@harborclient/sdk 0.4.3

package/README.md

@@ -0,0 +1,41 @@
+# @harborclient/sdk
+
+TypeScript definitions, utility modules, and React runtime helpers for [HarborClient](https://harborclient.com/) plugin development.
+
+**Documentation:** [https://harborclient.github.io/sdk/](https://harborclient.github.io/sdk/)
+
+Install as a **dev dependency** in your plugin project. The package ships type declarations, HTTP/storage/UI helpers, and a JSX runtime that forwards to the host's React instance via `installReact(hc.react)`.
+
+Requires HarborClient **>=1.9.0** when using `hc.pluginId`, renderer HTTP lifecycle events, typed IPC invoke, and host request commands.
+
+## Install
+
+```bash
+pnpm add -D @harborclient/sdk
+```
+
+See the [install guide](https://harborclient.github.io/sdk/install) for version requirements.
+
+## Quick start
+
+```tsx
+import { installReact } from '@harborclient/sdk';
+import type { PluginContext } from '@harborclient/sdk';
+
+export function activate(hc: PluginContext): void {
+  installReact(hc.react);
+  // register contributions…
+}
+```
+
+Full guides — package layout, manifest, APIs, examples, and dev workflow — live in the [plugin development docs](https://harborclient.github.io/sdk/).
+
+## Trusted publishers
+
+HarborClient maintains a [trusted publisher registry](https://harborclient.com/plugins/trusted.json). Authors listed there must sign every plugin they publish; HarborClient rejects installs that claim a trusted author name without a valid signature. See the [signing guide](https://harborclient.github.io/sdk/signing) for key generation and verification.
+
+To discuss becoming a trusted publisher, email [contact@harborclient.com](mailto:contact@harborclient.com).
+
+## License
+
+MIT

package/dist/client.d.ts

@@ -0,0 +1,2 @@
+export * from './index';
+export * from './runtime/index';

package/dist/clipboard.d.ts

@@ -0,0 +1,27 @@
+import type { PluginContext } from './types.js';
+/**
+ * Options for {@link copyToClipboard}.
+ */
+export interface CopyToClipboardOptions {
+    /**
+     * Success toast message shown when copy succeeds.
+     */
+    toast?: string;
+    /**
+     * Toast display duration in milliseconds.
+     */
+    duration?: number;
+}
+/**
+ * Copies text to the clipboard with optional toast feedback.
+ *
+ * Prefer {@link PluginUi.copyToClipboard} on the host when available; this helper
+ * works with any plugin context that exposes `ui.showToast`.
+ *
+ * @param hc - Renderer plugin context.
+ * @param text - Text to copy.
+ * @param options - Optional toast message and duration.
+ * @throws When clipboard access fails.
+ */
+export declare function copyToClipboard(hc: PluginContext, text: string, options?: CopyToClipboardOptions): Promise<void>;
+//# sourceMappingURL=clipboard.d.ts.map

package/dist/clipboard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"clipboard.d.ts","sourceRoot":"","sources":["../src/clipboard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,eAAe,CACnC,EAAE,EAAE,aAAa,EACjB,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,IAAI,CAAC,CAKf"}

package/dist/clipboard.js

@@ -0,0 +1,17 @@
+/**
+ * Copies text to the clipboard with optional toast feedback.
+ *
+ * Prefer {@link PluginUi.copyToClipboard} on the host when available; this helper
+ * works with any plugin context that exposes `ui.showToast`.
+ *
+ * @param hc - Renderer plugin context.
+ * @param text - Text to copy.
+ * @param options - Optional toast message and duration.
+ * @throws When clipboard access fails.
+ */
+export async function copyToClipboard(hc, text, options) {
+    await navigator.clipboard.writeText(text);
+    if (options?.toast) {
+        hc.ui.showToast(options.toast, { duration: options.duration });
+    }
+}

package/dist/http/index.d.ts

@@ -0,0 +1,3 @@
+export { buildAuthHeaderValue, buildHeaders, buildUrl, encodeBasicAuth, resolveRequest, type ResolvedRequest } from './resolveRequest.js';
+export { resolveAuthVariables, substituteKeyValueRows, substituteVariables } from './substitute.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/http/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/http/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,YAAY,EACZ,QAAQ,EACR,eAAe,EACf,cAAc,EACd,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/http/index.js

@@ -0,0 +1,2 @@
+export { buildAuthHeaderValue, buildHeaders, buildUrl, encodeBasicAuth, resolveRequest } from './resolveRequest.js';
+export { resolveAuthVariables, substituteKeyValueRows, substituteVariables } from './substitute.js';

package/dist/http/resolveRequest.d.ts

@@ -0,0 +1,66 @@
+import type { AuthConfig, RequestDraft, RequestTabContext } from '../types.js';
+type KeyValue = {
+    key: string;
+    value: string;
+    enabled: boolean;
+};
+/**
+ * Fully merged, variable-substituted request snapshot matching HarborClient send-time behavior.
+ *
+ * This mirrors the host send pipeline but is maintained in the SDK — drift is possible when
+ * host send logic changes.
+ */
+export interface ResolvedRequest {
+    /**
+     * HTTP method in uppercase when non-GET.
+     */
+    method: string;
+    /**
+     * Final URL including merged query parameters.
+     */
+    url: string;
+    /**
+     * Outgoing request headers as a flat key/value map.
+     */
+    headers: Record<string, string>;
+    /**
+     * Request body content as a string.
+     */
+    body: string;
+}
+/**
+ * Encodes username and password as a UTF-8-safe Basic Auth credential string.
+ *
+ * @param username - Basic Auth username.
+ * @param password - Basic Auth password.
+ */
+export declare function encodeBasicAuth(username: string, password: string): string;
+/**
+ * Builds the Authorization header value from an auth config.
+ *
+ * @param auth - Auth configuration from the request or collection.
+ */
+export declare function buildAuthHeaderValue(auth: AuthConfig): string | null;
+/**
+ * Merges enabled query parameters into a base URL.
+ *
+ * @param baseUrl - Request URL before query string merging.
+ * @param params - Key-value pairs to append as search params.
+ */
+export declare function buildUrl(baseUrl: string, params: KeyValue[]): string;
+/**
+ * Builds outgoing request headers mirroring HarborClient send-time defaults.
+ *
+ * @param draft - Active request draft.
+ * @param collectionHeaders - Collection-level headers.
+ * @param authValue - Computed Authorization header value, if any.
+ */
+export declare function buildHeaders(draft: RequestDraft, collectionHeaders: KeyValue[], authValue: string | null): Record<string, string>;
+/**
+ * Returns the fully merged, variable-substituted request as HarborClient would send it.
+ *
+ * @param context - Read-only request tab context from the host.
+ */
+export declare function resolveRequest(context: RequestTabContext): ResolvedRequest;
+export {};
+//# sourceMappingURL=resolveRequest.d.ts.map

package/dist/http/resolveRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolveRequest.d.ts","sourceRoot":"","sources":["../../src/http/resolveRequest.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAG/E,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEhC;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;CACd;AAiBD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAW1E;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAiBpE;AA4BD;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAwBpE;AAsBD;;;;;;GAMG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,YAAY,EACnB,iBAAiB,EAAE,QAAQ,EAAE,EAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,GACvB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CA2BxB;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,iBAAiB,GAAG,eAAe,CAwB1E"}

package/dist/http/resolveRequest.js

@@ -0,0 +1,191 @@
+import { resolveAuthVariables, substituteKeyValueRows, substituteVariables } from './substitute.js';
+/**
+ * Returns whether a header field contains control characters unsafe for HTTP.
+ *
+ * @param value - Header name or value to inspect.
+ */
+function hasUnsafeHeaderFieldChars(value) {
+    for (let index = 0; index < value.length; index += 1) {
+        const code = value.charCodeAt(index);
+        if (code <= 0x1f || code === 0x7f) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Encodes username and password as a UTF-8-safe Basic Auth credential string.
+ *
+ * @param username - Basic Auth username.
+ * @param password - Basic Auth password.
+ */
+export function encodeBasicAuth(username, password) {
+    const credential = `${username}:${password}`;
+    if (typeof TextEncoder !== 'undefined' && typeof globalThis.btoa === 'function') {
+        const bytes = new TextEncoder().encode(credential);
+        let binary = '';
+        for (const byte of bytes) {
+            binary += String.fromCharCode(byte);
+        }
+        return globalThis.btoa(binary);
+    }
+    return globalThis.btoa?.(credential) ?? credential;
+}
+/**
+ * Builds the Authorization header value from an auth config.
+ *
+ * @param auth - Auth configuration from the request or collection.
+ */
+export function buildAuthHeaderValue(auth) {
+    if (auth.type === 'none') {
+        return null;
+    }
+    if (auth.type === 'basic') {
+        const username = auth.basic.username.trim();
+        const password = auth.basic.password;
+        if (!username && !password.trim()) {
+            return null;
+        }
+        return `Basic ${encodeBasicAuth(username, password)}`;
+    }
+    const token = auth.bearer.token.trim();
+    if (!token || hasUnsafeHeaderFieldChars(token)) {
+        return null;
+    }
+    return `Bearer ${token}`;
+}
+/**
+ * Returns whether a URL string is a root-relative path.
+ *
+ * @param url - Trimmed URL string.
+ */
+function isRootRelativePath(url) {
+    return url.startsWith('/') && !url.startsWith('//');
+}
+/**
+ * Appends query parameters via string concatenation for root-relative paths.
+ *
+ * @param trimmed - Trimmed base URL that failed absolute URL parsing.
+ * @param enabledParams - Enabled key-value pairs to append.
+ */
+function appendQueryFallback(trimmed, enabledParams) {
+    const separator = trimmed.includes('?') ? '&' : '?';
+    const query = enabledParams
+        .map((param) => `${encodeURIComponent(param.key.trim())}=${encodeURIComponent(param.value)}`)
+        .join('&');
+    return `${trimmed}${separator}${query}`;
+}
+/**
+ * Merges enabled query parameters into a base URL.
+ *
+ * @param baseUrl - Request URL before query string merging.
+ * @param params - Key-value pairs to append as search params.
+ */
+export function buildUrl(baseUrl, params) {
+    const trimmed = baseUrl.trim();
+    if (!trimmed) {
+        return trimmed;
+    }
+    const enabledParams = params.filter((param) => param.enabled && param.key.trim());
+    if (enabledParams.length === 0) {
+        return trimmed;
+    }
+    try {
+        const url = new URL(trimmed);
+        if (url.protocol !== 'http:' && url.protocol !== 'https:') {
+            return trimmed;
+        }
+        for (const param of enabledParams) {
+            url.searchParams.set(param.key.trim(), param.value);
+        }
+        return url.toString();
+    }
+    catch {
+        if (!isRootRelativePath(trimmed)) {
+            return trimmed;
+        }
+        return appendQueryFallback(trimmed, enabledParams);
+    }
+}
+/**
+ * Returns enabled key-value rows with non-empty keys.
+ *
+ * @param rows - Header or param rows from the draft.
+ */
+function enabledRows(rows) {
+    return rows.filter((row) => row.enabled && row.key.trim());
+}
+/**
+ * Returns true when any enabled row is a non-empty Authorization header.
+ *
+ * @param rows - Header rows to inspect.
+ */
+function hasManualAuthorization(rows) {
+    return enabledRows(rows).some((row) => row.key.trim().toLowerCase() === 'authorization' && row.value.trim() !== '');
+}
+/**
+ * Builds outgoing request headers mirroring HarborClient send-time defaults.
+ *
+ * @param draft - Active request draft.
+ * @param collectionHeaders - Collection-level headers.
+ * @param authValue - Computed Authorization header value, if any.
+ */
+export function buildHeaders(draft, collectionHeaders, authValue) {
+    const mergedRows = [
+        ...(authValue && !hasManualAuthorization([...collectionHeaders, ...draft.headers])
+            ? [{ key: 'Authorization', value: authValue, enabled: true }]
+            : []),
+        ...collectionHeaders,
+        ...draft.headers
+    ];
+    const result = {};
+    for (const header of enabledRows(mergedRows)) {
+        const key = header.key.trim();
+        if (draft.body_type === 'multipart' && key.toLowerCase() === 'content-type') {
+            continue;
+        }
+        result[key] = header.value;
+    }
+    const hasContentType = Object.keys(result).some((key) => key.toLowerCase() === 'content-type');
+    if (!hasContentType) {
+        if (draft.body_type === 'json') {
+            result['Content-Type'] = 'application/json';
+        }
+        else if (draft.body_type === 'text') {
+            result['Content-Type'] = 'text/plain';
+        }
+        else if (draft.body_type === 'urlencoded') {
+            result['Content-Type'] = 'application/x-www-form-urlencoded';
+        }
+    }
+    return result;
+}
+/**
+ * Returns the fully merged, variable-substituted request as HarborClient would send it.
+ *
+ * @param context - Read-only request tab context from the host.
+ */
+export function resolveRequest(context) {
+    const { draft, collectionAuth, collectionHeaders, variables } = context;
+    const substitute = (text) => substituteVariables(text, variables);
+    const resolvedDraft = {
+        ...draft,
+        url: substitute(draft.url),
+        body: substitute(draft.body),
+        params: substituteKeyValueRows(draft.params, variables),
+        headers: substituteKeyValueRows(draft.headers, variables),
+        auth: resolveAuthVariables(draft.auth, substitute)
+    };
+    const resolvedCollectionHeaders = substituteKeyValueRows(collectionHeaders, variables);
+    const resolvedCollectionAuth = resolveAuthVariables(collectionAuth, substitute);
+    const effectiveAuth = resolvedDraft.auth.type !== 'none' ? resolvedDraft.auth : resolvedCollectionAuth;
+    const authValue = buildAuthHeaderValue(effectiveAuth);
+    const url = buildUrl(resolvedDraft.url, resolvedDraft.params);
+    const headers = buildHeaders(resolvedDraft, resolvedCollectionHeaders, authValue);
+    return {
+        method: resolvedDraft.method,
+        url,
+        headers,
+        body: resolvedDraft.body
+    };
+}

package/dist/http/resolveRequest.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=resolveRequest.test.d.ts.map

package/dist/http/resolveRequest.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolveRequest.test.d.ts","sourceRoot":"","sources":["../../src/http/resolveRequest.test.ts"],"names":[],"mappings":""}

package/dist/http/resolveRequest.test.js

@@ -0,0 +1,40 @@
+import { describe, expect, it } from '@jest/globals';
+import { resolveRequest } from './resolveRequest.js';
+import { substituteVariables } from './substitute.js';
+describe('substituteVariables', () => {
+    it('replaces known placeholders', () => {
+        expect(substituteVariables('{{host}}/api', { host: 'https://example.com' })).toBe('https://example.com/api');
+    });
+});
+describe('resolveRequest', () => {
+    it('merges collection auth and variables', () => {
+        const context = {
+            draft: {
+                method: 'POST',
+                url: '{{base}}/users',
+                params: [{ key: 'page', value: '1', enabled: true }],
+                headers: [{ key: 'X-Test', value: '1', enabled: true }],
+                body: '{"ok":true}',
+                auth: {
+                    type: 'none',
+                    basic: { username: '', password: '' },
+                    bearer: { token: '' }
+                },
+                body_type: 'json'
+            },
+            response: null,
+            readOnly: true,
+            collectionAuth: {
+                type: 'bearer',
+                basic: { username: '', password: '' },
+                bearer: { token: '{{token}}' }
+            },
+            collectionHeaders: [{ key: 'Accept', value: 'application/json', enabled: true }],
+            variables: { base: 'https://api.test', token: 'secret' }
+        };
+        const resolved = resolveRequest(context);
+        expect(resolved.url).toBe('https://api.test/users?page=1');
+        expect(resolved.headers.Authorization).toBe('Bearer secret');
+        expect(resolved.headers['Content-Type']).toBe('application/json');
+    });
+});

package/dist/http/substitute.d.ts

@@ -0,0 +1,29 @@
+import type { AuthConfig } from '../types.js';
+type KeyValue = {
+    key: string;
+    value: string;
+    enabled: boolean;
+};
+/**
+ * Replaces {{key}} placeholders using a runtime variable map.
+ *
+ * @param text - Text containing variable placeholders.
+ * @param runtimeVars - Current runtime variable values.
+ */
+export declare function substituteVariables(text: string, runtimeVars: Record<string, string>): string;
+/**
+ * Resolves {{variable}} placeholders in auth credential fields.
+ *
+ * @param auth - Auth config with raw editor values.
+ * @param substitute - Function that resolves placeholders in a string.
+ */
+export declare function resolveAuthVariables(auth: AuthConfig, substitute: (text: string) => string): AuthConfig;
+/**
+ * Substitutes variables in key-value row values.
+ *
+ * @param rows - Header or param rows from the draft.
+ * @param runtimeVars - Merged collection and environment variable map.
+ */
+export declare function substituteKeyValueRows(rows: KeyValue[], runtimeVars: Record<string, string>): KeyValue[];
+export {};
+//# sourceMappingURL=substitute.d.ts.map

package/dist/http/substitute.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"substitute.d.ts","sourceRoot":"","sources":["../../src/http/substitute.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAIF;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAK7F;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,UAAU,EAChB,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GACnC,UAAU,CAWZ;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,QAAQ,EAAE,EAChB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,QAAQ,EAAE,CAKZ"}

package/dist/http/substitute.js

@@ -0,0 +1,43 @@
+const VARIABLE_PATTERN = /\{\{\s*([\w.-]+)\s*\}\}/g;
+/**
+ * Replaces {{key}} placeholders using a runtime variable map.
+ *
+ * @param text - Text containing variable placeholders.
+ * @param runtimeVars - Current runtime variable values.
+ */
+export function substituteVariables(text, runtimeVars) {
+    return text.replace(VARIABLE_PATTERN, (match, key) => {
+        const value = runtimeVars[key];
+        return value !== undefined ? value : match;
+    });
+}
+/**
+ * Resolves {{variable}} placeholders in auth credential fields.
+ *
+ * @param auth - Auth config with raw editor values.
+ * @param substitute - Function that resolves placeholders in a string.
+ */
+export function resolveAuthVariables(auth, substitute) {
+    return {
+        ...auth,
+        basic: {
+            username: substitute(auth.basic.username),
+            password: substitute(auth.basic.password)
+        },
+        bearer: {
+            token: substitute(auth.bearer.token)
+        }
+    };
+}
+/**
+ * Substitutes variables in key-value row values.
+ *
+ * @param rows - Header or param rows from the draft.
+ * @param runtimeVars - Merged collection and environment variable map.
+ */
+export function substituteKeyValueRows(rows, runtimeVars) {
+    return rows.map((row) => ({
+        ...row,
+        value: substituteVariables(row.value, runtimeVars)
+    }));
+}

package/dist/http/substitute.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=substitute.test.d.ts.map

package/dist/http/substitute.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"substitute.test.d.ts","sourceRoot":"","sources":["../../src/http/substitute.test.ts"],"names":[],"mappings":""}

package/dist/http/substitute.test.js

@@ -0,0 +1,85 @@
+import { describe, expect, it } from '@jest/globals';
+import { resolveAuthVariables, substituteKeyValueRows, substituteVariables } from './substitute.js';
+describe('substituteVariables', () => {
+    it('replaces known placeholders', () => {
+        expect(substituteVariables('{{host}}/api', { host: 'https://example.com' })).toBe('https://example.com/api');
+    });
+    it('allows whitespace inside braces', () => {
+        expect(substituteVariables('{{ host }}/api', { host: 'https://example.com' })).toBe('https://example.com/api');
+    });
+    it('supports dotted and hyphenated keys', () => {
+        expect(substituteVariables('{{api.base}}-{{api-key}}', {
+            'api.base': 'https://example.com',
+            'api-key': 'secret'
+        })).toBe('https://example.com-secret');
+    });
+    it('replaces multiple placeholders in one string', () => {
+        expect(substituteVariables('{{scheme}}://{{host}}/{{path}}', {
+            scheme: 'https',
+            host: 'example.com',
+            path: 'users'
+        })).toBe('https://example.com/users');
+    });
+    it('leaves unknown placeholders unchanged', () => {
+        expect(substituteVariables('{{missing}}/api', { host: 'https://example.com' })).toBe('{{missing}}/api');
+    });
+    it('replaces with empty string when variable is defined as empty', () => {
+        expect(substituteVariables('prefix{{token}}suffix', { token: '' })).toBe('prefixsuffix');
+    });
+    it('returns text unchanged when there are no placeholders', () => {
+        expect(substituteVariables('plain text', { host: 'https://example.com' })).toBe('plain text');
+    });
+});
+describe('resolveAuthVariables', () => {
+    const auth = {
+        type: 'basic',
+        basic: {
+            username: '{{user}}',
+            password: '{{pass}}'
+        },
+        bearer: {
+            token: '{{token}}'
+        }
+    };
+    it('substitutes basic and bearer credential fields', () => {
+        const substitute = (text) => text.replace('{{user}}', 'alice').replace('{{pass}}', 'secret').replace('{{token}}', 'tok');
+        expect(resolveAuthVariables(auth, substitute)).toEqual({
+            type: 'basic',
+            basic: {
+                username: 'alice',
+                password: 'secret'
+            },
+            bearer: {
+                token: 'tok'
+            }
+        });
+    });
+    it('preserves auth type and structure', () => {
+        const substitute = (text) => text;
+        const resolved = resolveAuthVariables(auth, substitute);
+        expect(resolved.type).toBe('basic');
+        expect(resolved.basic).toEqual(auth.basic);
+        expect(resolved.bearer).toEqual(auth.bearer);
+    });
+});
+describe('substituteKeyValueRows', () => {
+    it('substitutes values while preserving row metadata', () => {
+        const rows = [
+            { key: 'Accept', value: '{{accept}}', enabled: true },
+            { key: 'X-Api-Key', value: 'static', enabled: false }
+        ];
+        expect(substituteKeyValueRows(rows, { accept: 'application/json' })).toEqual([
+            { key: 'Accept', value: 'application/json', enabled: true },
+            { key: 'X-Api-Key', value: 'static', enabled: false }
+        ]);
+    });
+    it('leaves unknown placeholders in row values', () => {
+        const rows = [{ key: 'Host', value: '{{host}}', enabled: true }];
+        expect(substituteKeyValueRows(rows, {})).toEqual([
+            { key: 'Host', value: '{{host}}', enabled: true }
+        ]);
+    });
+    it('returns an empty array for no rows', () => {
+        expect(substituteKeyValueRows([], { host: 'example.com' })).toEqual([]);
+    });
+});

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export type * from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1 @@
+export {};

package/dist/main.d.ts

@@ -0,0 +1,2 @@
+export type { Disposable, MainPluginContext, PluginHttp, PluginHttpRequest, PluginHttpResponse, PluginIpc, PluginStorage } from './types';
+//# sourceMappingURL=main.d.ts.map

package/dist/main.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,UAAU,EACV,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACd,MAAM,SAAS,CAAC"}

package/dist/main.js

@@ -0,0 +1 @@
+export {};

package/dist/runtime/index.d.ts

@@ -0,0 +1,20 @@
+import type * as React from 'react';
+
+/**
+ * Installs the HarborClient renderer React instance for plugin JSX and hooks.
+ *
+ * Call once at the start of `activate(hc)` before registering UI contributions.
+ *
+ * @param react - React namespace from `hc.react`.
+ */
+export function installReact(react: typeof React): void;
+
+/**
+ * Creates a React component from a factory that receives the host React namespace.
+ *
+ * @param factory - Builds a component type using hooks or createElement from host React.
+ * @returns Component safe to pass to `hc.ui.register*` registration APIs.
+ */
+export function createPluginComponent<P extends Record<string, unknown>>(
+  factory: (react: typeof React) => React.ComponentType<P>
+): React.ComponentType<P>;