@igstack/app-catalog-backend-core 0.0.1

package/dist/index.d.ts

@@ -0,0 +1,1934 @@
+import * as _prisma_client0 from "@prisma/client";
+import { Prisma, PrismaClient } from "@prisma/client";
+import * as _trpc_server0 from "@trpc/server";
+import { TRPCRootObject } from "@trpc/server";
+import * as better_auth0 from "better-auth";
+import { BetterAuthOptions, BetterAuthPlugin } from "better-auth";
+import { LanguageModel, Tool, tool } from "ai";
+import { Express, Request, Response, Router } from "express";
+import { User } from "better-auth/types";
+import * as _prisma_client_runtime_library0 from "@prisma/client/runtime/library";
+
+//#region src/types/common/sharedTypes.d.ts
+interface EhMetaDictionary {
+  [key: string]: string | null | Record<string, string | null>;
+}
+type Tag = string;
+//#endregion
+//#region src/types/common/resourceTypes.d.ts
+/**
+ * Resources like kafka topics, database tables, etc.
+ */
+interface EhResourceIndexed {
+  slug: string;
+  displayName: string;
+  defaultFixedValues?: Array<string>;
+}
+//#endregion
+//#region src/types/common/approvalMethodTypes.d.ts
+/**
+ * Approval Method Types
+ *
+ * Global approval method templates that apps can link to.
+ * Each method has a type (service, personTeam, custom) with type-specific config.
+ */
+type ApprovalMethodType = 'service' | 'personTeam' | 'custom';
+/**
+ * Contact for reaching out (not necessarily the approver)
+ */
+interface ReachOutContact {
+  displayName: string;
+  contact: string;
+}
+/**
+ * Service type config - for bots, ticketing systems, self-service portals
+ */
+interface ServiceConfig {
+  url?: string;
+  icon?: string;
+}
+/**
+ * Person/Team type config - for human approvers
+ */
+interface PersonTeamConfig {
+  reachOutContacts?: Array<ReachOutContact>;
+}
+/**
+ * Custom type config - generic, no additional fields
+ */
+interface CustomConfig {}
+/**
+ * Union of all config types
+ */
+type ApprovalMethodConfig = ServiceConfig | PersonTeamConfig | CustomConfig;
+/**
+ * Approval Method - stored in DbApprovalMethod
+ */
+type ApprovalMethod = {
+  slug: string;
+  displayName: string;
+  createdAt?: Date;
+  updatedAt?: Date;
+} & ({
+  type: 'service';
+  config: ServiceConfig;
+} | {
+  type: 'personTeam';
+  config: PersonTeamConfig;
+} | {
+  type: 'custom';
+  config: CustomConfig;
+});
+/**
+ * Role that can be requested for an app
+ */
+interface AppRole {
+  displayName: string;
+  description?: string;
+  adminNotes?: string;
+}
+/**
+ * Approver contact (person who approves, may differ from reach-out contact)
+ */
+interface ApproverContact {
+  displayName: string;
+  contact?: string;
+}
+/**
+ * URL link with optional label
+ */
+interface ApprovalUrl {
+  label?: string;
+  url: string;
+}
+/**
+ * Per-app approval details - stored as JSON in DbAppForCatalog
+ * All comment/text-like strings are markdown
+ */
+interface AppAccessRequest {
+  approvalMethodId: string;
+  comments?: string;
+  requestPrompt?: string;
+  postApprovalInstructions?: string;
+  roles?: Array<AppRole>;
+  approvers?: Array<ApproverContact>;
+  urls?: Array<ApprovalUrl>;
+  whoToReachOut?: string;
+}
+interface CreateApprovalMethodInput {
+  type: ApprovalMethodType;
+  displayName: string;
+  config?: ApprovalMethodConfig;
+}
+interface UpdateApprovalMethodInput {
+  id: string;
+  type?: ApprovalMethodType;
+  displayName?: string;
+  config?: ApprovalMethodConfig;
+}
+//#endregion
+//#region src/types/common/appCatalogTypes.d.ts
+/**
+ * Application entry in the catalog
+ */
+interface AppForCatalog {
+  id: string;
+  slug: string;
+  displayName: string;
+  description?: string;
+  teams?: Array<string>;
+  accessRequest?: AppAccessRequest;
+  notes?: string;
+  tags?: Array<string>;
+  appUrl?: string;
+  links?: Array<{
+    url: string;
+    title?: string;
+  }>;
+  iconName?: string;
+  screenshotIds?: Array<string>;
+}
+interface AppCategory {
+  id: string;
+  name: string;
+}
+interface GroupingTagDefinition {
+  prefix: string;
+  displayName: string;
+  description: string;
+  values: Array<GroupingTagValue>;
+}
+type DistributiveOmit<T, TKey extends keyof any> = T extends any ? Omit<T, TKey> : never;
+type AppApprovalMethod = DistributiveOmit<ApprovalMethod, 'createdAt' | 'updatedAt'>;
+interface GroupingTagValue {
+  value: string;
+  displayName: string;
+  description: string;
+}
+interface AppCatalogData {
+  apps: Array<AppForCatalog>;
+  tagsDefinitions: Array<GroupingTagDefinition>;
+  approvalMethods: Array<AppApprovalMethod>;
+}
+//#endregion
+//#region src/types/common/env/envTypes.d.ts
+interface EhEnvIndexed {
+  slug: string;
+  displayName: string;
+  meta?: EhMetaDictionary;
+}
+//#endregion
+//#region src/types/common/app/ui/appUiTypes.d.ts
+interface EhAppPageIndexed {
+  slug: string;
+  displayName: string;
+  url: string;
+  tags?: Array<Tag>;
+}
+interface EhAppUiIndexed {
+  pages: Array<EhAppPageIndexed>;
+}
+//#endregion
+//#region src/types/common/app/appTypes.d.ts
+interface EhAppIndexed {
+  slug: string;
+  displayName: string;
+  abbr?: string;
+  aliases?: Array<string>;
+  ui?: EhAppUiIndexed;
+  tags?: Array<Tag>;
+  iconName?: string;
+  meta?: EhMetaDictionary;
+}
+//#endregion
+//#region src/types/backend/common.d.ts
+interface EhBackendUiDefaultsInput {
+  credentialsRefs: Array<string>;
+}
+interface EhBackendCredentialInput {
+  slug: string;
+  desc?: string;
+  username: string;
+  password: string;
+}
+//#endregion
+//#region src/types/backend/dataSources.d.ts
+interface EhBackendDataSourceInputCommon {
+  meta?: EhMetaDictionary;
+}
+interface EhBackendDataSourceInputDb {
+  slug?: string;
+  type: 'db';
+  url: string;
+  username: string;
+  password: string;
+}
+interface EhBackendDataSourceInputKafka {
+  slug?: string;
+  type: 'kafka';
+  topics: {
+    consumer?: Array<string>;
+    producer?: Array<string>;
+  };
+}
+type EhBackendDataSourceInput = EhBackendDataSourceInputCommon & (EhBackendDataSourceInputDb | EhBackendDataSourceInputKafka);
+//#endregion
+//#region src/types/backend/api.d.ts
+interface EhBackendVersionsRequestParams {
+  envNames: Array<string>;
+  appNames: Array<string>;
+}
+interface EhBackendVersionsReturn {
+  envIds: Array<string>;
+  appIds: Array<string>;
+}
+interface EhBackendPageInput extends EhAppPageIndexed {
+  slug: string;
+  title?: string;
+  url: string;
+  credentialsRefs?: Array<string>;
+}
+interface EhBackendAppUIBaseInput {
+  credentials?: Array<EhBackendCredentialInput>;
+  defaults?: EhBackendUiDefaultsInput;
+}
+interface EhBackendAppUIInput extends EhBackendAppUIBaseInput, EhAppUiIndexed {
+  pages: Array<EhBackendPageInput>;
+}
+interface EhBackendTagsDescriptionDataIndexed {
+  descriptions: Array<EhBackendTagDescriptionDataIndexed>;
+}
+interface EhBackendTagDescriptionDataIndexed {
+  tagKey: string;
+  displayName?: string;
+  fixedTagValues?: Array<EhBackendTagFixedTagValue>;
+}
+interface EhBackendTagFixedTagValue {
+  tagValue: string;
+  displayName: string;
+}
+interface EhBackendAppInput extends EhAppIndexed {
+  ui?: EhBackendAppUIInput;
+  dataSources?: Array<EhBackendDataSourceInput>;
+}
+interface EhContextIndexed {
+  slug: string;
+  displayName: string;
+  /**
+   * The value is shared across envs (By default: false)
+   */
+  isSharedAcrossEnvs?: boolean;
+  defaultFixedValues?: Array<string>;
+}
+type EhBackendAppDto = EhAppIndexed;
+interface EhAppsMeta {
+  defaultIcon?: string;
+  tags: EhBackendTagsDescriptionDataIndexed;
+}
+//#endregion
+//#region src/types/backend/companySpecificBackend.d.ts
+interface AppCatalogCompanySpecificBackend {
+  getApps?: () => Promise<Array<AppForCatalog>>;
+}
+//#endregion
+//#region src/types/backend/deployments.d.ts
+interface EhBackendEnvironmentInput {
+  slug: string;
+  displayName?: string;
+  description?: string;
+  meta?: EhMetaDictionary;
+}
+interface EhBackendDeploymentInput {
+  envId: string;
+  appId: string;
+  displayVersion: string;
+  meta?: EhMetaDictionary;
+}
+interface EhBackendDeployableInput {
+  slug: string;
+  meta?: {
+    config: string;
+  };
+}
+/**
+ * Latest - backend returned latest data.
+ * Cached - backend in process of updating data, but returned cached data.
+ */
+type EhBackendDataFreshness = 'latest' | 'cached';
+interface EhBackendDataVersion {
+  version: string;
+  freshness: EhBackendDataFreshness;
+}
+interface EhBackendDeployment {
+  appName: string;
+  deployableServiceName: string;
+  envName: string;
+  version: EhBackendDataVersion;
+}
+//#endregion
+//#region src/server/ehTrpcContext.d.ts
+interface EhTrpcContext {
+  companySpecificBackend: AppCatalogCompanySpecificBackend;
+  user: User | null;
+  adminGroups: Array<string>;
+}
+interface EhTrpcContextOptions {
+  companySpecificBackend: AppCatalogCompanySpecificBackend;
+  user?: User | null;
+  adminGroups: Array<string>;
+}
+declare function createEhTrpcContext({
+  companySpecificBackend,
+  user,
+  adminGroups
+}: EhTrpcContextOptions): EhTrpcContext;
+//#endregion
+//#region src/modules/auth/auth.d.ts
+interface AuthConfig {
+  appName?: string;
+  baseURL: string;
+  secret: string;
+  providers?: BetterAuthOptions['socialProviders'];
+  plugins?: Array<BetterAuthPlugin>;
+  /** Session expiration in seconds. Default: 7 days (604800) */
+  sessionExpiresIn?: number;
+  /** Session update age in seconds. Default: 1 day (86400) */
+  sessionUpdateAge?: number;
+}
+declare function createAuth(config: AuthConfig): better_auth0.Auth<{
+  appName: string;
+  baseURL: string;
+  basePath: string;
+  secret: string;
+  database: (options: BetterAuthOptions) => better_auth0.DBAdapter<BetterAuthOptions>;
+  socialProviders: better_auth0.SocialProviders;
+  plugins: BetterAuthPlugin[];
+  emailAndPassword: {
+    enabled: true;
+  };
+  session: {
+    expiresIn: number;
+    updateAge: number;
+    cookieCache: {
+      enabled: true;
+      maxAge: number;
+    };
+  };
+  advanced: {
+    useSecureCookies: boolean;
+  };
+}>;
+type BetterAuth = ReturnType<typeof createAuth>;
+//#endregion
+//#region src/server/controller.d.ts
+/**
+ * Create the main tRPC router with optional auth instance
+ * @param auth - Optional Better Auth instance for auth-related queries
+ */
+declare function createTrpcRouter(auth?: BetterAuth): _trpc_server0.TRPCBuiltRouter<{
+  ctx: EhTrpcContext;
+  meta: object;
+  errorShape: _trpc_server0.TRPCDefaultErrorShape;
+  transformer: false;
+}, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+  authConfig: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: {
+      adminGroups: string[];
+    };
+    meta: object;
+  }>;
+  appCatalog: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: AppCatalogData;
+    meta: object;
+  }>;
+  icon: _trpc_server0.TRPCBuiltRouter<{
+    ctx: EhTrpcContext;
+    meta: object;
+    errorShape: _trpc_server0.TRPCDefaultErrorShape;
+    transformer: false;
+  }, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+    list: _trpc_server0.TRPCQueryProcedure<{
+      input: void;
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        mimeType: string;
+        fileSize: number;
+      }[];
+      meta: object;
+    }>;
+    getOne: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        id: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        mimeType: string;
+        fileSize: number;
+      } | null;
+      meta: object;
+    }>;
+    create: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        name: string;
+        content: string;
+        mimeType: string;
+        fileSize: number;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        content: _prisma_client_runtime_library0.Bytes;
+        mimeType: string;
+        fileSize: number;
+        assetType: _prisma_client0.$Enums.AssetType;
+        checksum: string;
+        width: number | null;
+        height: number | null;
+      };
+      meta: object;
+    }>;
+    update: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        id: string;
+        name?: string | undefined;
+        content?: string | undefined;
+        mimeType?: string | undefined;
+        fileSize?: number | undefined;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        content: _prisma_client_runtime_library0.Bytes;
+        mimeType: string;
+        fileSize: number;
+        assetType: _prisma_client0.$Enums.AssetType;
+        checksum: string;
+        width: number | null;
+        height: number | null;
+      };
+      meta: object;
+    }>;
+    delete: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        id: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        content: _prisma_client_runtime_library0.Bytes;
+        mimeType: string;
+        fileSize: number;
+        assetType: _prisma_client0.$Enums.AssetType;
+        checksum: string;
+        width: number | null;
+        height: number | null;
+      };
+      meta: object;
+    }>;
+    deleteMany: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        ids: string[];
+      };
+      output: _prisma_client0.Prisma.BatchPayload;
+      meta: object;
+    }>;
+    getContent: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        id: string;
+      };
+      output: {
+        content: string;
+        mimeType: string;
+        name: string;
+      };
+      meta: object;
+    }>;
+  }>>;
+  screenshot: _trpc_server0.TRPCBuiltRouter<{
+    ctx: EhTrpcContext;
+    meta: object;
+    errorShape: _trpc_server0.TRPCDefaultErrorShape;
+    transformer: false;
+  }, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+    list: _trpc_server0.TRPCQueryProcedure<{
+      input: void;
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        mimeType: string;
+        fileSize: number;
+        width: number | null;
+        height: number | null;
+      }[];
+      meta: object;
+    }>;
+    getOne: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        id: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        mimeType: string;
+        fileSize: number;
+        width: number | null;
+        height: number | null;
+      } | null;
+      meta: object;
+    }>;
+    getByAppSlug: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        appSlug: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        mimeType: string;
+        fileSize: number;
+        width: number | null;
+        height: number | null;
+      }[];
+      meta: object;
+    }>;
+    getFirstByAppSlug: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        appSlug: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        name: string;
+        mimeType: string;
+        fileSize: number;
+        width: number | null;
+        height: number | null;
+      } | null;
+      meta: object;
+    }>;
+  }>>;
+  appCatalogAdmin: _trpc_server0.TRPCBuiltRouter<{
+    ctx: EhTrpcContext;
+    meta: object;
+    errorShape: _trpc_server0.TRPCDefaultErrorShape;
+    transformer: false;
+  }, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+    list: _trpc_server0.TRPCQueryProcedure<{
+      input: void;
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      }[];
+      meta: object;
+    }>;
+    getById: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        id: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      } | null;
+      meta: object;
+    }>;
+    getBySlug: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        slug: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      } | null;
+      meta: object;
+    }>;
+    create: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        slug: string;
+        displayName: string;
+        description: string;
+        access?: {
+          [x: string]: unknown;
+          type: "email" | "bot" | "ticketing" | "self-service" | "documentation" | "manual";
+        } | undefined;
+        teams?: string[] | undefined;
+        accessRequest?: {
+          approvalMethodId: string;
+          comments?: string | undefined;
+          requestPrompt?: string | undefined;
+          postApprovalInstructions?: string | undefined;
+          roles?: {
+            name: string;
+            description?: string | undefined;
+          }[] | undefined;
+          approvers?: {
+            displayName: string;
+            contact?: string | undefined;
+          }[] | undefined;
+          urls?: {
+            url: string;
+            label?: string | undefined;
+          }[] | undefined;
+          whoToReachOut?: string | undefined;
+        } | undefined;
+        notes?: string | undefined;
+        tags?: string[] | undefined;
+        appUrl?: string | undefined;
+        links?: {
+          url: string;
+          displayName?: string | undefined;
+        }[] | undefined;
+        iconName?: string | undefined;
+        screenshotIds?: string[] | undefined;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      };
+      meta: object;
+    }>;
+    update: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        id: string;
+        slug?: string | undefined;
+        displayName?: string | undefined;
+        description?: string | undefined;
+        access?: {
+          [x: string]: unknown;
+          type: "email" | "bot" | "ticketing" | "self-service" | "documentation" | "manual";
+        } | undefined;
+        teams?: string[] | undefined;
+        accessRequest?: {
+          approvalMethodId: string;
+          comments?: string | undefined;
+          requestPrompt?: string | undefined;
+          postApprovalInstructions?: string | undefined;
+          roles?: {
+            name: string;
+            description?: string | undefined;
+          }[] | undefined;
+          approvers?: {
+            displayName: string;
+            contact?: string | undefined;
+          }[] | undefined;
+          urls?: {
+            url: string;
+            label?: string | undefined;
+          }[] | undefined;
+          whoToReachOut?: string | undefined;
+        } | undefined;
+        notes?: string | undefined;
+        tags?: string[] | undefined;
+        appUrl?: string | undefined;
+        links?: {
+          url: string;
+          displayName?: string | undefined;
+        }[] | undefined;
+        iconName?: string | undefined;
+        screenshotIds?: string[] | undefined;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      };
+      meta: object;
+    }>;
+    updateScreenshots: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        id: string;
+        screenshotIds: string[];
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      };
+      meta: object;
+    }>;
+    delete: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        id: string;
+      };
+      output: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        description: string;
+        slug: string;
+        displayName: string;
+        access: PrismaJson.AccessMethod | null;
+        teams: string[];
+        accessRequest: PrismaJson.AppAccessRequest | null;
+        notes: string | null;
+        tags: string[];
+        appUrl: string | null;
+        links: PrismaJson.AppLink[] | null;
+        iconName: string | null;
+        screenshotIds: string[];
+      };
+      meta: object;
+    }>;
+  }>>;
+  approvalMethod: _trpc_server0.TRPCBuiltRouter<{
+    ctx: EhTrpcContext;
+    meta: object;
+    errorShape: _trpc_server0.TRPCDefaultErrorShape;
+    transformer: false;
+  }, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+    list: _trpc_server0.TRPCQueryProcedure<{
+      input: void;
+      output: ApprovalMethod[];
+      meta: object;
+    }>;
+    getById: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        slug: string;
+      };
+      output: ApprovalMethod | null;
+      meta: object;
+    }>;
+    create: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        type: "custom" | "service" | "personTeam";
+        displayName: string;
+        config?: Record<string, never> | {
+          url?: string | undefined;
+          icon?: string | undefined;
+        } | {
+          reachOutContacts?: {
+            displayName: string;
+            contact: string;
+          }[] | undefined;
+        } | undefined;
+      };
+      output: ApprovalMethod;
+      meta: object;
+    }>;
+    update: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        slug: string;
+        type?: "custom" | "service" | "personTeam" | undefined;
+        displayName?: string | undefined;
+        config?: Record<string, never> | {
+          url?: string | undefined;
+          icon?: string | undefined;
+        } | {
+          reachOutContacts?: {
+            displayName: string;
+            contact: string;
+          }[] | undefined;
+        } | undefined;
+      };
+      output: ApprovalMethod;
+      meta: object;
+    }>;
+    delete: _trpc_server0.TRPCMutationProcedure<{
+      input: {
+        slug: string;
+      };
+      output: ApprovalMethod;
+      meta: object;
+    }>;
+    listByType: _trpc_server0.TRPCQueryProcedure<{
+      input: {
+        type: "custom" | "service" | "personTeam";
+      };
+      output: ApprovalMethod[];
+      meta: object;
+    }>;
+  }>>;
+  auth: _trpc_server0.TRPCBuiltRouter<{
+    ctx: EhTrpcContext;
+    meta: {};
+    errorShape: _trpc_server0.TRPCDefaultErrorShape;
+    transformer: false;
+  }, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+    getSession: _trpc_server0.TRPCQueryProcedure<{
+      input: void;
+      output: {
+        user: {
+          id: string;
+          createdAt: Date;
+          updatedAt: Date;
+          email: string;
+          emailVerified: boolean;
+          name: string;
+          image?: string | null | undefined;
+        } | null;
+        isAuthenticated: boolean;
+      };
+      meta: {};
+    }>;
+    getProviders: _trpc_server0.TRPCQueryProcedure<{
+      input: void;
+      output: {
+        providers: string[];
+      };
+      meta: {};
+    }>;
+  }>>;
+}>>;
+type TRPCRouter = ReturnType<typeof createTrpcRouter>;
+//#endregion
+//#region src/server/ehStaticControllerContract.d.ts
+interface EhStaticControllerContract {
+  methods: {
+    getIcon: {
+      method: string;
+      url: string;
+    };
+    getScreenshot: {
+      method: string;
+      url: string;
+    };
+  };
+}
+declare const staticControllerContract: EhStaticControllerContract;
+//#endregion
+//#region src/modules/auth/registerAuthRoutes.d.ts
+/**
+ * Register Better Auth routes with Express
+ * @param app - Express application instance
+ * @param auth - Better Auth instance
+ */
+declare function registerAuthRoutes(app: Express, auth: BetterAuth): void;
+//#endregion
+//#region src/modules/auth/authRouter.d.ts
+/**
+ * Create auth tRPC procedures
+ * @param t - tRPC instance
+ * @param auth - Better Auth instance (optional, for future extensions)
+ * @returns tRPC router with auth procedures
+ */
+declare function createAuthRouter(t: TRPCRootObject<EhTrpcContext, {}, {}>, auth?: BetterAuth): _trpc_server0.TRPCBuiltRouter<{
+  ctx: EhTrpcContext;
+  meta: {};
+  errorShape: _trpc_server0.TRPCDefaultErrorShape;
+  transformer: false;
+}, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+  getSession: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: {
+      user: {
+        id: string;
+        createdAt: Date;
+        updatedAt: Date;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        image?: string | null | undefined;
+      } | null;
+      isAuthenticated: boolean;
+    };
+    meta: {};
+  }>;
+  getProviders: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: {
+      providers: string[];
+    };
+    meta: {};
+  }>;
+}>>;
+type AuthRouter = ReturnType<typeof createAuthRouter>;
+//#endregion
+//#region src/modules/auth/authorizationUtils.d.ts
+/**
+ * Authorization utilities for checking user permissions based on groups
+ *
+ * Groups are automatically included in the user session when:
+ * 1. Okta auth server has a "groups" claim configured
+ * 2. The auth policy rule includes "groups" in scope_whitelist
+ *
+ * Example usage in tRPC procedures:
+ * ```typescript
+ * myProcedure: protectedProcedure.query(async ({ ctx }) => {
+ *   if (requireAdmin(ctx.user)) {
+ *     // Admin-only logic
+ *   }
+ *   // Regular user logic
+ * })
+ * ```
+ */
+interface UserWithGroups {
+  id: string;
+  email: string;
+  name?: string;
+  [key: string]: any;
+}
+/**
+ * Extract groups from user object
+ * Groups can be stored in different locations depending on the OAuth provider
+ */
+declare function getUserGroups(user: UserWithGroups | null | undefined): Array<string>;
+/**
+ * Check if user is a member of any of the specified groups
+ */
+declare function isMemberOfAnyGroup(user: UserWithGroups | null | undefined, allowedGroups: Array<string>): boolean;
+/**
+ * Check if user is a member of all specified groups
+ */
+declare function isMemberOfAllGroups(user: UserWithGroups | null | undefined, requiredGroups: Array<string>): boolean;
+/**
+ * Check if user has admin permissions
+ * @param user User object with groups
+ * @param adminGroups List of admin group names (default: ['env_hopper_ui_super_admins'])
+ */
+declare function isAdmin(user: UserWithGroups | null | undefined, adminGroups?: Array<string>): boolean;
+/**
+ * Require admin permissions - throws error if not admin
+ * @param user User object with groups
+ * @param adminGroups List of admin group names (default: ['env_hopper_ui_super_admins'])
+ */
+declare function requireAdmin(user: UserWithGroups | null | undefined, adminGroups?: Array<string>): void;
+/**
+ * Require membership in specific groups - throws error if not member
+ */
+declare function requireGroups(user: UserWithGroups | null | undefined, groups: Array<string>): void;
+//#endregion
+//#region src/modules/admin/chat/createAdminChatHandler.d.ts
+interface AdminChatHandlerOptions {
+  /** The AI model to use (from @ai-sdk/openai, @ai-sdk/anthropic, etc.) */
+  model: LanguageModel;
+  /** System prompt for the AI assistant */
+  systemPrompt?: string;
+  /** Tools available to the AI assistant */
+  tools?: Record<string, Tool>;
+  /**
+   * Optional function to validate configuration before processing requests.
+   * Should throw an error if configuration is invalid (e.g., missing API key).
+   * @example
+   * validateConfig: () => {
+   *   if (!process.env.OPENAI_API_KEY) {
+   *     throw new Error('OPENAI_API_KEY is not configured')
+   *   }
+   * }
+   */
+  validateConfig?: () => void;
+}
+/**
+ * Creates an Express handler for the admin chat endpoint.
+ *
+ * Usage in thin wrappers:
+ *
+ * ```typescript
+ * // With OpenAI
+ * import { openai } from '@ai-sdk/openai'
+ * app.post('/api/admin/chat', createAdminChatHandler({
+ *   model: openai('gpt-4o-mini'),
+ * }))
+ *
+ * // With Claude
+ * import { anthropic } from '@ai-sdk/anthropic'
+ * app.post('/api/admin/chat', createAdminChatHandler({
+ *   model: anthropic('claude-sonnet-4-20250514'),
+ * }))
+ * ```
+ */
+declare function createAdminChatHandler(options: AdminChatHandlerOptions): (req: Request, res: Response) => Promise<void>;
+//#endregion
+//#region src/modules/admin/chat/createDatabaseTools.d.ts
+/**
+ * Generic interface for executing raw SQL queries.
+ * Can be implemented with Prisma's $queryRawUnsafe or any other SQL client.
+ */
+interface DatabaseClient {
+  /** Execute a SELECT query and return results */
+  query: <T = unknown>(sql: string) => Promise<Array<T>>;
+  /** Execute an INSERT/UPDATE/DELETE and return affected row count */
+  execute: (sql: string) => Promise<{
+    affectedRows: number;
+  }>;
+  /** Get list of tables in the database */
+  getTables: () => Promise<Array<string>>;
+  /** Get columns for a specific table */
+  getColumns: (tableName: string) => Promise<Array<{
+    name: string;
+    type: string;
+    nullable: boolean;
+  }>>;
+}
+/**
+ * Creates a DatabaseClient from a Prisma client.
+ */
+declare function createPrismaDatabaseClient(prisma: {
+  $queryRawUnsafe: <T>(sql: string) => Promise<T>;
+  $executeRawUnsafe: (sql: string) => Promise<number>;
+}): DatabaseClient;
+/**
+ * Creates AI tools for generic database access.
+ *
+ * The AI uses these internally - users interact via natural language.
+ * Results are formatted as tables by the AI based on the system prompt.
+ * Uses the internal backend-core Prisma client automatically.
+ */
+declare function createDatabaseTools(): Record<string, Tool>;
+/**
+ * Default system prompt for the database admin assistant.
+ * Can be customized or extended.
+ */
+declare const DEFAULT_ADMIN_SYSTEM_PROMPT = "You are a helpful database admin assistant. You help users view and manage data in the database.\n\nIMPORTANT RULES:\n1. When showing data, ALWAYS format it as a numbered ASCII table so users can reference rows by number\n2. NEVER show raw SQL to users - just describe what you're doing in plain language\n3. When users ask to modify data (update, delete, create), ALWAYS confirm before executing\n4. For updates, show the current value and ask for confirmation before changing\n5. Keep responses concise and focused on the data\n\nFORMATTING EXAMPLE:\nWhen user asks \"show me all apps\", respond like:\n\"Here are all the apps:\n\n| # | ID | Slug    | Display Name    | Icon   |\n|---|----|---------|-----------------| -------|\n| 1 | 1  | portal  | Portal          | portal |\n| 2 | 2  | admin   | Admin Dashboard | admin  |\n| 3 | 3  | api     | API Service     | null   |\n\nFound 3 apps total.\"\n\nWhen user says \"update row 2 display name to 'Admin Panel'\":\n1. First confirm: \"I'll update the app 'Admin Dashboard' (ID: 2) to have display name 'Admin Panel'. Proceed?\"\n2. Only after user confirms, execute the update\n3. Then show the updated row\n\nAVAILABLE TABLES:\nUse getDatabaseSchema tool to discover tables and their columns.\n";
+//#endregion
+//#region src/modules/icons/iconRestController.d.ts
+interface IconRestControllerConfig {
+  /**
+   * Base path for icon endpoints (e.g., '/api/icons')
+   */
+  basePath: string;
+}
+/**
+ * Registers REST endpoints for icon upload and retrieval
+ *
+ * Endpoints:
+ * - POST {basePath}/upload - Upload a new icon (multipart/form-data with 'icon' field and 'name' field)
+ * - GET {basePath}/:id - Get icon binary by ID
+ * - GET {basePath}/:id/metadata - Get icon metadata only
+ */
+declare function registerIconRestController(router: Router, config: IconRestControllerConfig): void;
+//#endregion
+//#region src/modules/icons/iconService.d.ts
+interface UpsertIconInput {
+  name: string;
+  content: Buffer;
+  mimeType: string;
+  fileSize: number;
+}
+/**
+ * Upsert an icon to the database.
+ * If an icon with the same name exists, it will be updated.
+ * Otherwise, a new icon will be created.
+ */
+declare function upsertIcon(input: UpsertIconInput): Promise<{
+  id: string;
+  createdAt: Date;
+  updatedAt: Date;
+  name: string;
+  content: _prisma_client_runtime_library0.Bytes;
+  mimeType: string;
+  fileSize: number;
+  assetType: _prisma_client0.$Enums.AssetType;
+  checksum: string;
+  width: number | null;
+  height: number | null;
+}>;
+/**
+ * Upsert multiple icons to the database.
+ * This is more efficient than calling upsertIcon multiple times.
+ */
+declare function upsertIcons(icons: Array<UpsertIconInput>): Promise<{
+  id: string;
+  createdAt: Date;
+  updatedAt: Date;
+  name: string;
+  content: _prisma_client_runtime_library0.Bytes;
+  mimeType: string;
+  fileSize: number;
+  assetType: _prisma_client0.$Enums.AssetType;
+  checksum: string;
+  width: number | null;
+  height: number | null;
+}[]>;
+/**
+ * Get an asset (icon or screenshot) by name from the database.
+ * Returns the asset content, mimeType, and name if found.
+ */
+declare function getAssetByName(name: string): Promise<{
+  name: string;
+  content: Uint8Array<ArrayBuffer>;
+  mimeType: string;
+} | null>;
+//#endregion
+//#region src/modules/assets/assetRestController.d.ts
+interface AssetRestControllerConfig {
+  /**
+   * Base path for asset endpoints (e.g., '/api/assets')
+   */
+  basePath: string;
+}
+/**
+ * Registers REST endpoints for universal asset upload and retrieval
+ *
+ * Endpoints:
+ * - POST {basePath}/upload - Upload a new asset (multipart/form-data)
+ * - GET {basePath}/:id - Get asset binary by ID
+ * - GET {basePath}/:id/metadata - Get asset metadata only
+ * - GET {basePath}/by-name/:name - Get asset binary by name
+ */
+declare function registerAssetRestController(router: Router, config: AssetRestControllerConfig): void;
+//#endregion
+//#region src/modules/assets/screenshotRestController.d.ts
+interface ScreenshotRestControllerConfig {
+  /**
+   * Base path for screenshot endpoints (e.g., '/api/screenshots')
+   */
+  basePath: string;
+}
+/**
+ * Registers REST endpoints for screenshot retrieval
+ *
+ * Endpoints:
+ * - GET {basePath}/app/:appId - Get all screenshots for an app
+ * - GET {basePath}/:id - Get screenshot binary by ID
+ * - GET {basePath}/:id/metadata - Get screenshot metadata only
+ */
+declare function registerScreenshotRestController(router: Router, config: ScreenshotRestControllerConfig): void;
+//#endregion
+//#region src/modules/assets/screenshotRouter.d.ts
+declare function createScreenshotRouter(): _trpc_server0.TRPCBuiltRouter<{
+  ctx: EhTrpcContext;
+  meta: object;
+  errorShape: _trpc_server0.TRPCDefaultErrorShape;
+  transformer: false;
+}, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+  list: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      name: string;
+      mimeType: string;
+      fileSize: number;
+      width: number | null;
+      height: number | null;
+    }[];
+    meta: object;
+  }>;
+  getOne: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      id: string;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      name: string;
+      mimeType: string;
+      fileSize: number;
+      width: number | null;
+      height: number | null;
+    } | null;
+    meta: object;
+  }>;
+  getByAppSlug: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      appSlug: string;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      name: string;
+      mimeType: string;
+      fileSize: number;
+      width: number | null;
+      height: number | null;
+    }[];
+    meta: object;
+  }>;
+  getFirstByAppSlug: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      appSlug: string;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      name: string;
+      mimeType: string;
+      fileSize: number;
+      width: number | null;
+      height: number | null;
+    } | null;
+    meta: object;
+  }>;
+}>>;
+//#endregion
+//#region src/modules/assets/syncAssets.d.ts
+interface SyncAssetsConfig {
+  /**
+   * Directory containing icon files to sync
+   */
+  iconsDir?: string;
+  /**
+   * Directory containing screenshot files to sync
+   */
+  screenshotsDir?: string;
+}
+/**
+ * Sync local asset files (icons and screenshots) from directories into the database.
+ *
+ * This function allows consuming applications to sync asset files without directly
+ * exposing the Prisma client. It handles:
+ * - Icon files: Assigned to apps by matching filename to icon name patterns
+ * - Screenshot files: Assigned to apps by matching filename to app ID (format: <app-id>_screenshot_<no>.<ext>)
+ *
+ * @param config Configuration with paths to icon and screenshot directories
+ */
+declare function syncAssets(config: SyncAssetsConfig): Promise<{
+  iconsUpserted: number;
+  screenshotsUpserted: number;
+}>;
+//#endregion
+//#region src/modules/appCatalogAdmin/appCatalogAdminRouter.d.ts
+declare function createAppCatalogAdminRouter(): _trpc_server0.TRPCBuiltRouter<{
+  ctx: EhTrpcContext;
+  meta: object;
+  errorShape: _trpc_server0.TRPCDefaultErrorShape;
+  transformer: false;
+}, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+  list: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    }[];
+    meta: object;
+  }>;
+  getById: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      id: string;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    } | null;
+    meta: object;
+  }>;
+  getBySlug: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      slug: string;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    } | null;
+    meta: object;
+  }>;
+  create: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      slug: string;
+      displayName: string;
+      description: string;
+      access?: {
+        [x: string]: unknown;
+        type: "email" | "bot" | "ticketing" | "self-service" | "documentation" | "manual";
+      } | undefined;
+      teams?: string[] | undefined;
+      accessRequest?: {
+        approvalMethodId: string;
+        comments?: string | undefined;
+        requestPrompt?: string | undefined;
+        postApprovalInstructions?: string | undefined;
+        roles?: {
+          name: string;
+          description?: string | undefined;
+        }[] | undefined;
+        approvers?: {
+          displayName: string;
+          contact?: string | undefined;
+        }[] | undefined;
+        urls?: {
+          url: string;
+          label?: string | undefined;
+        }[] | undefined;
+        whoToReachOut?: string | undefined;
+      } | undefined;
+      notes?: string | undefined;
+      tags?: string[] | undefined;
+      appUrl?: string | undefined;
+      links?: {
+        url: string;
+        displayName?: string | undefined;
+      }[] | undefined;
+      iconName?: string | undefined;
+      screenshotIds?: string[] | undefined;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    };
+    meta: object;
+  }>;
+  update: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      id: string;
+      slug?: string | undefined;
+      displayName?: string | undefined;
+      description?: string | undefined;
+      access?: {
+        [x: string]: unknown;
+        type: "email" | "bot" | "ticketing" | "self-service" | "documentation" | "manual";
+      } | undefined;
+      teams?: string[] | undefined;
+      accessRequest?: {
+        approvalMethodId: string;
+        comments?: string | undefined;
+        requestPrompt?: string | undefined;
+        postApprovalInstructions?: string | undefined;
+        roles?: {
+          name: string;
+          description?: string | undefined;
+        }[] | undefined;
+        approvers?: {
+          displayName: string;
+          contact?: string | undefined;
+        }[] | undefined;
+        urls?: {
+          url: string;
+          label?: string | undefined;
+        }[] | undefined;
+        whoToReachOut?: string | undefined;
+      } | undefined;
+      notes?: string | undefined;
+      tags?: string[] | undefined;
+      appUrl?: string | undefined;
+      links?: {
+        url: string;
+        displayName?: string | undefined;
+      }[] | undefined;
+      iconName?: string | undefined;
+      screenshotIds?: string[] | undefined;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    };
+    meta: object;
+  }>;
+  updateScreenshots: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      id: string;
+      screenshotIds: string[];
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    };
+    meta: object;
+  }>;
+  delete: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      id: string;
+    };
+    output: {
+      id: string;
+      createdAt: Date;
+      updatedAt: Date;
+      description: string;
+      slug: string;
+      displayName: string;
+      access: PrismaJson.AccessMethod | null;
+      teams: string[];
+      accessRequest: PrismaJson.AppAccessRequest | null;
+      notes: string | null;
+      tags: string[];
+      appUrl: string | null;
+      links: PrismaJson.AppLink[] | null;
+      iconName: string | null;
+      screenshotIds: string[];
+    };
+    meta: object;
+  }>;
+}>>;
+//#endregion
+//#region src/modules/approvalMethod/approvalMethodRouter.d.ts
+declare function createApprovalMethodRouter(): _trpc_server0.TRPCBuiltRouter<{
+  ctx: EhTrpcContext;
+  meta: object;
+  errorShape: _trpc_server0.TRPCDefaultErrorShape;
+  transformer: false;
+}, _trpc_server0.TRPCDecorateCreateRouterOptions<{
+  list: _trpc_server0.TRPCQueryProcedure<{
+    input: void;
+    output: ApprovalMethod[];
+    meta: object;
+  }>;
+  getById: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      slug: string;
+    };
+    output: ApprovalMethod | null;
+    meta: object;
+  }>;
+  create: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      type: "custom" | "service" | "personTeam";
+      displayName: string;
+      config?: Record<string, never> | {
+        url?: string | undefined;
+        icon?: string | undefined;
+      } | {
+        reachOutContacts?: {
+          displayName: string;
+          contact: string;
+        }[] | undefined;
+      } | undefined;
+    };
+    output: ApprovalMethod;
+    meta: object;
+  }>;
+  update: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      slug: string;
+      type?: "custom" | "service" | "personTeam" | undefined;
+      displayName?: string | undefined;
+      config?: Record<string, never> | {
+        url?: string | undefined;
+        icon?: string | undefined;
+      } | {
+        reachOutContacts?: {
+          displayName: string;
+          contact: string;
+        }[] | undefined;
+      } | undefined;
+    };
+    output: ApprovalMethod;
+    meta: object;
+  }>;
+  delete: _trpc_server0.TRPCMutationProcedure<{
+    input: {
+      slug: string;
+    };
+    output: ApprovalMethod;
+    meta: object;
+  }>;
+  listByType: _trpc_server0.TRPCQueryProcedure<{
+    input: {
+      type: "custom" | "service" | "personTeam";
+    };
+    output: ApprovalMethod[];
+    meta: object;
+  }>;
+}>>;
+//#endregion
+//#region src/modules/approvalMethod/syncApprovalMethods.d.ts
+interface ApprovalMethodSyncInput {
+  slug: string;
+  type: 'service' | 'personTeam' | 'custom';
+  displayName: string;
+}
+/**
+ * Syncs approval methods to the database using upsert logic based on type + displayName.
+ *
+ * @param prisma - The PrismaClient instance from the backend-core database
+ * @param methods - Array of approval methods to sync
+ */
+declare function syncApprovalMethods(prisma: PrismaClient, methods: Array<ApprovalMethodSyncInput>): Promise<void>;
+//#endregion
+//#region src/db/client.d.ts
+/**
+ * Gets the internal Prisma client instance.
+ * Creates one if it doesn't exist.
+ */
+declare function getDbClient(): PrismaClient;
+/**
+ * Sets the internal Prisma client instance.
+ * Used by middleware to bridge with existing getDbClient() usage.
+ */
+declare function setDbClient(client: PrismaClient): void;
+/**
+ * Connects to the database.
+ * Call this before performing database operations.
+ */
+declare function connectDb(): Promise<void>;
+/**
+ * Disconnects from the database.
+ * Call this when done with database operations (e.g., in scripts).
+ */
+declare function disconnectDb(): Promise<void>;
+//#endregion
+//#region src/db/tableSyncPrismaAdapter.d.ts
+type ScalarKeys<TPrismaModelName extends Prisma.ModelName> = keyof Prisma.TypeMap['model'][TPrismaModelName]['payload']['scalars'];
+type ObjectKeys<TPrismaModelName extends Prisma.ModelName> = keyof Prisma.TypeMap['model'][TPrismaModelName]['payload']['objects'];
+type ScalarFilter<TPrismaModelName extends Prisma.ModelName> = Partial<Prisma.TypeMap['model'][TPrismaModelName]['payload']['scalars']>;
+interface TableSyncParamsPrisma<TPrismaClient extends PrismaClient, TPrismaModelName extends Prisma.ModelName, TUniqColumns extends ReadonlyArray<ScalarKeys<TPrismaModelName>>, TRelationColumns extends ReadonlyArray<ObjectKeys<TPrismaModelName>>> {
+  id?: ScalarKeys<TPrismaModelName>;
+  prisma: TPrismaClient;
+  prismaModelName: TPrismaModelName;
+  uniqColumns: TUniqColumns;
+  relationColumns?: TRelationColumns;
+  where?: ScalarFilter<TPrismaModelName>;
+  upsertOnly?: boolean;
+}
+type MakeTFromPrismaModel<TPrismaModelName extends Prisma.ModelName> = NonNullable<Prisma.TypeMap['model'][TPrismaModelName]['operations']['findUnique']['result']>;
+declare function tableSyncPrisma<TPrismaClient extends PrismaClient, TPrismaModelName extends Prisma.ModelName, TUniqColumns extends ReadonlyArray<ScalarKeys<TPrismaModelName>>, TRelationColumns extends ReadonlyArray<ObjectKeys<TPrismaModelName>>, TId extends ScalarKeys<TPrismaModelName> = ScalarKeys<TPrismaModelName>>(params: TableSyncParamsPrisma<TPrismaClient, TPrismaModelName, TUniqColumns, TRelationColumns>): {
+  sync<TUpsert extends Partial<MakeTFromPrismaModel<TPrismaModelName>> & Pick<MakeTFromPrismaModel<TPrismaModelName>, TUniqColumns[number]>>(upsertRaw: TUpsert[]): Promise<{
+    findIdMaybe: (key: Pick<MakeTFromPrismaModel<TPrismaModelName>, TUniqColumns[number]>) => MakeTFromPrismaModel<TPrismaModelName>[TId] | undefined;
+    findIdOrThrow: (key: Pick<MakeTFromPrismaModel<TPrismaModelName>, TUniqColumns[number]>) => MakeTFromPrismaModel<TPrismaModelName>[TId];
+    getActual(): (Pick<MakeTFromPrismaModel<TPrismaModelName>, TUniqColumns[number]> & MakeTFromPrismaModel<TPrismaModelName>[TId])[];
+  }>;
+};
+//#endregion
+//#region src/db/tableSyncMagazine.d.ts
+declare const TABLE_SYNC_MAGAZINE: {
+  readonly DbAppForCatalog: {
+    readonly prismaModelName: "DbAppForCatalog";
+    readonly uniqColumns: ["slug"];
+  };
+  readonly DbAppTagDefinition: {
+    readonly prismaModelName: "DbAppTagDefinition";
+    readonly uniqColumns: ["prefix"];
+  };
+  readonly DbApprovalMethod: {
+    readonly id: "slug";
+    readonly prismaModelName: "DbApprovalMethod";
+    readonly uniqColumns: ["slug"];
+  };
+};
+type TableSyncMagazine = typeof TABLE_SYNC_MAGAZINE;
+type TableSyncMagazineModelNameKey = keyof TableSyncMagazine;
+//#endregion
+//#region src/db/syncAppCatalog.d.ts
+interface SyncAppCatalogResult {
+  created: number;
+  updated: number;
+  deleted: number;
+  total: number;
+}
+/**
+ * Syncs app catalog data to the database using table sync.
+ * This will create new apps, update existing ones, and delete any that are no longer in the input.
+ *
+ * Note: Call connectDb() before and disconnectDb() after if running in a script.
+ */
+declare function syncAppCatalog(apps: Array<AppForCatalog>, tagsDefinitions: Array<GroupingTagDefinition>, approvalMethods: Array<ApprovalMethod>, sreenshotsPath?: string): Promise<SyncAppCatalogResult>;
+//#endregion
+//#region src/middleware/types.d.ts
+/**
+ * Database connection configuration.
+ * Supports both connection URL and structured config.
+ */
+type EhDatabaseConfig = {
+  url: string;
+} | {
+  host: string;
+  port: number;
+  database: string;
+  username: string;
+  password: string;
+  schema?: string;
+};
+/**
+ * Mock user configuration for development/testing.
+ * When provided, bypasses authentication and injects this user into all requests.
+ */
+interface EhDevMockUser {
+  /** User ID */
+  id: string;
+  /** User email */
+  email: string;
+  /** User display name */
+  name: string;
+  /** User groups (for authorization) */
+  groups: Array<string>;
+}
+/**
+ * Auth configuration for Better Auth integration.
+ */
+interface EhAuthConfig {
+  /** Base URL for auth callbacks (e.g., 'http://localhost:4000') */
+  baseURL: string;
+  /** Secret for signing sessions (min 32 chars in production) */
+  secret: string;
+  /** OAuth providers configuration */
+  providers?: BetterAuthOptions['socialProviders'];
+  /** Additional Better Auth plugins (e.g., Okta) */
+  plugins?: Array<BetterAuthPlugin>;
+  /** Session expiration in seconds (default: 30 days) */
+  sessionExpiresIn?: number;
+  /** Session refresh threshold in seconds (default: 1 day) */
+  sessionUpdateAge?: number;
+  /** Application name shown in auth UI */
+  appName?: string;
+  /** Development mock user - bypasses auth when provided */
+  devMockUser?: EhDevMockUser;
+  /** Admin group names for authorization (default: ['env_hopper_ui_super_admins']) */
+  adminGroups?: Array<string>;
+  /** Okta groups claim name (e.g., 'env_hopper_ui_groups') - used to extract groups from access token JWT */
+  oktaGroupsClaim?: string;
+}
+/**
+ * Admin chat (AI) configuration.
+ * When provided, enables the admin/chat endpoint.
+ */
+interface EhAdminChatConfig {
+  /** AI model instance from @ai-sdk/* packages */
+  model: LanguageModel;
+  /** System prompt for the AI assistant */
+  systemPrompt?: string;
+  /** Custom tools available to the AI */
+  tools?: Record<string, Tool>;
+  /** Validation function called before each request */
+  validateConfig?: () => void;
+}
+/**
+ * Feature toggles for enabling/disabling specific functionality.
+ *
+ * Note: Icons, assets, screenshots, and catalog backup are always enabled.
+ * Only these optional features can be toggled:
+ */
+interface EhFeatureToggles {
+  /** Enable tRPC endpoints (default: true) */
+  trpc?: boolean;
+  /** Enable auth endpoints (default: true) */
+  auth?: boolean;
+  /** Enable admin chat endpoint (default: true if adminChat config provided) */
+  adminChat?: boolean;
+  /** Enable legacy icon endpoint at /static/icon/:icon (default: false) */
+  legacyIconEndpoint?: boolean;
+}
+/**
+ * Company-specific backend can be provided as:
+ * 1. Direct object implementing the interface
+ * 2. Factory function called per-request (for DI integration)
+ * 3. Async factory function
+ */
+type EhBackendProvider = AppCatalogCompanySpecificBackend | (() => AppCatalogCompanySpecificBackend) | (() => Promise<AppCatalogCompanySpecificBackend>);
+/**
+ * Lifecycle hooks for database and middleware events.
+ */
+interface EhLifecycleHooks {
+  /** Called after database connection is established */
+  onDatabaseConnected?: () => void | Promise<void>;
+  /** Called before database disconnection (for cleanup) */
+  onDatabaseDisconnecting?: () => void | Promise<void>;
+  /** Called after all routes are registered - use to add custom routes */
+  onRoutesRegistered?: (router: Router) => void | Promise<void>;
+  /** Custom error handler for middleware errors */
+  onError?: (error: Error, context: {
+    path: string;
+  }) => void;
+}
+/**
+ * Main configuration options for the app-catalog middleware.
+ */
+interface EhMiddlewareOptions {
+  /**
+   * Base path prefix for all routes (default: '/api')
+   * - tRPC: {basePath}/trpc
+   * - Auth: {basePath}/auth (note: auth basePath is hardcoded, this affects where router mounts)
+   * - Icons: {basePath}/icons
+   * - Assets: {basePath}/assets
+   * - Screenshots: {basePath}/screenshots
+   * - Admin Chat: {basePath}/admin/chat
+   */
+  basePath?: string;
+  /**
+   * Database connection configuration (required).
+   * Backend-core manages the database for all features.
+   */
+  database: EhDatabaseConfig;
+  /** Auth configuration (required) */
+  auth: EhAuthConfig;
+  /** Company-specific backend implementation (required) */
+  backend: EhBackendProvider;
+  /** AI admin chat configuration (optional) */
+  adminChat?: EhAdminChatConfig;
+  /** Feature toggles (all enabled by default) */
+  features?: EhFeatureToggles;
+  /** Lifecycle hooks */
+  hooks?: EhLifecycleHooks;
+}
+/**
+ * Result of middleware initialization.
+ *
+ * @example
+ * ```typescript
+ * const eh = await createEhMiddleware({ ... })
+ *
+ * // Mount routes
+ * app.use(eh.router)
+ *
+ * // Connect to database
+ * await eh.connect()
+ *
+ * // Cleanup on shutdown
+ * process.on('SIGTERM', async () => {
+ *   await eh.disconnect()
+ * })
+ * ```
+ */
+interface EhMiddlewareResult {
+  /** Express router with all app-catalog routes */
+  router: Router;
+  /** Better Auth instance (for extending auth functionality) */
+  auth: BetterAuth;
+  /** tRPC router (for extending with custom procedures) */
+  trpcRouter: TRPCRouter;
+  /** Connect to database (call during app startup) */
+  connect: () => Promise<void>;
+  /** Disconnect from database (call during app shutdown) */
+  disconnect: () => Promise<void>;
+  /** Add custom routes to the middleware router */
+  addRoutes: (callback: (router: Router) => void) => void;
+}
+/**
+ * Internal context passed to feature registration functions.
+ */
+interface MiddlewareContext {
+  auth: BetterAuth;
+  trpcRouter: TRPCRouter;
+  createContext: () => Promise<{
+    companySpecificBackend: AppCatalogCompanySpecificBackend;
+  }>;
+  authConfig: EhAuthConfig;
+}
+//#endregion
+//#region src/middleware/createEhMiddleware.d.ts
+declare function createEhMiddleware(options: EhMiddlewareOptions): Promise<EhMiddlewareResult>;
+//#endregion
+//#region src/middleware/database.d.ts
+/**
+ * Internal database manager used by the middleware.
+ * Handles connection URL formatting and lifecycle.
+ */
+declare class EhDatabaseManager {
+  private client;
+  private config;
+  constructor(config: EhDatabaseConfig);
+  /**
+   * Get or create the Prisma client instance.
+   * Uses lazy initialization for flexibility.
+   */
+  getClient(): PrismaClient;
+  connect(): Promise<void>;
+  disconnect(): Promise<void>;
+}
+//#endregion
+export { type AdminChatHandlerOptions, AppAccessRequest, AppApprovalMethod, AppCatalogCompanySpecificBackend, AppCatalogData, AppCategory, type AppForCatalog, AppRole, ApprovalMethod, ApprovalMethodConfig, type ApprovalMethodSyncInput, ApprovalMethodType, ApprovalUrl, ApproverContact, type AssetRestControllerConfig, type AuthConfig, type AuthRouter, type BetterAuth, CreateApprovalMethodInput, CustomConfig, DEFAULT_ADMIN_SYSTEM_PROMPT, type DatabaseClient, type EhAdminChatConfig, EhAppIndexed, EhAppPageIndexed, EhAppUiIndexed, EhAppsMeta, type EhAuthConfig, EhBackendAppDto, EhBackendAppInput, EhBackendAppUIBaseInput, EhBackendAppUIInput, EhBackendCredentialInput, EhBackendDataFreshness, EhBackendDataSourceInput, EhBackendDataSourceInputCommon, EhBackendDataSourceInputDb, EhBackendDataSourceInputKafka, EhBackendDataVersion, EhBackendDeployableInput, EhBackendDeployment, EhBackendDeploymentInput, EhBackendEnvironmentInput, EhBackendPageInput, type EhBackendProvider, EhBackendTagDescriptionDataIndexed, EhBackendTagFixedTagValue, EhBackendTagsDescriptionDataIndexed, EhBackendUiDefaultsInput, EhBackendVersionsRequestParams, EhBackendVersionsReturn, EhContextIndexed, type EhDatabaseConfig, EhDatabaseManager, EhEnvIndexed, type EhFeatureToggles, type EhLifecycleHooks, EhMetaDictionary, type EhMiddlewareOptions, type EhMiddlewareResult, EhResourceIndexed, type EhStaticControllerContract, type EhTrpcContext, type EhTrpcContextOptions, GroupingTagDefinition, GroupingTagValue, type IconRestControllerConfig, type MakeTFromPrismaModel, type MiddlewareContext, type ObjectKeys, PersonTeamConfig, ReachOutContact, type ScalarFilter, type ScalarKeys, type ScreenshotRestControllerConfig, ServiceConfig, type SyncAppCatalogResult, type SyncAssetsConfig, TABLE_SYNC_MAGAZINE, type TRPCRouter, type TableSyncMagazine, type TableSyncMagazineModelNameKey, type TableSyncParamsPrisma, Tag, UpdateApprovalMethodInput, type UpsertIconInput, type UserWithGroups, connectDb, createAdminChatHandler, createAppCatalogAdminRouter, createApprovalMethodRouter, createAuth, createAuthRouter, createDatabaseTools, createEhMiddleware, createEhTrpcContext, createPrismaDatabaseClient, createScreenshotRouter, createTrpcRouter, disconnectDb, getAssetByName, getDbClient, getUserGroups, isAdmin, isMemberOfAllGroups, isMemberOfAnyGroup, registerAssetRestController, registerAuthRoutes, registerIconRestController, registerScreenshotRestController, requireAdmin, requireGroups, setDbClient, staticControllerContract, syncAppCatalog, syncApprovalMethods, syncAssets, tableSyncPrisma, tool, upsertIcon, upsertIcons };
+//# sourceMappingURL=index.d.ts.map