@percena/weft 0.4.0-next.1 → 0.4.0-next.3

package/dist/sources.d.cts

@@ -1,3978 +0,0 @@
-
-
-// ── inlined from @weft/timeline ──
-// -- @weft/timeline/index.d.ts --
-type TimelineProvider = string;
-type TimelinePermissionScope = {
-    type: 'session';
-    sessionId: string;
-} | {
-    type: 'workspace';
-    workspaceId: string;
-} | {
-    type: 'source';
-    sourceSlug: string;
-} | {
-    type: 'skill';
-    skillSlug: string;
-} | {
-    type: 'automation';
-    automationId: string;
-} | {
-    type: 'tool-call';
-    callId: string;
-};
-type TimelineCommandOrigin = {
-    type: 'user';
-    id?: string;
-} | {
-    type: 'automation';
-    id: string;
-} | {
-    type: 'scheduler';
-    id?: string;
-} | {
-    type: 'host';
-    id?: string;
-} | {
-    type: 'replay';
-    id?: string;
-} | {
-    type: 'system';
-    id?: string;
-};
-interface ToolIntent {
-    kind: string;
-    command?: string;
-    baseCommand?: string;
-    path?: string;
-    toolName?: string;
-    name?: string;
-    method?: string;
-    url?: string;
-}
-interface TimelinePermissionRequest {
-    requestId: string;
-    toolName: string;
-    scope?: TimelinePermissionScope;
-    input?: Record<string, unknown>;
-    reason?: string;
-    intent?: ToolIntent;
-}
-interface TimelinePermissionResolution {
-    allowed: boolean;
-    remember?: boolean;
-    reason?: string;
-}
-type TimelineToolStatus = 'pending' | 'running' | 'completed' | 'failed';
-type TimelineItem = {
-    type: 'user_message';
-    text: string;
-    messageId: string;
-    turnId?: string;
-} | {
-    type: 'assistant_message_delta';
-    text: string;
-    messageId: string;
-    turnId: string;
-} | {
-    type: 'assistant_message';
-    text: string;
-    messageId: string;
-    turnId: string;
-} | {
-    type: 'reasoning_delta';
-    text: string;
-    messageId: string;
-    turnId: string;
-} | {
-    type: 'reasoning';
-    text: string;
-    messageId: string;
-    turnId: string;
-} | {
-    type: 'tool_call';
-    callId: string;
-    name: string;
-    status: TimelineToolStatus;
-    detail?: unknown;
-    turnId?: string;
-} | {
-    type: 'tool_output_delta';
-    callId: string;
-    text: string;
-    stream?: 'stdout' | 'stderr' | string;
-    turnId?: string;
-} | {
-    type: 'tool_result';
-    callId: string;
-    result: unknown;
-    isError?: boolean;
-    turnId?: string;
-} | {
-    type: 'permission_requested';
-    request: TimelinePermissionRequest;
-} | {
-    type: 'permission_resolved';
-    requestId: string;
-    resolution: TimelinePermissionResolution;
-} | {
-    type: 'permission_policy_changed';
-    policy: unknown;
-} | {
-    type: 'source_state_changed';
-    source: unknown;
-} | {
-    type: 'skill_activated';
-    skill: unknown;
-} | {
-    type: 'host_state_changed';
-    state: unknown;
-} | {
-    type: 'automation_triggered';
-    automation: {
-        automationId: string;
-        origin: TimelineCommandOrigin;
-        detail?: unknown;
-    };
-} | {
-    type: 'automation_action_result';
-    result: unknown;
-} | {
-    type: 'runtime_capability_report';
-    report: unknown;
-} | {
-    type: 'runtime_fallback';
-    reason: string;
-    from?: string;
-    to: string;
-} | {
-    type: 'turn_started';
-    turnId: string;
-} | {
-    type: 'turn_completed';
-    turnId: string;
-    usage?: unknown;
-} | {
-    type: 'turn_failed';
-    turnId: string;
-    error: unknown;
-} | {
-    type: 'session_status';
-    status: string;
-} | {
-    type: 'tool_suspended';
-    callId: string;
-    name: string;
-    stepId?: string;
-} | {
-    type: 'tool_resumed';
-    callId: string;
-    name: string;
-    stepId?: string;
-} | {
-    type: 'compaction_started';
-} | {
-    type: 'compaction_boundary';
-    summary?: string;
-};
-interface TimelineRawRef {
-    providerEventType?: string;
-    logPath?: string;
-    offset?: number;
-}
-interface TimelineEnvelope {
-    sessionId: string;
-    provider: TimelineProvider;
-    seq: number;
-    epoch: string;
-    timestamp: number;
-    item: TimelineItem;
-    rawRef?: TimelineRawRef;
-}
-interface TimelineCursor {
-    epoch: string;
-    afterSeq: number;
-}
-interface TimelineFetchRequest {
-    cursor?: TimelineCursor;
-    limit?: number;
-}
-interface TimelineFetchResult {
-    items: TimelineEnvelope[];
-    nextCursor: TimelineCursor;
-    hasGap: boolean;
-}
-interface CreateTimelineSequencerOptions {
-    sessionId: string;
-    provider: TimelineProvider;
-    epoch: string;
-    startSeq?: number;
-    now?: () => number;
-}
-interface TimelineSequencer {
-    append(item: TimelineItem, rawRef?: TimelineRawRef): TimelineEnvelope;
-}
-declare function createTimelineSequencer(options: CreateTimelineSequencerOptions): TimelineSequencer;
-declare function appendTimelineItem(envelope: TimelineEnvelope): TimelineEnvelope;
-declare function createTimelineCursor(cursor: TimelineCursor): TimelineCursor;
-declare function fetchTimeline(timeline: TimelineEnvelope[], request?: TimelineFetchRequest): TimelineFetchResult;
-declare function mergeTimeline(existing: TimelineEnvelope[], incoming: TimelineEnvelope[]): TimelineEnvelope[];
-
-export { type CreateTimelineSequencerOptions, type TimelineCommandOrigin, type TimelineCursor, type TimelineEnvelope, type TimelineFetchRequest, type TimelineFetchResult, type TimelineItem, type TimelinePermissionRequest, type TimelinePermissionResolution, type TimelinePermissionScope, type TimelineProvider, type TimelineRawRef, type TimelineSequencer, type TimelineToolStatus, type ToolIntent, appendTimelineItem, createTimelineCursor, createTimelineSequencer, fetchTimeline, mergeTimeline };
-
-// ── inlined from @weft/core ──
-// -- @weft/core/index.d.ts --
-
-/**
- * Mode Types and Constants
- *
- * Pure types and UI configuration for permission modes.
- * Note: This file imports zod for schema definitions.
- * Type-only imports (PermissionMode, PermissionModeCanonical) have no runtime cost.
- */
-
-/**
- * Available permission modes (internal storage keys).
- *
- * UI-facing canonical names are:
- * - explore  -> safe
- * - ask      -> ask
- * - execute  -> allow-all
- */
-type PermissionMode = 'safe' | 'ask' | 'allow-all';
-/**
- * Canonical mode names used in user-facing/session-state surfaces.
- */
-type PermissionModeCanonical = 'explore' | 'ask' | 'execute';
-
-/**
- * Thinking Level Configuration
- *
- * Six-tier thinking system for extended reasoning:
- * - OFF: No extended thinking (disabled)
- * - Low: Light reasoning, faster responses
- * - Medium: Balanced speed and reasoning (default)
- * - High: Deep reasoning for complex tasks
- * - XHigh: Extra-high reasoning — Anthropic's recommended level for Opus 4.7 agentic/coding work
- * - Max: Maximum effort reasoning
- *
- * Session-level setting with workspace defaults.
- *
- * Provider mappings:
- * - Anthropic: adaptive thinking + effort levels (Opus 4.7+). On models that
- *   don't accept `xhigh`, the Anthropic SDK silently falls back to `high`.
- * - Pi/OpenAI: reasoning_effort via Pi SDK levels. Pi's ceiling is `xhigh`,
- *   so Weft's `max` saturates there.
- */
-/**
- * Ordered list of valid thinking level IDs. Single source of truth — the
- * `ThinkingLevel` type, `THINKING_LEVELS` metadata, the Zod schema in
- * `validators.ts`, and runtime validation/error messages all derive from this.
- *
- * Order is significant: it determines UI ordering (low → max).
- */
-declare const THINKING_LEVEL_IDS: readonly ["off", "low", "medium", "high", "xhigh", "max"];
-type ThinkingLevel = (typeof THINKING_LEVEL_IDS)[number];
-interface ThinkingLevelDefinition {
-    id: ThinkingLevel;
-    /** Translation key for the display name (resolve with t() at render site) */
-    nameKey: string;
-    /** Translation key for the description (resolve with t() at render site) */
-    descriptionKey: string;
-}
-/**
- * Available thinking levels with display metadata.
- * Used in UI dropdowns and for validation.
- *
- * Labels use translation keys — resolve with t(level.nameKey) in components.
- */
-declare const THINKING_LEVELS: readonly ThinkingLevelDefinition[];
-/**
- * Map ThinkingLevel to Anthropic SDK effort parameter.
- * Used with adaptive thinking (thinking: { type: 'adaptive' }).
- * Returns null for 'off' (thinking should be disabled entirely).
- */
-declare const THINKING_TO_EFFORT: Record<ThinkingLevel, 'low' | 'medium' | 'high' | 'xhigh' | 'max' | null>;
-/**
- * Get the thinking token budget for a given level and model.
- * Used as fallback for models that don't support adaptive thinking.
- *
- * @param level - The thinking level
- * @param modelId - The model ID (e.g., 'claude-haiku-4-5-20251001')
- * @returns Number of thinking tokens to allocate
- */
-declare function getThinkingTokens(level: ThinkingLevel, modelId: string): number;
-/**
- * Get the translation key for a thinking level's display name.
- * Resolve with t() or i18n.t() at the call site.
- */
-declare function getThinkingLevelNameKey(level: ThinkingLevel): string;
-/**
- * Validate that a value is a valid ThinkingLevel.
- */
-declare function isValidThinkingLevel(value: unknown): value is ThinkingLevel;
-/**
- * Normalize a persisted thinking level value, handling legacy values.
- * Maps the old 'think' value to 'medium' for backward compatibility.
- *
- * TODO: Remove the legacy 'think' compatibility path after old persisted session
- * and workspace data has realistically aged out across upgrades.
- *
- * @returns The normalized ThinkingLevel, or undefined if the value is invalid
- */
-declare function normalizeThinkingLevel(value: unknown): ThinkingLevel | undefined;
-
-/**
- * Server DTO types — data shapes used by RPC handlers and SessionManager.
- *
- * Extracted here so handler code in @weft can import
- * from @weft/protocol without reaching into the app.
- */
-
-/**
- * Dynamic status ID referencing workspace status config.
- * Validated at runtime via validateSessionStatus().
- * Falls back to 'todo' if status doesn't exist.
- */
-type SessionStatus = string;
-type BuiltInStatusId = 'todo' | 'in-progress' | 'needs-review' | 'done' | 'cancelled';
-/**
- * Electron-specific Session type (includes runtime state).
- * Extends core Session with messages array and processing state.
- */
-interface Session {
-    id: string;
-    workspaceId: string;
-    workspaceName: string;
-    name?: string;
-    /** Preview of first user message (from JSONL header, for lazy-loaded sessions) */
-    preview?: string;
-    lastMessageAt: number;
-    messages: Message[];
-    isProcessing: boolean;
-    isFlagged?: boolean;
-    /** Permission mode for this session ('safe', 'ask', 'allow-all') */
-    permissionMode?: PermissionMode;
-    sessionStatus?: SessionStatus;
-    /** Labels (additive tags, many-per-session — bare IDs or "id::value" entries) */
-    labels?: string[];
-    lastReadMessageId?: string;
-    /**
-     * Explicit unread flag - single source of truth for NEW badge.
-     * Set to true when assistant message completes while user is NOT viewing.
-     * Set to false when user views the session (and not processing).
-     */
-    hasUnread?: boolean;
-    enabledSourceSlugs?: string[];
-    workingDirectory?: string;
-    sessionFolderPath?: string;
-    sharedUrl?: string;
-    sharedId?: string;
-    model?: string;
-    llmConnection?: string;
-    thinkingLevel?: ThinkingLevel;
-    lastMessageRole?: 'user' | 'assistant' | 'plan' | 'tool' | 'error';
-    lastFinalMessageId?: string;
-    isAsyncOperationOngoing?: boolean;
-    /** @deprecated Use isAsyncOperationOngoing instead */
-    isRegeneratingTitle?: boolean;
-    currentStatus?: {
-        message: string;
-        statusType?: string;
-    };
-    createdAt?: number;
-    messageCount?: number;
-    tokenUsage?: {
-        inputTokens: number;
-        outputTokens: number;
-        totalTokens: number;
-        contextTokens: number;
-        costUsd: number;
-        cacheReadTokens?: number;
-        cacheCreationTokens?: number;
-        /** Model's context window size in tokens (from SDK modelUsage) */
-        contextWindow?: number;
-    };
-    /** When true, session is hidden from session list (e.g., mini edit sessions) */
-    hidden?: boolean;
-    isArchived?: boolean;
-    archivedAt?: number;
-    supportsBranching?: boolean;
-}
-interface CreateSessionOptions {
-    name?: string;
-    permissionMode?: PermissionMode;
-    /**
-     * Reasoning/thinking level override. When set, takes precedence over workspace
-     * and global defaults. Silently ignored by the underlying SDK on non-reasoning
-     * models (e.g. gpt-4o) — provider drivers don't attach the reasoning param to
-     * the API request for models with `reasoning: false` in the Pi SDK catalog.
-     */
-    thinkingLevel?: ThinkingLevel;
-    /**
-     * Working directory for the session:
-     * - 'user_default' or undefined: Use workspace's configured default working directory
-     * - 'none': No working directory (session folder only)
-     * - Absolute path string: Use this specific path
-     */
-    workingDirectory?: string | 'user_default' | 'none';
-    model?: string;
-    llmConnection?: string;
-    systemPromptPreset?: 'default' | 'mini' | string;
-    hidden?: boolean;
-    sessionStatus?: SessionStatus;
-    labels?: string[];
-    isFlagged?: boolean;
-    enabledSourceSlugs?: string[];
-    /**
-     * Message ID to branch from. This is a hard context cutoff:
-     * the new session must not include model context from later parent messages.
-     */
-    branchFromMessageId?: string;
-    /** Parent session ID used together with branchFromMessageId. */
-    branchFromSessionId?: string;
-}
-interface RemoteSessionTransferPayload {
-    sourceSessionId: string;
-    name?: string;
-    sessionStatus?: SessionStatus;
-    labels?: string[];
-    permissionMode?: PermissionMode;
-    summary: string;
-}
-interface ImportRemoteSessionTransferResult {
-    sessionId: string;
-}
-interface PermissionModeState {
-    permissionMode: PermissionMode;
-    previousPermissionMode?: PermissionMode;
-    transitionDisplay?: string;
-    modeVersion: number;
-    changedAt: string;
-    changedBy: 'user' | 'system' | 'restore' | 'automation' | 'unknown';
-}
-type SessionEvent = {
-    type: 'text_delta';
-    sessionId: string;
-    delta: string;
-    turnId?: string;
-} | {
-    type: 'text_complete';
-    sessionId: string;
-    text: string;
-    isIntermediate?: boolean;
-    turnId?: string;
-    parentToolUseId?: string;
-    timestamp?: number;
-    messageId?: string;
-} | {
-    type: 'tool_start';
-    sessionId: string;
-    toolName: string;
-    toolUseId: string;
-    toolInput: Record<string, unknown>;
-    toolIntent?: string;
-    toolDisplayName?: string;
-    toolDisplayMeta?: ToolDisplayMeta;
-    turnId?: string;
-    parentToolUseId?: string;
-    timestamp?: number;
-} | {
-    type: 'tool_result';
-    sessionId: string;
-    toolUseId: string;
-    toolName: string;
-    result: string;
-    turnId?: string;
-    parentToolUseId?: string;
-    isError?: boolean;
-    timestamp?: number;
-} | {
-    type: 'error';
-    sessionId: string;
-    error: string;
-    timestamp?: number;
-} | {
-    type: 'typed_error';
-    sessionId: string;
-    error: TypedError;
-    timestamp?: number;
-} | {
-    type: 'complete';
-    sessionId: string;
-    tokenUsage?: Session['tokenUsage'];
-    hasUnread?: boolean;
-} | {
-    type: 'interrupted';
-    sessionId: string;
-    message?: Message;
-    queuedMessages?: string[];
-} | {
-    type: 'status';
-    sessionId: string;
-    message: string;
-    statusType?: 'compacting';
-} | {
-    type: 'info';
-    sessionId: string;
-    message: string;
-    statusType?: 'compaction_complete';
-    level?: 'info' | 'warning' | 'error' | 'success';
-    timestamp?: number;
-} | {
-    type: 'title_generated';
-    sessionId: string;
-    title: string;
-} | {
-    type: 'title_regenerating';
-    sessionId: string;
-    isRegenerating: boolean;
-} | {
-    type: 'async_operation';
-    sessionId: string;
-    isOngoing: boolean;
-} | {
-    type: 'working_directory_changed';
-    sessionId: string;
-    workingDirectory: string;
-} | {
-    type: 'permission_request';
-    sessionId: string;
-    request: PermissionRequest;
-} | {
-    type: 'credential_request';
-    sessionId: string;
-    request: CredentialRequest;
-} | {
-    type: 'permission_mode_changed';
-    sessionId: string;
-    permissionMode: PermissionMode;
-    previousPermissionMode?: PermissionMode;
-    transitionDisplay?: string;
-    modeVersion?: number;
-    changedAt?: string;
-    changedBy?: PermissionModeState['changedBy'];
-} | {
-    type: 'plan_submitted';
-    sessionId: string;
-    message: Message;
-} | {
-    type: 'sources_changed';
-    sessionId: string;
-    enabledSourceSlugs: string[];
-} | {
-    type: 'labels_changed';
-    sessionId: string;
-    labels: string[];
-} | {
-    type: 'connection_changed';
-    sessionId: string;
-    connectionSlug: string;
-    supportsBranching?: boolean;
-} | {
-    type: 'task_backgrounded';
-    sessionId: string;
-    toolUseId: string;
-    taskId: string;
-    intent?: string;
-    turnId?: string;
-} | {
-    type: 'shell_backgrounded';
-    sessionId: string;
-    toolUseId: string;
-    shellId: string;
-    intent?: string;
-    command?: string;
-    turnId?: string;
-} | {
-    type: 'task_progress';
-    sessionId: string;
-    toolUseId: string;
-    elapsedSeconds: number;
-    turnId?: string;
-} | {
-    type: 'task_completed';
-    sessionId: string;
-    taskId: string;
-    status: 'completed' | 'failed' | 'stopped';
-    outputFile?: string;
-    summary?: string;
-    turnId?: string;
-} | {
-    type: 'shell_killed';
-    sessionId: string;
-    shellId: string;
-} | {
-    type: 'user_message';
-    sessionId: string;
-    message: Message;
-    status: 'accepted' | 'queued' | 'processing';
-    optimisticMessageId?: string;
-} | {
-    type: 'session_flagged';
-    sessionId: string;
-} | {
-    type: 'session_unflagged';
-    sessionId: string;
-} | {
-    type: 'session_archived';
-    sessionId: string;
-} | {
-    type: 'session_unarchived';
-    sessionId: string;
-} | {
-    type: 'name_changed';
-    sessionId: string;
-    name?: string;
-} | {
-    type: 'session_model_changed';
-    sessionId: string;
-    model: string | null;
-} | {
-    type: 'session_status_changed';
-    sessionId: string;
-    sessionStatus: SessionStatus;
-} | {
-    type: 'session_deleted';
-    sessionId: string;
-} | {
-    type: 'session_created';
-    sessionId: string;
-} | {
-    type: 'session_shared';
-    sessionId: string;
-    sharedUrl: string;
-} | {
-    type: 'session_unshared';
-    sessionId: string;
-} | {
-    type: 'auth_request';
-    sessionId: string;
-    message: Message;
-    request: AuthRequest;
-} | {
-    type: 'auth_completed';
-    sessionId: string;
-    requestId: string;
-    success: boolean;
-    cancelled?: boolean;
-    error?: string;
-} | {
-    type: 'source_activated';
-    sessionId: string;
-    sourceSlug: string;
-    originalMessage: string;
-} | {
-    type: 'usage_update';
-    sessionId: string;
-    tokenUsage: {
-        inputTokens: number;
-        contextWindow?: number;
-    };
-} | {
-    type: 'message_annotations_updated';
-    sessionId: string;
-    messageId: string;
-    annotations: AnnotationV1[];
-} | {
-    type: 'working_directory_error';
-    sessionId: string;
-    error: string;
-};
-interface SendMessageOptions {
-    skillSlugs?: string[];
-    badges?: ContentBadge[];
-    optimisticMessageId?: string;
-}
-type SessionCommand = {
-    type: 'flag';
-} | {
-    type: 'unflag';
-} | {
-    type: 'archive';
-} | {
-    type: 'unarchive';
-} | {
-    type: 'rename';
-    name: string;
-} | {
-    type: 'setSessionStatus';
-    state: SessionStatus;
-} | {
-    type: 'markRead';
-} | {
-    type: 'markUnread';
-} | {
-    type: 'setActiveViewing';
-    workspaceId: string;
-} | {
-    type: 'setPermissionMode';
-    mode: PermissionMode;
-} | {
-    type: 'setThinkingLevel';
-    level: ThinkingLevel;
-} | {
-    type: 'updateWorkingDirectory';
-    dir: string;
-} | {
-    type: 'setSources';
-    sourceSlugs: string[];
-} | {
-    type: 'setLabels';
-    labels: string[];
-} | {
-    type: 'showInFinder';
-} | {
-    type: 'copyPath';
-} | {
-    type: 'shareToViewer';
-} | {
-    type: 'updateShare';
-} | {
-    type: 'revokeShare';
-} | {
-    type: 'refreshTitle';
-} | {
-    type: 'setConnection';
-    connectionSlug: string;
-} | {
-    type: 'setPendingPlanExecution';
-    planPath: string;
-    draftInputSnapshot?: string;
-} | {
-    type: 'markCompactionComplete';
-} | {
-    type: 'markPendingPlanExecutionDispatched';
-} | {
-    type: 'clearPendingPlanExecution';
-} | {
-    type: 'addAnnotation';
-    messageId: string;
-    annotation: AnnotationV1;
-} | {
-    type: 'removeAnnotation';
-    messageId: string;
-    annotationId: string;
-} | {
-    type: 'updateAnnotation';
-    messageId: string;
-    annotationId: string;
-    patch: Partial<AnnotationV1>;
-};
-interface NewChatActionParams {
-    input?: string;
-    name?: string;
-}
-
-/**
- * Permission request with session context (for multi-session Electron app)
- */
-interface PermissionRequest extends PermissionRequest$1 {
-    sessionId: string;
-}
-interface PermissionResponseOptions {
-    rememberForMinutes?: number;
-}
-
-/**
- * Credential request from agent — prompts user for credentials
- * (e.g., API key, username/password, OAuth token)
- */
-interface CredentialRequest {
-    requestId: string;
-    toolName: string;
-    description: string;
-    credentialMode?: CredentialInputMode;
-    headerName?: string;
-    headerNames?: string[];
-    labels?: {
-        credential?: string;
-        username?: string;
-        password?: string;
-    };
-    hint?: string;
-    sourceUrl?: string;
-    passwordRequired?: boolean;
-}
-/**
- * Auth request — unified auth flow (credential or OAuth)
- */
-interface AuthRequest {
-    requestId: string;
-    type: AuthRequestType;
-    sourceSlug?: string;
-    sourceName?: string;
-    description?: string;
-    credentialMode?: CredentialInputMode;
-    headerName?: string;
-    headerNames?: string[];
-    labels?: {
-        credential?: string;
-        username?: string;
-        password?: string;
-    };
-    hint?: string;
-    sourceUrl?: string;
-    passwordRequired?: boolean;
-}
-interface CredentialResponse {
-    type: 'credential';
-    value?: string;
-    username?: string;
-    password?: string;
-    headers?: Record<string, string>;
-    cancelled: boolean;
-}
-/** Server-side directory listing result (for remote directory browsing). */
-interface DirectoryListingResult {
-    /** Normalized absolute path of the listed directory (after resolve(), not symlink-resolved). */
-    currentPath: string;
-    /** Parent directory path, or null if at root. */
-    parentPath: string | null;
-    /** Pre-split breadcrumb segments for display (computed server-side). */
-    breadcrumbs: Array<{
-        name: string;
-        path: string;
-    }>;
-    /** Server platform info. */
-    platform: 'win32' | 'darwin' | 'linux';
-    /** Whether the server truncated the directory list for safety/performance. */
-    truncated: boolean;
-    /** Total number of matching child directories before truncation. */
-    totalEntries: number;
-    /** Child directory entries. */
-    entries: Array<{
-        name: string;
-        path: string;
-        isSymlink: boolean;
-    }>;
-}
-interface FileAttachment {
-    type: 'image' | 'text' | 'pdf' | 'office' | 'audio' | 'unknown';
-    path: string;
-    name: string;
-    mimeType: string;
-    base64?: string;
-    text?: string;
-    size: number;
-    thumbnailBase64?: string;
-}
-interface SessionFile {
-    name: string;
-    path: string;
-    type: 'file' | 'directory';
-    size?: number;
-    children?: SessionFile[];
-}
-interface FileSearchResult {
-    name: string;
-    path: string;
-    type: 'file' | 'directory';
-    relativePath: string;
-}
-interface LlmConnectionSetup {
-    slug: string;
-    credential?: string;
-    baseUrl?: string | null;
-    defaultModel?: string | null;
-    models?: string[] | null;
-    piAuthProvider?: string;
-    modelSelectionMode?: 'automaticallySyncedFromProvider' | 'userDefined3Tier';
-    /** When true, reject setup if the connection doesn't already exist (reauth guard). */
-    updateOnly?: boolean;
-    /** Custom endpoint protocol for arbitrary OpenAI/Anthropic-compatible APIs */
-    customEndpoint?: Record<string, unknown>;
-    /** IAM credentials for Pi+Bedrock (piAuthProvider='amazon-bedrock') connections */
-    iamCredentials?: {
-        accessKeyId: string;
-        secretAccessKey: string;
-        sessionToken?: string;
-    };
-    /** AWS region for Pi+Bedrock connections */
-    awsRegion?: string;
-    /** Bedrock authentication method — determines auth type for Pi+Bedrock connections */
-    bedrockAuthMethod?: 'iam_credentials' | 'environment';
-}
-interface TestLlmConnectionParams {
-    provider: 'anthropic' | 'pi';
-    apiKey: string;
-    baseUrl?: string;
-    model?: string;
-    piAuthProvider?: string;
-    /** Optional custom endpoint protocol hint so setup tests mirror runtime routing */
-    customEndpoint?: Record<string, unknown>;
-}
-interface TestLlmConnectionResult {
-    success: boolean;
-    error?: string;
-}
-interface SkillFile {
-    name: string;
-    type: 'file' | 'directory';
-    size?: number;
-    children?: SkillFile[];
-}
-interface OAuthResult {
-    success: boolean;
-    error?: string;
-}
-interface McpValidationResult {
-    success: boolean;
-    error?: string;
-    tools?: string[];
-}
-interface McpToolWithPermission {
-    name: string;
-    description?: string;
-    allowed: boolean;
-}
-interface McpToolsResult {
-    success: boolean;
-    error?: string;
-    tools?: McpToolWithPermission[];
-}
-interface SessionSearchMatch {
-    sessionId: string;
-    lineNumber: number;
-    snippet: string;
-}
-interface SessionSearchResult {
-    sessionId: string;
-    matchCount: number;
-    matches: SessionSearchMatch[];
-}
-interface UnreadSummary {
-    totalUnreadSessions: number;
-    byWorkspace: Record<string, number>;
-    hasUnreadByWorkspace: Record<string, boolean>;
-}
-interface ShareResult {
-    success: boolean;
-    url?: string;
-    error?: string;
-}
-interface RefreshTitleResult {
-    success: boolean;
-    title?: string;
-    error?: string;
-}
-interface PlanStep {
-    id: string;
-    description: string;
-    tools?: string[];
-    status?: 'pending' | 'in_progress' | 'completed' | 'failed' | 'skipped';
-}
-interface Plan {
-    id: string;
-    title: string;
-    summary?: string;
-    steps: PlanStep[];
-    questions?: string[];
-    state?: 'creating' | 'refining' | 'ready' | 'executing' | 'completed' | 'cancelled';
-    createdAt?: number;
-    updatedAt?: number;
-}
-interface GitBashStatus {
-    found: boolean;
-    path: string | null;
-    platform: 'win32' | 'darwin' | 'linux';
-}
-interface UpdateInfo {
-    available: boolean;
-    currentVersion: string;
-    latestVersion: string | null;
-    downloadState: 'idle' | 'downloading' | 'ready' | 'installing' | 'error';
-    downloadProgress: number;
-    error?: string;
-}
-interface WorkspaceSettings {
-    name?: string;
-    model?: string;
-    permissionMode?: PermissionMode;
-    cyclablePermissionModes?: PermissionMode[];
-    thinkingLevel?: ThinkingLevel;
-    workingDirectory?: string;
-    localMcpEnabled?: boolean;
-    defaultLlmConnection?: string;
-    enabledSourceSlugs?: string[];
-}
-interface ClaudeOAuthResult {
-    success: boolean;
-    token?: string;
-    error?: string;
-}
-type TestAutomationAction = {
-    type: 'prompt';
-    prompt: string;
-    llmConnection?: string;
-    model?: string;
-    thinkingLevel?: ThinkingLevel;
-} | {
-    type: 'webhook';
-    url: string;
-    method?: string;
-    headers?: Record<string, string>;
-    bodyFormat?: 'json' | 'form' | 'raw';
-    body?: unknown;
-    captureResponse?: boolean;
-    auth?: {
-        type: 'basic';
-        username: string;
-        password: string;
-    } | {
-        type: 'bearer';
-        token: string;
-    };
-};
-interface TestAutomationPayload {
-    workspaceId: string;
-    automationId?: string;
-    automationName?: string;
-    actions: TestAutomationAction[];
-    permissionMode?: PermissionMode;
-    labels?: string[];
-    /** Forwarded from the matcher; routes test-run sessions into a Telegram topic when paired. */
-    telegramTopic?: string;
-}
-type TestAutomationActionResult = {
-    type: 'prompt';
-    success: boolean;
-    stderr?: string;
-    sessionId?: string;
-    duration: number;
-} | {
-    type: 'webhook';
-    success: boolean;
-    url: string;
-    statusCode: number;
-    error?: string;
-    duration: number;
-};
-interface TestAutomationResult {
-    actions: TestAutomationActionResult[];
-}
-type WindowCloseRequestSource = 'keyboard-shortcut' | 'window-button' | 'unknown';
-interface WindowCloseRequest {
-    source: WindowCloseRequestSource;
-}
-interface BrowserInstanceInfo {
-    id: string;
-    url: string;
-    title: string;
-    favicon: string | null;
-    isLoading: boolean;
-    canGoBack: boolean;
-    canGoForward: boolean;
-    boundSessionId: string | null;
-    ownerType: 'session' | 'manual';
-    ownerSessionId: string | null;
-    isVisible: boolean;
-    agentControlActive: boolean;
-    themeColor: string | null;
-}
-interface DeepLinkNavigation {
-    view?: string;
-    tabType?: string;
-    tabParams?: Record<string, string>;
-    action?: string;
-    actionParams?: Record<string, string>;
-}
-
-/**
- * RPC channel names — organized by domain namespace.
- * Wire-format strings (values) are the stable API contract.
- * Key paths are internal and may be reorganized freely.
- */
-declare const RPC_CHANNELS: {
-    readonly remote: {
-        readonly TEST_CONNECTION: "remote:testConnection";
-    };
-    readonly server: {
-        readonly GET_WORKSPACES: "server:getWorkspaces";
-        readonly CREATE_WORKSPACE: "server:createWorkspace";
-        readonly GET_STATUS: "server:getStatus";
-        readonly GET_HEALTH: "server:getHealth";
-        readonly GET_ACTIVE_SESSIONS: "server:getActiveSessions";
-        readonly SHUTTING_DOWN: "server:shuttingDown";
-        readonly STATUS_CHANGED: "server:statusChanged";
-        readonly HOME_DIR: "server:homeDir";
-    };
-    readonly sessions: {
-        readonly GET: "sessions:get";
-        readonly GET_UNREAD_SUMMARY: "sessions:getUnreadSummary";
-        readonly MARK_ALL_READ: "sessions:markAllRead";
-        readonly UNREAD_SUMMARY_CHANGED: "sessions:unreadSummaryChanged";
-        readonly CREATE: "sessions:create";
-        readonly DELETE: "sessions:delete";
-        readonly GET_MESSAGES: "sessions:getMessages";
-        readonly SEND_MESSAGE: "sessions:sendMessage";
-        readonly CANCEL: "sessions:cancel";
-        readonly KILL_SHELL: "sessions:killShell";
-        readonly RESPOND_TO_PERMISSION: "sessions:respondToPermission";
-        readonly RESPOND_TO_CREDENTIAL: "sessions:respondToCredential";
-        readonly COMMAND: "sessions:command";
-        readonly GET_PENDING_PLAN_EXECUTION: "sessions:getPendingPlanExecution";
-        readonly GET_PERMISSION_MODE_STATE: "sessions:getPermissionModeState";
-        readonly EVENT: "session:event";
-        readonly GET_MODEL: "session:getModel";
-        readonly SET_MODEL: "session:setModel";
-        readonly GET_FILES: "sessions:getFiles";
-        readonly GET_NOTES: "sessions:getNotes";
-        readonly SET_NOTES: "sessions:setNotes";
-        readonly WATCH_FILES: "sessions:watchFiles";
-        readonly UNWATCH_FILES: "sessions:unwatchFiles";
-        readonly FILES_CHANGED: "sessions:filesChanged";
-        readonly SEARCH_CONTENT: "sessions:searchContent";
-        readonly EXPORT: "sessions:export";
-        readonly IMPORT: "sessions:import";
-        readonly EXPORT_REMOTE_TRANSFER: "sessions:exportRemoteTransfer";
-        readonly IMPORT_REMOTE_TRANSFER: "sessions:importRemoteTransfer";
-    };
-    readonly transfer: {
-        readonly START: "transfer:start";
-        readonly CHUNK: "transfer:chunk";
-        readonly COMMIT: "transfer:commit";
-        readonly ABORT: "transfer:abort";
-    };
-    readonly tasks: {
-        readonly GET_OUTPUT: "tasks:getOutput";
-    };
-    readonly workspaces: {
-        readonly GET: "workspaces:get";
-        readonly CREATE: "workspaces:create";
-        readonly CHECK_SLUG: "workspaces:checkSlug";
-        readonly UPDATE_REMOTE: "workspaces:updateRemote";
-    };
-    readonly window: {
-        readonly GET_WORKSPACE: "window:getWorkspace";
-        readonly GET_MODE: "window:getMode";
-        readonly OPEN_WORKSPACE: "window:openWorkspace";
-        readonly OPEN_SESSION_IN_NEW_WINDOW: "window:openSessionInNewWindow";
-        readonly SWITCH_WORKSPACE: "window:switchWorkspace";
-        readonly CLOSE: "window:close";
-        readonly CLOSE_REQUESTED: "window:closeRequested";
-        readonly CONFIRM_CLOSE: "window:confirmClose";
-        readonly CANCEL_CLOSE: "window:cancelClose";
-        readonly SET_TRAFFIC_LIGHTS: "window:setTrafficLights";
-        readonly FOCUS_STATE: "window:focusState";
-        readonly GET_FOCUS_STATE: "window:getFocusState";
-    };
-    readonly file: {
-        readonly READ: "file:read";
-        readonly READ_DATA_URL: "file:readDataUrl";
-        readonly READ_PREVIEW_DATA_URL: "file:readPreviewDataUrl";
-        readonly READ_BINARY: "file:readBinary";
-        readonly OPEN_DIALOG: "file:openDialog";
-        readonly READ_ATTACHMENT: "file:readAttachment";
-        readonly READ_USER_ATTACHMENT: "file:readUserAttachment";
-        readonly STORE_ATTACHMENT: "file:storeAttachment";
-        readonly GENERATE_THUMBNAIL: "file:generateThumbnail";
-    };
-    readonly fs: {
-        readonly SEARCH: "fs:search";
-        readonly LIST_DIRECTORY: "fs:listDirectory";
-    };
-    readonly debug: {
-        readonly LOG: "debug:log";
-    };
-    readonly theme: {
-        readonly GET_SYSTEM_PREFERENCE: "theme:getSystemPreference";
-        readonly SYSTEM_CHANGED: "theme:systemChanged";
-        readonly APP_CHANGED: "theme:appChanged";
-        readonly GET_APP: "theme:getApp";
-        readonly GET_PRESETS: "theme:getPresets";
-        readonly LOAD_PRESET: "theme:loadPreset";
-        readonly GET_COLOR_THEME: "theme:getColorTheme";
-        readonly SET_COLOR_THEME: "theme:setColorTheme";
-        readonly BROADCAST_PREFERENCES: "theme:broadcastPreferences";
-        readonly PREFERENCES_CHANGED: "theme:preferencesChanged";
-        readonly GET_WORKSPACE_COLOR_THEME: "theme:getWorkspaceColorTheme";
-        readonly SET_WORKSPACE_COLOR_THEME: "theme:setWorkspaceColorTheme";
-        readonly GET_ALL_WORKSPACE_THEMES: "theme:getAllWorkspaceThemes";
-        readonly BROADCAST_WORKSPACE_THEME: "theme:broadcastWorkspaceTheme";
-        readonly WORKSPACE_THEME_CHANGED: "theme:workspaceThemeChanged";
-    };
-    readonly system: {
-        readonly VERSIONS: "system:versions";
-        readonly HOME_DIR: "system:homeDir";
-        readonly IS_DEBUG_MODE: "system:isDebugMode";
-    };
-    readonly update: {
-        readonly CHECK: "update:check";
-        readonly GET_INFO: "update:getInfo";
-        readonly INSTALL: "update:install";
-        readonly DISMISS: "update:dismiss";
-        readonly GET_DISMISSED: "update:getDismissed";
-        readonly AVAILABLE: "update:available";
-        readonly DOWNLOAD_PROGRESS: "update:downloadProgress";
-    };
-    readonly shell: {
-        readonly OPEN_URL: "shell:openUrl";
-        readonly OPEN_FILE: "shell:openFile";
-        readonly SHOW_IN_FOLDER: "shell:showInFolder";
-    };
-    readonly menu: {
-        readonly NEW_CHAT: "menu:newChat";
-        readonly NEW_WINDOW: "menu:newWindow";
-        readonly OPEN_SETTINGS: "menu:openSettings";
-        readonly KEYBOARD_SHORTCUTS: "menu:keyboardShortcuts";
-        readonly TOGGLE_FOCUS_MODE: "menu:toggleFocusMode";
-        readonly TOGGLE_SIDEBAR: "menu:toggleSidebar";
-        readonly QUIT: "menu:quit";
-        readonly MINIMIZE: "menu:minimize";
-        readonly MAXIMIZE: "menu:maximize";
-        readonly ZOOM_IN: "menu:zoomIn";
-        readonly ZOOM_OUT: "menu:zoomOut";
-        readonly ZOOM_RESET: "menu:zoomReset";
-        readonly TOGGLE_DEV_TOOLS: "menu:toggleDevTools";
-        readonly UNDO: "menu:undo";
-        readonly REDO: "menu:redo";
-        readonly CUT: "menu:cut";
-        readonly COPY: "menu:copy";
-        readonly PASTE: "menu:paste";
-        readonly SELECT_ALL: "menu:selectAll";
-    };
-    readonly deeplink: {
-        readonly NAVIGATE: "deeplink:navigate";
-    };
-    readonly auth: {
-        readonly LOGOUT: "auth:logout";
-        readonly SHOW_LOGOUT_CONFIRMATION: "auth:showLogoutConfirmation";
-        readonly SHOW_DELETE_SESSION_CONFIRMATION: "auth:showDeleteSessionConfirmation";
-    };
-    readonly credentials: {
-        readonly HEALTH_CHECK: "credentials:healthCheck";
-    };
-    readonly onboarding: {
-        readonly GET_AUTH_STATE: "onboarding:getAuthState";
-        readonly VALIDATE_MCP: "onboarding:validateMcp";
-        readonly START_MCP_OAUTH: "onboarding:startMcpOAuth";
-        readonly START_CLAUDE_OAUTH: "onboarding:startClaudeOAuth";
-        readonly EXCHANGE_CLAUDE_CODE: "onboarding:exchangeClaudeCode";
-        readonly HAS_CLAUDE_OAUTH_STATE: "onboarding:hasClaudeOAuthState";
-        readonly CLEAR_CLAUDE_OAUTH_STATE: "onboarding:clearClaudeOAuthState";
-        readonly DEFER_SETUP: "onboarding:deferSetup";
-    };
-    readonly llmConnections: {
-        readonly LIST: "LLM_Connection:list";
-        readonly LIST_WITH_STATUS: "LLM_Connection:listWithStatus";
-        readonly GET: "LLM_Connection:get";
-        readonly GET_API_KEY: "LLM_Connection:getApiKey";
-        readonly SAVE: "LLM_Connection:save";
-        readonly DELETE: "LLM_Connection:delete";
-        readonly TEST: "LLM_Connection:test";
-        readonly SET_DEFAULT: "LLM_Connection:setDefault";
-        readonly SET_WORKSPACE_DEFAULT: "LLM_Connection:setWorkspaceDefault";
-        readonly REFRESH_MODELS: "LLM_Connection:refreshModels";
-        readonly CHANGED: "LLM_Connection:changed";
-    };
-    readonly chatgpt: {
-        readonly START_OAUTH: "chatgpt:startOAuth";
-        readonly COMPLETE_OAUTH: "chatgpt:completeOAuth";
-        readonly CANCEL_OAUTH: "chatgpt:cancelOAuth";
-        readonly GET_AUTH_STATUS: "chatgpt:getAuthStatus";
-        readonly LOGOUT: "chatgpt:logout";
-    };
-    readonly copilot: {
-        readonly START_OAUTH: "copilot:startOAuth";
-        readonly CANCEL_OAUTH: "copilot:cancelOAuth";
-        readonly GET_AUTH_STATUS: "copilot:getAuthStatus";
-        readonly LOGOUT: "copilot:logout";
-        readonly DEVICE_CODE: "copilot:deviceCode";
-    };
-    readonly settings: {
-        readonly SETUP_LLM_CONNECTION: "settings:setupLlmConnection";
-        readonly TEST_LLM_CONNECTION_SETUP: "settings:testLlmConnectionSetup";
-        readonly GET_DEFAULT_THINKING_LEVEL: "settings:getDefaultThinkingLevel";
-        readonly SET_DEFAULT_THINKING_LEVEL: "settings:setDefaultThinkingLevel";
-        readonly GET_NETWORK_PROXY: "settings:getNetworkProxy";
-        readonly SET_NETWORK_PROXY: "settings:setNetworkProxy";
-        readonly GET_SERVER_CONFIG: "settings:getServerConfig";
-        readonly SET_SERVER_CONFIG: "settings:setServerConfig";
-        readonly GET_SERVER_STATUS: "settings:getServerStatus";
-    };
-    readonly pi: {
-        readonly GET_API_KEY_PROVIDERS: "pi:getApiKeyProviders";
-        readonly GET_PROVIDER_BASE_URL: "pi:getProviderBaseUrl";
-        readonly GET_PROVIDER_MODELS: "pi:getProviderModels";
-    };
-    readonly dialog: {
-        readonly OPEN_FOLDER: "dialog:openFolder";
-    };
-    readonly preferences: {
-        readonly READ: "preferences:read";
-        readonly WRITE: "preferences:write";
-    };
-    readonly drafts: {
-        readonly GET: "drafts:get";
-        readonly SET: "drafts:set";
-        readonly DELETE: "drafts:delete";
-        readonly GET_ALL: "drafts:getAll";
-    };
-    readonly sources: {
-        readonly GET: "sources:get";
-        readonly CREATE: "sources:create";
-        readonly DELETE: "sources:delete";
-        readonly START_OAUTH: "sources:startOAuth";
-        readonly SAVE_CREDENTIALS: "sources:saveCredentials";
-        readonly CHANGED: "sources:changed";
-        readonly GET_PERMISSIONS: "sources:getPermissions";
-        readonly GET_MCP_TOOLS: "sources:getMcpTools";
-    };
-    readonly oauth: {
-        readonly START: "oauth:start";
-        readonly COMPLETE: "oauth:complete";
-        readonly CANCEL: "oauth:cancel";
-        readonly REVOKE: "oauth:revoke";
-    };
-    readonly workspace: {
-        readonly GET_PERMISSIONS: "workspace:getPermissions";
-        readonly READ_IMAGE: "workspace:readImage";
-        readonly WRITE_IMAGE: "workspace:writeImage";
-        readonly SETTINGS_GET: "workspaceSettings:get";
-        readonly SETTINGS_UPDATE: "workspaceSettings:update";
-    };
-    readonly permissions: {
-        readonly GET_DEFAULTS: "permissions:getDefaults";
-        readonly DEFAULTS_CHANGED: "permissions:defaultsChanged";
-    };
-    readonly skills: {
-        readonly GET: "skills:get";
-        readonly GET_FILES: "skills:getFiles";
-        readonly DELETE: "skills:delete";
-        readonly OPEN_EDITOR: "skills:openEditor";
-        readonly OPEN_FINDER: "skills:openFinder";
-        readonly CHANGED: "skills:changed";
-    };
-    readonly statuses: {
-        readonly LIST: "statuses:list";
-        readonly REORDER: "statuses:reorder";
-        readonly CHANGED: "statuses:changed";
-    };
-    readonly labels: {
-        readonly LIST: "labels:list";
-        readonly CREATE: "labels:create";
-        readonly DELETE: "labels:delete";
-        readonly CHANGED: "labels:changed";
-    };
-    readonly views: {
-        readonly LIST: "views:list";
-        readonly SAVE: "views:save";
-    };
-    readonly toolIcons: {
-        readonly GET_MAPPINGS: "toolIcons:getMappings";
-    };
-    readonly logo: {
-        readonly GET_URL: "logo:getUrl";
-    };
-    readonly notification: {
-        readonly SHOW: "notification:show";
-        readonly NAVIGATE: "notification:navigate";
-        readonly GET_ENABLED: "notification:getEnabled";
-        readonly SET_ENABLED: "notification:setEnabled";
-    };
-    readonly input: {
-        readonly GET_AUTO_CAPITALISATION: "input:getAutoCapitalisation";
-        readonly SET_AUTO_CAPITALISATION: "input:setAutoCapitalisation";
-        readonly GET_SEND_MESSAGE_KEY: "input:getSendMessageKey";
-        readonly SET_SEND_MESSAGE_KEY: "input:setSendMessageKey";
-        readonly GET_SPELL_CHECK: "input:getSpellCheck";
-        readonly SET_SPELL_CHECK: "input:setSpellCheck";
-    };
-    readonly power: {
-        readonly GET_KEEP_AWAKE: "power:getKeepAwake";
-        readonly SET_KEEP_AWAKE: "power:setKeepAwake";
-    };
-    readonly appearance: {
-        readonly GET_RICH_TOOL_DESCRIPTIONS: "appearance:getRichToolDescriptions";
-        readonly SET_RICH_TOOL_DESCRIPTIONS: "appearance:setRichToolDescriptions";
-    };
-    readonly tools: {
-        readonly GET_BROWSER_TOOL_ENABLED: "tools:getBrowserToolEnabled";
-        readonly SET_BROWSER_TOOL_ENABLED: "tools:setBrowserToolEnabled";
-    };
-    readonly caching: {
-        readonly GET_EXTENDED_PROMPT_CACHE: "caching:getExtendedPromptCache";
-        readonly SET_EXTENDED_PROMPT_CACHE: "caching:setExtendedPromptCache";
-        readonly GET_ENABLE_1M_CONTEXT: "caching:getEnable1MContext";
-        readonly SET_ENABLE_1M_CONTEXT: "caching:setEnable1MContext";
-    };
-    readonly badge: {
-        readonly REFRESH: "badge:refresh";
-        readonly SET_ICON: "badge:setIcon";
-        readonly DRAW: "badge:draw";
-        readonly DRAW_WINDOWS: "badge:draw-windows";
-    };
-    readonly releaseNotes: {
-        readonly GET: "releaseNotes:get";
-        readonly GET_LATEST_VERSION: "releaseNotes:getLatestVersion";
-    };
-    readonly git: {
-        readonly GET_BRANCH: "git:getBranch";
-    };
-    readonly gitbash: {
-        readonly CHECK: "gitbash:check";
-        readonly BROWSE: "gitbash:browse";
-        readonly SET_PATH: "gitbash:setPath";
-    };
-    readonly browserPane: {
-        readonly CREATE: "browser-pane:create";
-        readonly DESTROY: "browser-pane:destroy";
-        readonly LIST: "browser-pane:list";
-        readonly NAVIGATE: "browser-pane:navigate";
-        readonly GO_BACK: "browser-pane:go-back";
-        readonly GO_FORWARD: "browser-pane:go-forward";
-        readonly RELOAD: "browser-pane:reload";
-        readonly STOP: "browser-pane:stop";
-        readonly FOCUS: "browser-pane:focus";
-        readonly SNAPSHOT: "browser-pane:snapshot";
-        readonly CLICK: "browser-pane:click";
-        readonly FILL: "browser-pane:fill";
-        readonly SELECT: "browser-pane:select";
-        readonly SCREENSHOT: "browser-pane:screenshot";
-        readonly EVALUATE: "browser-pane:evaluate";
-        readonly SCROLL: "browser-pane:scroll";
-        readonly LAUNCH: "browser-empty-state:launch";
-        readonly STATE_CHANGED: "browser-pane:state-changed";
-        readonly REMOVED: "browser-pane:removed";
-        readonly INTERACTED: "browser-pane:interacted";
-    };
-    readonly automations: {
-        readonly GET: "automations:get";
-        readonly TEST: "automations:test";
-        readonly SET_ENABLED: "automations:setEnabled";
-        readonly DUPLICATE: "automations:duplicate";
-        readonly DELETE: "automations:delete";
-        readonly GET_HISTORY: "automations:getHistory";
-        readonly GET_LAST_EXECUTED: "automations:getLastExecuted";
-        readonly REPLAY: "automations:replay";
-        readonly CHANGED: "automations:changed";
-    };
-    readonly resources: {
-        readonly EXPORT: "resources:export";
-        readonly IMPORT: "resources:import";
-    };
-    readonly messaging: {
-        readonly WA_REGISTER: "messaging:wa:register";
-        readonly WA_INCOMING: "messaging:wa:incoming";
-        readonly WA_BUTTON_PRESS: "messaging:wa:buttonPress";
-        readonly WA_STATUS: "messaging:wa:status";
-        readonly WA_QR: "messaging:wa:qr";
-        readonly WA_SEND: "messaging:wa:send";
-        readonly WA_SEND_BUTTONS: "messaging:wa:sendButtons";
-        readonly WA_SEND_TYPING: "messaging:wa:sendTyping";
-        readonly WA_SEND_FILE: "messaging:wa:sendFile";
-        readonly WA_CONNECT: "messaging:wa:connect";
-        readonly WA_DISCONNECT: "messaging:wa:disconnect";
-        readonly BINDING_CHANGED: "messaging:bindingChanged";
-        readonly PLATFORM_STATUS: "messaging:platformStatus";
-        /** Broadcast when the workspace's pending-senders list mutates. */
-        readonly PENDING_CHANGED: "messaging:pendingChanged";
-        readonly GET_CONFIG: "messaging:getConfig";
-        readonly UPDATE_CONFIG: "messaging:updateConfig";
-        readonly TEST_TELEGRAM: "messaging:testTelegram";
-        readonly SAVE_TELEGRAM: "messaging:saveTelegram";
-        readonly TEST_LARK: "messaging:testLark";
-        readonly SAVE_LARK: "messaging:saveLark";
-        readonly DISCONNECT: "messaging:disconnect";
-        readonly FORGET: "messaging:forget";
-        readonly GET_BINDINGS: "messaging:getBindings";
-        readonly GENERATE_CODE: "messaging:generateCode";
-        readonly UNBIND: "messaging:unbind";
-        readonly UNBIND_BINDING: "messaging:unbindBinding";
-        /** Workspace-supergroup pairing (Telegram forum support). UI ↔ Server. */
-        readonly GENERATE_SUPERGROUP_CODE: "messaging:generateSupergroupCode";
-        readonly GET_SUPERGROUP: "messaging:getSupergroup";
-        readonly UNBIND_SUPERGROUP: "messaging:unbindSupergroup";
-        readonly WA_START_CONNECT: "messaging:wa:startConnect";
-        readonly WA_SUBMIT_PHONE: "messaging:wa:submitPhone";
-        /** Broadcast to UI clients: QR string, pairing code, status, unavailable, error. */
-        readonly WA_UI_EVENT: "messaging:wa:uiEvent";
-        readonly GET_PLATFORM_OWNERS: "messaging:access:getOwners";
-        readonly SET_PLATFORM_OWNERS: "messaging:access:setOwners";
-        readonly GET_PLATFORM_ACCESS_MODE: "messaging:access:getMode";
-        readonly SET_PLATFORM_ACCESS_MODE: "messaging:access:setMode";
-        readonly GET_PENDING_SENDERS: "messaging:access:getPending";
-        readonly DISMISS_PENDING_SENDER: "messaging:access:dismissPending";
-        readonly ALLOW_PENDING_SENDER: "messaging:access:allowPending";
-        readonly SET_BINDING_ACCESS: "messaging:access:setBindingAccess";
-    };
-};
-
-/**
- * Typed event map for server → client push channels.
- * Keys are channel string literals, values are argument tuples.
- */
-
-interface BroadcastEventMap {
-    [RPC_CHANNELS.sessions.EVENT]: [event: SessionEvent];
-    [RPC_CHANNELS.sessions.UNREAD_SUMMARY_CHANGED]: [summary: UnreadSummary];
-    [RPC_CHANNELS.sessions.FILES_CHANGED]: [sessionId: string];
-    [RPC_CHANNELS.sources.CHANGED]: [workspaceId: string, sources: unknown[]];
-    [RPC_CHANNELS.labels.CHANGED]: [workspaceId: string];
-    [RPC_CHANNELS.statuses.CHANGED]: [workspaceId: string];
-    [RPC_CHANNELS.automations.CHANGED]: [workspaceId: string];
-    [RPC_CHANNELS.skills.CHANGED]: [workspaceId: string, skills: unknown[]];
-    [RPC_CHANNELS.llmConnections.CHANGED]: [];
-    [RPC_CHANNELS.permissions.DEFAULTS_CHANGED]: [value: null];
-    [RPC_CHANNELS.theme.APP_CHANGED]: [theme: Record<string, unknown> | null];
-    [RPC_CHANNELS.theme.SYSTEM_CHANGED]: [isDark: boolean];
-    [RPC_CHANNELS.theme.PREFERENCES_CHANGED]: [preferences: {
-        mode: string;
-        colorTheme: string;
-        font: string;
-    }];
-    [RPC_CHANNELS.theme.WORKSPACE_THEME_CHANGED]: [data: {
-        workspaceId: string;
-        themeId: string | null;
-    }];
-    [RPC_CHANNELS.update.AVAILABLE]: [info: UpdateInfo];
-    [RPC_CHANNELS.update.DOWNLOAD_PROGRESS]: [progress: number];
-    [RPC_CHANNELS.badge.DRAW]: [data: {
-        count: number;
-        iconDataUrl: string;
-    }];
-    [RPC_CHANNELS.badge.DRAW_WINDOWS]: [data: {
-        count: number;
-    }];
-    [RPC_CHANNELS.window.FOCUS_STATE]: [isFocused: boolean];
-    [RPC_CHANNELS.window.CLOSE_REQUESTED]: [];
-    [RPC_CHANNELS.browserPane.STATE_CHANGED]: [info: BrowserInstanceInfo];
-    [RPC_CHANNELS.browserPane.REMOVED]: [id: string];
-    [RPC_CHANNELS.browserPane.INTERACTED]: [id: string];
-    [RPC_CHANNELS.notification.NAVIGATE]: [data: {
-        workspaceId: string;
-        sessionId: string;
-    }];
-    [RPC_CHANNELS.deeplink.NAVIGATE]: [navigation: DeepLinkNavigation];
-    [RPC_CHANNELS.copilot.DEVICE_CODE]: [data: {
-        userCode: string;
-        verificationUri: string;
-    }];
-    [RPC_CHANNELS.menu.NEW_CHAT]: [];
-    [RPC_CHANNELS.menu.OPEN_SETTINGS]: [];
-    [RPC_CHANNELS.menu.KEYBOARD_SHORTCUTS]: [];
-    [RPC_CHANNELS.menu.TOGGLE_FOCUS_MODE]: [];
-    [RPC_CHANNELS.menu.TOGGLE_SIDEBAR]: [];
-    [RPC_CHANNELS.messaging.BINDING_CHANGED]: [workspaceId: string];
-    [RPC_CHANNELS.messaging.PLATFORM_STATUS]: [workspaceId: string, platform: string, connected: boolean];
-}
-
-interface ParsedMentions {
-    skills: string[];
-    invalidSkills: string[];
-    sources: string[];
-    files: string[];
-    folders: string[];
-}
-interface MentionMatch {
-    type: 'skill' | 'source' | 'file' | 'folder';
-    id: string;
-    fullMatch: string;
-    startIndex: number;
-}
-
-declare function parseMentions(text: string, availableSkillSlugs: string[], availableSourceSlugs: string[]): ParsedMentions;
-declare function resolveSkillMentions(text: string, skillNames: Map<string, string>): string;
-declare function resolveSourceMentions(text: string): string;
-declare function resolvePathMentions(text: string, workingDirectory?: string): Promise<string>;
-declare function resolveFileMentions(text: string, workingDirectory?: string): Promise<string>;
-declare function stripAllMentions(text: string): string;
-declare function findMentionMatches(text: string, availableSkillSlugs: string[], availableSourceSlugs: string[]): MentionMatch[];
-
-export { AnnotationV1, type AuthRequest, AuthRequestType, type BroadcastEventMap, type BrowserInstanceInfo, type BuiltInStatusId, type ClaudeOAuthResult, ContentBadge, type CreateSessionOptions, CredentialInputMode, type CredentialRequest, type CredentialResponse, type DeepLinkNavigation, type DirectoryListingResult, type FileAttachment, type FileSearchResult, type GitBashStatus, type ImportRemoteSessionTransferResult, type LlmConnectionSetup, type McpToolWithPermission, type McpToolsResult, type McpValidationResult, type MentionMatch, Message, type NewChatActionParams, type OAuthResult, type ParsedMentions, type PermissionMode, type PermissionModeCanonical, type PermissionModeState, PermissionRequest$1 as PermissionRequest, type PermissionResponseOptions, type Plan, type PlanStep, type Session as ProtocolSession, RPC_CHANNELS, type RefreshTitleResult, type RemoteSessionTransferPayload, type SendMessageOptions, type SessionCommand, type SessionEvent, type SessionFile, type PermissionRequest as SessionPermissionRequest, type SessionSearchMatch, type SessionSearchResult, type ShareResult, type SkillFile, THINKING_LEVELS, THINKING_LEVEL_IDS, THINKING_TO_EFFORT, type TestAutomationAction, type TestAutomationActionResult, type TestAutomationPayload, type TestAutomationResult, type TestLlmConnectionParams, type TestLlmConnectionResult, type ThinkingLevel, ToolDisplayMeta, TypedError, type UnreadSummary, type UpdateInfo, type WindowCloseRequest, type WindowCloseRequestSource, type WorkspaceSettings, findMentionMatches, getThinkingLevelNameKey, getThinkingTokens, isValidThinkingLevel, normalizeThinkingLevel, parseMentions, resolveFileMentions, resolvePathMentions, resolveSkillMentions, resolveSourceMentions, stripAllMentions };
-
-// -- @weft/core/types/index.d.ts --
-/**
- * Workspace and authentication types
- */
-/**
- * How MCP server should be authenticated (workspace-level)
- * Note: Different from SourceMcpAuthType which uses 'oauth' | 'bearer' | 'none' for individual sources
- */
-type McpAuthType = 'workspace_oauth' | 'workspace_bearer' | 'public';
-/**
- * Configuration for a remote Agent Server.
- * When set on a workspace, handler calls are proxied over WebSocket.
- */
-interface RemoteServerConfig {
-    url: string;
-    token: string;
-    remoteWorkspaceId: string;
-}
-/**
- * Client-facing workspace DTO — safe to send over RPC to remote clients.
- * Does not expose server-internal filesystem paths.
- */
-interface WorkspaceInfo {
-    id: string;
-    name: string;
-    slug: string;
-    lastAccessedAt?: number;
-    iconUrl?: string;
-    mcpUrl?: string;
-    mcpAuthType?: McpAuthType;
-    remoteServer?: RemoteServerConfig;
-}
-/**
- * Full workspace with server-internal details.
- * Used by server code and local Electron renderer (LOCAL_ONLY channels).
- */
-interface Workspace extends WorkspaceInfo {
-    rootPath: string;
-    createdAt: number;
-}
-/**
- * Authentication type for AI provider
- * - api_key: Anthropic API key
- * - oauth_token: Claude Max OAuth (Anthropic)
- * - codex_oauth: ChatGPT Plus OAuth via Codex app-server
- * - codex_api_key: OpenAI API key via Codex (OpenRouter, Vercel AI Gateway compatible)
- * - provider_owned: Auth is owned by the provider tool itself
- *   (Claude Code uses `~/.claude`, Codex uses `~/.codex`).
- *   Weft never injects credentials — it detects and delegates.
- */
-type AuthType = 'api_key' | 'oauth_token' | 'codex_oauth' | 'codex_api_key' | 'provider_owned';
-/**
- * OAuth credentials from a fresh authentication flow.
- * Used for temporary state in UI components before saving to credential store.
- */
-interface OAuthCredentials {
-    accessToken: string;
-    refreshToken?: string;
-    expiresAt?: number;
-    clientId: string;
-    tokenType: string;
-}
-interface StoredConfig {
-    authType?: AuthType;
-    workspaces: Workspace[];
-    activeWorkspaceId: string | null;
-    activeSessionId: string | null;
-    model?: string;
-}
-
-/**
- * Message types for conversations
- */
-/**
- * Message roles for display (runtime)
- */
-type MessageRole = 'user' | 'assistant' | 'tool' | 'error' | 'status' | 'info' | 'warning' | 'plan' | 'auth-request';
-/**
- * Credential input modes for different auth types
- */
-type CredentialInputMode = 'bearer' | 'basic' | 'header' | 'query' | 'multi-header';
-/**
- * Auth request types
- */
-type AuthRequestType = 'credential' | 'oauth' | 'oauth-google' | 'oauth-slack' | 'oauth-microsoft';
-/**
- * Auth request status
- */
-type AuthStatus = 'pending' | 'completed' | 'cancelled' | 'failed';
-/**
- * Tool execution status
- */
-type ToolStatus = 'pending' | 'executing' | 'completed' | 'error' | 'backgrounded';
-/**
- * Tool display metadata - embedded at storage time for viewer compatibility
- * Icons are base64-encoded to work in both Electron and web viewer
- */
-interface ToolDisplayMeta {
-    /** Display name for the tool (e.g., "Commit", "Linear") */
-    displayName: string;
-    /** Base64-encoded icon as data URL (e.g., "data:image/png;base64,...") - 32x32px */
-    iconDataUrl?: string;
-    /** Description of what this tool does */
-    description?: string;
-    /** Category for grouping/styling */
-    category?: 'skill' | 'source' | 'native' | 'mcp';
-}
-/**
- * Attachment type categories
- */
-type AttachmentType = 'image' | 'text' | 'pdf' | 'office' | 'audio' | 'unknown';
-/**
- * Attachment preview for display in user messages (runtime, before storage)
- */
-interface MessageAttachment {
-    type: AttachmentType;
-    name: string;
-    mimeType: string;
-    size: number;
-    base64?: string;
-}
-/**
- * Content badge for inline display in user messages
- * Badges are self-contained with all display data (label, icon)
- */
-interface ContentBadge {
-    /** Badge type - used for fallback icon if iconBase64 not available */
-    type: 'source' | 'skill' | 'context' | 'command' | 'file' | 'folder';
-    /** Display label (e.g., "Linear", "Commit") */
-    label: string;
-    /** Original text pattern (e.g., "@linear", "@commit") */
-    rawText: string;
-    /** Icon as data URL (e.g., "data:image/png;base64,...") - preserves mime type */
-    iconDataUrl?: string;
-    /** Start position in content string */
-    start: number;
-    /** End position in content string */
-    end: number;
-    /**
-     * Collapsed label for context badges (e.g., "Edit: Permissions")
-     * When set, the badge replaces the entire marked range with this label
-     * and hides the original content
-     */
-    collapsedLabel?: string;
-    /**
-     * File path for file badges - stores the full path for click handler
-     * Used when the badge represents a clickable file reference
-     */
-    filePath?: string;
-}
-/**
- * Author metadata for annotations
- */
-interface AnnotationAuthor {
-    id: string;
-    name?: string;
-    type?: 'user' | 'agent' | 'system';
-}
-/**
- * Annotation body payloads (extensible)
- */
-type AnnotationBody = {
-    type: 'highlight';
-} | {
-    type: 'note';
-    text: string;
-    format?: 'plain' | 'markdown';
-} | {
-    type: 'tag';
-    value: string;
-};
-/**
- * Annotation intent (tight v1 semantics).
- */
-type AnnotationIntent = 'highlight' | 'comment' | 'question';
-/**
- * Optional lifecycle status for annotation workflows.
- */
-type AnnotationStatus = 'pending' | 'acknowledged' | 'resolved' | 'dismissed';
-/**
- * Block types for block selectors.
- */
-type AnnotationBlockType = 'paragraph' | 'code' | 'latex' | 'mermaid' | 'datatable' | 'spreadsheet' | 'image-preview' | 'pdf-preview' | 'html-preview';
-/**
- * Selector union used to anchor an annotation target.
- * Multiple selectors can be stored for robust fallback resolution.
- */
-type AnnotationSelector = {
-    type: 'text-quote';
-    exact: string;
-    prefix?: string;
-    suffix?: string;
-} | {
-    type: 'text-position';
-    start: number;
-    end: number;
-    textVersion?: string;
-} | {
-    type: 'block';
-    blockType: AnnotationBlockType;
-    path: string;
-    blockId?: string;
-} | {
-    type: 'xywh';
-    unit: 'pixel' | 'percent';
-    x: number;
-    y: number;
-    w: number;
-    h: number;
-    page?: number;
-    rotation?: number;
-} | {
-    type: 'table-cell';
-    rowKey: string | number;
-    columnKey: string;
-};
-/**
- * Annotation target definition.
- */
-interface AnnotationTarget {
-    source: {
-        sessionId: string;
-        messageId: string;
-    };
-    selectors: AnnotationSelector[];
-}
-/**
- * Persisted annotation payload (schema-versioned for migration safety).
- */
-interface AnnotationV1 {
-    id: string;
-    schemaVersion: 1;
-    createdAt: number;
-    updatedAt?: number;
-    createdBy?: AnnotationAuthor;
-    deletedAt?: number;
-    body: AnnotationBody[];
-    target: AnnotationTarget;
-    /** Optional workflow intent (tight v1 semantics). */
-    intent?: AnnotationIntent;
-    /** Optional lifecycle status. */
-    status?: AnnotationStatus;
-    /** Optional reference to the conversation/thread around this annotation. */
-    threadRef?: {
-        threadId?: string;
-        sessionId?: string;
-    };
-    style?: {
-        color?: 'yellow' | 'green' | 'blue' | 'pink' | string;
-        opacity?: number;
-    };
-    meta?: Record<string, unknown>;
-}
-/**
- * Stored attachment metadata (persisted to disk, no base64)
- * Created when user sends a message with attachments
- */
-interface StoredAttachment {
-    id: string;
-    type: AttachmentType;
-    name: string;
-    mimeType: string;
-    size: number;
-    originalSize?: number;
-    storedPath: string;
-    thumbnailPath?: string;
-    thumbnailBase64?: string;
-    markdownPath?: string;
-    wasResized?: boolean;
-    resizedBase64?: string;
-}
-/**
- * Runtime message type (includes transient fields like isStreaming)
- */
-interface Message {
-    id: string;
-    role: MessageRole;
-    content: string;
-    timestamp: number;
-    toolName?: string;
-    toolUseId?: string;
-    toolInput?: Record<string, unknown>;
-    toolResult?: string;
-    toolStatus?: ToolStatus;
-    toolDuration?: number;
-    toolIntent?: string;
-    toolDisplayName?: string;
-    /** Tool display metadata with base64 icon - embedded at storage time for viewer */
-    toolDisplayMeta?: ToolDisplayMeta;
-    parentToolUseId?: string;
-    taskId?: string;
-    shellId?: string;
-    elapsedSeconds?: number;
-    isBackground?: boolean;
-    attachments?: StoredAttachment[];
-    badges?: ContentBadge[];
-    /** Annotation payloads for this message */
-    annotations?: AnnotationV1[];
-    isError?: boolean;
-    isStreaming?: boolean;
-    isPending?: boolean;
-    isQueued?: boolean;
-    isIntermediate?: boolean;
-    turnId?: string;
-    statusType?: 'compacting' | 'compaction_complete';
-    infoLevel?: 'info' | 'warning' | 'error' | 'success';
-    errorCode?: string;
-    errorTitle?: string;
-    errorDetails?: string[];
-    errorOriginal?: string;
-    errorCanRetry?: boolean;
-    errorActions?: Array<{
-        key: string;
-        label: string;
-        action?: 'retry' | 'settings' | 'reauth' | 'open_url' | 'reconnect_source';
-        url?: string;
-        sourceSlug?: string;
-    }>;
-    planPath?: string;
-    authRequestId?: string;
-    authRequestType?: AuthRequestType;
-    authSourceSlug?: string;
-    authSourceName?: string;
-    authStatus?: AuthStatus;
-    authCredentialMode?: CredentialInputMode;
-    authHeaderName?: string;
-    authHeaderNames?: string[];
-    authLabels?: {
-        credential?: string;
-        username?: string;
-        password?: string;
-    };
-    authDescription?: string;
-    authHint?: string;
-    authSourceUrl?: string;
-    authPasswordRequired?: boolean;
-    authError?: string;
-    authEmail?: string;
-    authWorkspace?: string;
-}
-/**
- * Stored message format (persistence)
- * Excludes transient runtime-only fields (isStreaming, isPending)
- */
-interface StoredMessage {
-    id: string;
-    type: MessageRole;
-    content: string;
-    timestamp?: number;
-    toolName?: string;
-    toolUseId?: string;
-    toolInput?: Record<string, unknown>;
-    toolResult?: string;
-    toolStatus?: ToolStatus;
-    toolDuration?: number;
-    toolIntent?: string;
-    toolDisplayName?: string;
-    /** Tool display metadata with base64 icon - embedded at storage time for viewer */
-    toolDisplayMeta?: ToolDisplayMeta;
-    parentToolUseId?: string;
-    taskId?: string;
-    shellId?: string;
-    elapsedSeconds?: number;
-    isBackground?: boolean;
-    isError?: boolean;
-    /** Stored attachments for user messages (persisted to disk) */
-    attachments?: StoredAttachment[];
-    /** Content badges for inline display (sources, skills) */
-    badges?: ContentBadge[];
-    /** Annotations persisted at message level */
-    annotations?: AnnotationV1[];
-    isIntermediate?: boolean;
-    turnId?: string;
-    statusType?: 'compacting' | 'compaction_complete';
-    infoLevel?: 'info' | 'warning' | 'error' | 'success';
-    errorCode?: string;
-    errorTitle?: string;
-    errorDetails?: string[];
-    errorOriginal?: string;
-    errorCanRetry?: boolean;
-    errorActions?: Array<{
-        key: string;
-        label: string;
-        action?: 'retry' | 'settings' | 'reauth' | 'open_url' | 'reconnect_source';
-        url?: string;
-        sourceSlug?: string;
-    }>;
-    planPath?: string;
-    authRequestId?: string;
-    authRequestType?: AuthRequestType;
-    authSourceSlug?: string;
-    authSourceName?: string;
-    authStatus?: AuthStatus;
-    authCredentialMode?: CredentialInputMode;
-    authHeaderName?: string;
-    authHeaderNames?: string[];
-    authLabels?: {
-        credential?: string;
-        username?: string;
-        password?: string;
-    };
-    authDescription?: string;
-    authHint?: string;
-    authSourceUrl?: string;
-    authPasswordRequired?: boolean;
-    authError?: string;
-    authEmail?: string;
-    authWorkspace?: string;
-    isQueued?: boolean;
-}
-/**
- * Token usage tracking
- */
-interface TokenUsage {
-    inputTokens: number;
-    outputTokens: number;
-    totalTokens: number;
-    contextTokens: number;
-    costUsd: number;
-    cacheReadTokens?: number;
-    cacheCreationTokens?: number;
-}
-/**
- * Recovery action for typed errors
- */
-interface RecoveryAction {
-    /** Keyboard shortcut (single letter) */
-    key: string;
-    /** Description of the action */
-    label: string;
-    /** Slash command to execute (e.g., '/settings') */
-    command?: string;
-    /** Custom action type for special handling */
-    action?: 'retry' | 'settings' | 'reauth' | 'open_url' | 'reconnect_source';
-    /** URL to open (for open_url action) */
-    url?: string;
-    /** Source slug (for reconnect_source action) */
-    sourceSlug?: string;
-}
-/**
- * Error codes for typed errors - must match AgentError.code in shared/agent/errors.ts
- */
-type ErrorCode = 'invalid_api_key' | 'invalid_credentials' | 'response_too_large' | 'expired_oauth_token' | 'token_expired' | 'rate_limited' | 'service_error' | 'service_unavailable' | 'network_error' | 'proxy_error' | 'mcp_auth_required' | 'mcp_unreachable' | 'billing_error' | 'model_no_tool_support' | 'invalid_model' | 'data_policy_error' | 'invalid_request' | 'image_too_large' | 'provider_error' | 'queued_message_replay_failed' | 'sdk_binary_missing' | 'sdk_cwd_missing' | 'unknown_error';
-/**
- * Typed error from agent
- */
-interface TypedError {
-    /** Error code for programmatic handling */
-    code: ErrorCode;
-    /** User-friendly title */
-    title: string;
-    /** Detailed message explaining what went wrong */
-    message: string;
-    /** Suggested recovery actions */
-    actions: RecoveryAction[];
-    /** Whether auto-retry is possible */
-    canRetry: boolean;
-    /** Retry delay in ms (if canRetry is true) */
-    retryDelayMs?: number;
-    /** Diagnostic check results for debugging */
-    details?: string[];
-    /** Original error message for debugging */
-    originalError?: string;
-}
-/**
- * Permission request type categories
- */
-type PermissionRequestType = 'bash' | 'file_write' | 'mcp_mutation' | 'api_mutation' | 'admin_approval';
-/**
- * Permission request from agent (e.g., bash command approval)
- */
-interface PermissionRequest {
-    requestId: string;
-    toolName: string;
-    command?: string;
-    description: string;
-    type?: PermissionRequestType;
-    /** Friendly app/package label for admin approval prompts */
-    appName?: string;
-    /** Plain-language reason shown in admin approval prompt */
-    reason?: string;
-    /** Plain-language impact shown in admin approval prompt */
-    impact?: string;
-    /** Whether native OS auth prompt is expected */
-    requiresSystemPrompt?: boolean;
-    /** Optional remember window for this exact command */
-    rememberForMinutes?: number;
-    /** Hash binding for approval integrity checks */
-    commandHash?: string;
-    /** Approval validity window */
-    approvalTtlSeconds?: number;
-}
-/**
- * Usage data emitted by the agent runtime in 'complete' events
- * Note: This is a subset of TokenUsage - totalTokens/contextTokens are computed by consumers
- */
-interface AgentEventUsage {
-    inputTokens: number;
-    outputTokens: number;
-    cacheReadTokens?: number;
-    cacheCreationTokens?: number;
-    costUsd?: number;
-    /** Model's context window size in tokens (from SDK modelUsage) */
-    contextWindow?: number;
-}
-/**
- * Events emitted by the agent runtime during chat
- * turnId: Correlation ID from the API's message.id, groups all events in an assistant turn
- */
-type AgentEvent = {
-    type: 'status';
-    message: string;
-} | {
-    type: 'info';
-    message: string;
-} | {
-    type: 'text_delta';
-    text: string;
-    turnId?: string;
-    parentToolUseId?: string;
-} | {
-    type: 'text_complete';
-    text: string;
-    isIntermediate?: boolean;
-    turnId?: string;
-    parentToolUseId?: string;
-    sdkTurnAnchor?: string;
-} | {
-    type: 'tool_start';
-    toolName: string;
-    toolUseId: string;
-    input: Record<string, unknown>;
-    intent?: string;
-    displayName?: string;
-    turnId?: string;
-    parentToolUseId?: string;
-    toolDisplayMeta?: ToolDisplayMeta;
-} | {
-    type: 'tool_result';
-    toolUseId: string;
-    toolName?: string;
-    result: string;
-    isError: boolean;
-    input?: Record<string, unknown>;
-    turnId?: string;
-    parentToolUseId?: string;
-} | {
-    type: 'permission_request';
-    requestId: string;
-    toolName: string;
-    command?: string;
-    description: string;
-    permissionType?: PermissionRequestType;
-    appName?: string;
-    reason?: string;
-    impact?: string;
-    requiresSystemPrompt?: boolean;
-    rememberForMinutes?: number;
-    commandHash?: string;
-    approvalTtlSeconds?: number;
-} | {
-    type: 'reasoning_delta';
-    text: string;
-    turnId?: string;
-} | {
-    type: 'reasoning';
-    text: string;
-    turnId?: string;
-} | {
-    type: 'permission_response';
-    requestId: string;
-    allowed: boolean;
-    remember?: boolean;
-} | {
-    type: 'error';
-    message: string;
-} | {
-    type: 'typed_error';
-    error: TypedError;
-} | {
-    type: 'complete';
-    usage?: AgentEventUsage;
-} | {
-    type: 'working_directory_changed';
-    workingDirectory: string;
-} | {
-    type: 'task_backgrounded';
-    toolUseId: string;
-    taskId: string;
-    intent?: string;
-    turnId?: string;
-} | {
-    type: 'shell_backgrounded';
-    toolUseId: string;
-    shellId: string;
-    intent?: string;
-    command?: string;
-    turnId?: string;
-} | {
-    type: 'task_progress';
-    toolUseId: string;
-    elapsedSeconds: number;
-    turnId?: string;
-} | {
-    type: 'task_completed';
-    taskId: string;
-    status: 'completed' | 'failed' | 'stopped';
-    outputFile?: string;
-    summary?: string;
-    turnId?: string;
-} | {
-    type: 'shell_killed';
-    shellId: string;
-    turnId?: string;
-} | {
-    type: 'source_activated';
-    sourceSlug: string;
-    originalMessage: string;
-} | {
-    type: 'usage_update';
-    usage: Pick<AgentEventUsage, 'inputTokens' | 'contextWindow'>;
-} | {
-    type: 'steer_undelivered';
-    message: string;
-} | {
-    type: 'compaction_started';
-} | {
-    type: 'compaction_boundary';
-    summary?: string;
-};
-/**
- * Generate a unique message ID
- */
-declare function generateMessageId(): string;
-
-/**
- * Session types for conversation management
- *
- * Sessions are the primary isolation boundary. Each session maps 1:1
- * with an agent runtime instance and SDK conversation.
- */
-
-/**
- * Session status for workflow tracking
- * Agents can update this to reflect the current state of the conversation
- */
-type SessionStatus = 'todo' | 'in_progress' | 'needs_review' | 'done' | 'cancelled';
-/**
- * Session represents a conversation scope (SDK session = our scope boundary)
- */
-interface Session {
-    id: string;
-    sdkSessionId?: string;
-    workspaceId: string;
-    name?: string;
-    createdAt: number;
-    lastUsedAt: number;
-    isArchived?: boolean;
-    isFlagged?: boolean;
-    status?: SessionStatus;
-    lastReadMessageId?: string;
-}
-/**
- * Stored session with conversation data (for persistence)
- */
-interface StoredSession extends Session {
-    messages: StoredMessage[];
-    tokenUsage: TokenUsage;
-}
-/**
- * Session metadata for listing (without loading full messages)
- * Extended with archive status for Inbox/Archive features
- */
-interface SessionMetadata {
-    id: string;
-    workspaceId: string;
-    name?: string;
-    createdAt: number;
-    lastUsedAt: number;
-    messageCount: number;
-    preview?: string;
-    sdkSessionId?: string;
-    isArchived?: boolean;
-    isFlagged?: boolean;
-    status?: SessionStatus;
-    hidden?: boolean;
-}
-
-/**
- * Convert runtime Message to StoredMessage for persistence.
- *
- * Excludes transient runtime-only fields:
- * - isStreaming
- * - isPending
- */
-declare function messageToStored(msg: Message): StoredMessage;
-/**
- * Convert StoredMessage to runtime Message.
- *
- * Adds a timestamp fallback for legacy messages where timestamp was omitted.
- */
-declare function storedToMessage(stored: StoredMessage): Message;
-
-/**
- * Server-level types for headless server operations.
- *
- * These types are used by the `server:` RPC namespace for
- * server status, health checks, active session discovery,
- * and headless configuration bootstrap.
- */
-interface ServerStatus {
-    serverId: string;
-    version: string;
-    uptime: number;
-    connectedClients: number;
-    workspaces: {
-        id: string;
-        name: string;
-        slug: string;
-        activeSessions: number;
-        automationCount: number;
-        schedulerRunning: boolean;
-    }[];
-    memory: {
-        heapUsed: number;
-        heapTotal: number;
-        rss: number;
-    };
-}
-interface ServerHealth {
-    status: 'ok' | 'degraded' | 'unhealthy';
-    checks: {
-        name: string;
-        status: 'pass' | 'fail';
-        message?: string;
-    }[];
-}
-/** Session processing state — typed union, not stringly. */
-type SessionProcessingStatus = 'idle' | 'processing' | 'waiting_input' | 'error' | 'completed';
-/** Server-level active session info (cross-workspace, client-safe). */
-interface ActiveSessionInfo {
-    sessionId: string;
-    workspaceId: string;
-    workspaceName: string;
-    title?: string;
-    status: SessionProcessingStatus;
-    triggeredBy?: {
-        automationName: string;
-        timestamp: number;
-    };
-    createdAt: number;
-}
-
-export { type ActiveSessionInfo, type AgentEvent, type AgentEventUsage, type AnnotationAuthor, type AnnotationBlockType, type AnnotationBody, type AnnotationIntent, type AnnotationSelector, type AnnotationStatus, type AnnotationTarget, type AnnotationV1, type AttachmentType, type AuthRequestType, type AuthStatus, type AuthType, type ContentBadge, type CredentialInputMode, type ErrorCode, type McpAuthType, type Message, type MessageAttachment, type MessageRole, type OAuthCredentials, type PermissionRequest, type PermissionRequestType, type RecoveryAction, type RemoteServerConfig, type ServerHealth, type ServerStatus, type Session, type SessionMetadata, type SessionProcessingStatus, type SessionStatus, type StoredAttachment, type StoredConfig, type StoredMessage, type StoredSession, type TokenUsage, type ToolDisplayMeta, type ToolStatus, type TypedError, type Workspace, type WorkspaceInfo, generateMessageId, messageToStored, storedToMessage };
-
-// -- @weft/core/utils/index.d.ts --
-/**
- * Debug utility for core package
- *
- * This is a stub that can be enhanced to support debug logging.
- * Currently a no-op - use @weft debug utilities for full logging.
- */
-declare function debug(..._args: any[]): void;
-
-/**
- * Cross-Platform Path Utilities
- *
- * Functions for consistent path handling across Windows, macOS, and Linux.
- * Always normalize paths to forward slashes before comparison operations.
- */
-/**
- * Normalize a path to use forward slashes for consistent cross-platform comparison.
- * Use this before comparing paths or using regex patterns on paths.
- *
- * @example
- * normalizePath('C:\\Users\\foo\\bar') // 'C:/Users/foo/bar'
- * normalizePath('/Users/foo/bar')      // '/Users/foo/bar' (unchanged)
- */
-declare function normalizePath(path: string): string;
-/**
- * Check if a file path starts with a directory path (cross-platform).
- * Handles both Windows backslashes and Unix forward slashes.
- *
- * @example
- * pathStartsWith('C:\\Users\\foo\\file.txt', 'C:\\Users\\foo') // true
- * pathStartsWith('/home/user/file.txt', '/home/user')          // true
- * pathStartsWith('/home/user2/file.txt', '/home/user')         // false
- */
-declare function pathStartsWith(filePath: string, dirPath: string): boolean;
-/**
- * Strip a directory prefix from a path (cross-platform).
- * Returns the relative path portion after the prefix.
- *
- * @example
- * stripPathPrefix('/home/user/docs/file.txt', '/home/user') // 'docs/file.txt'
- * stripPathPrefix('C:\\foo\\bar\\baz.txt', 'C:\\foo')       // 'bar/baz.txt'
- */
-declare function stripPathPrefix(filePath: string, prefix: string): string;
-
-export { debug, normalizePath, pathStartsWith, stripPathPrefix };
-
-// ── inlined from @weft/runtime-core ──
-// -- @weft/runtime-core/index.d.ts --
-
-declare const RUNTIME_KINDS: readonly ["native-sdk", "app-server", "compatible-sdk", "cli-fallback"];
-type AgentRuntimeKind = typeof RUNTIME_KINDS[number];
-type AgentRuntimeStatus = 'idle' | 'preflighting' | 'ready' | 'starting' | 'running' | 'waiting_for_permission' | 'turn_completed' | 'completed' | 'failed' | 'disposed';
-
-/**
- * How a provider's authentication is managed.
- * Provider-neutral auth mode — covers native SDK, app-server, compatible SDK, and CLI fallback.
- */
-type ProviderAuthMode = 'provider-owned' | 'managed' | 'none';
-/**
- * Result of probing a provider's auth configuration.
- *
- * For provider-owned auth: checks whether the provider binary reports
- * authentication as configured (e.g. `claude auth status --json` returns
- * `loggedIn: true`, or `codex app-server account/read` returns an account).
- *
- * For managed auth: checks whether required env vars are present.
- * For 'none': no auth required (e.g. fake backend for testing).
- */
-interface ProviderAuthDetection {
-    /** Which auth mode this provider uses */
-    mode: ProviderAuthMode;
-    /** Whether auth credentials are available and valid */
-    configured: boolean;
-    /** How auth was detected (e.g. "claude auth status --json", "env vars") */
-    source: string;
-    /** Whether an account was found (provider-owned: from CLI output) */
-    accountPresent?: boolean;
-    /** Whether OpenAI auth is required (Codex-specific) */
-    requiresOpenaiAuth?: boolean;
-    /** Auth method reported by provider (e.g. "oauth", "api_key") */
-    method?: string;
-    /** Provider name reported by CLI (e.g. "anthropic") */
-    provider?: string;
-    /** Error message if auth detection failed */
-    error?: string;
-}
-/**
- * Narrowed auth detection for runtime capability reports.
- * Only covers provider-owned auth, which is the SDK-first default.
- */
-interface RuntimeAuthDetection extends ProviderAuthDetection {
-    mode: 'provider-owned';
-}
-interface RuntimeCandidate {
-    kind: AgentRuntimeKind;
-    available: boolean;
-    reason?: string;
-}
-interface RuntimeSelectionOptions {
-    provider?: string;
-    candidates: RuntimeCandidate[];
-    preferredRuntime?: AgentRuntimeKind;
-    allowFallback?: boolean;
-}
-interface RuntimeSelection {
-    selected?: AgentRuntimeKind;
-    fallback: boolean;
-    fallbackReason?: string;
-    error?: string;
-}
-interface RuntimeCapabilityReport extends RuntimeSelection {
-    provider: string;
-    candidates: RuntimeCandidate[];
-    preferredRuntime?: AgentRuntimeKind;
-    allowFallback: boolean;
-    auth: RuntimeAuthDetection;
-    policyCapabilities: RuntimePolicyCapabilities;
-    sourceCapabilities: RuntimeSourceCapabilities;
-    skillCapabilities: RuntimeSkillCapabilities;
-    automationCapabilities: RuntimeAutomationCapabilities;
-    hostToolCapabilities: RuntimeHostToolCapabilities;
-}
-interface CreateRuntimeCapabilityReportOptions extends RuntimeSelectionOptions {
-    provider: string;
-    auth: RuntimeAuthDetection;
-    extensionCapabilities?: RuntimeExtensionCapabilities;
-}
-interface AgentRuntimeOptions {
-    provider: string;
-    cwd: string;
-    sessionId?: string;
-    model?: string;
-    reasoningEffort?: string;
-    permissionMode?: PermissionMode;
-    authMode?: 'provider-owned';
-    preferredRuntime?: AgentRuntimeKind;
-    allowFallback?: boolean;
-    executable?: string;
-    env?: Record<string, string>;
-    extensions?: RuntimeExtensionContext;
-}
-interface SendMessageOptions {
-    turnId?: string;
-    model?: string;
-    reasoningEffort?: string;
-    permissionMode?: PermissionMode;
-    commandOrigin?: CommandOrigin;
-}
-type ToolPolicyDecision = {
-    decision: 'allow';
-} | {
-    decision: 'ask';
-    reason: string;
-} | {
-    decision: 'deny';
-    reason: string;
-};
-interface CodexPermissionParams {
-    approvalPolicy: string;
-    approvalsReviewer: string;
-    sandbox: string;
-}
-/**
- * Canonical PermissionMode → Codex permission parameters mapping, shared by
- * the app-server driver (thread/start, turn/start), the host controller, and
- * the CLI fallback runtime. `sandbox` is a Codex `SandboxMode` string as used
- * by `thread/start` and `codex exec --sandbox`.
- */
-declare function mapPermissionModeToCodexParams(mode: PermissionMode): CodexPermissionParams;
-/**
- * Codex app-server v2 `turn/start` takes a tagged `SandboxPolicy` object,
- * unlike `thread/start` which takes a plain `SandboxMode` string. Variant
- * fields are all serde-defaulted, so the minimal `{ type }` form is valid.
- */
-declare function mapCodexSandboxModeToSandboxPolicy(sandbox: string): {
-    type: string;
-};
-type RuntimePermissionScope = {
-    type: 'session';
-    sessionId: string;
-} | {
-    type: 'workspace';
-    workspaceId: string;
-} | {
-    type: 'source';
-    sourceSlug: string;
-} | {
-    type: 'skill';
-    skillSlug: string;
-} | {
-    type: 'automation';
-    automationId: string;
-} | {
-    type: 'tool-call';
-    callId: string;
-};
-type RuntimePermissionScopeInput = string | RuntimePermissionScope;
-type RuntimeToolIntent = {
-    kind: 'bash';
-    command: string;
-    baseCommand: string;
-} | {
-    kind: 'file_write';
-    path: string;
-    toolName: string;
-} | {
-    kind: 'mcp';
-    name: string;
-} | {
-    kind: 'api';
-    method: string;
-    path: string;
-    url?: string;
-} | {
-    kind: 'unknown';
-    toolName: string;
-};
-interface ToolPolicyRequest {
-    toolName: string;
-    input?: Record<string, unknown>;
-    toolIntent?: RuntimeToolIntent;
-    scope?: RuntimePermissionScopeInput;
-}
-type RuntimePolicyHook = (request: ToolPolicyRequest) => ToolPolicyDecision | Promise<ToolPolicyDecision>;
-interface RuntimeFeatureCapabilities {
-    supported: boolean;
-    degraded?: boolean;
-    reason?: string;
-}
-interface RuntimePolicyCapabilities extends RuntimeFeatureCapabilities {
-    modes: PermissionMode[];
-    approvals: boolean;
-    toolPolicy: boolean;
-}
-interface RuntimeSourceCapabilities extends RuntimeFeatureCapabilities {
-    registry?: boolean;
-    credentialGateway?: boolean;
-    mcpTools?: boolean;
-}
-interface RuntimeSkillCapabilities extends RuntimeFeatureCapabilities {
-    registry?: boolean;
-    activationPlan?: boolean;
-    scopedPolicy?: boolean;
-}
-interface RuntimeAutomationCapabilities extends RuntimeFeatureCapabilities {
-    eventBus: boolean;
-    schedulerHost: boolean;
-    promptAction: boolean;
-    webhookAction: boolean;
-}
-interface RuntimeHostToolCapabilities extends RuntimeFeatureCapabilities {
-    sessionTools: boolean;
-    workflowTransitions: boolean;
-    browserActions: boolean;
-    metadataWrites: boolean;
-}
-interface RuntimeExtensionCapabilities {
-    policy?: RuntimePolicyCapabilities;
-    sources?: RuntimeSourceCapabilities;
-    skills?: RuntimeSkillCapabilities;
-    automations?: RuntimeAutomationCapabilities;
-    hostTools?: RuntimeHostToolCapabilities;
-}
-interface RuntimePolicyExtension {
-    mode: PermissionMode;
-    hook?: RuntimePolicyHook;
-    degraded?: boolean;
-}
-interface SourceSelection {
-    enabledSourceSlugs: string[];
-}
-interface ProviderSourceCredentialRef {
-    type: string;
-    sourceSlug: string;
-    workspaceId?: string;
-}
-type ProviderSourceToolDescriptor = {
-    kind: 'api-source';
-    sourceSlug: string;
-    baseUrl: string;
-    authType: string;
-    defaultHeaders?: Record<string, string>;
-    credentialRef?: ProviderSourceCredentialRef;
-    [key: string]: unknown;
-} | {
-    kind: 'local-source';
-    sourceSlug: string;
-    path: string;
-    format?: string;
-    [key: string]: unknown;
-} | {
-    kind: 'mcp-server';
-    sourceSlug: string;
-    transport: 'stdio' | 'http' | 'sse';
-    url?: string;
-    command?: string;
-    args?: string[];
-    env?: Record<string, string>;
-    headers?: Record<string, string>;
-    credentialRef?: ProviderSourceCredentialRef;
-    [key: string]: unknown;
-};
-interface SkillSelection {
-    activeSkillSlugs: string[];
-}
-type CommandOrigin = {
-    type: 'user';
-    id?: string;
-} | {
-    type: 'automation';
-    id: string;
-} | {
-    type: 'scheduler';
-    id?: string;
-} | {
-    type: 'host';
-    id?: string;
-} | {
-    type: 'replay';
-    id?: string;
-} | {
-    type: 'system';
-    id?: string;
-};
-interface SubmitPlanRequest {
-    sessionId?: string;
-    planRef: string;
-    origin?: CommandOrigin;
-}
-interface SubmitPlanReceipt {
-    accepted: boolean;
-    planRef?: string;
-    reason?: string;
-}
-interface SourceAuthRequest {
-    sessionId?: string;
-    sourceSlug: string;
-    reason?: string;
-}
-interface SourceAuthReceipt {
-    ok: boolean;
-    sourceSlug: string;
-    reason?: string;
-}
-interface SourceActivationRequest {
-    sessionId?: string;
-    sourceSlug: string;
-}
-interface SourceActivationReceipt {
-    ok: boolean;
-    sourceSlug: string;
-    availability?: 'immediate' | 'next-turn';
-    reason?: string;
-}
-interface BrowserActionRequest {
-    sessionId?: string;
-    action: string;
-    input?: unknown;
-}
-interface BrowserActionReceipt {
-    ok: boolean;
-    result?: unknown;
-    reason?: string;
-}
-interface SpawnSessionRequest {
-    parentSessionId?: string;
-    prompt: string;
-    model?: string;
-    commandOrigin?: CommandOrigin;
-}
-interface SpawnSessionReceipt {
-    sessionId: string;
-}
-interface InterSessionMessageRequest {
-    sessionId: string;
-    message: string;
-    attachments?: Array<{
-        path: string;
-        name?: string;
-    }>;
-    commandOrigin?: CommandOrigin;
-}
-interface CommandReceipt {
-    ok: boolean;
-    commandId?: string;
-    reason?: string;
-}
-interface SessionMetadataPatch {
-    sessionId?: string;
-    labels?: string[];
-    status?: string;
-    flagged?: boolean;
-    topic?: string;
-}
-interface SessionMetadataSnapshot {
-    sessionId?: string;
-    labels?: string[];
-    status?: string;
-    flagged?: boolean;
-    topic?: string;
-}
-interface SessionListRequest {
-    status?: string;
-    labels?: string[];
-    limit?: number;
-}
-interface SessionListResult {
-    sessions: SessionMetadataSnapshot[];
-}
-interface LlmToolRequest {
-    prompt: string;
-    model?: string;
-    commandOrigin?: CommandOrigin;
-}
-interface LlmToolResult {
-    text: string;
-    model?: string;
-    usage?: unknown;
-}
-interface ListSourcesRequest {
-    sessionId?: string;
-    enabledOnly?: boolean;
-}
-interface SourceSummary {
-    slug: string;
-    name: string;
-    provider: string;
-    type: string;
-    enabled: boolean;
-    isAuthenticated?: boolean;
-    connectionStatus?: string;
-    tagline?: string;
-}
-interface ListSourcesResult {
-    sources: SourceSummary[];
-}
-interface GetSourceRequest {
-    sessionId?: string;
-    sourceSlug: string;
-}
-interface GetSourceResult {
-    source: SourceSummary & {
-        createdAt?: number;
-        updatedAt?: number;
-        mcp?: Record<string, unknown>;
-        api?: Record<string, unknown>;
-        local?: Record<string, unknown>;
-    };
-}
-interface CreateSourceRequest {
-    sessionId?: string;
-    name: string;
-    provider: string;
-    type: string;
-    mcp?: Record<string, unknown>;
-    api?: Record<string, unknown>;
-    local?: Record<string, unknown>;
-    icon?: string;
-    enabled?: boolean;
-}
-interface CreateSourceResult {
-    ok: boolean;
-    source?: SourceSummary;
-    reason?: string;
-}
-interface UpdateSourceRequest {
-    sessionId?: string;
-    sourceSlug: string;
-    enabled?: boolean;
-    name?: string;
-    icon?: string;
-    tagline?: string;
-}
-interface UpdateSourceResult {
-    ok: boolean;
-    source?: SourceSummary;
-    reason?: string;
-}
-interface DeleteSourceRequest {
-    sessionId?: string;
-    sourceSlug: string;
-}
-interface DeleteSourceResult {
-    ok: boolean;
-    sourceSlug: string;
-    reason?: string;
-}
-interface ListSkillsRequest {
-    sessionId?: string;
-}
-interface SkillSummary {
-    slug: string;
-    name: string;
-    description: string;
-    source: string;
-    icon?: string;
-    globs?: string[];
-    requiredSources?: string[];
-}
-interface ListSkillsResult {
-    skills: SkillSummary[];
-}
-interface GetSkillRequest {
-    sessionId?: string;
-    skillSlug: string;
-}
-interface GetSkillResult {
-    skill: SkillSummary & {
-        content: string;
-        alwaysAllow?: string[];
-    };
-}
-interface CreateSkillRequest {
-    sessionId?: string;
-    slug: string;
-    name: string;
-    description: string;
-    content: string;
-    globs?: string[];
-    alwaysAllow?: string[];
-    icon?: string;
-    requiredSources?: string[];
-}
-interface CreateSkillResult {
-    ok: boolean;
-    skill?: SkillSummary;
-    reason?: string;
-}
-interface UpdateSkillRequest {
-    sessionId?: string;
-    skillSlug: string;
-    name?: string;
-    description?: string;
-    content?: string;
-    globs?: string[];
-    alwaysAllow?: string[];
-    icon?: string;
-    requiredSources?: string[];
-}
-interface UpdateSkillResult {
-    ok: boolean;
-    skill?: SkillSummary;
-    reason?: string;
-}
-interface DeleteSkillRequest {
-    sessionId?: string;
-    skillSlug: string;
-}
-interface DeleteSkillResult {
-    ok: boolean;
-    skillSlug: string;
-    reason?: string;
-}
-interface GetAutomationsConfigRequest {
-    sessionId?: string;
-}
-interface GetAutomationsConfigResult {
-    config: Record<string, unknown> | null;
-    configPath: string;
-}
-interface UpdateAutomationsConfigRequest {
-    sessionId?: string;
-    config: Record<string, unknown>;
-}
-interface UpdateAutomationsConfigResult {
-    ok: boolean;
-    automationCount?: number;
-    errors?: string[];
-}
-interface ListSchedulesRequest {
-    sessionId?: string;
-}
-interface ScheduleSummary {
-    schedulerId: string;
-    workspaceId: string;
-    cron: string;
-    timezone: string;
-}
-interface ListSchedulesResult {
-    schedules: ScheduleSummary[];
-}
-interface StartScheduleRequest {
-    sessionId?: string;
-    schedulerId: string;
-    workspaceId: string;
-    cron: string;
-    timezone: string;
-}
-interface StartScheduleResult {
-    schedulerId: string;
-    state: 'started' | 'stopped';
-    timestamp: number;
-}
-interface StopScheduleRequest {
-    sessionId?: string;
-    schedulerId: string;
-}
-interface StopScheduleResult {
-    ok: boolean;
-    schedulerId: string;
-    state?: 'stopped';
-    reason?: string;
-}
-interface SessionToolBridge {
-    submitPlan?(request: SubmitPlanRequest): Promise<SubmitPlanReceipt>;
-    requestSourceAuth?(request: SourceAuthRequest): Promise<SourceAuthReceipt>;
-    activateSource?(request: SourceActivationRequest): Promise<SourceActivationReceipt>;
-    runBrowserAction?(request: BrowserActionRequest): Promise<BrowserActionReceipt>;
-    spawnSession?(request: SpawnSessionRequest): Promise<SpawnSessionReceipt>;
-    sendSessionMessage?(request: InterSessionMessageRequest): Promise<CommandReceipt>;
-    updateSessionMetadata?(request: SessionMetadataPatch): Promise<SessionMetadataSnapshot>;
-    listSessions?(request: SessionListRequest): Promise<SessionListResult>;
-    queryLlm?(request: LlmToolRequest): Promise<LlmToolResult>;
-    listSources?(request: ListSourcesRequest): Promise<ListSourcesResult>;
-    getSource?(request: GetSourceRequest): Promise<GetSourceResult>;
-    createSource?(request: CreateSourceRequest): Promise<CreateSourceResult>;
-    updateSource?(request: UpdateSourceRequest): Promise<UpdateSourceResult>;
-    deleteSource?(request: DeleteSourceRequest): Promise<DeleteSourceResult>;
-    listSkills?(request: ListSkillsRequest): Promise<ListSkillsResult>;
-    getSkill?(request: GetSkillRequest): Promise<GetSkillResult>;
-    createSkill?(request: CreateSkillRequest): Promise<CreateSkillResult>;
-    updateSkill?(request: UpdateSkillRequest): Promise<UpdateSkillResult>;
-    deleteSkill?(request: DeleteSkillRequest): Promise<DeleteSkillResult>;
-    getAutomationsConfig?(request: GetAutomationsConfigRequest): Promise<GetAutomationsConfigResult>;
-    updateAutomationsConfig?(request: UpdateAutomationsConfigRequest): Promise<UpdateAutomationsConfigResult>;
-    listSchedules?(request: ListSchedulesRequest): Promise<ListSchedulesResult>;
-    startSchedule?(request: StartScheduleRequest): Promise<StartScheduleResult>;
-    stopSchedule?(request: StopScheduleRequest): Promise<StopScheduleResult>;
-}
-type SessionToolName = keyof SessionToolBridge;
-type SessionToolRequest = SubmitPlanRequest | SourceAuthRequest | SourceActivationRequest | BrowserActionRequest | SpawnSessionRequest | InterSessionMessageRequest | SessionMetadataPatch | SessionListRequest | LlmToolRequest | ListSourcesRequest | GetSourceRequest | CreateSourceRequest | UpdateSourceRequest | DeleteSourceRequest | ListSkillsRequest | GetSkillRequest | CreateSkillRequest | UpdateSkillRequest | DeleteSkillRequest | GetAutomationsConfigRequest | UpdateAutomationsConfigRequest | ListSchedulesRequest | StartScheduleRequest | StopScheduleRequest;
-interface SessionToolTimelineRef {
-    epoch: string;
-    seq: number;
-}
-interface SessionToolInvocationReceipt {
-    ok: boolean;
-    requestId: string;
-    toolName: SessionToolName;
-    origin?: CommandOrigin;
-    policyDecision: ToolPolicyDecision;
-    result?: unknown;
-    reason?: string;
-    timelineRefs: SessionToolTimelineRef[];
-}
-interface InvokeSessionToolOptions {
-    sessionId: string;
-    toolName: SessionToolName;
-    request: SessionToolRequest;
-    bridge: SessionToolBridge;
-    policy?: RuntimePolicyHook;
-    commandOrigin?: CommandOrigin;
-    appendTimeline?: (item: TimelineItem) => TimelineEnvelope;
-}
-interface RuntimeHostServices {
-    sessionTools?: SessionToolBridge;
-}
-interface RuntimeExtensionContext {
-    policy?: RuntimePolicyExtension;
-    sources?: SourceSelection;
-    skills?: SkillSelection;
-    commandOrigin?: CommandOrigin;
-    hostServices?: RuntimeHostServices;
-}
-interface AgentCommandSink {
-    sendMessage(message: string, options?: SendMessageOptions): Promise<void>;
-    abort(reason?: string): Promise<void>;
-    respondToPermission(requestId: string, allowed: boolean, remember?: boolean): Promise<void>;
-    resumeTool?(runId: string, resumeData: Record<string, unknown>): Promise<void>;
-    dispose(): Promise<void>;
-}
-interface AgentEventStream {
-    connect(onEvent: (event: AgentEvent) => void, onError?: (error: Error) => void, onClose?: () => void): void;
-    disconnect(): void;
-    isConnected(): boolean;
-}
-interface AgentTimelineStream {
-    connect(onEvent: (event: TimelineEnvelope) => void, onError?: (error: Error) => void, onClose?: () => void): void;
-    disconnect(): void;
-    isConnected(): boolean;
-}
-interface AgentRuntimeState {
-    status: AgentRuntimeStatus;
-    acceptedMessages: string[];
-    queuedMessages: string[];
-    lastError?: string;
-    waitingPermissionRequestId?: string;
-}
-type RuntimeAction = {
-    type: 'preflight_start';
-} | {
-    type: 'preflight_ok';
-} | {
-    type: 'preflight_error';
-    error: string;
-} | {
-    type: 'starting';
-} | {
-    type: 'send_message';
-    message: string;
-} | {
-    type: 'permission_request';
-    requestId: string;
-} | {
-    type: 'permission_response';
-} | {
-    type: 'turn_completed';
-} | {
-    type: 'complete';
-} | {
-    type: 'abort';
-    reason?: string;
-} | {
-    type: 'error';
-    error: string;
-} | {
-    type: 'dispose';
-};
-declare const initialRuntimeState: AgentRuntimeState;
-/**
- * Canonical state machine reducer for AgentRuntime lifecycle.
- *
- * Transitions follow the architecture spec:
- *   idle → preflighting → ready → starting → running
- *   running → waiting_for_permission → running
- *   running → turn_completed → ready
- *   running → ready (via complete with empty queue)
- *   any → failed / disposed
- *   any non-disposed → ready (via abort)
- *
- * `send_message` while running enqueues (session manager semantics).
- * `complete` drains the queue: if a queued message exists, it is
- * immediately accepted and the state stays running.
- */
-declare function reduceRuntimeState(state: AgentRuntimeState | undefined, action: RuntimeAction): AgentRuntimeState;
-interface AgentRuntime {
-    readonly sessionId: string;
-    readonly provider: string;
-    readonly runtimeKind: AgentRuntimeKind;
-    readonly events: AgentTimelineStream;
-    readonly commands: AgentCommandSink;
-    preflight(): Promise<RuntimeCapabilityReport>;
-    fetchTimeline(request: TimelineFetchRequest): Promise<TimelineFetchResult>;
-    getState(): AgentRuntimeState;
-}
-declare function createRuntimeExtensionContext(context?: RuntimeExtensionContext): RuntimeExtensionContext;
-declare function sanitizeProviderSourceTools(sourceTools: ProviderSourceToolDescriptor[] | undefined): ProviderSourceToolDescriptor[];
-declare function invokeSessionTool(options: InvokeSessionToolOptions): Promise<SessionToolInvocationReceipt>;
-declare function selectRuntimeCandidate(options: RuntimeSelectionOptions): RuntimeSelection;
-declare function createRuntimeCapabilityReport(options: CreateRuntimeCapabilityReportOptions): RuntimeCapabilityReport;
-
-export { type AgentCommandSink, type AgentEventStream, type AgentRuntime, type AgentRuntimeKind, type AgentRuntimeOptions, type AgentRuntimeState, type AgentRuntimeStatus, type AgentTimelineStream, type BrowserActionReceipt, type BrowserActionRequest, type CodexPermissionParams, type CommandOrigin, type CommandReceipt, type CreateRuntimeCapabilityReportOptions, type CreateSkillRequest, type CreateSkillResult, type CreateSourceRequest, type CreateSourceResult, type DeleteSkillRequest, type DeleteSkillResult, type DeleteSourceRequest, type DeleteSourceResult, type GetAutomationsConfigRequest, type GetAutomationsConfigResult, type GetSkillRequest, type GetSkillResult, type GetSourceRequest, type GetSourceResult, type InterSessionMessageRequest, type InvokeSessionToolOptions, type ListSchedulesRequest, type ListSchedulesResult, type ListSkillsRequest, type ListSkillsResult, type ListSourcesRequest, type ListSourcesResult, type LlmToolRequest, type LlmToolResult, type ProviderAuthDetection, type ProviderAuthMode, type ProviderSourceCredentialRef, type ProviderSourceToolDescriptor, RUNTIME_KINDS, type RuntimeAction, type RuntimeAuthDetection, type RuntimeAutomationCapabilities, type RuntimeCandidate, type RuntimeCapabilityReport, type RuntimeExtensionCapabilities, type RuntimeExtensionContext, type RuntimeFeatureCapabilities, type RuntimeHostServices, type RuntimeHostToolCapabilities, type RuntimePermissionScope, type RuntimePermissionScopeInput, type RuntimePolicyCapabilities, type RuntimePolicyExtension, type RuntimePolicyHook, type RuntimeSelection, type RuntimeSelectionOptions, type RuntimeSkillCapabilities, type RuntimeSourceCapabilities, type RuntimeToolIntent, type ScheduleSummary, type SendMessageOptions, type SessionListRequest, type SessionListResult, type SessionMetadataPatch, type SessionMetadataSnapshot, type SessionToolBridge, type SessionToolInvocationReceipt, type SessionToolName, type SessionToolRequest, type SessionToolTimelineRef, type SkillSelection, type SkillSummary, type SourceActivationReceipt, type SourceActivationRequest, type SourceAuthReceipt, type SourceAuthRequest, type SourceSelection, type SourceSummary, type SpawnSessionReceipt, type SpawnSessionRequest, type StartScheduleRequest, type StartScheduleResult, type StopScheduleRequest, type StopScheduleResult, type SubmitPlanReceipt, type SubmitPlanRequest, type ToolPolicyDecision, type ToolPolicyRequest, type UpdateAutomationsConfigRequest, type UpdateAutomationsConfigResult, type UpdateSkillRequest, type UpdateSkillResult, type UpdateSourceRequest, type UpdateSourceResult, createRuntimeCapabilityReport, createRuntimeExtensionContext, initialRuntimeState, invokeSessionTool, mapCodexSandboxModeToSandboxPolicy, mapPermissionModeToCodexParams, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
-
-// ── inlined from @weft/sources ──
-// -- @weft/sources/index.d.ts --
-
-/**
- * Entity Color Types
- *
- * Provides color type definitions for source brand theming.
- * Supports light/dark mode color variants for UI consistency.
- */
-/**
- * Entity color specification.
- * Can be a system color name or a light/dark mode variant.
- */
-type EntityColor = string | {
-    light: string;
-    dark: string;
-};
-
-/**
- * Source Types
- *
- * Sources are external data connections (MCP servers, APIs, local filesystems).
- * They replace the old "connections" concept with a more flexible, folder-based architecture.
- *
- * File structure:
- * ~/.weft/workspaces/{workspaceId}/sources/{sourceSlug}/
- *   ├── config.json   - Source settings
- *   └── guide.md      - Usage guidelines + cached data (in YAML frontmatter)
- */
-/**
- * Source types - how we connect to the source
- */
-type SourceType = 'mcp' | 'api' | 'local';
-/**
- * MCP source authentication types (for individual source connections)
- * Note: Different from workspace McpAuthType which uses 'workspace_oauth' | 'workspace_bearer' | 'public'
- */
-type SourceMcpAuthType = 'oauth' | 'bearer' | 'none';
-/**
- * API authentication types
- */
-type ApiAuthType = 'bearer' | 'header' | 'query' | 'basic' | 'oauth' | 'none';
-/**
- * Google service types for OAuth scope selection
- */
-type GoogleService = 'gmail' | 'calendar' | 'drive' | 'docs' | 'sheets' | 'youtube' | 'searchconsole';
-/**
- * Slack service types for OAuth scope selection
- */
-type SlackService = 'messaging' | 'channels' | 'users' | 'files' | 'full';
-/**
- * Microsoft service types for OAuth scope selection
- */
-type MicrosoftService = 'outlook' | 'microsoft-calendar' | 'onedrive' | 'teams' | 'sharepoint';
-/**
- * MCP transport type for sources
- * - 'http': HTTP-based MCP server (URL endpoint)
- * - 'sse': Server-Sent Events MCP server (URL endpoint)
- * - 'stdio': Local subprocess MCP server (spawned command)
- */
-type McpTransport = 'http' | 'sse' | 'stdio';
-/**
- * MCP-specific configuration
- * Supports both HTTP-based and local stdio-based MCP servers.
- */
-interface McpSourceConfig {
-    /**
-     * Transport type. Defaults to 'http' if not specified.
-     */
-    transport?: McpTransport;
-    /**
-     * URL endpoint for HTTP or SSE transport.
-     * Required when transport is 'http' or 'sse' (or undefined).
-     */
-    url?: string;
-    /**
-     * Authentication type for HTTP/SSE servers.
-     */
-    authType?: SourceMcpAuthType;
-    /**
-     * OAuth client ID (stored in config, not secret).
-     */
-    clientId?: string;
-    /**
-     * Command to spawn for stdio transport.
-     * Required when transport is 'stdio'.
-     */
-    command?: string;
-    /**
-     * Arguments to pass to the command.
-     */
-    args?: string[];
-    /**
-     * Environment variables for the spawned process.
-     */
-    env?: Record<string, string>;
-    /**
-     * Custom headers to include in every MCP request.
-     * Auth headers (e.g. Authorization) are merged on top when authType is set.
-     */
-    headers?: Record<string, string>;
-    /**
-     * Header names for credential-store auth (e.g., ["X-API-Key"]).
-     * Values are stored as JSON in the credential store, same as API multi-header auth.
-     * Precedence: static headers < credential-store headerNames < Authorization bearer.
-     */
-    headerNames?: string[];
-}
-/**
- * API test endpoint configuration for connection validation
- */
-interface ApiTestEndpoint {
-    method: 'GET' | 'POST';
-    path: string;
-    body?: Record<string, unknown>;
-    headers?: Record<string, string>;
-}
-/**
- * Generic OAuth configuration for API sources.
- * Allows any OAuth 2.0 provider to be configured via config.json
- * without needing an MCP server or manual PAT.
- */
-interface ApiOAuthConfig {
-    /** OAuth authorization endpoint URL (REQUIRED) */
-    authorizationUrl: string;
-    /** OAuth token exchange endpoint URL (REQUIRED) */
-    tokenUrl: string;
-    /** OAuth client ID (REQUIRED) */
-    clientId: string;
-    /** OAuth client secret (optional for public PKCE clients) */
-    clientSecret?: string;
-    /** Requested OAuth scopes */
-    scopes?: string[];
-    /** Auth0-style audience parameter */
-    audience?: string;
-    /** Additional parameters to include in the authorization URL */
-    extraParams?: Record<string, string>;
-}
-/**
- * Token renewal endpoint configuration for non-OAuth API sources.
- * Allows custom bearer-token APIs to auto-renew expired tokens by calling
- * a provider-specific endpoint (not OAuth-compliant).
- *
- * MVP scope: access-token-based renewal only. The current access token is
- * sent via the Authorization header and/or substituted into body/headers
- * using the {{token}} placeholder.
- */
-interface ApiRenewEndpoint {
-    /** Renew URL — relative path (resolved against baseUrl) or absolute URL */
-    path: string;
-    /** HTTP method (default: POST) */
-    method?: 'GET' | 'POST';
-    /** Request body — {{token}} in string leaves is substituted with current access token.
-     *  Supports nested objects (recursive substitution on string leaves). */
-    body?: Record<string, unknown>;
-    /** Extra headers for the renew request — {{token}} substitution applies here too.
-     *  Merged on top of defaultHeaders. Authorization header is always sent unless
-     *  explicitly overridden here. */
-    headers?: Record<string, string>;
-    /** JSON field name for the new access token in response (default: "access_token") */
-    tokenField?: string;
-    /** JSON field name for expiry in seconds in response (default: "expires_in") */
-    expiresInField?: string;
-    /** Fallback TTL in seconds when renew response doesn't include expiry (optional).
-     *  Without this, missing expiry causes refresh on every session start (safe but noisy). */
-    fallbackTtlSecs?: number;
-}
-/**
- * API-specific configuration
- */
-interface ApiSourceConfig {
-    baseUrl: string;
-    authType: ApiAuthType;
-    headerName?: string;
-    headerNames?: string[];
-    queryParam?: string;
-    authScheme?: string;
-    defaultHeaders?: Record<string, string>;
-    testEndpoint?: ApiTestEndpoint;
-    renewEndpoint?: ApiRenewEndpoint;
-    googleService?: GoogleService;
-    googleScopes?: string[];
-    googleOAuthClientId?: string;
-    googleOAuthClientSecret?: string;
-    slackService?: SlackService;
-    slackUserScopes?: string[];
-    microsoftService?: MicrosoftService;
-    microsoftScopes?: string[];
-    oauth?: ApiOAuthConfig;
-}
-/**
- * Local filesystem/app configuration
- */
-interface LocalSourceConfig {
-    path: string;
-    format?: string;
-}
-/**
- * Source connection status
- * - 'connected': Source is connected and working
- * - 'needs_auth': Source requires authentication
- * - 'failed': Connection failed with error
- * - 'untested': Connection has not been tested
- * - 'local_disabled': Stdio source is disabled (local MCP servers off)
- */
-type SourceConnectionStatus = 'connected' | 'needs_auth' | 'failed' | 'untested' | 'local_disabled';
-/**
- * Brand theming for a source's UI elements.
- * Uses the EntityColor system for light/dark mode support.
- */
-interface SourceBrand {
-    /** Primary brand color — used for source-branded UI elements.
-     *  Can be a system color name ("accent", "info") or custom { light, dark } values.
-     *  Defaults to "accent" if not set. */
-    color?: EntityColor;
-}
-/**
- * Main source configuration (stored in config.json)
- */
-interface FolderSourceConfig {
-    id: string;
-    name: string;
-    slug: string;
-    enabled: boolean;
-    provider: string;
-    type: SourceType;
-    mcp?: McpSourceConfig;
-    api?: ApiSourceConfig;
-    local?: LocalSourceConfig;
-    icon?: string;
-    tagline?: string;
-    brand?: SourceBrand;
-    isAuthenticated?: boolean;
-    connectionStatus?: SourceConnectionStatus;
-    connectionError?: string;
-    lastTestedAt?: number;
-    createdAt?: number;
-    updatedAt?: number;
-}
-/**
- * Parsed guide.md content with embedded cache
- */
-interface SourceGuide {
-    raw: string;
-    scope?: string;
-    guidelines?: string;
-    context?: string;
-    apiNotes?: string;
-    cache?: Record<string, unknown>;
-}
-/**
- * Fully loaded source with all files
- */
-interface LoadedSource {
-    config: FolderSourceConfig;
-    guide: SourceGuide | null;
-    /** Absolute path to source folder (for resolving relative icon paths) */
-    folderPath: string;
-    /** Absolute path to workspace folder (e.g., ~/.weft/workspaces/xxx) */
-    workspaceRootPath: string;
-    /**
-     * Workspace this source belongs to.
-     * Used for credential lookups: source_oauth::{workspaceId}::{sourceSlug}
-     */
-    workspaceId: string;
-    /**
-     * Whether this is a built-in source (e.g., the always-available docs MCP).
-     * Built-in sources are always available and not shown in the sources UI.
-     */
-    isBuiltin?: boolean;
-    /**
-     * Pre-computed path to local icon file (icon.svg, icon.png, etc.) if it exists.
-     * Computed during source loading so renderer doesn't need filesystem access.
-     */
-    iconPath?: string;
-}
-/**
- * Source creation input (without auto-generated fields)
- */
-interface CreateSourceInput {
-    name: string;
-    provider: string;
-    type: SourceType;
-    mcp?: McpSourceConfig;
-    api?: ApiSourceConfig;
-    local?: LocalSourceConfig;
-    icon?: string;
-    enabled?: boolean;
-}
-/**
- * REST API configuration for API sources
- * Used by api-tools.ts to create dynamic API tools
- */
-interface ApiConfig {
-    name: string;
-    baseUrl: string;
-    auth?: {
-        type: 'none' | 'header' | 'bearer' | 'query' | 'basic';
-        headerName?: string;
-        headerNames?: string[];
-        queryParam?: string;
-        authScheme?: string;
-        credentialLabel?: string;
-        secretLabel?: string;
-    };
-    headers?: Record<string, string>;
-    documentation?: string;
-    docsUrl?: string;
-    defaultHeaders?: Record<string, string>;
-    logo?: string;
-    workspaceId?: string;
-}
-
-/**
- * Built-in Sources
- *
- * System-level sources that are always available in every workspace.
- * These sources are not shown in the sources list UI but are available
- * for the agent to use.
- *
- * NOTE: The docs source is now an always-available MCP server configured
- * directly in the host runtime, not a source. This file is kept for backwards
- * compatibility but returns empty results.
- */
-
-/**
- * Get all built-in sources for a workspace.
- *
- * Currently returns empty array - the docs source has been moved to
- * an always-available MCP server in the host runtime.
- *
- * @param _workspaceId - The workspace ID (unused)
- * @param _workspaceRootPath - Absolute path to workspace root folder (unused)
- * @returns Empty array (no built-in sources)
- */
-declare function getBuiltinSources(_workspaceId: string, _workspaceRootPath: string): LoadedSource[];
-
-type SourceActivationStatus = 'active' | 'disabled' | 'needs_auth' | 'failed' | 'missing';
-interface SourceStateSnapshot {
-    sourceSlug: string;
-    enabled: boolean;
-    authenticated: boolean;
-    status: SourceActivationStatus;
-    reason?: string;
-}
-interface CreateSourceActivationPlanOptions {
-    requestedSourceSlugs: string[];
-    sourceStates: SourceStateSnapshot[];
-}
-interface SourceActivationPlan {
-    requestedSourceSlugs: string[];
-    activeSourceSlugs: string[];
-    authRequiredSourceSlugs: string[];
-    missingSourceSlugs: string[];
-    blockedSourceSlugs: string[];
-    timelineItems: TimelineItem[];
-}
-declare function createSourceActivationPlan(options: CreateSourceActivationPlanOptions): SourceActivationPlan;
-
-type SourceCredentialRefType = 'source_oauth' | 'source_bearer' | 'source_header' | 'source_query' | 'source_basic' | 'source_multi_header';
-interface SourceCredentialRef {
-    type: SourceCredentialRefType;
-    sourceSlug: string;
-    workspaceId: string;
-}
-type SourceToolDescriptor = {
-    kind: 'api-source';
-    sourceSlug: string;
-    baseUrl: string;
-    authType: ApiAuthType;
-    defaultHeaders?: Record<string, string>;
-    credentialRef?: SourceCredentialRef;
-} | {
-    kind: 'local-source';
-    sourceSlug: string;
-    path: string;
-    format?: string;
-} | {
-    kind: 'mcp-server';
-    sourceSlug: string;
-    transport: McpTransport;
-    url?: string;
-    command?: string;
-    args?: string[];
-    env?: Record<string, string>;
-    headers?: Record<string, string>;
-    credentialRef?: SourceCredentialRef;
-};
-interface CreateSourceToolAssemblyPlanOptions {
-    activeSourceSlugs: string[];
-    sources: LoadedSource[];
-    credentialRefs?: Record<string, SourceCredentialRef>;
-    allowedStdioEnvKeys?: string[];
-}
-interface SourceToolAssemblyPlan {
-    tools: SourceToolDescriptor[];
-    blockedSourceSlugs: string[];
-}
-declare function createSourceToolAssemblyPlan(options: CreateSourceToolAssemblyPlanOptions): SourceToolAssemblyPlan;
-
-interface CreateSourceRuntimeAssemblyPlanOptions {
-    requestedSourceSlugs: string[];
-    sourceStates: SourceStateSnapshot[];
-    sources: LoadedSource[];
-    credentialRefs?: Record<string, SourceCredentialRef>;
-    allowedStdioEnvKeys?: string[];
-}
-interface SourceRuntimeAssemblyPlan {
-    requestedSourceSlugs: string[];
-    activeSourceSlugs: string[];
-    authRequiredSourceSlugs: string[];
-    missingSourceSlugs: string[];
-    blockedSourceSlugs: string[];
-    toolBlockedSourceSlugs: string[];
-    sourceTools: SourceToolDescriptor[];
-    timelineItems: TimelineItem[];
-}
-declare function createSourceRuntimeAssemblyPlan(options: CreateSourceRuntimeAssemblyPlanOptions): SourceRuntimeAssemblyPlan;
-
-interface SourceRuntimeCapabilityDegradation {
-    authRequiredSourceSlugs: string[];
-    missingSourceSlugs: string[];
-    blockedSourceSlugs: string[];
-    toolBlockedSourceSlugs: string[];
-}
-interface SourceRuntimeProviderOptions {
-    extensions: Pick<RuntimeExtensionContext, 'sources'>;
-    sourceTools: ProviderSourceToolDescriptor[];
-    timelineItems: TimelineItem[];
-    capabilityDegradation: SourceRuntimeCapabilityDegradation;
-}
-declare function createSourceRuntimeProviderOptions(options: CreateSourceRuntimeAssemblyPlanOptions): SourceRuntimeProviderOptions;
-
-interface ValidationIssue {
-    file: string;
-    path: string;
-    message: string;
-    severity: 'error' | 'warning' | 'info';
-    suggestion?: string;
-}
-interface ValidationResult {
-    valid: boolean;
-    errors: ValidationIssue[];
-    warnings: ValidationIssue[];
-}
-declare function validateSourceConfig(config: unknown): ValidationResult;
-
-/**
- * Source Auth — Provider-Owned Detection Interface
- *
- * Weft does NOT implement separate OAuth flows for providers
- * (Claude, Codex). Provider auth is detected and delegated, not managed.
- *
- * This module provides:
- * 1. Detection interface for source-level auth (MCP bearer/basic/apikey)
- * 2. Provider auth delegation — forwards to @weft/runtime-core auth types
- *    for Claude/Codex/Copilot provider-level detection
- *
- * Source-level OAuth (Google, Slack, Microsoft) for MCP/API sources
- * remains in this package but requires host application injection.
- * The host app provides the actual OAuth callback server implementation.
- */
-
-/**
- * Auth session context for source OAuth flows.
- * Used by host application to track which session/workspace initiated auth.
- */
-interface OAuthSessionContext {
-    sessionId: string;
-    workspaceId: string;
-}
-/**
- * Result of a source authentication attempt.
- *
- * On success, the host app can either:
- * 1. Return token data here → Weft's SourceCredentialManager saves it
- * 2. Save tokens directly via SourceCredentialManager.save() → return success only
- *
- * Option 1 is simpler; Option 2 gives the host app full control over storage.
- * Both approaches work — Weft handles either case.
- */
-interface SourceAuthResult {
-    /** Whether auth was successful */
-    success: boolean;
-    /** Error message if auth failed */
-    error?: string;
-    /** Email address obtained during auth (if available) */
-    email?: string;
-    /** Access token (host app may return it for Weft to save) */
-    accessToken?: string;
-    /** Refresh token (host app may return it for Weft to save) */
-    refreshToken?: string;
-    /** Token expiry timestamp in ms since epoch (host app may return it) */
-    expiresAt?: number;
-}
-/**
- * Provider auth detection result for source-level usage.
- * Wraps the runtime-core ProviderAuthDetection for source credential routing.
- */
-interface SourceProviderAuthStatus {
-    /** Which auth mode the provider uses */
-    mode: ProviderAuthMode;
-    /** Whether the provider's auth is configured */
-    configured: boolean;
-    /** Human-readable description of auth state */
-    description: string;
-}
-/**
- * Convert ProviderAuthDetection from runtime-core to a source-friendly status.
- */
-declare function providerAuthToSourceStatus(detection: ProviderAuthDetection): SourceProviderAuthStatus;
-/**
- * Interface that the host application must implement for source OAuth flows.
- *
- * Weft does NOT own browser callback servers or PKCE flows.
- * The host app (Electron, web UI, CLI) provides the actual OAuth implementation
- * and passes credentials back through this interface.
- *
- * This replaces the previous stub OAuth classes (GoogleOAuth, SlackOAuth,
- * MicrosoftOAuth, GenericOAuth) with a single injection point.
- */
-interface SourceOAuthProvider {
-    /**
-     * Authenticate a source via its provider-specific OAuth flow.
-     * The host app opens a browser, handles the callback, and returns tokens.
-     */
-    authenticate(sourceSlug: string, provider: "google" | "slack" | "microsoft" | "generic" | "mcp", options: SourceOAuthOptions): Promise<SourceAuthResult>;
-    /**
-     * Refresh an expired OAuth token for a source.
-     */
-    refresh(sourceSlug: string, provider: "google" | "slack" | "microsoft" | "generic" | "mcp", refreshToken: string): Promise<SourceAuthResult>;
-}
-/**
- * Options for source OAuth authentication.
- * Generalized across all provider types — the host app interprets
- * provider-specific fields as needed.
- */
-interface SourceOAuthOptions {
-    /** Service identifier (e.g. "google-drive", "slack-workspace") */
-    service?: string;
-    /** OAuth scopes to request */
-    scopes?: string[];
-    /** App type context (e.g. "desktop", "web", "cli") */
-    appType?: string;
-    /** Callback port (host app decides actual port) */
-    callbackPort?: number;
-    /** Callback URL override */
-    callbackUrl?: string;
-    /** OAuth client ID (host app may have its own) */
-    clientId?: string;
-    /** OAuth client secret (host app may have its own) */
-    clientSecret?: string;
-    /** Session context for tracking */
-    sessionContext?: OAuthSessionContext;
-}
-/**
- * No-op SourceOAuthProvider that throws on all operations.
- * Used when no host app OAuth implementation is injected.
- */
-declare class StubSourceOAuthProvider implements SourceOAuthProvider {
-    authenticate(): Promise<SourceAuthResult>;
-    refresh(): Promise<SourceAuthResult>;
-}
-
-/**
- * Credential Types — Stub for OSS extraction.
- *
- * Defines types for credential storage and lookup.
- */
-interface CredentialId {
-    type: 'source_oauth' | 'source_bearer' | 'source_apikey' | 'source_basic';
-    workspaceId: string;
-    sourceId: string;
-}
-interface StoredCredential {
-    value: string;
-    refreshToken?: string;
-    expiresAt?: number;
-    clientId?: string;
-    clientSecret?: string;
-    tokenType?: string;
-}
-
-/**
- * SourceCredentialManager
- *
- * Unified credential management for sources. Consolidates credential CRUD,
- * credential ID resolution, expiry checking, and OAuth flows.
- *
- * This replaces scattered credential logic across:
- * - SourceService.getSourceToken()
- * - SourceService.getApiCredential()
- * - SourceService.getCredentialId()
- * - session-scoped-tools OAuth triggers
- * - IPC handlers for credential storage
- *
- * OAuth flows are delegated to the host application via SourceOAuthProvider.
- * Weft does NOT own browser callback servers or PKCE — the host app
- * (Electron, web UI, CLI) provides the actual OAuth implementation and
- * injects it through the constructor or setOAuthProvider() at startup.
- */
-
-/**
- * OAuth provider type for source credential routing.
- * Matches the SourceOAuthProvider.authenticate() provider parameter.
- */
-type OAuthProvider = 'google' | 'slack' | 'microsoft' | 'generic' | 'mcp';
-/**
- * Result of authentication attempt
- */
-interface AuthResult {
-    success: boolean;
-    error?: string;
-    /** For Gmail OAuth, includes user's email */
-    email?: string;
-}
-/**
- * API credential types (string for simple auth, object for basic auth or multi-header)
- */
-interface BasicAuthCredential {
-    username: string;
-    password: string;
-}
-/**
- * Multi-header credentials stored as Record<string, string>
- * Used for APIs like Datadog that require multiple auth headers (DD-API-KEY + DD-APPLICATION-KEY)
- */
-type MultiHeaderCredential = Record<string, string>;
-type ApiCredential = string | BasicAuthCredential | MultiHeaderCredential;
-/**
- * Type guard to check if credential is a MultiHeaderCredential.
- * Returns true for Record<string, string> objects that are NOT BasicAuthCredential.
- */
-declare function isMultiHeaderCredential(cred: ApiCredential): cred is MultiHeaderCredential;
-/**
- * SourceCredentialManager - unified credential operations for sources
- *
- * Usage:
- * ```typescript
- * // Without OAuth provider (stub — errors on auth operations)
- * const credManager = new SourceCredentialManager();
- *
- * // With OAuth provider injected at construction
- * const credManager = new SourceCredentialManager(myOAuthProvider);
- *
- * // Or via the singleton accessor
- * const credManager = getSourceCredentialManager(myOAuthProvider);
- *
- * // Save credentials
- * await credManager.save(source, { value: 'token123' });
- *
- * // Load credentials
- * const cred = await credManager.load(source);
- *
- * // Run OAuth flow (requires host OAuthProvider to be injected)
- * const result = await credManager.authenticate(source);
- * ```
- */
-declare class SourceCredentialManager {
-    private pendingRefreshes;
-    /**
-     * Host-injected OAuth provider for source-level auth flows.
-     * Weft does NOT own browser callback servers or PKCE — the host app
-     * (Electron, web UI, CLI) provides the actual implementation.
-     * Defaults to StubSourceOAuthProvider which returns errors for all operations.
-     */
-    private oauthProvider;
-    /**
-     * Construct a SourceCredentialManager with optional OAuth provider injection.
-     *
-     * If no provider is given, defaults to StubSourceOAuthProvider which
-     * returns errors for all OAuth operations. The host app should either:
-     * 1. Pass its SourceOAuthProvider at construction
-     * 2. Call setOAuthProvider() after construction
-     */
-    constructor(oauthProvider?: SourceOAuthProvider);
-    /**
-     * Set the host OAuth provider. Called by the host application at startup
-     * to inject its OAuth implementation (browser callbacks, PKCE, etc).
-     *
-     * This can also be used to replace the provider at runtime (e.g. when
-     * the Electron app initializes after the credential manager singleton
-     * has already been created).
-     */
-    setOAuthProvider(provider: SourceOAuthProvider): void;
-    /**
-     * Save credential for a source
-     */
-    save(source: LoadedSource, credential: StoredCredential): Promise<void>;
-    /**
-     * Load credential for a source
-     *
-     * For MCP sources, tries both OAuth and bearer credentials as fallback
-     * (credentials may have been stored via different auth modes)
-     */
-    load(source: LoadedSource): Promise<StoredCredential | null>;
-    /**
-     * Load MCP credential with fallback (OAuth -> bearer)
-     */
-    private loadMcpCredential;
-    /**
-     * Delete credential for a source
-     */
-    delete(source: LoadedSource): Promise<boolean>;
-    /**
-     * Get token value for a source (convenience method)
-     * Returns null if no credential exists or if expired
-     */
-    getToken(source: LoadedSource): Promise<string | null>;
-    /**
-     * Get API credential for a source (handles basic auth and multi-header JSON parsing)
-     */
-    getApiCredential(source: LoadedSource): Promise<ApiCredential | null>;
-    /**
-     * Get the credential ID for a source
-     *
-     * Determines the correct credential type based on:
-     * - Source type (mcp, api, local)
-     * - Auth type (oauth, bearer, header, etc.)
-     */
-    getCredentialId(source: LoadedSource): CredentialId;
-    /**
-     * Check if a credential is expired
-     */
-    isExpired(credential: StoredCredential): boolean;
-    /**
-     * Check if a credential needs refresh (within 5 min of expiry)
-     */
-    needsRefresh(credential: StoredCredential): boolean;
-    /**
-     * Mark a source as needing re-authentication.
-     * Called when token is missing/expired or token refresh fails.
-     * Updates config.json so the UI shows "needs auth" and the agent gets proper context.
-     */
-    markSourceNeedsReauth(source: LoadedSource, errorMessage: string): void;
-    /**
-     * Check if source has valid (non-expired) credentials
-     */
-    hasValidCredentials(source: LoadedSource): Promise<boolean>;
-    /**
-     * Detect the OAuth provider for a source.
-     */
-    detectProvider(source: LoadedSource): OAuthProvider;
-    /**
-     * Check whether a source uses OAuth authentication.
-     * Used to gate authenticate() and refresh() before delegating to oauthProvider.
-     */
-    private isOAuthSource;
-    /**
-     * Build SourceOAuthOptions from source config for a given provider.
-     *
-     * Extracts provider-specific fields (service, scopes, clientId, etc.)
-     * and maps them to the generalized SourceOAuthOptions interface.
-     * The host app's SourceOAuthProvider implementation interprets these
-     * fields as needed for its provider-specific OAuth flow.
-     */
-    private buildOAuthOptions;
-    /**
-     * Authenticate a source via OAuth, delegating to the host app.
-     *
-     * The host app's SourceOAuthProvider handles the entire flow:
-     * browser redirect, callback server, token exchange, and credential storage.
-     * On success, the source is marked as authenticated in config.json.
-     *
-     * This replaces the previous prepare/exchange split (prepareOAuth + exchangeAndStore).
-     * If a host app needs prepare/exchange separation, it implements that in its
-     * SourceOAuthProvider.
-     */
-    authenticate(source: LoadedSource, options?: {
-        callbackPort?: number;
-        callbackUrl?: string;
-        sessionContext?: OAuthSessionContext;
-    }): Promise<AuthResult>;
-    /**
-     * Refresh token for a source
-     *
-     * Returns the new access token, or null if refresh fails.
-     * On success, credentials are automatically updated by the host app.
-     *
-     * Uses promise deduplication to prevent concurrent refresh requests for the same source.
-     * This is important because:
-     * - Multiple API calls may hit refresh simultaneously when token is expiring
-     * - Microsoft rotates refresh tokens, so concurrent refreshes could cause token invalidation
-     */
-    refresh(source: LoadedSource): Promise<string | null>;
-    /**
-     * Internal refresh implementation.
-     *
-     * Routes to:
-     * 1. refreshApiRenew — for custom API renew endpoints (non-OAuth)
-     * 2. oauthProvider.refresh() — for all OAuth providers (Google, Slack, Microsoft, Generic, MCP)
-     *
-     * The host app's refresh() implementation handles token refresh and credential storage.
-     * After successful refresh, we reload the credential to return the new access token.
-     */
-    private doRefresh;
-    /**
-     * Refresh token via a custom API renew endpoint (non-OAuth).
-     * Uses the current access token for renewal — no separate refresh token needed.
-     */
-    private refreshApiRenew;
-}
-
-declare class EncryptedCredentialBackend {
-    private filePath;
-    private cache;
-    constructor(filePath?: string);
-    get(id: CredentialId): Promise<StoredCredential | null>;
-    set(id: CredentialId, credential: StoredCredential): Promise<void>;
-    delete(id: CredentialId): Promise<boolean>;
-    list(filter?: Partial<CredentialId>): Promise<CredentialId[]>;
-    private load;
-    private save;
-}
-
-declare function getMachineId(): string;
-
-interface CredentialManager {
-    get(id: CredentialId): Promise<StoredCredential | null>;
-    set(id: CredentialId, credential: StoredCredential): Promise<void>;
-    delete(id: CredentialId): Promise<boolean>;
-}
-declare class InMemoryCredentialManager implements CredentialManager {
-    private store;
-    private key;
-    get(id: CredentialId): Promise<StoredCredential | null>;
-    set(id: CredentialId, credential: StoredCredential): Promise<void>;
-    delete(id: CredentialId): Promise<boolean>;
-}
-
-interface CreateCredentialManagerOptions {
-    backend?: 'encrypted' | 'memory';
-    filePath?: string;
-}
-declare function getCredentialManager(options?: CreateCredentialManagerOptions): CredentialManager;
-declare function resetCredentialManager(): void;
-
-/**
- * Source Storage
- *
- * CRUD operations for workspace-scoped sources.
- * Sources are stored at {workspaceRootPath}/sources/{sourceSlug}/
- *
- * Note: All functions take `workspaceRootPath` (absolute path to workspace folder),
- * NOT a workspace slug. The `LoadedSource.workspaceId` is derived via basename().
- */
-
-/**
- * Load source config.json
- */
-declare function loadSourceConfig(workspaceRootPath: string, sourceSlug: string): FolderSourceConfig | null;
-/**
- * Save source config.json
- * @throws Error if config is invalid
- */
-declare function saveSourceConfig(workspaceRootPath: string, config: FolderSourceConfig): void;
-/**
- * Load complete source with all files
- * @param workspaceRootPath - Absolute path to workspace folder (e.g., ~/.weft/workspaces/xxx)
- * @param sourceSlug - Source folder name
- */
-declare function loadSource(workspaceRootPath: string, sourceSlug: string): LoadedSource | null;
-/**
- * Load all sources for a workspace INCLUDING built-in sources.
- * Built-in sources are always available and merged
- * with user-configured sources from the workspace.
- *
- * Use this when the agent needs visibility into all available sources,
- * including system-provided ones that don't live on disk.
- */
-declare function loadAllSources(workspaceRootPath: string): LoadedSource[];
-/**
- * Create a new source in a workspace
- */
-declare function createSource(workspaceRootPath: string, input: CreateSourceInput): Promise<FolderSourceConfig>;
-/**
- * Delete a source from a workspace
- */
-declare function deleteSource(workspaceRootPath: string, sourceSlug: string): void;
-/**
- * Check if a source exists in a workspace
- */
-declare function sourceExists(workspaceRootPath: string, sourceSlug: string): boolean;
-
-export { type ApiConfig, type ApiCredential, type AuthResult, type BasicAuthCredential, type CreateCredentialManagerOptions, type CreateSourceActivationPlanOptions, type CreateSourceInput, type CreateSourceRuntimeAssemblyPlanOptions, type CreateSourceToolAssemblyPlanOptions, type CredentialId, type CredentialManager, EncryptedCredentialBackend, InMemoryCredentialManager, type LoadedSource, type MultiHeaderCredential, type ApiOAuthConfig as OAuthConfig, type SourceActivationPlan, type SourceActivationStatus, type SourceBrand, type FolderSourceConfig as SourceConfig, SourceCredentialManager, type SourceCredentialRef, type SourceCredentialRefType, type SourceConnectionStatus as SourceHealthStatus, type SourceMcpAuthType, type SourceOAuthOptions, type SourceOAuthProvider, type SourceProviderAuthStatus, type SourceRuntimeAssemblyPlan, type SourceRuntimeCapabilityDegradation, type SourceRuntimeProviderOptions, type SourceStateSnapshot, type SourceToolAssemblyPlan, type SourceToolDescriptor, type ValidationIssue as SourceValidationIssue, type ValidationResult as SourceValidationResult, type StoredCredential, StubSourceOAuthProvider, createSource, createSourceActivationPlan, createSourceRuntimeAssemblyPlan, createSourceRuntimeProviderOptions, createSourceToolAssemblyPlan, deleteSource, getBuiltinSources, getCredentialManager, getMachineId, isMultiHeaderCredential, loadAllSources, loadSource, loadSourceConfig, providerAuthToSourceStatus, resetCredentialManager, saveSourceConfig, sourceExists, validateSourceConfig };