@capgo/cli 8.0.0-alpha.5 → 8.0.0

package/dist/src/build/onboarding/file-picker.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Returns true if we're on macOS and can use the native file picker.
+ */
+export declare function canUseFilePicker(): boolean;
+/**
+ * Open the macOS native file picker dialog filtered to .p8 files.
+ * Returns the selected file path, or null if the user cancelled.
+ * Non-blocking — uses async execFile so Ink spinners keep animating.
+ */
+export declare function openFilePicker(): Promise<string | null>;
+export declare function openPackageJsonPicker(): Promise<string | null>;
+export interface SaveFilePickerOptions {
+    prompt: string;
+    defaultName?: string;
+    defaultLocation?: string;
+}
+/**
+ * Open the macOS native "Save As…" dialog. Returns the chosen path, or null if
+ * the user cancelled. macOS prompts for overwrite confirmation natively, so
+ * callers do not need to re-confirm.
+ */
+export declare function openSaveFilePicker(opts: SaveFilePickerOptions): Promise<string | null>;
+/**
+ * Open the macOS native file picker filtered to Android keystore files.
+ * Accepts .jks, .keystore, and .p12 extensions.
+ */
+export declare function openKeystorePicker(): Promise<string | null>;
+/**
+ * Open the macOS native file picker filtered to .mobileprovision files.
+ * Returns the selected path, or null if the user cancelled.
+ *
+ * Used by the no-match-recovery "Use a .mobileprovision file from disk"
+ * option — covers users who have a profile downloaded somewhere outside
+ * Xcode's standard provisioning-profile directories (e.g. a downloads
+ * folder, an artifact from another machine, a shared team archive).
+ */
+export declare function openMobileprovisionPicker(): Promise<string | null>;
+/**
+ * Open the macOS native file picker filtered to Google Play service account
+ * JSON files. Used by the Android onboarding "import existing SA" path.
+ *
+ * Uses the official `public.json` Uniform Type Identifier rather than the raw
+ * `"json"` extension hint — AppleScript treats unrecognized strings as 4-char
+ * OSType codes, and the legacy OSType code for `"json"` does not match real
+ * `.json` files, which makes the dialog grey them all out.
+ */
+export declare function openServiceAccountJsonPicker(): Promise<string | null>;

package/dist/src/build/onboarding/macos-signing.d.ts

@@ -0,0 +1,190 @@
+import type { MobileprovisionDetail } from '../mobileprovision-parser.js';
+/** Standard locations Xcode writes provisioning profiles into. */
+export declare const PROVISIONING_PROFILE_DIRS: readonly ["Library/Developer/Xcode/UserData/Provisioning Profiles", "Library/MobileDevice/Provisioning Profiles"];
+export type IdentityType = 'distribution' | 'development' | 'unknown';
+export interface SigningIdentity {
+    /** SHA1 hash of the certificate, lowercase 40-char hex */
+    sha1: string;
+    /** Full identity string from `security find-identity` (e.g. "Apple Distribution: Acme Corp (XYZ123ABCD)") */
+    name: string;
+    /** Best-effort classification from the name prefix */
+    type: IdentityType;
+    /** Human-readable team name extracted from the identity string */
+    teamName: string;
+    /** Apple Team ID (10-char alphanumeric) extracted from the identity string */
+    teamId: string;
+}
+export interface DiscoveredProfile extends MobileprovisionDetail {
+    /** Absolute path to the .mobileprovision file */
+    path: string;
+}
+export interface IdentityProfileMatch {
+    identity: SigningIdentity;
+    /** Profiles whose embedded developer certs include this identity's SHA1 */
+    profiles: DiscoveredProfile[];
+}
+export interface ExportedP12 {
+    /** Base64-encoded PKCS#12 blob containing the chosen identity's cert + private key */
+    base64: string;
+    /** Auto-generated passphrase used to wrap the export */
+    passphrase: string;
+}
+export declare class MacOSSigningError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}
+export declare class NotMacOSError extends MacOSSigningError {
+    constructor();
+}
+/** Returns `true` when running on macOS (Darwin). */
+export declare function isMacOS(): boolean;
+/**
+ * Run a subprocess and capture stdout/stderr/exit-code.
+ *
+ * Public so tests can inject a fake runner via the optional argument on
+ * higher-level functions. Not intended for downstream callers.
+ */
+export interface SecurityRunResult {
+    stdout: string;
+    stderr: string;
+    code: number | null;
+}
+export type SecurityRunner = (args: readonly string[]) => Promise<SecurityRunResult>;
+/**
+ * Parse the human-readable output of `security find-identity -v -p codesigning`.
+ * Each line looks like:
+ *   `  1) <SHA1> "Apple Distribution: Acme Corp (XYZ123ABCD)"`
+ *
+ * Exported so unit tests can verify parsing without spawning a subprocess.
+ */
+export declare function parseFindIdentityOutput(stdout: string): SigningIdentity[];
+/**
+ * List all code-signing identities visible in the user's default Keychain.
+ * Read-only — does NOT trigger any Keychain access prompt.
+ *
+ * @param runner Optional injection point for testing. Pass a fake to avoid
+ *               spawning the real `/usr/bin/security` binary.
+ */
+export declare function listSigningIdentities(runner?: SecurityRunner): Promise<SigningIdentity[]>;
+/**
+ * Scan all standard Xcode provisioning-profile directories under the user's
+ * home and return parsed metadata for every readable `.mobileprovision`.
+ *
+ * Read-only — pure filesystem reads, no Keychain interaction.
+ *
+ * Files that fail to parse are silently skipped (a teammate's malformed
+ * profile shouldn't break the whole listing).
+ *
+ * @param homeDirOverride Optional override for HOME, used in tests.
+ */
+export declare function scanProvisioningProfiles(homeDirOverride?: string): Promise<DiscoveredProfile[]>;
+/**
+ * Given a list of identities and profiles, return one match entry per
+ * identity, populated with profiles whose embedded developer certs include
+ * that identity's SHA1.
+ *
+ * Pure function — no I/O.
+ */
+export declare function matchIdentitiesToProfiles(identities: readonly SigningIdentity[], profiles: readonly DiscoveredProfile[]): IdentityProfileMatch[];
+/**
+ * Compare a provisioning profile's bundle id against the app's concrete bundle
+ * id, honoring Apple's wildcard syntax. The mobileprovision parser leaves the
+ * asterisk in place after stripping the team-id prefix, so a wildcard profile
+ * arrives here as either the bare `*` (matches everything the team owns) or a
+ * suffix wildcard like `com.example.*` (matches `com.example.<anything>`).
+ *
+ * Exported so the file-picker validation in the Ink UI can reuse the same
+ * matching rule as `filterProfilesForApp` — otherwise a wildcard
+ * `.mobileprovision` picked manually would be hard-rejected even though the
+ * underlying profile is valid for the current app.
+ */
+export declare function bundleIdMatches(profileBundleId: string, appId: string): boolean;
+/**
+ * Filter profiles that are actually usable for a given Capacitor app + iOS
+ * distribution mode. Used by the import-existing flow to detect dead-end
+ * situations where an identity has profiles for a different app or the wrong
+ * distribution mode — in which case the no-match-recovery menu can offer
+ * "fetch / create via Apple" instead of dropping the user at an empty picker.
+ *
+ * `importDistribution` is null/undefined when the user hasn't picked yet —
+ * in that case any profileType is accepted.
+ *
+ * Bundle-id comparison goes through {@link bundleIdMatches} so wildcard
+ * profiles (the norm for ad_hoc/enterprise teams that share one profile
+ * across many apps) are accepted alongside literal-equality matches. Apple
+ * never issues wildcard `app_store` profiles in practice, so when the caller
+ * pins `importDistribution = 'app_store'` the conjunction naturally drops
+ * any ad_hoc/enterprise wildcards that happen to be installed.
+ */
+export declare function filterProfilesForApp(profiles: readonly DiscoveredProfile[], appId: string, importDistribution: 'app_store' | 'ad_hoc' | null | undefined): DiscoveredProfile[];
+/**
+ * Generate a cryptographically random passphrase suitable for wrapping the
+ * exported PKCS#12. 32 bytes of entropy → 64-char hex string.
+ */
+export declare function generateP12Passphrase(): string;
+/**
+ * Output shape from the Swift helper's stdout — always emitted as one line of
+ * JSON regardless of success or failure. See keychain-export.swift for the
+ * source of truth.
+ */
+interface SwiftHelperResult {
+    ok: boolean;
+    p12Path?: string;
+    p12SizeBytes?: number;
+    identityName?: string;
+    errorCode?: 'INVALID_ARGS' | 'NO_IDENTITY' | 'USER_DENIED' | 'EXPORT_FAILED' | 'WRITE_FAILED' | 'INTERNAL';
+    message?: string;
+    osStatus?: number;
+}
+/**
+ * Returns true if the Swift helper is already cached at the version-keyed
+ * tmp path. Lets the UI decide whether to show a "compiling…" step or skip
+ * straight to the export step (the cached case is effectively instant).
+ *
+ * Sync + cheap (single existsSync). Safe to call from a React onChange
+ * handler.
+ */
+export declare function isHelperCached(): boolean;
+/**
+ * Pre-compile the Swift helper without doing anything else. Used by the UI
+ * to show an explicit "compiling helper" step before the export, so the user
+ * isn't left staring at a spinner that says "look for the macOS dialog"
+ * while we silently build a binary.
+ *
+ * Returns the path to the compiled binary (same as `ensureSwiftHelper`).
+ */
+export declare function precompileSwiftHelper(): Promise<string>;
+export interface ExportP12Options {
+    /**
+     * Pre-resolved Swift helper binary path. Used in tests to inject a fake
+     * binary; in production this is computed automatically.
+     */
+    helperPathOverride?: string;
+}
+/**
+ * Export the chosen identity from the user's Keychain as a base64'd PKCS#12.
+ *
+ * Triggers exactly TWO macOS Keychain prompts on the user's first run for
+ * a given identity (one for "access" ACL, one for "export" ACL). Both
+ * decisions are cached when the user clicks "Always Allow", so subsequent
+ * runs against the same identity from the same binary are silent.
+ *
+ * Internally calls the bundled Swift helper (compiled on first use to the
+ * OS temp folder via `swiftc`). The helper uses Security framework's
+ * `SecItemExport(.formatPKCS12)` — the only Apple-supported path that works
+ * on Xcode-imported (non-extractable) signing keys.
+ *
+ * @param targetSha1 SHA1 of the identity to export (from {@link listSigningIdentities})
+ * @param options    See {@link ExportP12Options}
+ */
+export declare function exportP12FromKeychain(targetSha1: string, options?: ExportP12Options): Promise<ExportedP12>;
+/**
+ * Parse the helper's JSON output. Tolerates: extra whitespace, trailing
+ * newline, BOM. Throws a clear error if the output is unparsable — that
+ * indicates the helper crashed without emitting JSON, which our Swift code
+ * tries hard to never do (see keychain-export.swift's top-level catch).
+ *
+ * Exported for tests.
+ */
+export declare function parseHelperJson(stdout: string, stderr: string, exitCode: number | null): SwiftHelperResult;
+export {};

package/dist/src/build/onboarding/min-terminal-size.d.ts

@@ -0,0 +1,16 @@
+export declare const MIN_COLS = 80;
+export declare const IOS_MIN_ROWS = 38;
+export declare const ANDROID_MIN_ROWS = 49;
+export declare const MIN_ROWS: number;
+/** The full-onboarding row floor for a given platform. */
+export declare function onboardingMinRows(platform: 'ios' | 'android'): number;
+/**
+ * True when the given terminal size can run a platform's onboarding without a
+ * mid-flow resize. `platform` defaults to the conservative 'android' (larger)
+ * floor for platform-agnostic callers.
+ */
+export declare function terminalFitsOnboarding(cols: number, rows: number, platform?: 'ios' | 'android'): boolean;
+export declare const PICKER_MIN_COLS = 44;
+export declare const PICKER_MIN_ROWS = 11;
+/** True when the terminal can render the platform picker (banner + picker). */
+export declare function terminalFitsPicker(cols: number, rows: number): boolean;

package/dist/src/build/onboarding/progress.d.ts

@@ -0,0 +1,51 @@
+import type { OnboardingProgress, OnboardingStep } from './types.js';
+/**
+ * Load onboarding progress for an app. Returns null if no progress file exists.
+ */
+export declare function loadProgress(appId: string, baseDir?: string): Promise<OnboardingProgress | null>;
+/**
+ * Save onboarding progress. Creates the onboarding directory if needed.
+ * File is written with mode 0o600, directory with 0o700.
+ */
+export declare function saveProgress(appId: string, progress: OnboardingProgress, baseDir?: string): Promise<void>;
+/**
+ * Delete the progress file for an app (called on successful completion).
+ */
+export declare function deleteProgress(appId: string, baseDir?: string): Promise<void>;
+/**
+ * Determine the first incomplete step based on saved progress.
+ * Returns the step to resume from.
+ *
+ * Branches on `setupMethod` so the import flow doesn't accidentally resume
+ * into the create-new path's `creating-certificate` step (which would trigger
+ * the Apple 3-cert-limit error for users at the limit).
+ */
+export declare function getResumeStep(progress: OnboardingProgress | null): OnboardingStep;
+/**
+ * Pure routing decision used by the `import-scanning` useEffect to skip
+ * questions the user already answered on a previous attempt.
+ *
+ * The shipped flow always sent users to `import-distribution-mode` after
+ * scanning, and the distribution-mode picker always sent app_store users to
+ * `api-key-instructions`. That re-asked the .p8 file path on resume even
+ * though `keyId` / `issuerId` / `p8Path` were already saved in progress —
+ * exposed by users seeing "✔ API Key verified — Key: X" (hydrated log)
+ * alongside "How do you want to provide the .p8 file?" on the same screen.
+ *
+ * IMPORTANT — we intentionally do NOT short-circuit on
+ * `completedSteps.apiKeyVerified`. Going through `verifying-key` on every
+ * resume is a brief network round-trip that catches two failure modes a
+ * short-circuit would silently allow:
+ *   1. The user moved/deleted the saved .p8 between runs — `verifying-key`
+ *      surfaces this via NeedP8Error and routes back to the .p8 input.
+ *   2. The key was revoked on Apple's side — `verifying-key` gets a 401 and
+ *      the user gets a clear error instead of a late failure inside
+ *      `saving-credentials` (after the Keychain ACL prompt has already
+ *      fired for the .p12 export).
+ *
+ * Exported so the routing decision can be unit-tested without rendering Ink.
+ *
+ * Returns the step to land on after a successful Keychain scan.
+ */
+export declare function getImportEntryStep(progress: OnboardingProgress | null): OnboardingStep;
+export declare function extractKeyIdFromP8Path(filePath: string): string;

package/dist/src/build/onboarding/recovery.d.ts

@@ -0,0 +1,7 @@
+import type { OnboardingStep } from './types.js';
+export interface BuildOnboardingRecoveryAdvice {
+    summary: string[];
+    commands: string[];
+    docs: string[];
+}
+export declare function getBuildOnboardingRecoveryAdvice(message: string, step: OnboardingStep | null, pmRunner: string, appId: string): BuildOnboardingRecoveryAdvice;

package/dist/src/build/onboarding/telemetry.d.ts

@@ -0,0 +1,28 @@
+import type { AndroidOnboardingErrorCategory, AndroidOnboardingStep } from './android/types.js';
+import type { OnboardingErrorCategory, OnboardingStep, Platform } from './types.js';
+export interface TrackBuilderOnboardingStepInput {
+    apikey: string;
+    appId: string;
+    orgId: string;
+    platform: Platform;
+    step: OnboardingStep | AndroidOnboardingStep;
+    durationMs?: number;
+    /** Step whose elapsed time is represented by durationMs. */
+    durationStep?: OnboardingStep | AndroidOnboardingStep;
+    /** Raw caught error — mapped via the platform's category mapper. Use this OR errorCategory, not both. */
+    error?: unknown;
+    /** Pre-computed category. Takes precedence over `error` if both are present. */
+    errorCategory?: OnboardingErrorCategory | AndroidOnboardingErrorCategory;
+}
+export type BuilderOnboardingAction = 'resume_prompt_decision' | 'android_sa_method_selected' | 'android_sa_validation_recovery_selected' | 'android_sa_validation_result';
+export interface TrackBuilderOnboardingActionInput {
+    apikey: string;
+    appId: string;
+    orgId: string;
+    platform: Platform;
+    step: OnboardingStep | AndroidOnboardingStep;
+    action: BuilderOnboardingAction;
+    tags?: Record<string, boolean | number | string>;
+}
+export declare function trackBuilderOnboardingStep(input: TrackBuilderOnboardingStepInput): Promise<void>;
+export declare function trackBuilderOnboardingAction(input: TrackBuilderOnboardingActionInput): Promise<void>;

package/dist/src/build/onboarding/types.d.ts

@@ -0,0 +1,140 @@
+export type Platform = 'ios' | 'android';
+export interface OnboardingCompletionSummary {
+    /** The Capgo dashboard build URL, when a build was kicked off. */
+    buildUrl?: string;
+    /** One-line CI-secret upload summary, when secrets were pushed. */
+    ciSecretUploadSummary?: string | null;
+    /** Path to the generated GitHub Actions workflow file, when written. */
+    workflowFilePath?: string | null;
+    /** Path to the exported .env file, when the user chose the env-export fallback. */
+    envExportPath?: string | null;
+    /** The "run anytime" build-request command shown on the final screen. */
+    buildRequestCommand?: string;
+}
+export interface OnboardingResult {
+    outcome: 'completed' | 'cancelled';
+    /** Present only when outcome === 'completed'. */
+    summary?: OnboardingCompletionSummary;
+}
+export type OnboardingStep = 'welcome' | 'resume-prompt' | 'platform-select' | 'adding-platform' | 'credentials-exist' | 'backing-up' | 'setup-method-select' | 'import-scanning' | 'import-distribution-mode' | 'import-pick-identity' | 'import-pick-profile' | 'import-validating-all-certs' | 'import-checking-apple-cert' | 'import-no-match-recovery' | 'import-portal-explanation' | 'import-provide-profile-path' | 'import-create-profile-only' | 'import-export-warning' | 'import-compiling-helper' | 'import-exporting' | 'api-key-instructions' | 'p8-method-select' | 'input-p8-path' | 'input-key-id' | 'input-issuer-id' | 'verifying-key' | 'verify-app' | 'creating-certificate' | 'cert-limit-prompt' | 'revoking-certificate' | 'creating-profile' | 'duplicate-profile-prompt' | 'deleting-duplicate-profiles' | 'saving-credentials' | 'detecting-ci-secrets' | 'ci-secrets-setup' | 'ci-secrets-target-select' | 'ask-ci-secrets' | 'checking-ci-secrets' | 'confirm-ci-secret-overwrite' | 'uploading-ci-secrets' | 'ci-secrets-failed' | 'ask-github-actions-setup' | 'confirm-secrets-push' | 'ask-export-env' | 'exporting-env' | 'confirm-env-export-overwrite' | 'overwrite-and-export-env' | 'pick-package-manager' | 'pick-build-script' | 'pick-build-script-custom' | 'preview-workflow-file' | 'view-workflow-diff' | 'writing-workflow-file' | 'ask-build' | 'requesting-build' | 'ai-analysis-prompt' | 'ai-analysis-running' | 'ai-analysis-result' | 'ai-analysis-result-scroll' | 'build-complete' | 'no-platform' | 'error';
+export type OnboardingErrorCategory = 'apple_api_unauthorized' | 'apple_api_rate_limited' | 'cert_limit_reached' | 'profile_creation_failed' | 'p8_invalid' | 'keychain_no_identities' | 'keychain_export_failed' | 'keychain_helper_compile_failed' | 'profile_no_match' | 'profile_read_failed' | 'unknown';
+export interface ApiKeyData {
+    keyId: string;
+    issuerId: string;
+}
+/**
+ * Per-identity result of the eager Apple-side validation run. Populated by
+ * the `import-validating-all-certs` step useEffect, consumed by the two-
+ * table picker in `import-pick-identity`. Kept here (alongside the Step
+ * type) so the renderer and the validation logic share a single shape.
+ */
+export interface EnrichedIdentityAvailability {
+    /** True when Apple's API returned a SHA1 match for this identity. */
+    available: boolean;
+    /**
+     * Stable reason code for unavailable identities. Drives the per-reason
+     * detail rendering in the unavailable table (e.g. notice about the
+     * Apple-managed signing constraint, or about private-key-missing).
+     */
+    reason?: 'expired' | 'managed' | 'not-visible' | 'check-failed' | 'no-private-key';
+    /** One-line summary shown in the Reason column of the unavailable table. */
+    reasonText?: string;
+    /** When available — Apple-side cert resource id, reused downstream. */
+    appleCertId?: string;
+    /**
+     * Apple-side cert name as returned by /v1/certificates. Useful when
+     * the local Keychain name differs from the portal name (e.g. multiple
+     * "iOS Distribution" certs in the same team — the portal column says
+     * exactly which one).
+     */
+    appleCertName?: string;
+    /**
+     * ISO timestamp from Apple's expiration field. Shown in the manual-
+     * portal walkthrough so the user can tell which row to click when
+     * multiple certs are listed.
+     */
+    appleCertExpirationDate?: string;
+    /**
+     * Full serial number from Apple. The portal shows it in the cert
+     * detail view; surfacing the last 8 chars here gives the user a
+     * concrete disambiguator without leaking the full 40-byte serial
+     * into the terminal.
+     */
+    appleCertSerialNumber?: string;
+}
+export interface CertificateData {
+    certificateId: string;
+    expirationDate: string;
+    teamId: string;
+    p12Base64: string;
+}
+export interface ProfileData {
+    profileId: string;
+    profileName: string;
+    profileBase64: string;
+}
+export interface OnboardingProgress {
+    platform: Platform;
+    appId: string;
+    startedAt: string;
+    /** Path to the .p8 file on disk (content is NOT stored, only the path) */
+    p8Path?: string;
+    /** Partial input — saved incrementally so resume works mid-flow */
+    keyId?: string;
+    issuerId?: string;
+    /**
+     * Records which fork the user picked at `setup-method-select`. Crucial for
+     * resume — without this, a partial import-flow run would resume at
+     * `creating-certificate` (the create-new path) and immediately hit the
+     * Apple cert-limit error.
+     *
+     * Absent on legacy progress files (created before this field existed) →
+     * resume defaults to `create-new` for backward compatibility.
+     */
+    setupMethod?: 'create-new' | 'import-existing';
+    /**
+     * Records the distribution mode picked at `import-distribution-mode`.
+     *
+     * Persisted (not derived from .p8 presence) because ad_hoc users can
+     * legitimately enter a one-shot .p8 during no-match recovery, which would
+     * otherwise make .p8-presence-implies-app_store an incorrect heuristic. On
+     * resume the UI hydrates `importDistribution` from this field so the
+     * `verifying-key` branch and `doSaveCredentials` route correctly.
+     *
+     * Only meaningful when `setupMethod === 'import-existing'`.
+     */
+    importDistribution?: 'app_store' | 'ad_hoc';
+    /**
+     * The resolved iOS bundle id (the authoritative Release
+     * `PRODUCT_BUNDLE_IDENTIFIER`) when it differs from `capacitor.config.appId`.
+     * Used for Apple-side operations (cert lookup, profile filtering,
+     * `ensureBundleId`, `createProfile`) and as the key in the provisioning_map.
+     * The progress-file key and Capgo SaaS API calls still use `appId` so existing
+     * build commands keep finding these credentials without editing
+     * `capacitor.config`.
+     *
+     * Persisted so verify-app / redirectIfMismatch don't re-resolve on resume —
+     * once set, the override sticks unless the configuration context (see
+     * `iosBundleIdContextAppId`) changes between CLI runs.
+     */
+    iosBundleIdOverride?: string;
+    /**
+     * Snapshot of `config.appId` at the time the `iosBundleIdOverride` was
+     * resolved. On the next run we compare this to the current `config.appId`;
+     * if it changed (user renamed the app, added/removed a dev-tunnel suffix,
+     * etc.) the saved override is stale and we re-resolve / re-verify via the
+     * verify-app step. Without this we'd silently keep using a bundle id the
+     * user already moved on from.
+     */
+    iosBundleIdContextAppId?: string;
+    completedSteps: {
+        apiKeyVerified?: ApiKeyData;
+        certificateCreated?: CertificateData;
+        profileCreated?: ProfileData;
+    };
+    /** Temporary — wiped after .p12 creation */
+    _privateKeyPem?: string;
+}
+/** Maps each step to a progress percentage (0-100) */
+export declare const STEP_PROGRESS: Record<OnboardingStep, number>;
+export declare function getPhaseLabel(step: OnboardingStep): string;

package/dist/src/build/onboarding/ui/app.d.ts

@@ -0,0 +1,36 @@
+import type { FC } from 'react';
+import type { OnboardingProgress, OnboardingResult } from '../types.js';
+interface AppProps {
+    /**
+     * Capgo lookup key (progress files, saved credentials, Capgo SaaS build
+     * API). Resolved by `getAppId()`, which prefers
+     * `config.plugins.CapacitorUpdater.appId` over `config.appId` so dev-tunnel
+     * sandboxes can override the Capgo-side identifier without renaming the
+     * iOS bundle. Do NOT use for Apple-side operations — see
+     * `iosBundleIdInitial`.
+     */
+    appId: string;
+    /**
+     * Default value for the iOS bundle ID used for Apple-side operations
+     * (cert lookup, profile filtering, ensureBundleId, createProfile, and the
+     * provisioning_map key). Sourced from `config.appId` directly — what
+     * `cap sync` writes into project.pbxproj's PRODUCT_BUNDLE_IDENTIFIER.
+     * When pbxproj's Release id and config.appId disagree, the wizard adopts the
+     * authoritative Release id (verify-app confirms it remotely). command.ts
+     * falls back to `appId` if config.appId is missing, so this prop is always a
+     * valid string.
+     */
+    iosBundleIdInitial: string;
+    initialProgress: OnboardingProgress | null;
+    /** Resolved iOS directory from capacitor.config (defaults to 'ios') */
+    iosDir: string;
+    /** Optional Capgo API key passed via -a/--apikey flag; takes precedence over saved key */
+    apikey?: string;
+    supaHost?: string;
+    /** Reports the wizard outcome to the shell when it reaches build-complete, so
+     *  the caller prints an accurate post-exit message + durable summary instead of
+     *  always claiming success. Never fires on cancel/missing-platform exits. */
+    onResult?: (result: OnboardingResult) => void;
+}
+declare const OnboardingApp: FC<AppProps>;
+export default OnboardingApp;

package/dist/src/build/onboarding/ui/completed-steps-log.d.ts

@@ -0,0 +1,9 @@
+import type { FC } from 'react';
+export interface LogEntry {
+    text: string;
+    color?: string;
+}
+export declare const CompletedStepsLog: FC<{
+    entries: LogEntry[];
+    maxRows: number;
+}>;