@capgo/cli 7.98.1 → 7.99.0

package/dist/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@capgo/cli",
   "type": "module",
-  "version": "7.98.1",
+  "version": "7.99.0",
   "description": "A CLI to upload to capgo servers",
   "author": "Martin martin@capgo.app",
   "license": "Apache 2.0",

package/dist/src/build/onboarding/android/gcp-api.d.ts

@@ -0,0 +1,128 @@
+export declare const ANDROIDPUBLISHER_API = "androidpublisher.googleapis.com";
+export declare const DEFAULT_SERVICE_ACCOUNT_ID = "capgo-native-build";
+export declare const DEFAULT_SERVICE_ACCOUNT_DISPLAY_NAME = "Capgo Native Build";
+export declare const DEFAULT_SERVICE_ACCOUNT_DESCRIPTION = "Allows Capgo to build and submit the app to the Google Play Store";
+export interface GcpProject {
+    projectId: string;
+    projectNumber: string;
+    name: string;
+    lifecycleState: 'ACTIVE' | 'DELETE_REQUESTED' | 'DELETE_IN_PROGRESS' | string;
+}
+export interface GcpServiceAccount {
+    name: string;
+    email: string;
+    projectId: string;
+    uniqueId: string;
+    displayName?: string;
+}
+export interface GcpServiceAccountKey {
+    /** Full resource name — e.g. `projects/{p}/serviceAccounts/{sa}/keys/{keyId}`. */
+    name: string;
+    /** Base64-encoded JSON key file — decode with `Buffer.from(..., 'base64')`. */
+    privateKeyDataBase64: string;
+}
+interface GcpOperation {
+    name: string;
+    done?: boolean;
+    error?: {
+        code: number;
+        message: string;
+        details?: unknown;
+    };
+    response?: Record<string, unknown>;
+}
+/**
+ * List GCP projects the user has access to. Only ACTIVE projects are returned
+ * (pending-deletion projects are filtered out).
+ */
+export declare function listProjects(accessToken: string): Promise<GcpProject[]>;
+/**
+ * Create a GCP project and wait for the operation to finish.
+ *
+ * Google enforces:
+ *  - projectId: 6–30 chars, lowercase letters / digits / hyphens, start with
+ *    a letter, globally unique across all GCP
+ *  - name: ≤30 chars
+ */
+export declare function createProject(accessToken: string, projectId: string, displayName: string, options?: {
+    timeoutMs?: number;
+}): Promise<GcpProject>;
+/**
+ * Enable an API on a project (idempotent — no-op if already enabled).
+ */
+export declare function enableService(accessToken: string, projectId: string, serviceName: string, options?: {
+    timeoutMs?: number;
+}): Promise<void>;
+/** List all service accounts in a project. */
+export declare function listServiceAccounts(accessToken: string, projectId: string): Promise<GcpServiceAccount[]>;
+/** Create a service account. accountId must match `[a-z]([-a-z0-9]*[a-z0-9])` and be 6–30 chars. */
+export declare function createServiceAccount(args: {
+    accessToken: string;
+    projectId: string;
+    accountId: string;
+    displayName?: string;
+    description?: string;
+}): Promise<GcpServiceAccount>;
+/**
+ * Find an existing service account by email, or create it.
+ * Idempotent convenience used during onboarding so re-runs don't error out on
+ * "already exists".
+ */
+export declare function ensureServiceAccount(args: {
+    accessToken: string;
+    projectId: string;
+    accountId: string;
+    displayName?: string;
+    description?: string;
+}): Promise<{
+    account: GcpServiceAccount;
+    created: boolean;
+}>;
+/**
+ * Create a new JSON key for a service account. The response contains the only
+ * copy of the private key material — store it immediately. Google cannot
+ * retrieve the key later.
+ */
+export declare function createServiceAccountKey(args: {
+    accessToken: string;
+    projectId: string;
+    serviceAccountEmail: string;
+}): Promise<GcpServiceAccountKey>;
+interface PollOperationOptions {
+    endpoint: string;
+    timeoutMs: number;
+}
+/**
+ * Poll a Google long-running Operation until `done: true` or the timeout
+ * elapses. Different Google APIs host `operations.get` at different base URLs;
+ * callers pass the endpoint used for the originating call.
+ */
+export declare function pollOperation(accessToken: string, operationName: string, options: PollOperationOptions): Promise<GcpOperation>;
+/**
+ * Normalize a user-supplied or generated string into a valid GCP project
+ * `displayName`. Google's rules (Cloud Resource Manager v1):
+ *
+ *  - 4–30 characters
+ *  - allowed chars: letters, digits, space, hyphen (`-`), apostrophe (`'`),
+ *    exclamation (`!`), period (`.`)
+ *  - must start and end with a letter or digit
+ *
+ * We strip any disallowed character (including em-dashes — which break the
+ * CLI's placeholder string literals if not handled here), collapse runs of
+ * whitespace, and trim the ends. Falls back to `"Capgo Build"` when the
+ * sanitized result would be shorter than 4 chars.
+ */
+export declare function sanitizeGcpProjectDisplayName(input: string): string;
+/**
+ * Generate a candidate GCP project ID for Capgo onboarding.
+ *
+ * Rules:
+ *  - 6–30 chars
+ *  - lowercase letters, digits, hyphens
+ *  - must start with a letter, must not end with a hyphen
+ *  - globally unique (caller should retry on 409 with a fresh random suffix)
+ *
+ * We keep the slug short and append a random tail so collisions are rare.
+ */
+export declare function generateProjectId(appId: string): string;
+export {};

package/dist/src/build/onboarding/android/gradle-parser.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Extract every `applicationId` string literal in a Gradle file.
+ *
+ * Handles:
+ *   - Groovy:  applicationId "com.example.app"
+ *   - Kotlin:  applicationId = "com.example.app"
+ *   - Single quotes, extra whitespace, indented defaultConfig / flavor blocks
+ *
+ * Ignores:
+ *   - `applicationIdSuffix` (not a real package — it's a suffix fragment)
+ */
+export declare function extractApplicationIds(gradleContent: string): string[];
+/**
+ * Look at the usual Gradle locations under `{androidDir}/app/` and return every
+ * distinct `applicationId` found. Empty list if nothing is configured locally
+ * (e.g. the user hasn't run `npx cap add android` yet or we're pointed at the
+ * wrong directory).
+ */
+export declare function findAndroidApplicationIds(androidDir: string, workingDir?: string): Promise<string[]>;

package/dist/src/build/onboarding/android/keystore.d.ts

@@ -0,0 +1,77 @@
+import { Buffer } from 'node:buffer';
+export interface KeystoreDname {
+    commonName: string;
+    organizationName?: string;
+    countryCode?: string;
+}
+export interface KeystoreOptions {
+    alias: string;
+    storePassword: string;
+    keyPassword: string;
+    dname: KeystoreDname;
+    /** Default: 27 years (~10000 days, Android Play standard) */
+    validityYears?: number;
+    /** Default: 2048-bit RSA */
+    keySize?: number;
+}
+export interface KeystoreResult {
+    p12Base64: string;
+    p12Bytes: Buffer;
+    alias: string;
+    notAfter: Date;
+}
+/**
+ * Generate a URL-safe random password suitable for Android keystore use.
+ * 24 bytes → 32-char base64url string. Collision-resistant, never written in logs.
+ */
+export declare function generateRandomPassword(): string;
+/**
+ * Generate a PKCS#12 (.p12) keystore with a self-signed certificate.
+ *
+ * Key decisions:
+ * - 3DES encryption for Gradle/keytool compatibility (same as iOS csr.ts).
+ * - 27-year validity — Google Play requires keys to outlive all future app updates.
+ * - 2048-bit RSA — standard for Android app signing.
+ * - Subject/issuer identical (self-signed).
+ *
+ * Throws if alias or passwords are empty.
+ */
+export declare function generateKeystore(options: KeystoreOptions): KeystoreResult;
+export type ProbeKeyPasswordResult = {
+    ok: true;
+} | {
+    ok: false;
+    reason: 'wrong-password' | 'unsupported-format' | 'parse-error' | 'no-private-key';
+    message: string;
+};
+/**
+ * Check whether the given password can both unlock a PKCS#12 keystore AND
+ * decrypt the private key inside it.
+ *
+ * Useful for the "skip the key-password prompt if it's the same as the store
+ * password" UX path: in practice most PKCS#12 keystores use a single password
+ * for both the integrity MAC and the encrypted private-key bag. If this
+ * returns `ok: true`, the CLI can use the store password as the key password
+ * without asking the user.
+ *
+ * Returns `unsupported-format` for JKS (node-forge can't parse it) — caller
+ * should fall back to prompting.
+ */
+export declare function tryUnlockPrivateKey(bytes: Uint8Array, password: string): ProbeKeyPasswordResult;
+export type ListAliasesResult = {
+    ok: true;
+    aliases: string[];
+} | {
+    ok: false;
+    reason: 'wrong-password' | 'unsupported-format' | 'parse-error';
+    message: string;
+};
+/**
+ * Extract key aliases (PKCS#12 `friendlyName` attributes) from a keystore file.
+ *
+ * Works for PKCS#12 (.p12, .pfx) keystores. JKS (Java KeyStore — common for
+ * .jks / .keystore files created by `keytool`) is NOT PKCS#12 and cannot be
+ * parsed by node-forge; callers should treat `unsupported-format` as "ask the
+ * user for the alias manually".
+ */
+export declare function listKeystoreAliases(bytes: Uint8Array, password: string): ListAliasesResult;

package/dist/src/build/onboarding/android/oauth-config.d.ts

@@ -0,0 +1,24 @@
+/**
+ * YouTube tutorial explaining how to find a Google Play Console Developer
+ * account ID — shown as an option on the "paste your developer ID" step.
+ */
+export declare const PLAY_DEV_ID_TUTORIAL_URL = "https://www.youtube.com/watch?v=Y1_Ngj8hHLU";
+export interface CapgoOAuthClientConfig {
+    clientId: string;
+    clientSecret: string;
+    /**
+     * Scopes the backend tells the CLI to request. Always at least
+     * `https://www.googleapis.com/auth/androidpublisher`.
+     */
+    scopes: string[];
+}
+/**
+ * Fetch Capgo's Google OAuth client config from the backend.
+ *
+ * Returns the config when the backend has both `GOOGLE_OAUTH_CLIENT_ID` and
+ * `GOOGLE_OAUTH_CLIENT_SECRET` set (the `enabled: true` branch). Returns null
+ * if Google OAuth is not configured server-side — callers should treat that
+ * as "Android OAuth onboarding is not available, ask the user to use the
+ * manual flow from the docs".
+ */
+export declare function fetchCapgoOAuthConfig(): Promise<CapgoOAuthClientConfig | null>;

package/dist/src/build/onboarding/android/oauth-google.d.ts

@@ -0,0 +1,134 @@
+export declare const GOOGLE_OAUTH_SCOPES_ANDROIDPUBLISHER: readonly ["openid", "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/androidpublisher"];
+export interface GoogleOAuthConfig {
+    clientId: string;
+    /**
+     * Desktop clients receive a "secret" from the Console that isn't truly
+     * confidential; pass it when available — Google accepts the token exchange
+     * with or without it as long as PKCE is used.
+     */
+    clientSecret?: string;
+    scopes: readonly string[];
+    /** Extra params to include on the auth URL (e.g. `login_hint`, `prompt`). */
+    extraAuthParams?: Record<string, string>;
+}
+export interface GoogleOAuthTokens {
+    accessToken: string;
+    refreshToken?: string;
+    /**
+     * Unix epoch in milliseconds — the wall-clock time the access token stops
+     * being accepted. Callers should refresh before this.
+     */
+    expiresAt: number;
+    idToken?: string;
+    scope: string;
+    tokenType: string;
+}
+export interface GoogleUserInfo {
+    sub: string;
+    email: string;
+    emailVerified: boolean;
+    name?: string;
+    picture?: string;
+}
+export interface RunOAuthFlowOptions {
+    /**
+     * Called once with the authorization URL right before we open it. Useful
+     * for logging the URL in case `open()` fails.
+     */
+    onAuthUrl?: (url: string) => void;
+    /** Called with user-visible status updates while we wait for the redirect. */
+    onStatus?: (message: string) => void;
+    /** Overall deadline for the whole flow. Defaults to 5 minutes. */
+    timeoutMs?: number;
+    /** Abort the flow early — useful for React cleanup. */
+    signal?: AbortSignal;
+}
+export interface PkcePair {
+    verifier: string;
+    challenge: string;
+    method: 'S256';
+}
+/**
+ * Generate a PKCE verifier (43–128 chars of unreserved URL chars) and its
+ * SHA-256 challenge. The verifier must be held until the token exchange.
+ */
+export declare function generatePkcePair(): PkcePair;
+export declare function generateState(): string;
+export declare function buildAuthUrl(args: {
+    clientId: string;
+    redirectUri: string;
+    scopes: readonly string[];
+    state: string;
+    codeChallenge: string;
+    extra?: Record<string, string>;
+}): string;
+interface RawTokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_token?: string;
+    scope: string;
+    token_type: string;
+    id_token?: string;
+}
+export declare function parseTokenResponse(raw: RawTokenResponse, now?: number): GoogleOAuthTokens;
+/** Exchange an authorization code + PKCE verifier for tokens. */
+export declare function exchangeAuthCode(args: {
+    config: GoogleOAuthConfig;
+    code: string;
+    codeVerifier: string;
+    redirectUri: string;
+}): Promise<GoogleOAuthTokens>;
+/**
+ * Use a stored refresh token to mint a new access token. Refresh tokens may be
+ * revoked by the user at any time; callers should surface a clean re-auth
+ * prompt if this throws.
+ */
+export declare function refreshAccessToken(config: GoogleOAuthConfig, refreshToken: string): Promise<GoogleOAuthTokens>;
+/** Fetch the signed-in user's email and subject (stable Google ID). */
+export declare function fetchUserInfo(accessToken: string): Promise<GoogleUserInfo>;
+/**
+ * Revoke a Google OAuth token. Accepts either an access or refresh token —
+ * revoking a refresh token also invalidates any access tokens minted from it.
+ */
+export declare function revokeToken(token: string): Promise<void>;
+/**
+ * Error thrown by runOAuthFlow when the user approves the consent screen but
+ * deselects one or more requested scopes. The CLI catches this specifically
+ * to route the user back to a "please grant all permissions" re-sign-in step
+ * instead of failing several phases later with confusing API errors.
+ */
+export declare class MissingScopesError extends Error {
+    readonly missing: readonly string[];
+    readonly granted: string;
+    constructor(missing: readonly string[], granted: string);
+}
+/**
+ * Compare a space-separated `scope` string from a token response against the
+ * scopes the CLI requested. Returns the subset of requested scopes that the
+ * user did not grant.
+ *
+ * Google's tokeninfo response uses a space-separated, unordered list — the
+ * order in `requestedScopes` is not preserved. Empty strings are filtered out.
+ */
+export declare function findMissingScopes(grantedScope: string, requestedScopes: readonly string[]): string[];
+export interface LoopbackCallbackResult {
+    /** Authorization code Google returned in the query string. */
+    code: string;
+    /**
+     * Finishes the browser response with the given HTML. Call this AFTER doing
+     * the token exchange and scope validation so the user sees a result that
+     * reflects the post-exchange state (e.g. "missing permissions") rather than
+     * a generic "you can close this tab" page that's stale by the time it
+     * matters. Idempotent — second call is a no-op.
+     */
+    finishResponse: (html: string, statusCode?: number) => void;
+}
+/**
+ * Run the full browser-based OAuth flow and return tokens.
+ *
+ * Side effects:
+ *  - Opens a browser window at Google's consent screen.
+ *  - Starts (and later stops) a loopback HTTP server on 127.0.0.1.
+ */
+export declare function runOAuthFlow(config: GoogleOAuthConfig, options?: RunOAuthFlowOptions): Promise<GoogleOAuthTokens>;
+export {};

package/dist/src/build/onboarding/android/play-api.d.ts

@@ -0,0 +1,91 @@
+/**
+ * The Play Developer API v3 has no public endpoint to enumerate the developer
+ * accounts a user can access. The caller must supply a developer account ID —
+ * the 16–20-digit number visible in the Play Console URL
+ * (`play.google.com/console/u/0/developers/{developerId}/...`).
+ */
+export declare const PLAY_DEVELOPERS_URL = "https://play.google.com/console/u/0/developers/";
+/** 10–25 digit numeric Play Console developer ID. */
+export declare function isLikelyDeveloperId(value: string): boolean;
+/**
+ * Normalize whatever the user pasted into a numeric developer ID.
+ *
+ * Accepts:
+ *  - Raw numeric ID:           `1234567890123456789`
+ *  - Full Play Console URL:    `https://play.google.com/console/u/0/developers/1234567890123456789/api-access`
+ *  - URL without account prefix: `https://play.google.com/console/developers/1234567890123456789`
+ *  - URLs wrapped in quotes or with surrounding whitespace
+ *
+ * Returns the extracted ID or null if nothing usable was found.
+ */
+export declare function extractDeveloperId(input: string): string | null;
+export interface PlayInvitedUser {
+    name: string;
+    email: string;
+    accessState?: string;
+    developerAccountPermissions?: string[];
+}
+/**
+ * Permissions granted to the Capgo service account.
+ *
+ * Play Developer API v3 splits permissions into two enums:
+ *  - `DeveloperLevelPermission` — account-wide, all values end in `_GLOBAL`
+ *  - `AppLevelPermission` — per-package, granted via `User.grants[]`
+ *
+ * References (authoritative — fetched 2026-04):
+ *  - https://developers.google.com/android-publisher/api-ref/rest/v3/users
+ *  - https://developers.google.com/android-publisher/api-ref/rest/v3/grants
+ *
+ * We grant the minimum needed for fastlane's `supply` to upload an AAB and
+ * roll out a release on the app the user is onboarding.
+ */
+/**
+ * Developer-account-level permission. `CAN_MANAGE_DRAFT_APPS_GLOBAL` lets the
+ * SA see draft apps on this developer account — kept minimal so we don't ask
+ * for financial data or order management access.
+ */
+export declare const CAPGO_SA_DEVELOPER_PERMISSIONS: readonly ["CAN_MANAGE_DRAFT_APPS_GLOBAL"];
+/**
+ * App-level permissions granted via `User.grants[].appLevelPermissions[]`.
+ *
+ *  - `CAN_ACCESS_APP`         — baseline read access to the app
+ *  - `CAN_MANAGE_DRAFT_APPS`  — edit the app's draft state
+ *  - `CAN_MANAGE_TRACK_APKS`  — upload APKs/AABs to testing tracks
+ *                               (internal / alpha / beta)
+ *  - `CAN_MANAGE_PUBLIC_APKS` — upload APKs/AABs to the production track
+ *                               and create/roll out production releases
+ */
+export declare const CAPGO_SA_APP_PERMISSIONS: readonly ["CAN_ACCESS_APP", "CAN_MANAGE_DRAFT_APPS", "CAN_MANAGE_TRACK_APKS", "CAN_MANAGE_PUBLIC_APKS"];
+/**
+ * Invite a service account into a Play Console developer account.
+ *
+ * The signed-in OAuth user MUST be an Admin on the developer account — Play
+ * returns 403 otherwise.
+ *
+ * Body shape follows the `User` resource:
+ * {
+ *   email: "...",
+ *   developerAccountPermissions: [ <DeveloperLevelPermission> ],
+ *   grants: [
+ *     { packageName: "com.example.app", permissions: [ <AppLevelPermission> ] }
+ *   ]
+ * }
+ *
+ * `developerAccountPermissions` is optional but we always send at least one
+ * value so the SA shows up in the Play Console Users & permissions list.
+ */
+export declare function inviteServiceAccount(args: {
+    accessToken: string;
+    developerId: string;
+    serviceAccountEmail: string;
+    /** DeveloperLevelPermission values — see CAPGO_SA_DEVELOPER_PERMISSIONS. */
+    developerAccountPermissions?: readonly string[];
+    /**
+     * Per-package grants. Each grant pins AppLevelPermission values to a
+     * specific `packageName`. The Capacitor app ID is usually the only entry.
+     */
+    grants?: ReadonlyArray<{
+        packageName: string;
+        permissions: readonly string[];
+    }>;
+}): Promise<PlayInvitedUser>;

package/dist/src/build/onboarding/android/progress.d.ts

@@ -0,0 +1,21 @@
+import type { AndroidOnboardingProgress, AndroidOnboardingStep } from './types.js';
+export declare function loadAndroidProgress(appId: string, baseDir?: string): Promise<AndroidOnboardingProgress | null>;
+export declare function saveAndroidProgress(appId: string, progress: AndroidOnboardingProgress, baseDir?: string): Promise<void>;
+export declare function deleteAndroidProgress(appId: string, baseDir?: string): Promise<void>;
+/**
+ * Determine the first incomplete step for the Android flow.
+ *
+ * Each phase is validated by checking both:
+ *   1. The `completedSteps.<phase>` marker (atomic write to a single field)
+ *   2. The ephemeral fields the marker depends on (separate top-level writes
+ *      that can race against each other and against the marker)
+ *
+ * If a marker is present but the ephemeral data is missing, the phase is
+ * treated as incomplete — the user is routed back to the input step that
+ * collects the missing field, never further forward.
+ *
+ * This is the contract that makes the state machine self-healing: any
+ * inconsistent state on disk lands the user on a working input step instead
+ * of crashing several phases later.
+ */
+export declare function getAndroidResumeStep(progress: AndroidOnboardingProgress | null): AndroidOnboardingStep;

package/dist/src/build/onboarding/android/types.d.ts

@@ -0,0 +1,66 @@
+export type AndroidOnboardingStep = 'welcome' | 'credentials-exist' | 'backing-up' | 'no-platform' | 'keystore-method-select' | 'keystore-explainer' | 'keystore-existing-path' | 'keystore-existing-picker' | 'keystore-existing-store-password' | 'keystore-existing-detecting-alias' | 'keystore-existing-alias-select' | 'keystore-existing-alias' | 'keystore-existing-key-password' | 'keystore-new-alias' | 'keystore-new-password-method' | 'keystore-new-store-password' | 'keystore-new-key-password' | 'keystore-new-cn' | 'keystore-generating' | 'google-sign-in' | 'google-sign-in-running' | 'play-developer-id-input' | 'gcp-projects-loading' | 'gcp-projects-select' | 'gcp-project-create-name' | 'android-package-select' | 'gcp-setup-running' | 'saving-credentials' | 'ask-build' | 'requesting-build' | 'build-complete' | 'error';
+export type KeystoreMethod = 'existing' | 'generate';
+export interface KeystoreReady {
+    keystorePath: string;
+    alias: string;
+    isGenerated: boolean;
+}
+export interface GoogleSignInComplete {
+    email: string;
+    googleSubject: string;
+    scope: string;
+}
+export interface PlayDeveloperAccountChoice {
+    developerId: string;
+    displayName?: string;
+}
+export interface GcpProjectChoice {
+    projectId: string;
+    projectNumber?: string;
+    displayName: string;
+    /** Whether this onboarding run created the project (vs. reusing an existing one). */
+    createdByOnboarding: boolean;
+}
+export interface ServiceAccountProvisioned {
+    email: string;
+    projectId: string;
+    uniqueId?: string;
+}
+export interface PlayInviteProvisioned {
+    developerId: string;
+    serviceAccountEmail: string;
+}
+export interface AndroidPackageChoice {
+    /** The Android applicationId that Play Console uses for this app. */
+    packageName: string;
+    /** How we picked it — useful for telemetry / resume clarity. */
+    source: 'gradle' | 'capacitor-config' | 'user-input';
+}
+export interface AndroidOnboardingProgress {
+    platform: 'android';
+    appId: string;
+    startedAt: string;
+    keystoreMethod?: KeystoreMethod;
+    keystoreExistingPath?: string;
+    keystoreAlias?: string;
+    keystoreStorePassword?: string;
+    keystoreKeyPassword?: string;
+    keystoreCommonName?: string;
+    pendingNewProjectId?: string;
+    pendingNewProjectDisplayName?: string;
+    completedSteps: {
+        keystoreReady?: KeystoreReady;
+        googleSignInComplete?: GoogleSignInComplete;
+        playAccountChosen?: PlayDeveloperAccountChoice;
+        gcpProjectChosen?: GcpProjectChoice;
+        androidPackageChosen?: AndroidPackageChoice;
+        serviceAccountProvisioned?: ServiceAccountProvisioned;
+        playInviteProvisioned?: PlayInviteProvisioned;
+    };
+    _oauthRefreshToken?: string;
+    _keystoreBase64?: string;
+    /** Base64 of the downloaded SA JSON key — saved as PLAY_CONFIG_JSON at end. */
+    _serviceAccountKeyBase64?: string;
+}
+export declare const ANDROID_STEP_PROGRESS: Record<AndroidOnboardingStep, number>;
+export declare function getAndroidPhaseLabel(step: AndroidOnboardingStep): string;

package/dist/src/build/onboarding/android/ui/app.d.ts

@@ -0,0 +1,11 @@
+import type { FC } from 'react';
+import type { AndroidOnboardingProgress } from '../types.js';
+interface AppProps {
+    appId: string;
+    initialProgress: AndroidOnboardingProgress | null;
+    androidDir: string;
+    /** Optional Capgo API key passed via -a/--apikey flag; takes precedence over saved key. */
+    apikey?: string;
+}
+declare const AndroidOnboardingApp: FC<AppProps>;
+export default AndroidOnboardingApp;

package/dist/src/build/onboarding/command.d.ts

@@ -1,4 +1,5 @@
 export interface OnboardingBuilderOptions {
     apikey?: string;
+    platform?: string;
 }
 export declare function onboardingBuilderCommand(options?: OnboardingBuilderOptions): Promise<void>;

package/dist/src/build/onboarding/file-picker.d.ts

@@ -9,3 +9,8 @@ export declare function canUseFilePicker(): boolean;
  */
 export declare function openFilePicker(): Promise<string | null>;
 export declare function openPackageJsonPicker(): Promise<string | null>;
+/**
+ * Open the macOS native file picker filtered to Android keystore files.
+ * Accepts .jks, .keystore, and .p12 extensions.
+ */
+export declare function openKeystorePicker(): Promise<string | null>;

package/dist/src/build/onboarding/ui/components.d.ts

@@ -20,6 +20,7 @@ export declare const ErrorLine: FC<{
 export declare const FilteredTextInput: FC<{
     placeholder?: string;
     filter?: string;
+    mask?: boolean;
     onSubmit: (value: string) => void;
 }>;
 export declare const Header: FC;