {
+    kind: MockMultiplierSourceKind;
+    /** Query/path/header name, or JSON path into the request body (e.g. "$.page.size"). */
+    key: string;
+}
+interface MockResponseMultiplier {
+    id: string;
+    /** Optional user-facing label. */
+    name?: string;
+    source: MockMultiplierSource;
+    /**
+     * JSON path into the *response body* pointing at the array to repeat
+     * (e.g. "$.items"). The first element of that array becomes the repeated
+     * template — additional elements are discarded.
+     */
+    targetJsonPath: string;
+    /** Used when source is missing or non-numeric. */
+    defaultCount: number;
+    /** Optional inclusive lower bound on the resolved count. */
+    min?: number;
+    /** Optional inclusive upper bound on the resolved count. */
+    max?: number;
+}
+interface MockParamDef {
+    /** Stable id so the editor can reorder rows without losing focus. */
+    id: string;
+    name: string;
+    /** Free-form type hint (e.g. 'string', 'integer', 'uuid'). Documentation only. */
+    typeHint?: string;
+    required?: boolean;
+    description?: string;
+    example?: string;
+}
+interface MockRequestSchema {
+    /** Declared path params (auto-derived from `{slot}` segments in pathPattern + manual entries). */
+    pathParams: MockParamDef[];
+    queryParams: MockParamDef[];
+    headers: MockParamDef[];
+    cookies: MockParamDef[];
+    /** Optional documentation for the expected request body shape. */
+    body?: {
+        description?: string;
+        example?: string;
+    };
+}
+type MockValidationKind = 'header-required' | 'header-equals' | 'header-matches' | 'query-required' | 'query-equals' | 'query-matches' | 'cookie-required' | 'body-required' | 'content-type-equals';
+interface MockValidationRule {
+    id: string;
+    kind: MockValidationKind;
+    /** Header / query / cookie name being validated (empty for body / content-type). */
+    target: string;
+    /** Expected literal or regex (when applicable). */
+    expected?: string;
+    /** Friendly message surfaced into the failResponse body / debugger. */
+    message?: string;
+    /**
+     * Disable without deleting — disabled rules are skipped during request
+     * validation but stay in the editor for what-if debugging. Defaults to
+     * `true` for newly authored rules.
+     */
+    enabled: boolean;
+    /** Response returned when this rule fails. */
+    failResponse: MockResponseConfig;
+}
+type MockConditionScope = 'query' | 'pathParam' | 'header' | 'cookie' | 'body-json-path';
+type MockConditionOp = 'equals' | 'not-equals' | 'matches' | 'gt' | 'lt' | 'gte' | 'lte' | 'present' | 'absent';
+interface MockConditionClause {
+    id: string;
+    scope: MockConditionScope;
+    /** Name of the query/header/cookie/path-param OR a JSON-path for body matches. */
+    target: string;
+    op: MockConditionOp;
+    /** Comparison value (omitted for present/absent ops). */
+    value?: string;
+}
+interface MockResponseRule {
+    id: string;
+    /** User-facing rule label (e.g. "Page 1 — small response"). */
+    name: string;
+    /** Disable without deleting — useful for what-if testing. */
+    enabled: boolean;
+    /** AND-combined clauses; rule fires only when every clause matches. */
+    when: MockConditionClause[];
+    response: MockResponseConfig;
+}
+interface MockEndpoint {
+    /** Stable id; survives spec re-parses so per-endpoint overrides keep matching. */
+    id: string;
+    /** User-friendly label for the sidebar / picker. Defaults to "{METHOD} {pathPattern}". */
+    name: string;
+    method: HttpMethod;
+    /** OpenAPI-style path template, e.g. `/pets/{id}`. Hono routes get derived from this. */
+    pathPattern: string;
+    description?: string;
+    /** Declarative input schema — drives editor UI + runtime docs. */
+    requestSchema: MockRequestSchema;
+    /** Pre-validation gates evaluated before response rules. */
+    requestValidation: MockValidationRule[];
+    /** Conditional response rules (first match wins). */
+    responseRules: MockResponseRule[];
+    /** Fallback response when no rule matches. */
+    defaultResponse: MockResponseConfig;
+    /** Optional: name of the OpenAPI example chosen when multiple were present. */
+    example?: string;
+}
+type MockServerSource = {
+    kind: 'openapi';
+    spec: string;
+    format: 'json' | 'yaml';
+} | {
+    kind: 'postman';
+    collection: string;
+} | {
+    kind: 'insomnia';
+    export: string;
+} | {
+    kind: 'manual';
+    endpoints: MockEndpoint[];
+};
+interface MockServer {
+    id: string;
+    name: string;
+    source: MockServerSource;
+    /**
+     * Resolved endpoint table — populated when the source is parsed; persisted
+     * so the desktop app doesn't re-parse on every start. Empty array for
+     * `kind: 'manual'` (the source carries the endpoints) — though in
+     * practice we mirror the manual endpoints into both fields so downstream
+     * consumers can read either one.
+     */
+    endpoints: MockEndpoint[];
+    /** Default port used when starting; null = pick a free port at start. */
+    defaultPort: number | null;
+    cors: {
+        enabled: boolean;
+        origins: string[];
+    };
+    createdAt: string;
+    updatedAt: string;
+}
+/** Lives in WorkspaceLocal — never pushed to git. */
+interface MockRuntime {
+    /** Keyed by mockServerId. Absent = not running. */
+    active: Record<string, MockRuntimeEntry>;
+}
+interface MockRuntimeEntry {
+    port: number;
+    /** null in browser-preview mode where there's no OS process. */
+    pid: number | null;
+    startedAt: string;
+    lastError: string | null;
+    requestCount: number;
+}
+declare function getAllowedMockResponseBodyTypes(status: number): MockResponseBodyType[];
+/**
+ * If `currentBodyType` isn't allowed for `status`, return a safe
+ * fallback (`'json'` for status codes that allow bodies, `'none'`
+ * otherwise). Returns `null` when the current type is already
+ * allowed — caller can early-return.
+ */
+declare function coerceMockResponseBodyTypeForStatus(currentBodyType: MockResponseBodyType, status: number): MockResponseBodyType | null;
+declare function makeDefaultMockResponseBody(type: MockResponseBodyType): MockResponseBody;
+declare function makeDefaultMockResponse(): MockResponseConfig;
+declare function makeDefaultRequestSchema(): MockRequestSchema;
+
+type ThemeId = 'studio-dark' | 'graphite-dark' | 'midnight-blue' | 'workbench-light' | 'paper-light' | 'high-contrast-dark' | 'high-contrast-light' | 'dracula' | 'nord' | 'tokyo-night' | 'one-dark-pro' | 'monokai-pro' | 'gruvbox-dark' | 'solarized-dark' | 'catppuccin-mocha' | 'catppuccin-macchiato' | 'synthwave-84' | 'cobalt2' | 'rose-pine' | 'ayu-mirage' | 'night-owl' | 'github-dark' | 'material-palenight' | 'solarized-light' | 'github-light' | 'catppuccin-latte' | 'ayu-light' | 'atom-one-light' | 'rose-pine-dawn' | 'tokyo-night-day';
+type FontFamilyId = 'system-mono' | 'jetbrains-mono' | 'fira-code' | 'cascadia-code' | 'ibm-plex-mono' | 'source-code-pro' | 'roboto-mono' | 'space-mono' | 'hack' | 'inconsolata' | 'anonymous-pro' | 'ubuntu-mono' | 'dm-mono' | 'geist-mono' | 'red-hat-mono' | 'azeret-mono' | 'victor-mono' | 'system-sans' | 'inter' | 'roboto' | 'open-sans' | 'lato' | 'source-sans-3' | 'nunito-sans' | 'manrope' | 'dm-sans' | 'geist' | 'plus-jakarta-sans' | 'ibm-plex-sans' | 'work-sans';
+type PanelId = 'workspace' | 'link-workspace' | 'editor' | 'env' | 'execution' | 'history' | 'mocks' | 'mcp' | 'help';
+/**
+ * Display name used when seeding a fresh workspace's registry entry on
+ * first boot. The name itself is local-only — it never lives in the
+ * git-synced doc — so two machines pulling the same workspace.json can
+ * each call their local copy whatever they want.
+ */
+declare const DEFAULT_WORKSPACE_NAME = "My Workspace";
+interface WorkspaceSynced {
+    schemaVersion: 1;
+    workspaceId: string;
+    collections: {
+        tree: FolderNode;
+        requests: Record<string, Request>;
+        folders: Record<string, Folder>;
+    };
+    environments: {
+        items: Record<string, Environment>;
+        activeName: string | null;
+        /**
+         * Ordered list of envs the resolver layers into request scope. Mixes
+         * local and linked-workspace envs — the consumer picks order. See
+         * `EnvPriorityRef`.
+         */
+        priorityOrder: EnvPriorityRef[];
+    };
+    linkedWorkspaces: Record<string, LinkedWorkspace>;
+    linkedOverrides: {
+        requests: Record<string, RequestOverride>;
+        environmentVars: Record<string, EnvironmentVariableOverride>;
+    };
+    releases: {
+        self: ReleaseHistory | null;
+        perLink: Record<string, ReleaseHistory>;
+    };
+    globalAssets: {
+        schemas: Record<string, GlobalSchema>;
+        graphql: Record<string, GlobalGraphQL>;
+    };
+    mockServers: Record<string, MockServer>;
+    /**
+     * Workspace-wide execution plans. Plan **definitions** travel through
+     * Git so collaborators on the same workspace see the same plans;
+     * plan **runs** (history) stay in `WorkspaceLocal.history.planRuns`
+     * because they're per-device and per-execution.
+     *
+     * Optional in the type: pre-migration workspaces persisted plans on
+     * `WorkspaceLocal.executionPlans` only; the hydration normalizer
+     * lifts those into `synced.executionPlans` on first load. The store
+     * always writes a populated value (defaulting to `{}`) after
+     * migration, so consumers can rely on `synced.executionPlans` being
+     * defined post-hydrate.
+     */
+    executionPlans?: Record<string, ExecutionPlan>;
+    secretKeys?: Record<string, SecretKeyMeta>;
+    /**
+     * Workspace-passphrase crypto state. `null` when no passphrase has been
+     * set yet (the workspace either has no secrets, or hasn't been migrated
+     * to the passphrase model). Populated by `setupPassphrase` the first
+     * time a user creates a passphrase; from then on, decryption requires
+     * the same passphrase to be re-entered (in memory only).
+     *
+     * The actual encrypted secret-value payloads still live in device-local
+     * IndexedDB today; migrating those into the synced doc is its own
+     * follow-up.
+     *
+     * `kdf` / `salt` / `iterations` parameterise the PBKDF2 derivation;
+     * `verifier` lets us reject a wrong passphrase up front without trying
+     * to decrypt every payload. See `passphraseKey.ts` for the algorithm.
+     */
+    secretCrypto?: SecretCryptoMeta | null;
+    meta: {
+        createdAt: string;
+        updatedAt: string;
+        appVersion: string;
+    };
+}
+interface FolderNode {
+    id: string;
+    type: 'root' | 'folder';
+    children: Array<{
+        kind: 'folder' | 'request';
+        id: string;
+    }>;
+}
+interface Folder {
+    id: string;
+    name: string;
+    parentId: string | null;
+    /**
+     * Optional folder-level auth. When a request has `auth.type === 'inherit'`,
+     * the runner walks up the folder chain and uses the first explicit
+     * (non-`inherit`, non-`none`) auth it finds. Absent here = no folder-level
+     * auth at this level (continue walking up).
+     */
+    auth?: RequestAuth;
+}
+type HttpMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'HEAD' | 'OPTIONS';
+type BodyType = 'none' | 'json' | 'text' | 'form-data' | 'urlencoded' | 'binary' | 'xml' | 'graphql';
+interface Request {
+    id: string;
+    name: string;
+    folderId: string | null;
+    method: HttpMethod;
+    url: string;
+    headers: Array<{
+        key: string;
+        value: string;
+        enabled: boolean;
+    }>;
+    query: Array<{
+        key: string;
+        value: string;
+        enabled: boolean;
+    }>;
+    /**
+     * Values for URL path placeholders (`:name` Express-style or `{name}`
+     * OpenAPI-style). Keys are expected to match placeholder names found in
+     * `url`. Missing keys substitute to empty string at send time. Absent =
+     * empty (no path params), so the field is optional in storage.
+     */
+    pathParams?: Record<string, string>;
+    /**
+     * Cookies sent with the request. Joined into a single `Cookie` header at
+     * send time (existing user-set Cookie header wins). Absent = no cookies.
+     */
+    cookies?: Array<{
+        key: string;
+        value: string;
+        enabled: boolean;
+    }>;
+    body: RequestBody;
+    auth: RequestAuth;
+    contextVars: Array<{
+        key: string;
+        value: string;
+    }>;
+    extractions: ContextExtraction[];
+    bodySchemaId?: string | null;
+    graphqlSchemaId?: string | null;
+    assertions: Assertion[];
+    createdAt: string;
+    updatedAt: string;
+}
+interface ContextExtraction {
+    id: string;
+    variable: string;
+    source: 'body' | 'header' | 'cookie' | 'status';
+    /**
+     * Source-specific path:
+     *   - body: JSON path (dot/bracket, e.g. `data.token` or `items[0].id`)
+     *   - header: header name (case-insensitive)
+     *   - cookie: cookie name
+     *   - status: ignored — the HTTP status code is the value
+     */
+    path: string;
+    enabled: boolean;
+}
+interface GlobalSchema {
+    id: string;
+    name: string;
+    description?: string;
+    /** JSON Schema document, stored as a string so the user can paste any draft. */
+    schema: string;
+    createdAt: string;
+    updatedAt: string;
+}
+interface GlobalGraphQL {
+    id: string;
+    name: string;
+    description?: string;
+    kind: 'sdl' | 'introspection';
+    source: string;
+    createdAt: string;
+    updatedAt: string;
+}
+type RequestAuth = {
+    type: 'none';
+} | {
+    type: 'inherit';
+} | {
+    type: 'bearer';
+    token: string;
+} | {
+    type: 'basic';
+    username: string;
+    password: string;
+} | {
+    type: 'api-key';
+    key: string;
+    value: string;
+    addTo: 'header' | 'query' | 'cookie';
+} | {
+    type: 'custom-header';
+    key: string;
+    value: string;
+} | OAuth2ClientCredentialsAuth | OAuth2AuthCodeAuth | OAuth2PkceAuth | OAuth2PasswordAuth | OAuth2ImplicitAuth | OAuth2DeviceAuth | AwsSigV4Auth | DigestAuth | NtlmAuth | HawkAuth | JwtBearerAuth;
+interface OAuth2TokenState {
+    accessToken: string;
+    tokenType: string;
+    refreshToken: string;
+    /**
+     * Epoch milliseconds when the access token expires, or 0 / null when
+     * unknown. Stored as number so all comparisons are direct
+     * `Date.now() < expiresAt` without round-tripping through Date()
+     * parsing on the hot path. Workspace serialization rolls it through
+     * JSON unchanged — git-side this is a number, not an ISO string.
+     */
+    expiresAt: number | null;
+    /**
+     * Scope the IdP actually granted (may differ from the request's
+     * `scope` field if the user/client is missing some). Refresh keeps
+     * this; clearing the token resets to ''.
+     */
+    obtainedScope: string;
+}
+interface OAuth2ClientCredentialsAuth extends OAuth2TokenState {
+    type: 'oauth2-client-credentials';
+    tokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    scope: string;
+    clientAuthMethod: 'header' | 'body';
+}
+interface OAuth2AuthCodeAuth extends OAuth2TokenState {
+    type: 'oauth2-auth-code';
+    authUrl: string;
+    tokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    scope: string;
+    state: string;
+}
+interface OAuth2PkceAuth extends OAuth2TokenState {
+    type: 'oauth2-pkce';
+    authUrl: string;
+    tokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    scope: string;
+    state: string;
+    codeVerifier: string;
+    codeChallengeMethod: 'S256' | 'plain';
+}
+interface OAuth2PasswordAuth extends OAuth2TokenState {
+    type: 'oauth2-password';
+    tokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    username: string;
+    password: string;
+    scope: string;
+}
+interface OAuth2ImplicitAuth extends Omit<OAuth2TokenState, 'refreshToken'> {
+    type: 'oauth2-implicit';
+    authUrl: string;
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+}
+interface OAuth2DeviceAuth extends OAuth2TokenState {
+    type: 'oauth2-device';
+    deviceAuthUrl: string;
+    tokenUrl: string;
+    clientId: string;
+    scope: string;
+    deviceCode: string;
+    userCode: string;
+    verificationUri: string;
+}
+interface AwsSigV4Auth {
+    type: 'aws-sigv4';
+    accessKeyId: string;
+    secretAccessKey: string;
+    sessionToken: string;
+    region: string;
+    service: string;
+    addTo: 'header' | 'query';
+}
+interface DigestAuth {
+    type: 'digest';
+    username: string;
+    password: string;
+}
+interface NtlmAuth {
+    type: 'ntlm';
+    username: string;
+    password: string;
+    domain: string;
+    workstation: string;
+}
+interface HawkAuth {
+    type: 'hawk';
+    hawkId: string;
+    hawkKey: string;
+    algorithm: 'sha256' | 'sha1';
+    ext: string;
+    /**
+     * When true, the request body is folded into the Hawk MAC via the
+     * payload-hash extension (Hawk spec §3.2.5). Required for servers
+     * configured with strict body-binding; leave false for the looser
+     * "header-only" form that most public Hawk APIs accept.
+     */
+    bindPayload?: boolean;
+}
+interface JwtBearerAuth {
+    type: 'jwt-bearer';
+    algorithm: 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512' | 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512' | 'EdDSA';
+    secretOrKey: string;
+    payload: string;
+    jwtHeaders: string;
+    token: string;
+}
+interface RequestBody {
+    type: BodyType;
+    content: string;
+    formRows?: FormDataRow[];
+    attachment?: AttachmentRef;
+    variables?: string;
+}
+type FormDataRow = {
+    kind: 'text';
+    key: string;
+    value: string;
+    enabled: boolean;
+} | {
+    kind: 'file';
+    key: string;
+    slotId: string | null;
+    filename?: string;
+    size?: number;
+    mimeType?: string;
+    sha256?: string;
+    enabled: boolean;
+};
+interface AttachmentRef {
+    slotId: string | null;
+    filename?: string;
+    size?: number;
+    mimeType?: string;
+    sha256?: string;
+}
+interface Assertion {
+    id: string;
+    kind: 'status' | 'header' | 'json-path' | 'duration';
+    op: 'equals' | 'not-equals' | 'contains' | 'lt' | 'gt' | 'matches';
+    target?: string;
+    expected: string | number;
+}
+interface Environment {
+    name: string;
+    variables: EnvironmentVariable[];
+}
+/**
+ * Entry in the global / plan-level environment priority order. Both local
+ * environments and linked-workspace environments are first-class citizens
+ * — the consumer can interleave them in any order and the resolver layers
+ * them top-down at request-time. The two `kind`s exist because linked envs
+ * need a `linkedWorkspaceId` to resolve against the right snapshot in
+ * `WorkspaceLocal.linkedCollections` (and to apply the consumer's per-row
+ * overrides from `synced.linkedOverrides.environmentVars`).
+ *
+ * Stored in `WorkspaceSynced.environments.priorityOrder` and
+ * `ExecutionPlan.envPriorityOrder`.
+ */
+type EnvPriorityRef = {
+    kind: 'local';
+    name: string;
+} | {
+    kind: 'linked';
+    linkedWorkspaceId: string;
+    envName: string;
+};
+interface EnvironmentVariable {
+    key: string;
+    value: string;
+    encrypted: boolean;
+    secretKeyId?: string;
+}
+interface SecretKeyMeta {
+    id: string;
+    label: string;
+    salt: string;
+    createdAt: string;
+}
+/**
+ * Workspace-passphrase crypto parameters. Persisted in `WorkspaceSynced.
+ * secretCrypto`, written by `setupPassphrase` and read by `unlockSecretCrypto`.
+ * Single-version contract for now (`pbkdf2-sha256-v1`); future versions
+ * will be additional discriminants on `kdf`.
+ *
+ * `salt` is base64-encoded 16 random bytes; `verifier` is base64-encoded
+ * AES-GCM ciphertext of a fixed sentinel string under the derived key with
+ * a zero IV — comparing it constant-time tells a right passphrase from a
+ * wrong one before any real decrypt is attempted.
+ */
+interface SecretCryptoMeta {
+    kdf: 'pbkdf2-sha256-v1';
+    salt: string;
+    iterations: number;
+    verifier: string;
+}
+interface LinkedWorkspace {
+    id: string;
+    kind: 'private' | 'public';
+    name: string;
+    description?: string;
+    source: {
+        provider: 'github';
+        repoFullName: string;
+        branch: string;
+        /**
+         * Which GitHub session credentials this link uses for `workspace.json`
+         * fetches at link / refresh time.
+         *
+         *   - `'workspace'` — reuse `local.sessions.github.workspace` (the same
+         *     PAT that pushes/pulls THIS workspace). Convenient when both repos
+         *     are reachable from a single token.
+         *   - `'dedicated'` — use a per-link PAT stored at
+         *     `local.sessions.github.links[linkedWorkspaceId]`. Used when the
+         *     source repo lives under a different account (different org, a
+         *     bot user, a teammate's fork) that the workspace session can't
+         *     read.
+         *
+         * Public links still pick a mode — even public-repo fetches today route
+         * through `GitHubClient.getContents`, which uses an auth header.
+         */
+        sessionMode: 'workspace' | 'dedicated';
+    };
+    scope: Array<'collections' | 'environments'>;
+    pinnedVersion: string | null;
+    updatePolicy: 'manual';
+    linkedAt: string;
+    requiredSecretKeyIds: string[];
+    marketplace?: {
+        listedAs: string;
+        tags: string[];
+        summary: string;
+    };
+}
+interface ReleaseHistory {
+    versions: ReleaseVersion[];
+    currentVersion: string | null;
+}
+interface ReleaseVersion {
+    version: string;
+    publishedAt: string;
+    notes: string;
+    workspaceSnapshot: string;
+    sha?: string;
+    tagName?: string;
+    deprecated: boolean;
+    yanked: boolean;
+}
+interface WorkspaceLocal {
+    schemaVersion: 1;
+    workspaceId: string;
+    /**
+     * @deprecated Plans now live on `WorkspaceSynced.executionPlans` so
+     * they round-trip through Git (team-shared). This field is kept for
+     * one schema version to support hydration migration only — code
+     * should NOT write here. The hydration normalizer
+     * `liftLegacyExecutionPlansToSynced` lifts any value found here into
+     * `synced.executionPlans` on first load and clears it.
+     */
+    executionPlans: Record<string, ExecutionPlan>;
+    history: {
+        requestRuns: RequestRun[];
+        planRuns: PlanRun[];
+    };
+    secretIndex: SecretIndex;
+    sessions: {
+        github: {
+            workspace: GitHubSession | null;
+            links: Record<string, GitHubSession>;
+        };
+    };
+    connectedRepo: ConnectedRepo | null;
+    workingBranch: WorkingBranch | null;
+    /**
+     * Blob sha of the scaffold `workspace.json` written by
+     * `seedInitialCommit`. Persisted so the next `createWorkingBranch` can
+     * recognise its own scaffold on the new branch and suppress the
+     * "remote already has content" first-pull prompt — that prompt only
+     * makes sense for genuinely pre-populated remote content, not the
+     * empty seed we just wrote ourselves. `null` once any other content
+     * has overwritten the scaffold.
+     */
+    seededWorkspaceSha: string | null;
+    /**
+     * Set by `refreshWorkspace` when it detects that the working branch is
+     * functionally over: the PR was merged on GitHub, OR the branch ref was
+     * deleted out from under us (typically by GitHub's "delete branch on
+     * merge" setting). `workingBranch` is cleared at the same time so the
+     * UI flips back to the create-branch form, and this slot drives a
+     * one-time banner pointing the user toward starting a new branch.
+     * Cleared by `dismissRetiredBranch` once the user acknowledges or
+     * creates a new branch.
+     */
+    retiredBranch: RetiredBranch | null;
+    sync: SyncSnapshot;
+    linkedCollections: Record<string, LinkedSnapshot>;
+    globalContext: Record<string, string>;
+    mockRuntime: MockRuntime;
+    ui: {
+        activeRequestId: string | null;
+        sidebarExpandedSections: string[];
+        themeId: ThemeId;
+        /**
+         * Workspace-bound font family. Switching workspaces applies this
+         * font; renaming a workspace does not affect it. Default
+         * `'system-mono'` matches the seed in `createEmptyWorkspace`.
+         */
+        fontId: FontFamilyId;
+        /**
+         * Whole-UI text-size scaling, expressed as a percentage of the
+         * browser's default root font-size. The HTML root's `font-size` is
+         * set to this percentage at hydrate / switch time, scaling every
+         * Tailwind `rem`-based utility plus the Monaco editor's option in
+         * `MonacoEditorBase`. Range: `FONT_SIZE_PERCENT_MIN`..`MAX`, snapped
+         * to `FONT_SIZE_PERCENT_STEP`. Default `FONT_SIZE_PERCENT_DEFAULT`
+         * (100) — matches the browser baseline so first-paint before
+         * hydrate doesn't flash a different size.
+         */
+        fontSizePercent: number;
+    };
+    /**
+     * User-tunable client-side settings. Local-only; never round-trips
+     * through Git so each developer can keep their own preferences.
+     *
+     * - `validateOnSend`: when true, the Editor surfaces a pre-send
+     *   validation panel (warnings + blockers from
+     *   `core/preSendValidation`) above the Send button. Default: true.
+     */
+    settings: WorkspaceLocalSettings;
+    /**
+     * Pre-destructive snapshot ledger. Auto-captured before every operation
+     * that could lose work (push, merge, linked-update apply, yank, deprecate),
+     * and on user demand via the History panel. Local-only; never pushed.
+     *
+     * The ledger acts as a ring buffer: when total `sizeBytes` exceeds
+     * `maxBytes`, the oldest snapshots are evicted until the total drops
+     * back under cap. Set `maxBytes: Number.POSITIVE_INFINITY` to disable
+     * eviction.
+     */
+    snapshots: WorkspaceSnapshotLedger;
+}
+interface WorkspaceLocalSettings {
+    validateOnSend: boolean;
+    /**
+     * Whether Monaco editors consume mouse-wheel events even when the user
+     * isn't intending to scroll the editor (e.g. they're hovering over the
+     * editor while scrolling the page). When `false`, wheel events bubble
+     * up to the page so long pages remain scrollable past the editor.
+     * When `true`, the editor scrolls first and only releases the wheel
+     * once it reaches its top/bottom (Monaco's default behavior).
+     *
+     * Default: `false` (page-scroll friendly).
+     */
+    monacoConsumesWheel: boolean;
+}
+type WorkspaceSnapshotTrigger = 'manual' | 'pre-push' | 'pre-merge' | 'pre-linked-update' | 'pre-yank' | 'pre-deprecate';
+interface WorkspaceSnapshot {
+    /** Stable id; survives ledger updates so restore is idempotent. */
+    id: string;
+    /** ISO timestamp the snapshot was captured at. */
+    createdAt: string;
+    /** What triggered the capture — informational, used for the History badge. */
+    triggeredBy: WorkspaceSnapshotTrigger;
+    /** Optional user-provided note (manual snapshots; the others auto-fill it). */
+    note?: string;
+    /**
+     * Verbatim copy of `WorkspaceSynced` at the moment of capture. Stored
+     * inline so restore is a single state replacement — no IPFS, no SHA-only
+     * placeholder. Cost: ~the size of `workspace.json`. The ring buffer +
+     * cap keep this bounded.
+     */
+    workspaceSyncedSnapshot: WorkspaceSynced;
+    /**
+     * Approximate JSON byte length of `workspaceSyncedSnapshot` at capture
+     * time. Used for the storage meter + ring-buffer eviction; the exact
+     * persisted size after IDB compression may differ.
+     */
+    sizeBytes: number;
+}
+interface WorkspaceSnapshotLedger {
+    entries: WorkspaceSnapshot[];
+    /**
+     * Cap on total `sizeBytes` across all entries. When exceeded, oldest
+     * entries are dropped until the total drops back under cap. Defaults
+     * to 50 MB (52,428,800).
+     */
+    maxBytes: number;
+}
+/**
+ * Snapshot of a linked source workspace at a specific ref. Lives only
+ * in `WorkspaceLocal.linkedCollections[id]`. Refreshed on demand via
+ * the link card's Refresh ledger button (which pulls workspace.json
+ * and re-derives this snapshot).
+ *
+ * `ref` is the pinnedVersion when the link is pinned, otherwise
+ * `HEAD@<branch>` to make it obvious which moving target the snapshot
+ * is tracking.
+ */
+interface LinkedSnapshot {
+    pulledAt: string;
+    ref: string;
+    collections: WorkspaceSynced['collections'];
+    environments: WorkspaceSynced['environments'];
+    /**
+     * The source workspace's secret-key registry, cached so the link card
+     * can render slot labels (not just raw ids). Optional — older
+     * snapshots from before this field was tracked load with `undefined`,
+     * and the card falls back to showing ids until the next refresh.
+     */
+    secretKeys?: Record<string, SecretKeyMeta>;
+}
+interface SecretIndex {
+    entries: Record<string, SecretEntry>;
+}
+interface SecretEntry {
+    id: string;
+    label: string;
+    createdAt: string;
+    origin: 'workspace' | 'linked';
+    linkedWorkspaceId?: string;
+    linkedKeyId?: string;
+    usedIn: SecretUsage[];
+}
+interface SecretUsage {
+    kind: 'request' | 'environment-var' | 'linked-workspace-input';
+    id: string;
+    label: string;
+}
+interface GitHubSession {
+    accountLogin: string;
+    tokenSecretId: string;
+    grantedScopes: string[];
+    addedAt: string;
+    lastVerifiedAt: string | null;
+    /**
+     * Whether this token can create pull requests, derived from a two-step
+     * check: (1) scope inspection (`repo` on classic PATs OR `pull_request`
+     * on fine-grained PATs covers PR creation), and (2) if the scope check
+     * is inconclusive, a real `GET /repos/:owner/:repo/pulls` probe against
+     * the connected repo. The PR-creation warning + Create PR button enable
+     * state both read this flag instead of doing string-includes checks
+     * against `grantedScopes` — which would false-fire for any classic PAT
+     * (classic PATs don't have a separate `pull_request` scope; `repo`
+     * already grants full PR powers, and that's what GitHub actually
+     * accepts at runtime).
+     *
+     *   - `true`  — scope check confirmed OR probe returned 200
+     *   - `false` — probe returned 403 with missing-scope hint
+     *   - `null`  — not yet probed (no repo connected, or probe pending)
+     */
+    canCreatePullRequests: boolean | null;
+}
+/**
+ * Field-level override for a single linked request. Every field is
+ * optional — present ⇒ replaces the source workspace's value, absent ⇒
+ * inherits from the snapshot. Stored as a delta (smallest possible
+ * patch) so reset = drop the entry.
+ *
+ * The five identity / lifecycle fields (`id`, `folderId`, `createdAt`,
+ * `updatedAt`, plus `bodySchemaId` / `graphqlSchemaId` since those
+ * reference the source's globalAssets) are intentionally NOT
+ * overridable — keeping them source-pinned avoids stale references and
+ * keeps the consumer's tree structure under the source's control.
+ */
+type RequestOverridePatch = Partial<Pick<Request, 'name' | 'method' | 'url' | 'headers' | 'query' | 'pathParams' | 'cookies' | 'body' | 'auth' | 'contextVars' | 'extractions' | 'assertions'>>;
+interface RequestOverride {
+    linkedWorkspaceId: string;
+    itemId: string;
+    patch: RequestOverridePatch;
+    updatedAt: string;
+}
+/**
+ * Per-variable override on a linked workspace's environment. Keyed
+ * `${linkedWorkspaceId}:${envName}:${varKey}` in the parent record.
+ *
+ * Three modes:
+ *   1. Replace value: `value` (and optionally `encrypted` / `secretKeyId`) set,
+ *      `removed` absent. Keeps the source variable but with the consumer's value.
+ *   2. Hide source variable: `removed: true`. The source's variable is dropped
+ *      from the consumer's effective environment.
+ *   3. Inject new variable: the `varKey` does not exist in the source's env;
+ *      the override row introduces it for this consumer only.
+ */
+interface EnvironmentVariableOverride {
+    linkedWorkspaceId: string;
+    envName: string;
+    varKey: string;
+    value?: string;
+    encrypted?: boolean;
+    secretKeyId?: string;
+    removed?: boolean;
+    updatedAt: string;
+}
+interface ExecutionPlan {
+    id: string;
+    name: string;
+    /**
+     * Steps run sequentially in this order. `enabled: false` skips the step
+     * entirely at run time — useful for keeping a step in the plan while
+     * temporarily routing around it. Defaults to `true` when missing on
+     * older persisted plans (pre-`enabled` plans that haven't been touched
+     * since the field landed).
+     */
+    steps: Array<{
+        requestId: string;
+        linkedWorkspaceId?: string;
+        enabled?: boolean;
+    }>;
+    /**
+     * Plan-scoped overlay for the workspace's env priority order. Empty
+     * means "inherit the workspace order"; non-empty replaces it for runs
+     * of this plan. Mixes local + linked envs the same way the workspace
+     * order does — see `EnvPriorityRef`.
+     */
+    envPriorityOrder: EnvPriorityRef[];
+    /**
+     * Plan-level variables sit between context vars and the env priority
+     * list in the resolver chain — they let a plan override an env value
+     * without mutating the env. Keys are case-sensitive; later entries
+     * silently win on duplicate keys (consistent with env vars).
+     */
+    variables?: Array<{
+        key: string;
+        value: string;
+    }>;
+    /**
+     * When `true`, runPlan halts the loop the first time a step's
+     * assertions don't all pass. Only consulted when the run is launched
+     * `withAssertions` — `Run` (without assertions) never short-circuits.
+     * Defaults to `false` (continue past failed assertions).
+     */
+    stopOnAssertionFailure?: boolean;
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * Captured wire detail for a request run, written when the run completes.
+ * Stored on `WorkspaceLocal.history` (capped, IDB-only). Body fields are
+ * truncated past `RUN_BODY_PREVIEW_LIMIT` so a hundred history rows can't
+ * blow up the IDB record.
+ */
+interface RequestRun {
+    id: string;
+    requestId: string;
+    startedAt: string;
+    durationMs: number;
+    status: number | null;
+    /** Empty string for network errors (status === null). */
+    statusText: string;
+    ok: boolean;
+    error?: string;
+    /** Final URL after path-param substitution + query composition. */
+    url: string;
+    method: string;
+    /** Final headers actually sent on the wire (post-auth). */
+    requestHeaders: Record<string, string>;
+    /**
+     * Best-effort string preview of the request body. `null` for binary/form
+     * bodies (where the body isn't a string) or no body. Truncated past
+     * `RUN_BODY_PREVIEW_LIMIT` bytes.
+     */
+    requestBodyPreview: string | null;
+    /** Headers received from the server. */
+    responseHeaders: Record<string, string>;
+    /** Truncated string preview of the response body. */
+    responseBodyPreview: string;
+    responseBodyKind: 'json' | 'text' | 'binary' | 'empty';
+    responseTruncated: boolean;
+    /**
+     * Verdicts captured at run time. Snapshots the assertion definition so the
+     * History detail view can render kind/op/target/expected even when the
+     * source request has since been edited or deleted.
+     */
+    assertions: Array<{
+        assertionId: string;
+        kind: Assertion['kind'];
+        op: Assertion['op'];
+        target?: string;
+        expected: string | number;
+        passed: boolean;
+        detail?: string;
+    }>;
+}
+/** Soft cap for body previews stored on a RequestRun (each side). */
+declare const RUN_BODY_PREVIEW_LIMIT: number;
+/**
+ * UI text-size scaling bounds. `fontSizePercent` on `WorkspaceLocal.ui`
+ * is clamped to `[MIN, MAX]` and snapped to `STEP`. Below 80% the
+ * smallest chrome (10–11px bracketed Tailwind sizes) becomes unreadable;
+ * above 150% layout pressure mounts in narrow panels.
+ */
+declare const FONT_SIZE_PERCENT_MIN = 80;
+declare const FONT_SIZE_PERCENT_MAX = 150;
+declare const FONT_SIZE_PERCENT_STEP = 10;
+declare const FONT_SIZE_PERCENT_DEFAULT = 100;
+interface PlanRun {
+    id: string;
+    planId: string;
+    startedAt: string;
+    durationMs: number;
+    withAssertions: boolean;
+    steps: Array<{
+        requestRunId: string;
+        passed: boolean;
+    }>;
+}
+interface ConnectedRepo {
+    fullName: string;
+    owner: string;
+    name: string;
+    defaultBranch: string;
+    visibility: 'public' | 'private' | 'internal';
+    isPrivate: boolean;
+    pushable: boolean;
+    connectedAt: string;
+}
+interface WorkingBranch {
+    /** Branch name on GitHub, e.g. `apicircle/payments-a3f9c2`. */
+    name: string;
+    /** Base branch (typically the repo's default — `main` / `master`). */
+    baseBranch: string;
+    /** `owner/name` on GitHub. */
+    repoFullName: string;
+    /** Owner login, stored redundantly so call sites don't have to re-split. */
+    repoOwner: string;
+    /** Repo name, same idea. */
+    repoName: string;
+    /** Commit SHA on this branch's HEAD at creation (= base SHA initially). */
+    headSha: string;
+    createdAt: string;
+    lastPushedSha: string | null;
+    diffSummary: {
+        ahead: number;
+        behind: number;
+        staleAt: string;
+    } | null;
+    openPrUrl: string | null;
+}
+/**
+ * A working branch that's been retired — either the PR was merged or the
+ * branch was deleted on GitHub (or both). Persisted on `local.retiredBranch`
+ * so the create-branch form can surface a "this branch is done — create a
+ * new one" banner pointing back at the closed PR.
+ *
+ * Reasons:
+ *   - `pr-merged`     — PR was merged. Branch may still exist on GitHub
+ *                       (no auto-delete) or may be gone; either way it's
+ *                       functionally retired.
+ *   - `branch-deleted` — Branch ref returns 404. PR (if any) was not
+ *                        merged — most likely a deliberate delete or a
+ *                        closed-without-merge cleanup.
+ */
+interface RetiredBranch {
+    /** Branch name that was retired. */
+    branchName: string;
+    /** Why the branch is retired. */
+    reason: 'pr-merged' | 'branch-deleted';
+    /** ISO timestamp when retirement was detected. */
+    retiredAt: string;
+    /** PR HTML URL if one was opened (kept across retirement so the banner can link it). */
+    prUrl: string | null;
+    /** PR number if known — useful for the banner copy ("PR #42 was merged"). */
+    prNumber: number | null;
+}
+interface SyncSnapshot {
+    lastPulledSnapshot: WorkspaceSynced | null;
+    lastPulledSha: string | null;
+    lastPulledAt: string | null;
+    dirtyKeys: string[];
+}
+
+/**
+ * Stable string key for an `EnvPriorityRef`. Used by the resolver as the
+ * lookup key into the flattened `environments` map (which mixes local and
+ * linked envs under composite keys), and by React lists as the row id.
+ *
+ *   - local: `local:<envName>`
+ *   - linked: `linked:<linkedWorkspaceId>:<envName>`
+ *
+ * The `local:` prefix is intentional even for local envs — having a uniform
+ * shape avoids ambiguity (a local env named `linked:abc:dev` would collide
+ * with a linked env without the prefix). Treat keys as opaque; round-trip
+ * through `parseEnvPriorityKey` rather than parsing inline.
+ */
+declare function envPriorityKey(ref: EnvPriorityRef): string;
+/**
+ * Inverse of `envPriorityKey`. Returns null for unknown shapes — callers
+ * use that to skip stale priority entries (e.g. a linked env that was
+ * unlinked between pulls).
+ */
+declare function parseEnvPriorityKey(key: string): EnvPriorityRef | null;
+/**
+ * Equality on EnvPriorityRef. Used for "is this env in the priority
+ * list?" toggles and for diffing in tests.
+ */
+declare function envPriorityRefEqual(a: EnvPriorityRef, b: EnvPriorityRef): boolean;
+/**
+ * Display name for an env priority entry. Used by sidebar + plan editor.
+ * Linked entries get a "via {linkName}" suffix at render-time — we keep
+ * just the env name here so the caller can format with workspace context.
+ */
+declare function envPriorityDisplayName(ref: EnvPriorityRef): string;
+
+type RequestAuthType = RequestAuth['type'];
+declare function defaultAuthFor<T extends RequestAuthType>(type: T): Extract<RequestAuth, {
+    type: T;
+}>;
+/** Best-effort upgrade of an unknown value into a valid RequestAuth. */
+declare function normalizeAuth(input: unknown): RequestAuth;
+declare const REQUEST_AUTH_TYPES: ReadonlyArray<RequestAuthType>;
+
+/**
+ * Every MCP tool the server exposes. Namespaced by capability area so AI
+ * clients can group them in their UI. Keep in sync with the registry in
+ * `packages/mcp-server/src/tools/registry.ts`.
+ */
+type McpToolName = 'import.curl' | 'import.openapi' | 'import.postman' | 'import.insomnia' | 'import.har' | 'generate.code' | 'workspace.read' | 'workspace.write' | 'request.create' | 'request.read' | 'request.update' | 'request.delete' | 'folder.create' | 'folder.read' | 'folder.update' | 'folder.delete' | 'environment.create' | 'environment.read' | 'environment.update' | 'environment.delete' | 'environment.set_active' | 'environment.set_priority' | 'environment.export' | 'environment.import' | 'plan.create' | 'plan.run' | 'plan.read' | 'plan.update' | 'plan.delete' | 'plan.add_step' | 'plan.remove_step' | 'plan.reorder_steps' | 'plan.set_variables' | 'assertion.create' | 'assertion.read' | 'assertion.update' | 'assertion.delete' | 'history.list_runs' | 'history.get_run' | 'history.delete_run' | 'history.purge_by_age' | 'codebase.extract_collection' | 'prompt.create_environment' | 'prompt.create_assertion' | 'prompt.create_plan' | 'prompt.create_request' | 'prompt.update_request' | 'prompt.create_folder_tree' | 'prompt.add_plan_steps' | 'prompt.set_plan_variables' | 'prompt.create_mock_server' | 'prompt.add_mock_endpoint' | 'prompt.set_endpoint_validation_rules' | 'prompt.set_endpoint_response_rules' | 'prompt.set_endpoint_multipliers' | 'mock.create_from_openapi' | 'mock.create_from_postman' | 'mock.create_from_insomnia' | 'mock.create_manual' | 'mock.list' | 'mock.list_endpoints' | 'mock.start' | 'mock.stop' | 'mock.delete' | 'mock.add_endpoint' | 'mock.update_endpoint' | 'mock.delete_endpoint' | 'mock.set_validation_rules' | 'mock.set_response_rules' | 'mock.set_multipliers' | 'mock.import_postman_mock_collection';
+interface McpError {
+    code: 'invalid_input' | 'not_found' | 'conflict' | 'unsupported' | 'internal';
+    message: string;
+    details?: unknown;
+}
+/** Helper: full enumeration of tool names — useful for the docs / config UIs. */
+declare const MCP_TOOL_NAMES: ReadonlyArray<McpToolName>;
+
+export { type Assertion, type AttachmentRef, type AwsSigV4Auth, type BodyType, type ConnectedRepo, type ContextExtraction, DEFAULT_WORKSPACE_NAME, type DigestAuth, type EnvPriorityRef, type Environment, type EnvironmentVariable, type EnvironmentVariableOverride, type ExecutionPlan, FONT_SIZE_PERCENT_DEFAULT, FONT_SIZE_PERCENT_MAX, FONT_SIZE_PERCENT_MIN, FONT_SIZE_PERCENT_STEP, type Folder, type FolderNode, type FontFamilyId, type FormDataRow, type GitHubSession, type GlobalGraphQL, type GlobalSchema, type HawkAuth, type HttpMethod, type JwtBearerAuth, type LinkedSnapshot, type LinkedWorkspace, MCP_TOOL_NAMES, type McpError, type McpToolName, type MockConditionClause, type MockConditionOp, type MockConditionScope, type MockEndpoint, type MockMultiplierSource, type MockMultiplierSourceKind, type MockParamDef, type MockRequestSchema, type MockResponseBody, type MockResponseBodyType, type MockResponseConfig, type MockResponseMultiplier, type MockResponseRule, type MockRuntime, type MockRuntimeEntry, type MockServer, type MockServerSource, type MockValidationKind, type MockValidationRule, type NtlmAuth, type OAuth2AuthCodeAuth, type OAuth2ClientCredentialsAuth, type OAuth2DeviceAuth, type OAuth2ImplicitAuth, type OAuth2PasswordAuth, type OAuth2PkceAuth, type OAuth2TokenState, type PanelId, type PlanRun, REQUEST_AUTH_TYPES, RUN_BODY_PREVIEW_LIMIT, type ReleaseHistory, type ReleaseVersion, type Request, type RequestAuth, type RequestAuthType, type RequestBody, type RequestOverride, type RequestOverridePatch, type RequestRun, type RetiredBranch, type SecretCryptoMeta, type SecretEntry, type SecretIndex, type SecretKeyMeta, type SecretUsage, type SyncSnapshot, type ThemeId, type ValidationResult, type WorkingBranch, type WorkspaceLocal, type WorkspaceSnapshot, type WorkspaceSnapshotLedger, type WorkspaceSnapshotTrigger, type WorkspaceSynced, coerceMockResponseBodyTypeForStatus, defaultAuthFor, envPriorityDisplayName, envPriorityKey, envPriorityRefEqual, formatBytes, generateId, getAllowedMockResponseBodyTypes, makeDefaultMockResponse, makeDefaultMockResponseBody, makeDefaultRequestSchema, normalizeAuth, parseEnvPriorityKey, safeExternalHref, utf8ByteLength, validateAwsRegion, validateEnvVarName, validateHttpHeaderName, validateJsonPath, validateJsonString, validateMockPath, validatePRTitle, validatePlanName, validatePositiveDuration, validateRegex, validateUrl };