@sackville-mcp/api 0.0.1-alpha.0

package/dist/index.mjs

@@ -0,0 +1,3221 @@
+import { applyOp } from "@sackville-mcp/assert";
+import { JSONPath } from "jsonpath-plus";
+import { Ajv2020 } from "ajv/dist/2020.js";
+import addFormatsModule from "ajv-formats";
+import { existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync } from "node:fs";
+import { basename, dirname, join, resolve } from "node:path";
+import { bruToEnvJsonV2, bruToJsonV2, envJsonToBruV2, jsonToBruV2 } from "@usebruno/lang";
+import { parse } from "yaml";
+import { GraphQLError, Kind, TypeInfo, buildSchema, getNamedType, getVariableValues, isInputObjectType, isNonNullType, isScalarType, parse as parse$1, print, typeFromAST, validate, visit, visitWithTypeInfo } from "graphql";
+import { strFromU8, strToU8, unzipSync, zipSync } from "fflate";
+import { randomUUID } from "node:crypto";
+import { performance } from "node:perf_hooks";
+import { Redactor, SsrfError, resolveAndPin } from "@sackville-mcp/safety";
+import { FormData, request } from "undici";
+import { readFile } from "node:fs/promises";
+import { getQuickJS, shouldInterruptAfterDeadline } from "quickjs-emscripten";
+//#region src/artifacts.ts
+/**
+* In-memory store for response bodies, addressed by a `sackville://run/<id>/body`
+* handle. Agents/CLIs fetch bodies by handle so large payloads are never inlined
+* into tool results. (A persistent backend can replace this later.)
+*/
+var ArtifactStore = class {
+	artifacts = /* @__PURE__ */ new Map();
+	put(runId, body, contentType) {
+		const handle = `sackville://run/${runId}/body`;
+		this.artifacts.set(handle, {
+			body,
+			contentType
+		});
+		return handle;
+	}
+	get(handle) {
+		return this.artifacts.get(handle);
+	}
+};
+//#endregion
+//#region src/schema.ts
+/**
+* JSON Schema validation (draft 2020-12) via ajv. Shared by the `schema`
+* assertion source and the OpenAPI 3.1 contract validator — OpenAPI 3.1's
+* Schema Object *is* JSON Schema 2020-12, so one validator serves both.
+*/
+const addFormats = addFormatsModule.default;
+const ajv = new Ajv2020({
+	allErrors: true,
+	strict: false
+});
+addFormats(ajv);
+function toError(e) {
+	const where = e.instancePath || "(root)";
+	const detail = e.message ?? "is invalid";
+	const extra = e.keyword === "required" && typeof e.params?.missingProperty === "string" ? `: '${e.params.missingProperty}'` : "";
+	return {
+		instancePath: e.instancePath,
+		message: `${where} ${detail}${extra}`
+	};
+}
+/** Validate `data` against a JSON Schema. Never throws on data; an invalid
+* *schema* surfaces as a single error rather than propagating. */
+function validateSchema(schema, data) {
+	let validate;
+	try {
+		validate = ajv.compile(schema);
+	} catch (err) {
+		return {
+			valid: false,
+			errors: [{
+				instancePath: "",
+				message: `invalid schema: ${err.message}`
+			}]
+		};
+	}
+	const valid = validate(data);
+	return {
+		valid,
+		errors: valid ? [] : (validate.errors ?? []).map(toError)
+	};
+}
+//#endregion
+//#region src/assert.ts
+/** Resolve a value from a response by source kind (shared by assertions + captures). */
+function valueFrom(source, ctx, opts) {
+	switch (source) {
+		case "status": return ctx.status;
+		case "statusText": return ctx.statusText;
+		case "responseTime": return ctx.latencyMs;
+		case "body": return ctx.bodyText;
+		case "header": return opts.name ? ctx.headers[opts.name.toLowerCase()] : void 0;
+		case "jsonpath": return JSONPath({
+			path: opts.path ?? "$",
+			json: ctx.json,
+			wrap: false,
+			eval: false
+		});
+		default: return;
+	}
+}
+/** Evaluate declarative assertions against a response. */
+function evaluateAssertions(specs, ctx) {
+	return specs.map((spec) => {
+		if (spec.source === "schema") {
+			const subject = spec.path ? valueFrom("jsonpath", ctx, spec) : ctx.json;
+			const { valid, errors } = validateSchema(spec.value, subject);
+			return {
+				source: spec.source,
+				op: spec.op,
+				path: spec.path,
+				expected: spec.value,
+				actual: valid ? null : errors,
+				pass: valid
+			};
+		}
+		const actual = valueFrom(spec.source, ctx, spec);
+		return {
+			source: spec.source,
+			op: spec.op,
+			path: spec.path,
+			name: spec.name,
+			expected: spec.value,
+			actual,
+			pass: applyOp(spec.op, actual, spec.value)
+		};
+	});
+}
+/** Extract captured variables from a response into a name→value map. */
+function extractCaptures(specs, ctx) {
+	const captured = {};
+	for (const spec of specs) captured[spec.var] = valueFrom(spec.source, ctx, spec);
+	return captured;
+}
+//#endregion
+//#region src/collection.ts
+const NON_REQUEST = new Set(["collection.bru", "folder.bru"]);
+const RAW_BODY_TYPES = new Set([
+	"json",
+	"text",
+	"xml",
+	"sparql"
+]);
+const BODY_TYPE_ALIASES = {
+	formUrlEncoded: "form-urlencoded",
+	multipartForm: "multipart-form"
+};
+/**
+* Load a Bruno collection directory: each `<name>.bru` request (+ optional
+* `<name>.sackville.yml` sidecar), plus any `environments/<Env>.bru` files.
+*/
+function loadCollection(dir) {
+	const requests = /* @__PURE__ */ new Map();
+	for (const file of readdirSync(dir)) {
+		if (!file.endsWith(".bru") || NON_REQUEST.has(file)) continue;
+		const stem = basename(file, ".bru");
+		const entry = {
+			request: toRequest(stem, bruToJsonV2(readFileSync(join(dir, file), "utf8"))),
+			assertions: [],
+			captures: []
+		};
+		const sidecar = join(dir, `${stem}.sackville.yml`);
+		if (existsSync(sidecar)) {
+			const yaml = parse(readFileSync(sidecar, "utf8")) ?? {};
+			entry.assertions = yaml.assertions ?? [];
+			entry.captures = yaml.captures ?? [];
+			entry.preScript = yaml.preScript;
+			entry.postScript = yaml.postScript;
+		}
+		requests.set(stem, entry);
+	}
+	return {
+		dir,
+		requests,
+		environments: loadEnvironments(dir)
+	};
+}
+function loadEnvironments(dir) {
+	const environments = /* @__PURE__ */ new Map();
+	const envDir = join(dir, "environments");
+	if (!existsSync(envDir)) return environments;
+	for (const file of readdirSync(envDir)) {
+		if (!file.endsWith(".bru")) continue;
+		const parsed = bruToEnvJsonV2(readFileSync(join(envDir, file), "utf8"));
+		const vars = {};
+		for (const v of parsed.variables ?? []) if (v.enabled !== false && !v.secret) vars[v.name] = v.value;
+		environments.set(basename(file, ".bru"), vars);
+	}
+	return environments;
+}
+function toRequest(stem, parsed) {
+	const http = parsed.http ?? {};
+	const headers = (parsed.headers ?? []).filter((h) => h.enabled !== false).map((h) => ({
+		name: h.name,
+		value: h.value
+	}));
+	return {
+		name: parsed.meta?.name ?? stem,
+		method: String(http.method ?? "get").toUpperCase(),
+		url: http.url ?? "",
+		headers,
+		body: toBody(http.body, parsed.body)
+	};
+}
+function toBody(rawType, body) {
+	if (!rawType || rawType === "none") return void 0;
+	const type = BODY_TYPE_ALIASES[rawType] ?? rawType;
+	if (type === "form-urlencoded") return {
+		type,
+		params: (body?.formUrlEncoded ?? []).filter((p) => p.enabled !== false).map((p) => ({
+			name: p.name,
+			value: p.value
+		}))
+	};
+	if (type === "graphql") {
+		const gql = body?.graphql;
+		return {
+			type,
+			graphql: {
+				query: gql?.query ?? "",
+				variables: gql?.variables
+			}
+		};
+	}
+	if (type === "multipart-form") return {
+		type,
+		parts: toParts(body?.multipartForm ?? [])
+	};
+	if (type === "file") {
+		const selected = (body?.file ?? []).find((f) => f.selected !== false) ?? body?.file?.[0];
+		if (selected) return {
+			type,
+			file: {
+				filePath: selected.filePath,
+				contentType: selected.contentType
+			}
+		};
+		return { type };
+	}
+	if (RAW_BODY_TYPES.has(type)) {
+		const content = body?.[type];
+		if (typeof content === "string") return {
+			type,
+			content
+		};
+	}
+	return { type };
+}
+function toParts(parts) {
+	return parts.filter((p) => p.enabled !== false).map((p) => {
+		if (p.type === "file") {
+			const filePaths = Array.isArray(p.value) ? p.value : [p.value];
+			return {
+				name: p.name,
+				kind: "file",
+				filePaths,
+				contentType: p.contentType || void 0
+			};
+		}
+		const value = Array.isArray(p.value) ? p.value[0] ?? "" : p.value;
+		return {
+			name: p.name,
+			kind: "text",
+			value
+		};
+	});
+}
+//#endregion
+//#region src/contract.ts
+/**
+* OpenAPI 3.1 response-contract validation. OpenAPI 3.1's Schema Object *is*
+* JSON Schema 2020-12, so response bodies are validated with the same ajv
+* validator as the `schema` assertion (see ADR 0005 for why we validate
+* directly rather than via openapi-backend). Surfaces drift: requests to
+* undocumented operations, undocumented status codes, and bodies that violate
+* the declared response schema.
+*
+* Scope: local `#/components/schemas/...` `$ref`s are resolved (rewritten into
+* `$defs` so ajv handles recursion natively); **external local-file** `$ref`s
+* are inlined when a `baseDir` is supplied (JSON + YAML, incl. the file's own
+* internal refs, cycle-guarded). OpenAPI 3.0 `nullable` is shimmed to a 3.1 type
+* union. Still out of scope: **remote (http) `$ref`s** (SSRF) and non-schema
+* `$ref`s (parameters, shared `responses`).
+*/
+const COMPONENT_PREFIX = "#/components/schemas/";
+/** Build a regex matching a path template (`/users/{id}`) against a concrete path. */
+function pathToRegex(template) {
+	const escaped = template.split(/\{[^}]+\}/).map((part) => part.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("[^/]+");
+	return new RegExp(`^${escaped}/?$`);
+}
+function matchPath(paths, reqPath) {
+	const clean = reqPath.split("?")[0] ?? reqPath;
+	const exact = paths[clean];
+	if (exact) return {
+		template: clean,
+		item: exact
+	};
+	for (const [template, item] of Object.entries(paths)) if (item && pathToRegex(template).test(clean)) return {
+		template,
+		item
+	};
+}
+/** Find the response object for a status, honoring `2XX` ranges and `default`. */
+function findResponse(responses, status) {
+	const exact = responses[String(status)];
+	if (exact) return exact;
+	const digit = Math.floor(status / 100);
+	const range = responses[`${digit}XX`] ?? responses[`${digit}xx`];
+	if (range) return range;
+	return responses.default;
+}
+/** Pick the JSON response schema (prefers application/json, then *​/*, then first). */
+function pickJsonSchema(response) {
+	const content = response.content;
+	if (!content) return void 0;
+	return (content["application/json"] ?? content["*/*"] ?? Object.values(content)[0])?.schema;
+}
+/** Navigate a JSON Pointer (`#/A/B`) within a document. */
+function navigatePointer(doc, pointer) {
+	const path = pointer.replace(/^#/, "").split("/").filter(Boolean);
+	let node = doc;
+	for (const raw of path) {
+		const key = raw.replace(/~1/g, "/").replace(/~0/g, "~");
+		if (!node || typeof node !== "object") return void 0;
+		node = node[key];
+	}
+	return node;
+}
+/** Load + parse a referenced file (JSON or YAML by extension), cached by path. */
+function loadRefDoc(absPath, cache) {
+	const cached = cache.get(absPath);
+	if (cached !== void 0) return cached;
+	const text = readFileSync(absPath, "utf8");
+	const doc = /\.ya?ml$/i.test(absPath) ? parse(text) : JSON.parse(text);
+	cache.set(absPath, doc);
+	return doc;
+}
+/**
+* Inline external local-file `$ref`s into a self-contained schema. A `$ref`
+* pointing at `file#/pointer` is loaded from disk (relative to `baseDir`),
+* navigated, and FULLY dereferenced — the external file's own internal (`#/…`)
+* and nested external refs are inlined too, relative to that file. Internal
+* refs of the MAIN document (`#/components/schemas/…`) are left intact (handled
+* by the `$defs` rewrite). Remote (http) refs remain out of scope (SSRF). A
+* cycle guard caps recursion on self-referential external schemas.
+*/
+function inlineExternalRefs(node, baseDir, cache, doc, stack) {
+	if (Array.isArray(node)) return node.map((n) => inlineExternalRefs(n, baseDir, cache, doc, stack));
+	if (!node || typeof node !== "object") return node;
+	const ref = node.$ref;
+	if (typeof ref === "string") {
+		if (!ref.startsWith("#")) {
+			const [filePart, pointer = ""] = ref.split("#");
+			const absPath = resolve(baseDir, filePart);
+			const key = `${absPath}#${pointer}`;
+			if (stack.has(key)) return {};
+			const refDoc = loadRefDoc(absPath, cache);
+			return inlineExternalRefs(navigatePointer(refDoc, `#${pointer}`), dirname(absPath), cache, refDoc, new Set([...stack, key]));
+		}
+		if (doc !== void 0) {
+			if (stack.has(ref)) return {};
+			return inlineExternalRefs(navigatePointer(doc, ref), baseDir, cache, doc, new Set([...stack, ref]));
+		}
+		return node;
+	}
+	const out = {};
+	for (const [k, v] of Object.entries(node)) out[k] = inlineExternalRefs(v, baseDir, cache, doc, stack);
+	return out;
+}
+/**
+* OpenAPI 3.0 used `nullable: true` instead of 3.1's `type: ['string', 'null']`.
+* ajv (JSON Schema 2020-12) ignores `nullable`, so without this shim a 3.0 doc
+* gives a false failure on an explicit null. Rewrite `{type:'X', nullable:true}`
+* → `{type:['X','null']}` and drop the (non-2020) `nullable` keyword everywhere.
+*/
+function shimNullable(node) {
+	if (Array.isArray(node)) return node.map(shimNullable);
+	if (!node || typeof node !== "object") return node;
+	const out = {};
+	const src = node;
+	for (const [key, value] of Object.entries(src)) {
+		if (key === "nullable") continue;
+		out[key] = shimNullable(value);
+	}
+	if (src.nullable === true) {
+		if (typeof src.type === "string") out.type = [src.type, "null"];
+		else if (Array.isArray(src.type) && !src.type.includes("null")) out.type = [...src.type, "null"];
+	}
+	return out;
+}
+/** Recursively rewrite `#/components/schemas/X` $refs to `#/$defs/X`. */
+function rewriteRefs(node) {
+	if (Array.isArray(node)) return node.map(rewriteRefs);
+	if (node && typeof node === "object") {
+		const out = {};
+		for (const [key, value] of Object.entries(node)) if (key === "$ref" && typeof value === "string" && value.startsWith(COMPONENT_PREFIX)) out.$ref = `#/$defs/${value.slice(21)}`;
+		else out[key] = rewriteRefs(value);
+		return out;
+	}
+	return node;
+}
+/**
+* Resolve `METHOD path` to its OpenAPI operation via path-template matching (shared
+* by the response AND request validators — extracted so both resolve operations the
+* same way). Returns `undefined` when no path template / method matches.
+*/
+function resolveOpenApiOperation(spec, method, path) {
+	const matched = spec.paths ? matchPath(spec.paths, path) : void 0;
+	const operation = matched?.item[method.toLowerCase()];
+	if (!matched || !operation) return void 0;
+	return {
+		operation,
+		template: matched.template,
+		pathItem: matched.item
+	};
+}
+/**
+* Normalize an OpenAPI schema for ajv (2020-12) and return a self-contained schema
+* with component schemas merged into `$defs`. Shared by the response AND request
+* (body + parameter) validators so every schema gets the same treatment: external
+* local-file `$ref` inlining (when `baseDir` is set), the OpenAPI 3.0 `nullable`→
+* type-union shim, and the `#/components/schemas/X`→`#/$defs/X` rewrite. A schema's
+* own local `$defs` win over component defs on a name clash.
+*/
+function normalizeOpenApiSchema(schema, spec, opts = {}) {
+	const is30 = String(spec.openapi ?? "").startsWith("3.0");
+	const cache = /* @__PURE__ */ new Map();
+	const normalize = (sub) => {
+		const inlined = opts.baseDir ? inlineExternalRefs(sub, opts.baseDir, cache, void 0, /* @__PURE__ */ new Set()) : sub;
+		return rewriteRefs(is30 ? shimNullable(inlined) : inlined);
+	};
+	const componentDefs = Object.fromEntries(Object.entries(spec.components?.schemas ?? {}).map(([name, sub]) => [name, normalize(sub)]));
+	const rewritten = normalize(schema);
+	const localDefs = rewritten.$defs ?? {};
+	return {
+		...rewritten,
+		$defs: {
+			...componentDefs,
+			...localDefs
+		}
+	};
+}
+function validateOpenApiResponse(spec, req, res, opts = {}) {
+	const findings = [];
+	const method = req.method.toLowerCase();
+	const resolved = resolveOpenApiOperation(spec, method, req.path);
+	if (!resolved) {
+		findings.push({
+			kind: "missing-operation",
+			severity: "error",
+			message: `no operation ${req.method.toUpperCase()} ${req.path} in the OpenAPI document`
+		});
+		return {
+			valid: false,
+			findings
+		};
+	}
+	const op = {
+		method,
+		path: resolved.template
+	};
+	const response = findResponse(resolved.operation.responses ?? {}, res.status);
+	if (!response) {
+		findings.push({
+			kind: "undocumented-status",
+			severity: "error",
+			message: `status ${res.status} is not documented for ${method.toUpperCase()} ${resolved.template}`
+		});
+		return {
+			valid: false,
+			findings,
+			operation: op
+		};
+	}
+	const schema = pickJsonSchema(response);
+	if (schema !== void 0) {
+		const { valid, errors } = validateSchema(normalizeOpenApiSchema(schema, spec, opts), res.body);
+		if (!valid) for (const err of errors) findings.push({
+			kind: "response-schema",
+			severity: "error",
+			path: err.instancePath,
+			message: err.message
+		});
+	}
+	return {
+		valid: findings.every((f) => f.severity !== "error"),
+		findings,
+		operation: op
+	};
+}
+//#endregion
+//#region src/graphql.ts
+/**
+* GraphQL operation + response validation via graphql-js. The high-value check
+* is **drift**: validate a saved query against the server's *current* schema
+* (SDL), so a field removed or renamed upstream surfaces as a finding rather
+* than a silent `null`. Also inspects the response payload for a non-empty
+* top-level `errors` array, and — when `variables` are supplied (ADR 0015) —
+* validates the runtime variable VALUES against the operation's declared types.
+*/
+/** The five built-in scalars graphql-js can actually coerce. A custom scalar declared in
+* SDL via `buildSchema` uses an identity `parseValue` (validates nothing), so a variable
+* typed over one carries no signal and must be `unverified`-skipped — UNLESS the operator
+* registered a coercer for it (ADR 0018), making its `parseValue` actually validate. */
+const BUILTIN_SCALARS = new Set([
+	"Int",
+	"Float",
+	"String",
+	"Boolean",
+	"ID"
+]);
+/**
+* Does this resolved type (unwrapping NonNull/List, and transitively through input-object
+* fields) bottom out in a scalar that carries NO validation signal — i.e. a custom
+* (non-built-in) scalar WITHOUT a registered coercer? Cycle-guarded by `seen` keyed on the
+* input-object type name. Uses the schema-RESOLVED `GraphQLType` (via `typeFromAST`), never
+* the AST node. `registered` is the set of custom scalars with an operator coercer (ADR 0018);
+* pass an empty set for a coercer-INDEPENDENT check (e.g. the D2 directive-literal pass).
+*/
+function typeInvolvesCustomScalar(type, seen, registered) {
+	const named = getNamedType(type);
+	if (isScalarType(named)) return !BUILTIN_SCALARS.has(named.name) && !registered.has(named.name);
+	if (isInputObjectType(named)) {
+		if (seen.has(named.name)) return false;
+		seen.add(named.name);
+		return Object.values(named.getFields()).some((f) => typeInvolvesCustomScalar(f.type, seen, registered));
+	}
+	return false;
+}
+/**
+* Patch the operator-registered custom-scalar coercers onto the freshly-built schema (ADR
+* 0018). Overwrites `parseValue` ONLY — NEVER `parseLiteral` (the redaction-leak guard, §3:
+* `validate()` invokes `parseLiteral` on every custom-scalar LITERAL, and a coercer throw
+* there would land the raw value + message into a finding). Variables traverse `parseValue`
+* via `getVariableValues`, so that is all Feature B needs. Built-in scalar names are silently
+* ignored (§8.5 — a built-in shadow could false-fire on a valid `@skip` Boolean variable).
+* Returns the set of scalar names actually patched (the `registered` set). Safe to mutate the
+* schema in place: `validateGraphqlOperation` builds a fresh, never-shared schema per call.
+*/
+function patchRegisteredScalars(schema, coercers) {
+	const registered = /* @__PURE__ */ new Set();
+	if (!coercers) return registered;
+	for (const [name, coercer] of Object.entries(coercers)) {
+		if (BUILTIN_SCALARS.has(name)) continue;
+		const t = schema.getType(name);
+		if (t && isScalarType(t)) {
+			t.parseValue = coercer;
+			registered.add(name);
+		}
+	}
+	return registered;
+}
+/**
+* Validate the runtime `variables` of a SINGLE resolved operation against its declared
+* variable types. Appends findings (reconstructed from variable NAME + declared TYPE +
+* category — NEVER from graphql-js messages, which echo raw values) and returns whether
+* anything was `unverified`.
+*/
+function validateVariables(schema, operation, variables, authoritative, registered, findings) {
+	if (typeof variables !== "object" || variables === null || Array.isArray(variables)) return true;
+	const vars = variables;
+	const varDefs = operation.variableDefinitions ?? [];
+	const declared = /* @__PURE__ */ new Set();
+	let unverified = false;
+	for (const vd of varDefs) {
+		const name = vd.variable.name.value;
+		declared.add(name);
+		const resolved = typeFromAST(schema, vd.type);
+		if (!resolved) continue;
+		const typeStr = print(vd.type);
+		if (typeInvolvesCustomScalar(resolved, /* @__PURE__ */ new Set(), registered)) {
+			unverified = true;
+			continue;
+		}
+		const result = getVariableValues(schema, [vd], vars);
+		if (!("errors" in result) || !result.errors || result.errors.length === 0) continue;
+		if (!(name in vars)) if (authoritative) findings.push({
+			kind: "graphql-variable-missing",
+			severity: "error",
+			message: `required variable "$${name}" of type "${typeStr}" was not provided`
+		});
+		else unverified = true;
+		else if (vars[name] === null && isNonNullType(resolved)) findings.push({
+			kind: "graphql-variable-invalid",
+			severity: "error",
+			message: `variable "$${name}" of non-null type "${typeStr}" must not be null`
+		});
+		else findings.push({
+			kind: "graphql-variable-invalid",
+			severity: "error",
+			message: `variable "$${name}" got an invalid value for type "${typeStr}"`
+		});
+	}
+	for (const key of Object.keys(vars)) if (!declared.has(key)) findings.push({
+		kind: "graphql-undocumented-variable",
+		severity: "warning",
+		message: `undocumented variable "$${key}" not declared by the operation`
+	});
+	return unverified;
+}
+/**
+* D2 (ADR 0018): does the document attach a directive-arg LITERAL whose type bottoms out in a
+* custom (non-built-in) scalar? Such a literal is validated by NOTHING — a `buildSchema` custom
+* scalar has an identity `parseLiteral` which we DELIBERATELY never patch (the redaction-leak
+* guard, ADR 0018 §3) — so it carries no signal and must fold to `unverified`, never a finding
+* (the literal may carry an inline secret) and never a silent pass.
+*
+* COERCER-INDEPENDENT (ADR 0018 BLOCKER-2): a registered variable coercer validates VARIABLE
+* values via `parseValue`, never document literals, so this check passes NO `registered` set —
+* a registered scalar's literal stays `unverified` all the same.
+*
+* Confined to DIRECTIVE-arg position (field-arg literals are out of scope, ADR 0018 S1); a
+* variable-valued directive arg is handled by the variable loop, so it is skipped here. Reuses
+* the transitive `typeInvolvesCustomScalar` so a list/input-object directive-arg literal with a
+* nested custom scalar folds correctly. Caller must gate on a structurally-clean query.
+*/
+function hasCustomScalarDirectiveLiteral(schema, document) {
+	const typeInfo = new TypeInfo(schema);
+	let directiveDepth = 0;
+	let found = false;
+	visit(document, visitWithTypeInfo(typeInfo, {
+		Directive: {
+			enter: () => {
+				directiveDepth++;
+			},
+			leave: () => {
+				directiveDepth--;
+			}
+		},
+		Argument: (node) => {
+			if (directiveDepth === 0) return;
+			if (node.value.kind === Kind.VARIABLE) return;
+			const t = typeInfo.getInputType();
+			if (t && typeInvolvesCustomScalar(t, /* @__PURE__ */ new Set(), /* @__PURE__ */ new Set())) found = true;
+		}
+	}));
+	return found;
+}
+/**
+* Validate a GraphQL `query` against a schema `sdl`; if `opts.json` is supplied,
+* also check the response payload for returned `errors`. With `opts.operationName`
+* the root-type drift check is scoped to that operation (which must exist). When
+* `opts.variables` is supplied, the runtime variable values are validated against the
+* operation's declared types (ADR 0015). `valid` is true only when no `error`-severity
+* finding is present.
+*/
+function validateGraphqlOperation(sdl, query, opts = {}) {
+	const findings = [];
+	let schema;
+	try {
+		schema = buildSchema(sdl);
+	} catch (err) {
+		findings.push({
+			kind: "graphql-validation",
+			severity: "error",
+			message: `invalid schema SDL: ${err.message}`
+		});
+		return {
+			valid: false,
+			findings
+		};
+	}
+	const registered = patchRegisteredScalars(schema, opts.scalarCoercers);
+	let document;
+	try {
+		document = parse$1(query);
+	} catch (err) {
+		const message = err instanceof GraphQLError ? err.message : err.message;
+		findings.push({
+			kind: "graphql-syntax",
+			severity: "error",
+			message
+		});
+		return {
+			valid: false,
+			findings
+		};
+	}
+	for (const err of validate(schema, document)) findings.push({
+		kind: "graphql-validation",
+		severity: "error",
+		message: err.message
+	});
+	const operations = document.definitions.filter((d) => d.kind === "OperationDefinition");
+	let targets = operations;
+	if (opts.operationName !== void 0) {
+		targets = operations.filter((d) => d.name?.value === opts.operationName);
+		if (targets.length === 0) findings.push({
+			kind: "graphql-validation",
+			severity: "error",
+			message: `no operation named "${opts.operationName}" in the document`
+		});
+	}
+	for (const def of targets) {
+		const op = def.operation;
+		if (!(op === "mutation" ? schema.getMutationType() : op === "subscription" ? schema.getSubscriptionType() : schema.getQueryType())) findings.push({
+			kind: "graphql-validation",
+			severity: "error",
+			message: `schema declares no root type for ${op} operations`
+		});
+	}
+	const queryClean = findings.every((f) => f.severity !== "error");
+	const directiveUnverified = queryClean && hasCustomScalarDirectiveLiteral(schema, document);
+	let variableUnverified = false;
+	if (opts.variables !== void 0 && queryClean) {
+		const targetOp = targets.length === 1 ? targets[0] : void 0;
+		if (!targetOp) variableUnverified = true;
+		else variableUnverified = validateVariables(schema, targetOp, opts.variables, opts.variablesAuthoritative === true, registered, findings);
+	}
+	const unverified = directiveUnverified || variableUnverified;
+	const payload = opts.json;
+	if (payload?.errors && payload.errors.length > 0) {
+		const messages = payload.errors.map((e) => e.message ?? "(no message)").join("; ");
+		findings.push({
+			kind: "graphql-errors",
+			severity: "error",
+			message: `response returned ${payload.errors.length} GraphQL error(s): ${messages}`
+		});
+	}
+	return {
+		valid: findings.every((f) => f.severity !== "error"),
+		findings,
+		...unverified ? { unverified: true } : {},
+		...directiveUnverified ? { directiveUnverified: true } : {}
+	};
+}
+//#endregion
+//#region src/request-contract.ts
+/**
+* OpenAPI 3.1 (and 3.0-compat) REQUEST-side contract validation — the sibling of
+* `validateOpenApiResponse` (see ADR 0005; this milestone's design = the
+* request-contract-validation-design fan-out). It validates the request half of an
+* exchange against the declared operation: the request body against `requestBody`,
+* and parameters against `parameters` (path/query/header). It reuses the response
+* validator's extracted seams (`resolveOpenApiOperation`, `normalizeOpenApiSchema`)
+* so operation resolution and schema treatment (3.0 `nullable` shim, local +
+* external-local-file `$ref` deref) are identical across both halves.
+*
+* **Authority + the `unverified` channel (load-bearing, ADR 0013 absence-is-never-
+* a-pass):** some request facts cannot be verified from every source. A captured HAR
+* cannot distinguish "no body" from "a non-JSON body the bridge dropped", and cannot
+* always supply query/header params. So callers declare what they KNOW:
+* `bodyPresenceAuthoritative` / `paramsAuthoritative` (true for direct MCP/CLI
+* surfaces that hold the real request; false/omitted for the capture path). When a
+* required-but-absent body/param CANNOT be asserted as a breach (caller not
+* authoritative), or a present body could not be schema-checked, the result carries
+* `unverified: true` — NOT a finding — which the capture bridge folds into `noSignal`
+* so it can never be laundered into a pass.
+*/
+/** True when a parsed body looks like a GraphQL-over-HTTP envelope (`{query: string,
+* …}`). A direct surface uses this to refuse running OpenAPI body validation on a
+* GraphQL request (which has no REST requestBody shape) — H4. */
+function isGraphqlEnvelope(body) {
+	return !!body && typeof body === "object" && typeof body.query === "string";
+}
+/** Lower-cased media-type base (sans parameters), e.g. `application/json`. */
+function mediaBase(ct) {
+	return (ct.split(";")[0] ?? "").trim().toLowerCase();
+}
+/** JSON-family media type: `application/json` or any `*+json` (e.g. `application/ld+json`). */
+function isJsonMediaType(ct) {
+	const base = mediaBase(ct);
+	return base === "application/json" || base.endsWith("+json");
+}
+/** Merge path-item-level + operation-level `parameters`, operation winning on
+* `(name, in)`. Returns raw params (a `$ref` param is handled by the caller). */
+function mergeParameters(pathItem, operation) {
+	const collect = (x) => {
+		const ps = x?.parameters;
+		return Array.isArray(ps) ? ps : [];
+	};
+	const map = /* @__PURE__ */ new Map();
+	let i = 0;
+	for (const p of [...collect(pathItem), ...collect(operation)]) {
+		if (!p || typeof p !== "object") continue;
+		const key = typeof p.name === "string" && typeof p.in === "string" ? `${p.in}:${p.name}` : `#ref${i++}`;
+		map.set(key, p);
+	}
+	return [...map.values()];
+}
+const SCALAR_TYPES = new Set([
+	"string",
+	"number",
+	"integer",
+	"boolean"
+]);
+/** The scalar JSON types of a (normalized) schema, or `undefined` when the schema
+* is non-scalar / typeless (array/object params are STAGED → inconclusive-skip). */
+function scalarTypes(schema) {
+	const t = schema.type;
+	if (typeof t === "string") return SCALAR_TYPES.has(t) ? [t] : void 0;
+	if (Array.isArray(t)) {
+		const nonNull = t.filter((x) => x !== "null");
+		return nonNull.length > 0 && nonNull.every((x) => SCALAR_TYPES.has(x)) ? t : void 0;
+	}
+}
+/** `'array'`/`'object'` for a (normalized) non-scalar schema, else `undefined`. A
+* `'null'`-augmented union (3.0 nullable shim) is tolerated; a union mixing
+* array/object with a scalar (or with each other) is ambiguous → `undefined`
+* (handled as a typeless skip, never a false validation). */
+function nonScalarType(schema) {
+	const t = schema.type;
+	if (typeof t === "string") return t === "array" || t === "object" ? t : void 0;
+	if (Array.isArray(t)) {
+		const nonNull = t.filter((x) => x !== "null");
+		if (nonNull.length > 0 && nonNull.every((x) => x === "array")) return "array";
+		if (nonNull.length > 0 && nonNull.every((x) => x === "object")) return "object";
+	}
+}
+/** A serialized array param cannot soundly prove its element COUNT from a single
+* wire occurrence (it might be an explode-disagreement). When the array schema
+* constrains cardinality, a single-occurrence value is `unverified`-skipped. */
+function hasCardinalityConstraint(schema) {
+	return schema.minItems !== void 0 || schema.maxItems !== void 0 || schema.uniqueItems === true;
+}
+/** The delimiter joining elements of a non-exploded QUERY array for this style, or
+* `undefined` when the query style isn't a supported array serialization. */
+function queryArrayDelimiter(param) {
+	if (param.style === void 0 || param.style === "form") return ",";
+	if (param.style === "spaceDelimited") return " ";
+	if (param.style === "pipeDelimited") return "|";
+}
+/** Whether this param's (location, style, type) is a supported ARRAY serialization
+* (query form/space/pipe-delimited, path simple/label/matrix, header simple). Explode +
+* item-type soundness are resolved in the handler. */
+function arraySerializationSupported(param) {
+	switch (param.in) {
+		case "query": return queryArrayDelimiter(param) !== void 0;
+		case "header": return param.style === void 0 || param.style === "simple";
+		case "path": return param.style === void 0 || param.style === "simple" || param.style === "label" || param.style === "matrix";
+		default: return false;
+	}
+}
+/** A PATH array's split delimiter is `.` only for `label` + `explode` (RFC 6570
+* `{.list*}` → `.a.b.c`). `.` is the one delimiter that occurs inside a JSON `number`
+* (decimal point), so a `number`-typed label-explode array would over-split. */
+function arraySplitUsesDot(param) {
+	return param.in === "path" && param.style === "label" && (param.explode ?? false) === true;
+}
+/** Decompose a serialized array value into its raw string elements, or `undefined`
+* when the serialization can't be soundly reversed (malformed prefix / unsupported
+* style) — the caller then `unverified`-skips. Query splits on the style delimiter;
+* header `simple` splits on `,` and trims; PATH handles simple/label/matrix × explode
+* (stripping the RFC 6570 `.`/`;name=` prefixes). */
+function splitArrayValue(param, value) {
+	if (param.in === "query") {
+		const d = queryArrayDelimiter(param);
+		return d === void 0 ? void 0 : value.split(d);
+	}
+	if (param.in === "header") return value.split(",").map((s) => s.trim());
+	if (param.in === "path") {
+		const style = param.style ?? "simple";
+		if (style === "simple") return value.split(",");
+		if (style === "label") {
+			if (!value.startsWith(".")) return void 0;
+			const body = value.slice(1);
+			return param.explode ?? false ? body.split(".") : body.split(",");
+		}
+		if (style === "matrix") {
+			const name = param.name;
+			if (param.explode ?? false) {
+				if (!value.startsWith(";")) return void 0;
+				const out = [];
+				for (const part of value.slice(1).split(";")) {
+					const pre = `${name}=`;
+					if (!part.startsWith(pre)) return void 0;
+					out.push(part.slice(pre.length));
+				}
+				return out;
+			}
+			const pre = `;${name}=`;
+			return value.startsWith(pre) ? value.slice(pre.length).split(",") : void 0;
+		}
+	}
+}
+/** Whether every non-null item type is a scalar whose value space cannot contain the
+* split delimiter — making a delimited split EXACT (element coercion AND cardinality
+* sound). `integer`/`boolean` never contain any of our delimiters; `number` contains
+* `.`, so it is excluded only when the dot delimiter is used (label-explode). String/
+* typeless items always over-split, so they stay `unverified`. */
+function itemTypesSplittable(itemTypes, usesDotDelimiter) {
+	const nonNull = itemTypes.filter((t) => t !== "null");
+	if (nonNull.length === 0) return false;
+	return nonNull.every((t) => t === "integer" || t === "boolean" || t === "number" && !usesDotDelimiter);
+}
+/** A FRACTIONAL `multipleOf` is the IEEE-754 false-positive trap: coercing a wire
+* string to a JS float then ajv-checking e.g. `multipleOf: 0.1` reports a
+* spec-conformant value like `0.3` as invalid (0.3/0.1 ≠ an integer in binary). We
+* can't soundly assert conformance, so a scalar schema carrying one is `unverified`-
+* skipped (an INTEGER `multipleOf` divides exactly and stays validated). */
+function hasFractionalMultipleOf(schema) {
+	const m = schema.multipleOf;
+	return typeof m === "number" && !Number.isInteger(m);
+}
+/** Which query OBJECT serializations the validator reconstructs. deepObject
+* (`name[prop]` discrete keys) and form/`explode=false` (`name=k,v,k,v` single string)
+* are checkable; form/`explode=true` objects merge into the shared top-level namespace
+* (irreducibly ambiguous — only their undoc-param SUPPRESSION is supported), and
+* path/header/cookie objects are STAGED. */
+function objectSerializationSupported(param) {
+	if (param.in !== "query") return false;
+	if (param.style === "deepObject") return true;
+	return (param.style === void 0 || param.style === "form") && param.explode === false;
+}
+/**
+* Which (location, style, type) serializations the validator can soundly check.
+* SCALARS: the default per location (path/header `simple`, query `form`). ARRAYS: any
+* `arraySerializationSupported` location/style (query form/space/pipe-delimited, path
+* simple/label/matrix, header simple); explode + item-type soundness are resolved in the
+* handler. OBJECTS and every other style/location (deepObject/cookie/content-typed) are
+* OBJECTS: query deepObject + form/`explode=false` (`objectSerializationSupported`).
+* Everything else (path/header/cookie objects, form/`explode=true` objects, content-
+* typed) is STAGED → inconclusive-skip. `schema` is the NORMALIZED param schema (so the
+* array/scalar decision sees the 3.0 nullable shim). */
+function styleSupported(param, schema) {
+	if (param.content) return false;
+	const nonScalar = schema ? nonScalarType(schema) : void 0;
+	if (nonScalar === "array") return arraySerializationSupported(param);
+	if (nonScalar === "object") return objectSerializationSupported(param);
+	switch (param.in) {
+		case "query": return param.style === void 0 || param.style === "form";
+		case "header":
+		case "path": return param.style === void 0 || param.style === "simple";
+		default: return false;
+	}
+}
+/** Strict scalar coercion of a captured string value to a declared scalar type.
+* Numeric/boolean must match the WHOLE string (no residue); an empty value coerces
+* to `null` only when the type union allows it. Never touches the shared ajv. */
+function coerceScalar(raw, types) {
+	if (raw === "" && types.includes("null")) return {
+		ok: true,
+		value: null
+	};
+	for (const t of types) {
+		if (t === "string") return {
+			ok: true,
+			value: raw
+		};
+		if (t === "integer" && /^[+-]?\d+$/.test(raw)) return {
+			ok: true,
+			value: Number(raw)
+		};
+		if (t === "number" && /^[+-]?(?:\d+\.?\d*|\.\d+)(?:[eE][+-]?\d+)?$/.test(raw)) return {
+			ok: true,
+			value: Number(raw)
+		};
+		if (t === "boolean") {
+			if (raw === "true") return {
+				ok: true,
+				value: true
+			};
+			if (raw === "false") return {
+				ok: true,
+				value: false
+			};
+		}
+	}
+	return { ok: false };
+}
+/** Positionally extract path-template params from the concrete path. A segment that
+* embeds a param but is not EXACTLY `{name}` (e.g. `{name}.{ext}`) cannot be split
+* positionally → its params are `skipped` (inconclusive, never a false-fail). */
+function extractPathParams(template, concrete) {
+	const tSegs = template.split("/");
+	const cSegs = (concrete.split("?")[0] ?? "").split("/");
+	const values = /* @__PURE__ */ new Map();
+	const skipped = /* @__PURE__ */ new Set();
+	for (let i = 0; i < tSegs.length; i++) {
+		const t = tSegs[i] ?? "";
+		const exact = t.match(/^\{([^}]+)\}$/);
+		if (exact?.[1]) {
+			const raw = cSegs[i];
+			if (raw !== void 0) {
+				let decoded = raw;
+				try {
+					decoded = decodeURIComponent(raw);
+				} catch {}
+				values.set(exact[1], decoded);
+			}
+		} else if (t.includes("{")) {
+			for (const m of t.matchAll(/\{([^}]+)\}/g)) if (m[1]) skipped.add(m[1]);
+		}
+	}
+	return {
+		values,
+		skipped
+	};
+}
+function lookupParamValue(param, req, pathVals) {
+	const name = param.name;
+	if (param.in === "path") {
+		if (pathVals.skipped.has(name)) return { state: "multi" };
+		const v = pathVals.values.get(name);
+		return v === void 0 ? { state: "absent" } : {
+			state: "present",
+			value: v
+		};
+	}
+	if (param.in === "query") {
+		const q = req.query?.[name];
+		if (q === void 0) return { state: "absent" };
+		if (Array.isArray(q)) return q.length === 1 && q[0] !== void 0 ? {
+			state: "present",
+			value: q[0]
+		} : {
+			state: "array-values",
+			values: q
+		};
+		return {
+			state: "present",
+			value: q
+		};
+	}
+	if (param.in === "header") {
+		const h = req.headers?.[name.toLowerCase()];
+		return h === void 0 ? { state: "absent" } : {
+			state: "present",
+			value: h
+		};
+	}
+	return { state: "absent" };
+}
+/**
+* Validate an ARRAY param (query form/space/pipe-delimited, path/header `simple`)
+* against its declared schema. Resolves the wire elements per (state, style, explode):
+*
+*  - `array-values` (≥2 query occurrences, explode=true) — the discrete elements, NO
+*    split, so any scalar item type is sound.
+*  - query `form` + explode=true, single occurrence — wrapped `[v]` ONLY when it carries
+*    no comma (no explode-disagreement) and the schema has no cardinality constraint
+*    (else `unverified`).
+*  - DELIMITED single string (query explode=false form/space/pipe, path simple/label/
+*    matrix, header simple) — decomposed by `splitArrayValue`, but ONLY for scalar items
+*    whose value space can't contain the delimiter (`integer`/`boolean` always; `number`
+*    unless the dot delimiter is used); string/typeless items, empty segments, and a
+*    malformed prefix are `unverified` (embedded-delimiter / serialization ambiguity).
+*
+* Appends `param-schema` findings; returns whether the param was `unverified`-skipped.
+*/
+function validateArrayParam(param, normSchema, lk, findings) {
+	const itemSchema = normSchema.items;
+	const itemTypes = itemSchema && typeof itemSchema === "object" && !Array.isArray(itemSchema) ? scalarTypes(itemSchema) : void 0;
+	if (normSchema.prefixItems !== void 0 || !itemTypes) return true;
+	if (hasFractionalMultipleOf(itemSchema)) return true;
+	const explodeTrue = param.in === "query" && (param.style === void 0 || param.style === "form") && (param.explode ?? true) === true;
+	let elements;
+	if (lk.state === "array-values") elements = lk.values;
+	else if (lk.state === "present" && explodeTrue) {
+		if (lk.value.includes(",") || hasCardinalityConstraint(normSchema)) return true;
+		elements = [lk.value];
+	} else if (lk.state === "present") {
+		if (!itemTypesSplittable(itemTypes, arraySplitUsesDot(param))) return true;
+		const parts = splitArrayValue(param, lk.value);
+		if (parts === void 0 || parts.some((s) => s === "")) return true;
+		elements = parts;
+	} else return true;
+	const want = itemTypes.filter((t) => t !== "null").join("|");
+	const coerced = [];
+	let anyBad = false;
+	for (const el of elements) {
+		const c = coerceScalar(el, itemTypes);
+		if (!c.ok) {
+			anyBad = true;
+			findings.push({
+				kind: "param-schema",
+				severity: "error",
+				path: param.name,
+				message: `${param.in} parameter '${param.name}' value '${el}' is not a valid ${want}`
+			});
+		} else coerced.push(c.value);
+	}
+	if (anyBad) return false;
+	const { valid, errors } = validateSchema(normSchema, coerced);
+	if (!valid) for (const err of errors) findings.push({
+		kind: "param-schema",
+		severity: "error",
+		path: param.name,
+		message: `${param.in} parameter '${param.name}' ${err.message}`
+	});
+	return false;
+}
+/** Escape a string for literal use inside a RegExp. */
+function escapeRegExp(s) {
+	return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+/**
+* Validate a query OBJECT param against its declared schema. deepObject reconstructs
+* from discrete `name[prop]` keys (so STRING props are sound — no split); form/
+* `explode=false` splits the single `name=k,v,k,v` string (integer/boolean props ONLY —
+* a string value's comma cascades, a number's float mis-coerces). Declared scalar props
+* are coerced; undeclared keys pass through (ajv handles them per additionalProperties);
+* the assembled object is ajv-validated. Returns whether the param was `unverified`.
+*
+* REFUSE (→ unverified, never a false finding) when reconstruction can't be sound: no
+* flat scalar `properties`; an object-form `additionalProperties` (an undeclared key we
+* leave uncoerced could false-fail a typed schema); any prop with a fractional
+* `multipleOf` (float trap); a deepObject nested (`a[b]`) or repeated key; a form/
+* explode=false object with any non-(integer|boolean) prop, `additionalProperties !==
+* false`, or an odd/empty split.
+*/
+function validateObjectParam(param, normSchema, req, opts, method, template, findings) {
+	const props = normSchema.properties;
+	if (!props || typeof props !== "object" || Array.isArray(props)) return true;
+	const propEntries = Object.entries(props);
+	if (propEntries.length === 0) return true;
+	const propTypes = /* @__PURE__ */ new Map();
+	for (const [propName, sub] of propEntries) {
+		if (!sub || typeof sub !== "object" || Array.isArray(sub)) return true;
+		const s = sub;
+		const t = scalarTypes(s);
+		if (!t || hasFractionalMultipleOf(s)) return true;
+		propTypes.set(propName, t);
+	}
+	const ap = normSchema.additionalProperties;
+	if (ap !== void 0 && typeof ap !== "boolean") return true;
+	const name = param.name;
+	const collected = [];
+	let present = false;
+	if (param.style === "deepObject") {
+		const prefix = `${name}[`;
+		const flat = new RegExp(`^${escapeRegExp(name)}\\[([^\\]]+)\\]$`);
+		for (const [key, val] of Object.entries(req.query ?? {})) {
+			if (!key.startsWith(prefix)) continue;
+			present = true;
+			const m = flat.exec(key);
+			if (!m || m[1] === void 0) return true;
+			if (Array.isArray(val)) return true;
+			collected.push([m[1], val]);
+		}
+	} else {
+		if (ap !== false) return true;
+		for (const t of propTypes.values()) if (!t.filter((x) => x !== "null").every((x) => x === "integer" || x === "boolean")) return true;
+		const raw = req.query?.[name];
+		if (raw === void 0) present = false;
+		else if (Array.isArray(raw) || raw === "") return true;
+		else {
+			present = true;
+			const segs = raw.split(",");
+			if (segs.length % 2 !== 0 || segs.some((s) => s === "")) return true;
+			for (let i = 0; i < segs.length; i += 2) collected.push([segs[i], segs[i + 1]]);
+		}
+	}
+	if (!present) {
+		if (param.required === true) if (opts.paramsAuthoritative) findings.push({
+			kind: "missing-required-param",
+			severity: "error",
+			path: name,
+			message: `required ${param.in} parameter '${name}' missing for ${method.toUpperCase()} ${template}`
+		});
+		else return true;
+		return false;
+	}
+	const obj = {};
+	let anyBad = false;
+	for (const [prop, value] of collected) {
+		const types = propTypes.get(prop);
+		if (types) {
+			const c = coerceScalar(value, types);
+			if (!c.ok) {
+				anyBad = true;
+				findings.push({
+					kind: "param-schema",
+					severity: "error",
+					path: `${name}[${prop}]`,
+					message: `${param.in} parameter '${name}[${prop}]' value '${value}' is not a valid ${types.filter((t) => t !== "null").join("|")}`
+				});
+			} else obj[prop] = c.value;
+		} else obj[prop] = value;
+	}
+	if (anyBad) return false;
+	const { valid, errors } = validateSchema(normSchema, obj);
+	if (!valid) for (const err of errors) findings.push({
+		kind: "param-schema",
+		severity: "error",
+		path: name,
+		message: `${param.in} parameter '${name}' ${err.message}`
+	});
+	return false;
+}
+/**
+* Resolve a LOCAL in-document `$ref` (`#/components/{requestBodies,parameters,…}/*`)
+* one level. A non-`#/`-local `$ref` (external file / remote) returns `undefined` →
+* the caller treats it as inconclusive-skip (never fabricates a finding). A node
+* without a `$ref` is returned as-is.
+*/
+function derefLocalComponent(spec, node) {
+	if (!node || typeof node !== "object") return node;
+	const ref = node.$ref;
+	if (typeof ref !== "string") return node;
+	if (!ref.startsWith("#/")) return void 0;
+	let cur = spec;
+	for (const raw of ref.slice(2).split("/")) {
+		const key = raw.replace(/~1/g, "/").replace(/~0/g, "~");
+		if (!cur || typeof cur !== "object") return void 0;
+		cur = cur[key];
+	}
+	return cur;
+}
+/** `'urlencoded'`/`'multipart'` for the two form media bases, else `undefined`. Form
+* bodies are validated by reconstructing the field map (ADR 0016 addendum 4). */
+function formBase(mb) {
+	if (mb === "application/x-www-form-urlencoded") return "urlencoded";
+	if (mb === "multipart/form-data") return "multipart";
+}
+/**
+* Select the declared request-body schema for a concrete Content-Type. When a CT is
+* present, match the spec's `content` keys by specificity: exact `type/subtype`, then
+* the subtype range, then the catch-all range. When the CT is ABSENT (the capture
+* path), fall back to a JSON-family key (the bridge only resolves JSON bodies) — and
+* `matched:false` there must NEVER become `unsupported-media-type` (C1). Also surfaces
+* the matched media base + its `encoding` object (form-body validation refuses any
+* per-property encoding — addendum 4).
+*/
+function selectContentSchema(content, ct) {
+	if (!content) return { matched: false };
+	const keys = Object.keys(content);
+	if (ct) {
+		const type = ct.split("/")[0] ?? "";
+		const key = keys.find((k) => mediaBase(k) === ct) ?? keys.find((k) => mediaBase(k) === `${type}/*`) ?? keys.find((k) => mediaBase(k) === "*/*");
+		if (!key) return { matched: false };
+		return {
+			matched: true,
+			schema: content[key]?.schema,
+			json: isJsonMediaType(key),
+			mediaBase: mediaBase(key),
+			encoding: content[key]?.encoding
+		};
+	}
+	const jsonKey = keys.find(isJsonMediaType);
+	if (!jsonKey) return { matched: false };
+	return {
+		matched: true,
+		schema: content[jsonKey]?.schema,
+		json: true,
+		mediaBase: "application/json",
+		encoding: content[jsonKey]?.encoding
+	};
+}
+/** UTF-8 / ASCII charsets we can soundly assume the bytes→string decode preserved. */
+const SOUND_CHARSETS = new Set([
+	"utf-8",
+	"utf8",
+	"us-ascii",
+	"ascii"
+]);
+/**
+* Validate a `form`-style request body (`application/x-www-form-urlencoded` or the text
+* parts of `multipart/form-data`) against its declared object schema, reconstructing
+* typed values from the DISCRETE field map (`req.form`; repeated keys → array). Discrete
+* keys make even STRING array items sound (no delimiter to over-split) — form bodies are
+* more tractable than form *params*. Mirrors `validateObjectParam`'s coerce-then-ajv
+* logic. Declared scalar props are coerced to the declared type; sound scalar-item array
+* props are assembled from repeated keys; undeclared keys pass through as raw strings
+* (ajv then enforces `additionalProperties`); the assembled object is ajv-validated.
+*
+* Returns whether the body was `unverified`-skipped. REFUSE → unverified (never a false
+* finding) when reconstruction can't be sound: ANY per-property `encoding`; a non-UTF-8
+* charset; the schema isn't a flat object with `properties`; an object-form (typed)
+* `additionalProperties`; a non-scalar / typeless property, or an array property with
+* non-scalar items; a fractional `multipleOf` (float trap); a declared property satisfied
+* by a multipart FILE part; a scalar property arriving with repeated keys; a single-
+* occurrence array property carrying a cardinality constraint; an ambiguous empty value
+* for a non-string, non-null scalar property; or — when the caller is NOT authoritative —
+* any required field absent from the captured map.
+*/
+function validateFormBody(normSchema, encoding, req, opts, findings) {
+	if (encoding !== void 0 && encoding !== null) return true;
+	const rawCt = req.headers?.["content-type"];
+	if (rawCt) {
+		const m = /;\s*charset=([^;]+)/i.exec(rawCt);
+		if (m?.[1] && !SOUND_CHARSETS.has(m[1].trim().toLowerCase())) return true;
+	}
+	const props = normSchema.properties;
+	if (!props || typeof props !== "object" || Array.isArray(props)) return true;
+	const propEntries = Object.entries(props);
+	if (propEntries.length === 0) return true;
+	const ap = normSchema.additionalProperties;
+	if (ap !== void 0 && typeof ap !== "boolean") return true;
+	const plan = /* @__PURE__ */ new Map();
+	for (const [name, sub] of propEntries) {
+		if (!sub || typeof sub !== "object" || Array.isArray(sub)) return true;
+		const s = sub;
+		const st = scalarTypes(s);
+		if (st) {
+			if (hasFractionalMultipleOf(s)) return true;
+			plan.set(name, {
+				kind: "scalar",
+				types: st
+			});
+			continue;
+		}
+		if (nonScalarType(s) === "array") {
+			const items = s.items;
+			if (!items || typeof items !== "object" || Array.isArray(items)) return true;
+			const it = scalarTypes(items);
+			if (!it || hasFractionalMultipleOf(items)) return true;
+			plan.set(name, {
+				kind: "array",
+				itemTypes: it,
+				hasCard: hasCardinalityConstraint(s)
+			});
+			continue;
+		}
+		return true;
+	}
+	const form = req.form ?? {};
+	const fileFields = new Set(req.formFileFields ?? []);
+	for (const name of plan.keys()) if (fileFields.has(name)) return true;
+	const required = Array.isArray(normSchema.required) ? normSchema.required : [];
+	if (!opts.bodyPresenceAuthoritative) {
+		for (const rq of required) if (form[rq] === void 0) return true;
+	}
+	const obj = {};
+	let anyBad = false;
+	for (const [name, p] of plan) {
+		const raw = form[name];
+		if (raw === void 0) continue;
+		if (p.kind === "scalar") {
+			if (Array.isArray(raw)) return true;
+			if (raw === "" && !p.types.includes("string") && !p.types.includes("null")) return true;
+			const c = coerceScalar(raw, p.types);
+			if (!c.ok) {
+				anyBad = true;
+				findings.push({
+					kind: "request-body-schema",
+					severity: "error",
+					path: name,
+					message: `request body field '${name}' value '${raw}' is not a valid ${p.types.filter((t) => t !== "null").join("|")}`
+				});
+			} else obj[name] = c.value;
+		} else {
+			const occ = Array.isArray(raw) ? raw : [raw];
+			if (occ.length === 1 && p.hasCard) return true;
+			const arr = [];
+			for (const el of occ) {
+				if (el === "" && !p.itemTypes.includes("string") && !p.itemTypes.includes("null")) return true;
+				const c = coerceScalar(el, p.itemTypes);
+				if (!c.ok) {
+					anyBad = true;
+					findings.push({
+						kind: "request-body-schema",
+						severity: "error",
+						path: name,
+						message: `request body field '${name}' value '${el}' is not a valid ${p.itemTypes.filter((t) => t !== "null").join("|")}`
+					});
+				} else arr.push(c.value);
+			}
+			if (!anyBad) obj[name] = arr;
+		}
+	}
+	for (const [key, val] of Object.entries(form)) {
+		if (plan.has(key) || fileFields.has(key)) continue;
+		obj[key] = val;
+	}
+	if (anyBad) return false;
+	const { valid, errors } = validateSchema(normSchema, obj);
+	if (!valid) for (const err of errors) findings.push({
+		kind: "request-body-schema",
+		severity: "error",
+		...err.instancePath ? { path: err.instancePath } : {},
+		message: err.message
+	});
+	return false;
+}
+function validateOpenApiRequest(spec, req, opts = {}) {
+	const findings = [];
+	let unverified = false;
+	const method = req.method.toLowerCase();
+	const resolved = resolveOpenApiOperation(spec, method, req.path);
+	if (!resolved) {
+		findings.push({
+			kind: "missing-operation",
+			severity: "error",
+			message: `no operation ${req.method.toUpperCase()} ${req.path} in the OpenAPI document`
+		});
+		return {
+			valid: false,
+			findings
+		};
+	}
+	const { operation, template } = resolved;
+	const op = {
+		method,
+		path: template
+	};
+	const requestBodyRaw = operation.requestBody;
+	const requestBodyDeclared = requestBodyRaw !== void 0;
+	const requestBody = derefLocalComponent(spec, requestBodyRaw);
+	const hasBody = req.body !== void 0 || req.form !== void 0;
+	const reqCt = req.headers?.["content-type"] ? mediaBase(req.headers["content-type"]) : void 0;
+	if (requestBodyDeclared && (!requestBody || typeof requestBody !== "object")) unverified = true;
+	else if (requestBody && typeof requestBody === "object") if (!hasBody) {
+		if (requestBody.required === true) if (opts.bodyPresenceAuthoritative) findings.push({
+			kind: "missing-required-body",
+			severity: "error",
+			message: `required request body missing for ${method.toUpperCase()} ${template}`
+		});
+		else unverified = true;
+	} else {
+		const sel = selectContentSchema(requestBody.content, reqCt);
+		if (!sel.matched) {
+			if (reqCt) findings.push({
+				kind: "unsupported-media-type",
+				severity: "warning",
+				message: `content-type '${reqCt}' is not declared for ${method.toUpperCase()} ${template}`
+			});
+			unverified = true;
+		} else if (formBase(sel.mediaBase) && req.form !== void 0 && sel.schema !== void 0) {
+			if (validateFormBody(normalizeOpenApiSchema(sel.schema, spec, opts), sel.encoding, req, opts, findings)) unverified = true;
+		} else if (!sel.json || sel.schema === void 0) unverified = true;
+		else {
+			const { valid, errors } = validateSchema(normalizeOpenApiSchema(sel.schema, spec, opts), req.body);
+			if (!valid) for (const err of errors) findings.push({
+				kind: "request-body-schema",
+				severity: "error",
+				path: err.instancePath,
+				message: err.message
+			});
+		}
+	}
+	else if (hasBody) {
+		findings.push({
+			kind: "undocumented-body",
+			severity: "warning",
+			message: `request body sent to ${method.toUpperCase()} ${template} which declares no request body`
+		});
+		unverified = true;
+	}
+	const pathVals = extractPathParams(template, req.path);
+	const declaredQuery = /* @__PURE__ */ new Set();
+	const deepObjectPrefixes = [];
+	let suppressUndoc = false;
+	const params = [];
+	for (const rp of mergeParameters(resolved.pathItem, operation)) if (typeof rp.$ref === "string") {
+		const d = derefLocalComponent(spec, rp);
+		if (!d || typeof d.name !== "string" || typeof d.in !== "string") {
+			unverified = true;
+			suppressUndoc = true;
+			continue;
+		}
+		params.push(d);
+	} else if (typeof rp.name === "string" && typeof rp.in === "string") params.push(rp);
+	for (const param of params) {
+		if (typeof param.name !== "string" || typeof param.in !== "string") continue;
+		const normSchema = param.schema !== void 0 ? normalizeOpenApiSchema(param.schema, spec, opts) : void 0;
+		const types = normSchema ? scalarTypes(normSchema) : void 0;
+		const nonScalar = normSchema ? nonScalarType(normSchema) : void 0;
+		if (param.in === "query") if (nonScalar === "object") if (param.style === "deepObject") deepObjectPrefixes.push(`${param.name}[`);
+		else if ((param.style === void 0 || param.style === "form") && param.explode === false) declaredQuery.add(param.name);
+		else suppressUndoc = true;
+		else declaredQuery.add(param.name);
+		if (!styleSupported(param, normSchema)) {
+			unverified = true;
+			continue;
+		}
+		if (!normSchema || !types && nonScalar === void 0) {
+			unverified = true;
+			continue;
+		}
+		if (nonScalar === "object" && normSchema) {
+			if (validateObjectParam(param, normSchema, req, opts, method, template, findings)) unverified = true;
+			continue;
+		}
+		const lk = lookupParamValue(param, req, pathVals);
+		if (lk.state === "absent") {
+			if (param.in === "path" || param.required === true) if (opts.paramsAuthoritative) findings.push({
+				kind: "missing-required-param",
+				severity: "error",
+				path: param.name,
+				message: `required ${param.in} parameter '${param.name}' missing for ${method.toUpperCase()} ${template}`
+			});
+			else unverified = true;
+			continue;
+		}
+		if (nonScalar === "array" && normSchema) {
+			if (validateArrayParam(param, normSchema, lk, findings)) unverified = true;
+			continue;
+		}
+		if (lk.state === "multi" || lk.state === "array-values" || !types) {
+			unverified = true;
+			continue;
+		}
+		if (hasFractionalMultipleOf(normSchema)) {
+			unverified = true;
+			continue;
+		}
+		const coerced = coerceScalar(lk.value, types);
+		if (!coerced.ok) {
+			const want = types.filter((t) => t !== "null").join("|");
+			findings.push({
+				kind: "param-schema",
+				severity: "error",
+				path: param.name,
+				message: `${param.in} parameter '${param.name}' value '${lk.value}' is not a valid ${want}`
+			});
+			continue;
+		}
+		const { valid, errors } = validateSchema(normSchema, coerced.value);
+		if (!valid) for (const err of errors) findings.push({
+			kind: "param-schema",
+			severity: "error",
+			path: param.name,
+			message: `${param.in} parameter '${param.name}' ${err.message}`
+		});
+	}
+	if (req.query && !suppressUndoc) for (const key of Object.keys(req.query)) {
+		if (declaredQuery.has(key)) continue;
+		if (deepObjectPrefixes.some((p) => key.startsWith(p))) continue;
+		findings.push({
+			kind: "undocumented-param",
+			severity: "warning",
+			path: key,
+			message: `undocumented query parameter '${key}' for ${method.toUpperCase()} ${template}`
+		});
+	}
+	return {
+		valid: findings.every((f) => f.severity !== "error"),
+		findings,
+		operation: op,
+		...unverified ? { unverified: true } : {}
+	};
+}
+//#endregion
+//#region src/har-capture.ts
+/**
+* The capture→contract bridge (ADR 0013, Phase-5 milestone 5a). Turns a stored
+* browser/API HAR into the records the *already-shipped* OpenAPI response
+* validator consumes — **no request is re-run**; this is a read over an existing
+* artifact. The high-leverage cross-pillar win: a captured run's traffic is
+* checked against the operator-supplied contract for the installed API version.
+*
+* Security posture (ADR 0013 §3): a HAR is operator-gated bytes whose redaction
+* is known-incomplete, so the *surface* gates resolving one (`validate_capture`,
+* slice 6). Here, the pure bridge MUST NOT copy raw headers/cookies into its
+* output (only status + the parsed body needed for schema validation) and every
+* finding message is routed through the operator `Redactor` before it leaves.
+*/
+/** fflate is unbounded by default; cap the inflated HAR archive (ADR 0013 §3e). */
+const MAX_HAR_INFLATED_BYTES$1 = 64 * 1024 * 1024;
+/** Build a decoded query record from a URL's search params (repeated keys → array). */
+function collectQuery(sp) {
+	const out = {};
+	for (const key of new Set(sp.keys())) {
+		const all = sp.getAll(key);
+		out[key] = all.length > 1 ? all : all[0] ?? "";
+	}
+	return out;
+}
+/** Lower-cased request header map (last value wins) from the HAR header array. */
+function collectHeaders(hdrs) {
+	const out = {};
+	for (const h of hdrs ?? []) if (typeof h?.name === "string") out[h.name.toLowerCase()] = String(h.value ?? "");
+	return out;
+}
+function findHarJson(zip) {
+	const key = Object.keys(zip).find((k) => k.endsWith(".har"));
+	return key ? strFromU8(zip[key]) : void 0;
+}
+function mimeOf(content) {
+	return (content?.mimeType ?? "").split(";")[0]?.trim().toLowerCase() ?? "";
+}
+/** `'urlencoded'`/`'multipart'` for the two form media bases, else `undefined`. */
+function formBaseOf(mime) {
+	if (mime === "application/x-www-form-urlencoded") return "urlencoded";
+	if (mime === "multipart/form-data") return "multipart";
+}
+/** Append a field into a repeated-keys-→-array map (the form-field channel shape). */
+function appendFormField(map, name, value) {
+	const cur = map[name];
+	if (cur === void 0) map[name] = value;
+	else if (Array.isArray(cur)) cur.push(value);
+	else map[name] = [cur, value];
+}
+/**
+* Resolve a `form`-style request `postData` into the structured field channel
+* `validateFormBody` consumes (ADR 0016 addendum 4 capture path). PREFER the
+* structured `params[]` (each `{name, value?, fileName?}`, already URL-decoded by
+* the capturer; a `fileName` marks a FILE part → names-only). For `urlencoded`
+* ONLY, fall back to parsing `postData.text` (well-defined percent-decoding). A
+* `multipart` body with no `params[]` (only raw `_file`/`text`) is NOT parsed —
+* boundary parsing reintroduces the embedded-delimiter trap — so `undefined` is
+* returned and the validator `unverified`-skips. Returns `undefined` when nothing
+* sound is extractable.
+*/
+function formFieldsFromPostData(pd, base) {
+	const form = {};
+	const fileFields = [];
+	if (Array.isArray(pd.params) && pd.params.length > 0) {
+		for (const p of pd.params) {
+			if (typeof p?.name !== "string") continue;
+			if (typeof p.fileName === "string") fileFields.push(p.name);
+			else appendFormField(form, p.name, String(p.value ?? ""));
+		}
+		return {
+			form,
+			fileFields
+		};
+	}
+	if (base === "urlencoded" && typeof pd.text === "string") {
+		const sp = new URLSearchParams(pd.text);
+		for (const key of new Set(sp.keys())) {
+			const all = sp.getAll(key);
+			form[key] = all.length > 1 ? all : all[0] ?? "";
+		}
+		return {
+			form,
+			fileFields
+		};
+	}
+}
+/**
+* Slice 2 — parse a HAR `.zip` and resolve each entry's body. The PRIMARY path
+* is `content:'attach'` (the only mode the browser pillar emits): a body lives
+* in a separate archive entry referenced by `response.content._file`. Inline
+* `response.content.text` (`content:'embed'`) is the fallback. JSON bodies are
+* parsed; the URL is reduced to its `pathname` (+ origin kept separately).
+*/
+function harEntriesToFacts(harZip) {
+	const zip = unzipSync(new Uint8Array(harZip), { filter: (file) => file.originalSize <= MAX_HAR_INFLATED_BYTES$1 });
+	const harText = findHarJson(zip);
+	if (harText === void 0) throw new Error("har-capture: no .har entry in the archive");
+	const entries = JSON.parse(harText).log?.entries ?? [];
+	const out = [];
+	for (const e of entries) {
+		const method = (e.request?.method ?? "GET").toUpperCase();
+		const rawUrl = e.request?.url ?? "";
+		let path = rawUrl;
+		let origin = "";
+		let query;
+		try {
+			const u = new URL(rawUrl);
+			path = u.pathname;
+			origin = u.origin;
+			const q = collectQuery(u.searchParams);
+			if (Object.keys(q).length > 0) query = q;
+		} catch {}
+		const headersMap = collectHeaders(e.request?.headers);
+		const headers = Object.keys(headersMap).length > 0 ? headersMap : void 0;
+		const status = e.response?.status ?? 0;
+		const content = e.response?.content;
+		const mimeType = mimeOf(content);
+		const reqContent = e.request?.postData;
+		let reqForm;
+		let reqFormFiles;
+		const reqFormBase = reqContent ? formBaseOf(mimeOf(reqContent)) : void 0;
+		if (reqContent && reqFormBase) {
+			const extracted = formFieldsFromPostData(reqContent, reqFormBase);
+			if (extracted) {
+				reqForm = extracted.form;
+				if (extracted.fileFields.length > 0) reqFormFiles = extracted.fileFields;
+			}
+		}
+		let reqBody;
+		if (reqContent && mimeOf(reqContent).includes("json")) {
+			let rawReq;
+			if (reqContent._file) {
+				const bytes = zip[reqContent._file];
+				if (bytes) rawReq = strFromU8(bytes);
+			} else if (typeof reqContent.text === "string") rawReq = reqContent.text;
+			if (rawReq !== void 0 && rawReq.length > 0) try {
+				reqBody = JSON.parse(rawReq);
+			} catch {}
+		}
+		let body;
+		let unresolvedBody;
+		const isJson = mimeType.includes("json");
+		let rawBody;
+		if (content?._file) {
+			const bytes = zip[content._file];
+			if (bytes) rawBody = strFromU8(bytes);
+			else unresolvedBody = `attached body ${content._file} not found in the archive`;
+		} else if (typeof content?.text === "string") rawBody = content.text;
+		if (unresolvedBody === void 0 && isJson) if (rawBody === void 0 || rawBody.length === 0) unresolvedBody = "json response with no resolvable body";
+		else try {
+			body = JSON.parse(rawBody);
+		} catch {
+			unresolvedBody = "json response body did not parse";
+		}
+		else if (!isJson) body = rawBody;
+		out.push({
+			req: {
+				method,
+				path,
+				origin,
+				...reqBody !== void 0 ? { body: reqBody } : {},
+				...query ? { query } : {},
+				...headers ? { headers } : {},
+				...reqForm ? { form: reqForm } : {},
+				...reqFormFiles ? { formFileFields: reqFormFiles } : {}
+			},
+			res: {
+				status,
+				body
+			},
+			mimeType,
+			...unresolvedBody ? { unresolvedBody } : {}
+		});
+	}
+	return out;
+}
+function isApiEntry(entry, opts) {
+	if (opts.allowedOrigins && entry.req.origin && !opts.allowedOrigins.includes(entry.req.origin)) return false;
+	return entry.mimeType.includes("json");
+}
+/**
+* Slice 4 — strip the OpenAPI `servers[].url` base path so a captured
+* `/api/v1/widgets` matches the documented path `/widgets`. Returns the longest
+* matching server base path's remainder, or the original path when none match.
+*/
+function serverBasePaths(spec) {
+	const servers = Array.isArray(spec.servers) ? spec.servers : [];
+	const bases = [];
+	for (const s of servers) {
+		const url = typeof s?.url === "string" ? s.url : "";
+		if (!url) continue;
+		let base = url;
+		try {
+			base = new URL(url).pathname;
+		} catch {}
+		base = base.replace(/\/+$/, "");
+		if (base && base !== "/") bases.push(base);
+	}
+	return bases.sort((a, b) => b.length - a.length);
+}
+function reconcileBasePath(path, bases) {
+	for (const base of bases) {
+		if (path === base) return "/";
+		if (path.startsWith(`${base}/`)) return path.slice(base.length);
+	}
+	return path;
+}
+/**
+* Extract the GraphQL operation from a captured request body. The GraphQL-over-
+* HTTP shape is a JSON object with a string `query` (and optional `operationName`
+* and `variables`). Returns `undefined` for a non-GraphQL body.
+*/
+function graphqlOperationOf(entry) {
+	const b = entry.req.body;
+	if (b && typeof b === "object" && typeof b.query === "string") {
+		const opName = b.operationName;
+		const variables = b.variables;
+		return {
+			query: b.query,
+			...typeof opName === "string" ? { operationName: opName } : {},
+			...variables !== void 0 ? { variables } : {}
+		};
+	}
+}
+const HTTP_METHODS$1 = [
+	"get",
+	"put",
+	"post",
+	"delete",
+	"patch",
+	"options",
+	"head",
+	"trace"
+];
+/** Every documented operation as `METHOD /template` — the universe for the drift walk. */
+function documentedOperations(spec) {
+	const ops = [];
+	for (const [template, item] of Object.entries(spec.paths ?? {})) {
+		if (!item) continue;
+		for (const method of HTTP_METHODS$1) if (method in item) ops.push(`${method.toUpperCase()} ${template}`);
+	}
+	return ops;
+}
+/**
+* Slice 5 (+ ADR 0013 §5 GraphQL) — drive each captured JSON entry through the
+* matching shipped validator. A GraphQL entry (matched by the contract's
+* `endpointPath` or the JSON `{query}` shape) goes to `validateGraphqlOperation`
+* and NEVER to the OpenAPI validator; a REST entry goes to
+* `validateOpenApiResponse` and feeds the exercised/unexercised drift walk. An
+* entry with no matching contract half is no-signal (never a pass). Every finding
+* message is routed through the operator `Redactor`; our own summary paths use the
+* matched operation template / operator-supplied endpoint, never a raw captured path.
+*/
+function validateCapturedTraffic(harZip, contract, opts = {}) {
+	const redact = opts.redact ?? ((v) => v);
+	const { openapi: spec, graphql } = contract;
+	const bases = spec ? serverBasePaths(spec) : [];
+	const entries = harEntriesToFacts(harZip).filter((e) => isApiEntry(e, opts));
+	const results = [];
+	const findingsByKind = {};
+	const exercised = /* @__PURE__ */ new Set();
+	let firstFailing;
+	let unresolvedBodies = 0;
+	let noSignal = 0;
+	const bump = (kind) => {
+		findingsByKind[kind] = (findingsByKind[kind] ?? 0) + 1;
+	};
+	const pushResult = (entry, raw, displayPath) => {
+		const redactedFindings = raw.findings.map((f) => ({
+			...f,
+			message: redact(f.message),
+			...f.path !== void 0 ? { path: redact(f.path) } : {}
+		}));
+		const result = {
+			...raw,
+			findings: redactedFindings
+		};
+		results.push(result);
+		for (const f of redactedFindings) bump(f.kind);
+		if (!result.valid && !firstFailing) {
+			const f = redactedFindings.find((x) => x.severity === "error") ?? redactedFindings[0];
+			firstFailing = {
+				method: entry.req.method,
+				path: displayPath,
+				kind: f?.kind ?? "unknown",
+				message: f?.message ?? ""
+			};
+		}
+		return result;
+	};
+	for (const entry of entries) {
+		if (entry.unresolvedBody) {
+			unresolvedBodies++;
+			bump("unresolved-body");
+			firstFailing ??= {
+				method: entry.req.method,
+				path: redact(reconcileBasePath(entry.req.path, bases)),
+				kind: "unresolved-body",
+				message: redact(entry.unresolvedBody)
+			};
+			continue;
+		}
+		const op = graphqlOperationOf(entry);
+		if (graphql !== void 0 && entry.req.path === graphql.endpointPath || !!op) {
+			if (!graphql) {
+				noSignal++;
+				bump("graphql-sdl-not-supplied");
+				continue;
+			}
+			if (!op) {
+				pushResult(entry, {
+					valid: false,
+					findings: [{
+						kind: "graphql-no-query",
+						severity: "error",
+						message: "no GraphQL query found in the captured request body"
+					}]
+				}, redact(graphql.endpointPath));
+				continue;
+			}
+			const raw = validateGraphqlOperation(graphql.sdl, op.query, {
+				json: entry.res.body,
+				operationName: op.operationName,
+				...op.variables !== void 0 ? { variables: op.variables } : {}
+			});
+			pushResult(entry, raw, redact(graphql.endpointPath));
+			if (raw.unverified) {
+				noSignal++;
+				bump(raw.directiveUnverified ? "graphql-directive-unverified" : "graphql-variable-unverified");
+			}
+			continue;
+		}
+		if (!spec) {
+			noSignal++;
+			bump("no-contract-for-entry");
+			continue;
+		}
+		const reqPath = reconcileBasePath(entry.req.path, bases);
+		const typedSpec = spec;
+		const resRaw = validateOpenApiResponse(typedSpec, {
+			method: entry.req.method,
+			path: reqPath
+		}, entry.res, { baseDir: opts.baseDir });
+		const reqRaw = validateOpenApiRequest(typedSpec, {
+			method: entry.req.method,
+			path: reqPath,
+			body: entry.req.body,
+			query: entry.req.query,
+			headers: entry.req.headers,
+			form: entry.req.form,
+			formFileFields: entry.req.formFileFields
+		}, { baseDir: opts.baseDir });
+		const merged = {
+			valid: resRaw.valid && reqRaw.valid,
+			findings: [...resRaw.findings, ...reqRaw.findings.filter((f) => f.kind !== "missing-operation")],
+			...resRaw.operation ?? reqRaw.operation ? { operation: resRaw.operation ?? reqRaw.operation } : {}
+		};
+		const result = pushResult(entry, merged, merged.operation?.path ?? redact(reqPath));
+		if (result.operation) exercised.add(`${result.operation.method.toUpperCase()} ${result.operation.path}`);
+		if (reqRaw.unverified) {
+			noSignal++;
+			bump("request-unverified");
+		}
+	}
+	const documented = spec ? documentedOperations(spec) : [];
+	const exercisedOperations = [...exercised].sort();
+	const unexercisedOperations = documented.filter((op) => !exercised.has(op)).sort();
+	const clean = entries.length > 0 && unresolvedBodies === 0 && noSignal === 0 && results.every((r) => r.valid);
+	return {
+		entriesValidated: entries.length,
+		findingsByKind,
+		firstFailing,
+		exercisedOperations,
+		unexercisedOperations,
+		results,
+		unresolvedBodies,
+		noSignal,
+		clean
+	};
+}
+//#endregion
+//#region src/har-synth.ts
+/**
+* HAR synthesis + redaction for the API pillar (ADR 0013 Addendum 4, milestone 5f).
+* Lets `verify` PRODUCE a HAR from the `@sackville-mcp/api` runner (not just the browser
+* pillar's live capture), then validate it against the contract via the SHIPPED
+* {@link validateCapturedTraffic} — full REST + GraphQL parity.
+*
+* This module is a PURE leaf: it imports ONLY `fflate` (no runner/undici/spawn-capable
+* code), so the new `@sackville-mcp/browser → @sackville-mcp/api` dep edge it creates (browser's
+* `finalizeHar` delegates its Buffer→Buffer transform here) cannot drag heavy code into
+* the browser pillar, and the gate suite exercises synthesis with no network.
+*
+* Security posture (ADR 0013 §3): a synthesized HAR carries the REAL request/response
+* bodies + urls. {@link redactHarZip} is the blanket-redaction pass (lifted from the
+* browser pillar's `finalizeHar` core, shared so the 5e attach-mimeType fix is inherited),
+* and {@link synthesizeRedactedHarZip} folds it in so NO un-redacted buffer is ever
+* returned. The redactor MUST carry the run-resolved `{{secret:NAME}}` values.
+*/
+/** fflate is unbounded by default; cap the inflated HAR archive (ADR 0013 §3e). */
+const MAX_HAR_INFLATED_BYTES = 64 * 1024 * 1024;
+const HAR_TEXT_ENTRY = /\.(har|json|txt|html|htm|css|js|xml|svg)$/;
+const TEXT_MIME = /^text\/|(?:json|xml|javascript|ecmascript|graphql|html|urlencoded|csv|yaml)/i;
+/**
+* In `content:'attach'` mode a body lives in a SEPARATE archive entry whose name is
+* content-addressed — frequently WITHOUT a text extension — so {@link HAR_TEXT_ENTRY}
+* (a filename gate) would pass a JSON/GraphQL body through unredacted. Walk the `.har`
+* JSON and collect the `_file` names of every body whose DECLARED mimeType is text-like,
+* so they are redacted by type, not by extension.
+*/
+function textAttachFiles(harJson) {
+	const files = /* @__PURE__ */ new Set();
+	let entries = [];
+	try {
+		const log = JSON.parse(harJson).log;
+		if (Array.isArray(log?.entries)) entries = log.entries;
+	} catch {
+		return files;
+	}
+	const consider = (part) => {
+		if (part && typeof part._file === "string" && typeof part.mimeType === "string" && TEXT_MIME.test(part.mimeType)) files.add(part._file);
+	};
+	for (const e of entries) {
+		consider(e?.request?.postData);
+		consider(e?.response?.content);
+	}
+	return files;
+}
+/** Parse the `.har` JSON into compact tallies; tolerant of a malformed/empty log. */
+function summarizeHar(harJson) {
+	const byStatus = {};
+	const byMethod = {};
+	let entries = [];
+	try {
+		const log = JSON.parse(harJson).log;
+		if (Array.isArray(log?.entries)) entries = log.entries;
+	} catch {
+		return {
+			entryCount: 0,
+			byStatus,
+			byMethod
+		};
+	}
+	for (const e of entries) {
+		const status = e?.response?.status;
+		if (typeof status === "number") byStatus[String(status)] = (byStatus[String(status)] ?? 0) + 1;
+		const method = e?.request?.method;
+		if (typeof method === "string") byMethod[method] = (byMethod[method] ?? 0) + 1;
+	}
+	return {
+		entryCount: entries.length,
+		byStatus,
+		byMethod
+	};
+}
+/**
+* The blanket-redaction pass over a HAR `.zip` Buffer (PURE — no file I/O). Unzips,
+* collects the text-like attach `_file` bodies by DECLARED mimeType (so a body stored
+* under a non-text filename is still scrubbed), redacts every text member — the `.har`
+* JSON + text-extension bodies + those attach bodies — and re-zips. A genuinely binary
+* member passes through byte-for-byte. Shared by the browser pillar's `finalizeHar`
+* (file wrapper) and api synthesis (in-memory), so they share ONE redaction code path.
+*/
+function redactHarZip(zip, redact) {
+	const entries = unzipSync(new Uint8Array(zip), { filter: (file) => file.originalSize <= MAX_HAR_INFLATED_BYTES });
+	let attachText = /* @__PURE__ */ new Set();
+	for (const [name, bytes] of Object.entries(entries)) if (name.endsWith(".har")) attachText = textAttachFiles(strFromU8(bytes));
+	const out = {};
+	for (const [name, bytes] of Object.entries(entries)) if (HAR_TEXT_ENTRY.test(name) || attachText.has(name)) out[name] = strToU8(redact(strFromU8(bytes)));
+	else out[name] = bytes;
+	return Buffer.from(zipSync(out));
+}
+/**
+* Synthesize a HAR `.zip` Buffer from per-hop records and IMMEDIATELY redact it — the
+* ONLY public surface, so no un-redacted synthesized buffer is ever returned/stored/
+* validated (ADR 0013 §3b). Builds `{log:{entries}}` with ONLY the six fields the
+* consume bridge reads, INLINE `text` bodies (we hold the strings — no `_file` attach),
+* one `.har` member, then runs {@link redactHarZip}. THROWS on a status-less record.
+*/
+function synthesizeRedactedHarZip(records, redact) {
+	const entries = [];
+	for (const r of records) {
+		if (typeof r.status !== "number" || !Number.isFinite(r.status)) throw new Error(`har-synth: record for ${r.method} ${r.url} has no numeric status`);
+		const request = {
+			method: r.method,
+			url: r.url
+		};
+		if (typeof r.reqBody === "string" && r.reqContentType) request.postData = {
+			mimeType: r.reqContentType,
+			text: r.reqBody
+		};
+		const content = { mimeType: r.resContentType ?? "" };
+		if (typeof r.resBody === "string") content.text = r.resBody;
+		entries.push({
+			request,
+			response: {
+				status: r.status,
+				content
+			}
+		});
+	}
+	const har = { log: {
+		version: "1.2",
+		creator: {
+			name: "sackville-api",
+			version: "1.2"
+		},
+		entries
+	} };
+	return redactHarZip(Buffer.from(zipSync({ "synth.har": strToU8(JSON.stringify(har)) })), redact);
+}
+//#endregion
+//#region src/vars.ts
+const VAR_RE = /\{\{\s*([^}\s]+)\s*\}\}/g;
+/**
+* Interpolate `{{name}}` placeholders from a variable scope. Unknown names are
+* left intact (so callers can detect them). Secret resolution is layered on
+* later, at the transport boundary.
+*/
+function interpolate(template, scope) {
+	return template.replace(VAR_RE, (match, name) => {
+		const value = scope[name];
+		return value === void 0 ? match : String(value);
+	});
+}
+//#endregion
+//#region src/prepare.ts
+const SECRET_RE = /\{\{\s*secret:([^}\s]+)\s*\}\}/g;
+const RAW_CONTENT_TYPE = {
+	json: "application/json",
+	text: "text/plain",
+	xml: "application/xml",
+	sparql: "application/sparql-query"
+};
+/** Append a field into a repeated-keys-→-array map (the form-field channel shape). */
+function appendField(map, name, value) {
+	const cur = map[name];
+	if (cur === void 0) map[name] = value;
+	else if (Array.isArray(cur)) cur.push(value);
+	else map[name] = [cur, value];
+}
+/**
+* Resolve `{{secret:NAME}}` (from the store, registered with the redactor) and
+* `{{var}}` (from the scope) across the URL, headers, AND body into the actual
+* values sent on the wire. Fails closed on an unresolved secret.
+*/
+async function prepareRequest(request, scope, secrets, redactor, baseDir) {
+	const fillSecrets = await secretFiller([
+		request.url,
+		...request.headers.map((h) => h.value),
+		...bodyTexts(request.body)
+	], secrets, redactor);
+	const fill = (text) => interpolate(fillSecrets(text), scope);
+	const headers = {};
+	for (const header of request.headers) headers[header.name] = fill(header.value);
+	return {
+		method: request.method,
+		url: fill(request.url),
+		headers,
+		body: await materializeBody(request.body, fill, baseDir)
+	};
+}
+/** The interpolatable strings inside a body (for secret scanning). */
+function bodyTexts(body) {
+	if (!body) return [];
+	if (body.type === "graphql") {
+		const g = body.graphql;
+		return g ? [g.query, ...g.variables ? [g.variables] : []] : [];
+	}
+	if (body.type === "multipart-form") return (body.parts ?? []).flatMap((p) => p.kind === "file" ? p.filePaths ?? [] : [p.value ?? ""]);
+	if (body.type === "file") return body.file ? [body.file.filePath] : [];
+	if (body.content !== void 0) return [body.content];
+	return (body.params ?? []).map((p) => p.value);
+}
+async function materializeBody(body, fill, baseDir) {
+	if (!body || body.type === "none") return void 0;
+	if (body.type === "form-urlencoded") {
+		const params = new URLSearchParams();
+		const formFields = {};
+		for (const p of body.params ?? []) {
+			const value = fill(p.value);
+			params.append(p.name, value);
+			appendField(formFields, p.name, value);
+		}
+		const content = params.toString();
+		return {
+			contentType: "application/x-www-form-urlencoded",
+			content,
+			preview: content,
+			formFields
+		};
+	}
+	if (body.type === "graphql") {
+		const content = materializeGraphql(body.graphql, fill);
+		return {
+			contentType: "application/json",
+			content,
+			preview: content
+		};
+	}
+	if (body.type === "multipart-form") return materializeMultipart(body, fill, baseDir);
+	if (body.type === "file") return materializeFile(body, fill, baseDir);
+	if (body.content !== void 0) {
+		const content = fill(body.content);
+		return {
+			contentType: RAW_CONTENT_TYPE[body.type] ?? "text/plain",
+			content,
+			preview: content
+		};
+	}
+}
+/**
+* A `multipart/form-data` body. Text parts carry interpolated values; file parts
+* read their bytes from disk (paths resolved against the collection dir — the
+* `.bru` is operator-authored config, and egress is separately gated, so paths
+* are not sandboxed here). undici mints the boundary, so `contentType` is left
+* unset. The preview summarizes parts (file by name + byte size), never inlining
+* file bytes; text values flow through the redactor at the surface.
+*/
+async function materializeMultipart(body, fill, baseDir) {
+	const form = new FormData();
+	const lines = ["multipart/form-data:"];
+	const formFields = {};
+	const fileFields = /* @__PURE__ */ new Set();
+	for (const part of body.parts ?? []) if (part.kind === "file") {
+		fileFields.add(part.name);
+		for (const rawPath of part.filePaths ?? []) {
+			const filled = fill(rawPath);
+			const buf = await readFile(resolve(baseDir ?? "", filled));
+			const blob = new Blob([buf], part.contentType ? { type: part.contentType } : {});
+			form.append(part.name, blob, basename(filled));
+			lines.push(`  ${part.name} (file): ${filled} (${buf.byteLength} bytes)`);
+		}
+	} else {
+		const value = fill(part.value ?? "");
+		form.append(part.name, value);
+		appendField(formFields, part.name, value);
+		lines.push(`  ${part.name} (text): ${value}`);
+	}
+	return {
+		content: form,
+		preview: lines.join("\n"),
+		formFields,
+		...fileFields.size > 0 ? { formFileFields: [...fileFields] } : {}
+	};
+}
+/**
+* A raw file body — the file's bytes are sent as the request body under the
+* declared content type (default `application/octet-stream`). Path resolved
+* against the collection dir (same operator-config trust model as multipart).
+* The preview names the file by path + byte size + content type; the bytes are
+* never inlined into agent-facing output.
+*/
+async function materializeFile(body, fill, baseDir) {
+	if (!body.file) return void 0;
+	const filled = fill(body.file.filePath);
+	const buf = await readFile(resolve(baseDir ?? "", filled));
+	const contentType = body.file.contentType || "application/octet-stream";
+	return {
+		contentType,
+		content: buf,
+		preview: `<file: ${filled} (${buf.byteLength} bytes, ${contentType})>`
+	};
+}
+/** A GraphQL-over-HTTP envelope: `{query, variables}` as JSON. Variables (a JSON
+* string in the `.bru`) are interpolated then parsed into an object; an empty or
+* whitespace-only variables block is omitted. */
+function materializeGraphql(graphql, fill) {
+	const query = fill(graphql?.query ?? "");
+	const rawVars = graphql?.variables?.trim();
+	if (!rawVars) return JSON.stringify({ query });
+	const filled = fill(rawVars);
+	let variables;
+	try {
+		variables = JSON.parse(filled);
+	} catch (e) {
+		throw new Error(`invalid graphql variables JSON: ${e.message}`);
+	}
+	return JSON.stringify({
+		query,
+		variables
+	});
+}
+async function secretFiller(texts, secrets, redactor) {
+	const names = /* @__PURE__ */ new Set();
+	for (const text of texts) for (const match of text.matchAll(SECRET_RE)) names.add(match[1]);
+	const resolved = /* @__PURE__ */ new Map();
+	const missing = [];
+	for (const name of names) {
+		const value = await secrets.get(name);
+		if (value === void 0) {
+			missing.push(name);
+			continue;
+		}
+		resolved.set(name, value);
+		redactor.register(name, value);
+	}
+	if (missing.length > 0) throw new Error(`missing secret(s): ${missing.join(", ")}`);
+	return (text) => text.replace(SECRET_RE, (_m, name) => resolved.get(name) ?? `{{secret:${name}}}`);
+}
+//#endregion
+//#region src/safety.ts
+/** Methods that don't mutate server state run freely. */
+const SAFE_METHODS = new Set([
+	"GET",
+	"HEAD",
+	"OPTIONS"
+]);
+/**
+* Refuse a request on SSRF grounds before it leaves. Applies to EVERY request
+* (safe + mutating) — the cloud-metadata endpoint is reachable by a plain GET.
+* Reuses the shared `@sackville-mcp/safety` classifier: metadata host literals and
+* blocked-range IPs are always refused; loopback/private are refused only when
+* `allowPrivate` is false; a hostname is resolved and its address vetted (so a
+* name pointing at an internal/metadata IP is caught). Throws `SsrfError` when
+* blocked. NOTE: this is a pre-flight resolve-and-refuse, not a connection pin —
+* a narrow DNS-rebinding TOCTOU window remains (the browser pillar's proxy does
+* true pinning); for operator-authored API collections that is an accepted
+* limitation, documented in ADR 0004.
+*/
+async function assertSsrfAllowed(url, opts = {}) {
+	let hostname;
+	try {
+		hostname = new URL(url).hostname;
+	} catch {
+		throw new SsrfError(`invalid request URL: ${url}`);
+	}
+	await resolveAndPin(hostname.startsWith("[") && hostname.endsWith("]") ? hostname.slice(1, -1) : hostname, opts.lookup, { allowPrivate: opts.allowPrivate ?? true });
+}
+function isMutating(method) {
+	return !SAFE_METHODS.has(method.toUpperCase());
+}
+/**
+* Decide whether a request may actually be sent. Safe methods always may.
+* Mutating methods are withheld (dry-run) unless explicitly unlocked
+* (`allowUnsafe`) AND the target host is on the allowlist — never silently fired.
+*/
+function checkGate(method, host, opts = {}) {
+	if (!isMutating(method)) return {
+		allowed: true,
+		reason: `${method.toUpperCase()} is a safe method`
+	};
+	if (!opts.allowUnsafe) return {
+		allowed: false,
+		reason: `${method.toUpperCase()} is a mutating method; dry-run only (pass allowUnsafe to send)`
+	};
+	const allowed = opts.allowedHosts ?? [];
+	if (!allowed.includes(host)) return {
+		allowed: false,
+		reason: `host ${host} is not in the allowlist for mutating requests (${allowed.join(", ") || "none"})`
+	};
+	return {
+		allowed: true,
+		reason: `${method.toUpperCase()} to ${host} is allowlisted`
+	};
+}
+//#endregion
+//#region src/script.ts
+const TIMEOUT_MS = 1e3;
+const PRELUDE = `
+globalThis.console = { log: (...a) => __logs.push(a.map(String).join(' ')), error: (...a) => __logs.push(a.map(String).join(' ')) };
+globalThis.bru = {
+  getVar: (k) => __vars[k],
+  setVar: (k, v) => { __vars[k] = v; },
+};
+function __mk(actual) {
+  const fail = (m) => { throw new Error(m); };
+  const eq = (a, b) => JSON.stringify(a) === JSON.stringify(b);
+  return {
+    toBe: (e) => { if (actual !== e) fail('expected ' + JSON.stringify(actual) + ' to be ' + JSON.stringify(e)); },
+    toEqual: (e) => { if (!eq(actual, e)) fail('expected ' + JSON.stringify(actual) + ' to equal ' + JSON.stringify(e)); },
+    toContain: (e) => { if (!String(actual).includes(String(e))) fail('expected ' + JSON.stringify(actual) + ' to contain ' + JSON.stringify(e)); },
+    toBeGreaterThan: (e) => { if (!(actual > e)) fail('expected ' + actual + ' > ' + e); },
+    toBeLessThan: (e) => { if (!(actual < e)) fail('expected ' + actual + ' < ' + e); },
+    toBeTruthy: () => { if (!actual) fail('expected truthy, got ' + JSON.stringify(actual)); },
+    toBeFalsy: () => { if (actual) fail('expected falsy, got ' + JSON.stringify(actual)); },
+  };
+}
+globalThis.expect = (actual) => __mk(actual);
+globalThis.test = (name, fn) => {
+  try { fn(); __tests.push({ name: name, pass: true }); }
+  catch (e) { __tests.push({ name: name, pass: false, error: String((e && e.message) || e) }); }
+};
+`;
+let modulePromise;
+function quickjs() {
+	if (!modulePromise) modulePromise = getQuickJS();
+	return modulePromise;
+}
+/**
+* Run a pre/post-request script in a QuickJS WASM sandbox with the curated
+* `bru`/`expect`/`test`/`console` API and a wall-clock interrupt. The script
+* sees `res` (post-response only) and reads/writes variables via `bru`; nothing
+* from the host process is reachable.
+*/
+async function runScript(code, context) {
+	const runtime = (await quickjs()).newRuntime();
+	runtime.setInterruptHandler(shouldInterruptAfterDeadline(Date.now() + TIMEOUT_MS));
+	const vm = runtime.newContext();
+	try {
+		const init = `globalThis.__vars = ${JSON.stringify(context.vars)};globalThis.__tests = [];globalThis.__logs = [];globalThis.res = ${context.res ? JSON.stringify(context.res) : "undefined"};` + PRELUDE;
+		const setup = vm.evalCode(init);
+		if (setup.error) {
+			const message = vm.dump(setup.error);
+			setup.error.dispose();
+			throw new Error(`script sandbox setup failed: ${JSON.stringify(message)}`);
+		}
+		setup.value.dispose();
+		let error;
+		const run = vm.evalCode(code);
+		if (run.error) {
+			const dumped = vm.dump(run.error);
+			run.error.dispose();
+			error = typeof dumped === "object" && dumped?.message ? String(dumped.message) : String(dumped);
+		} else run.value.dispose();
+		const read = vm.evalCode("JSON.stringify({ vars: __vars, tests: __tests, logs: __logs })");
+		let data = {
+			vars: context.vars,
+			tests: [],
+			logs: []
+		};
+		if (read.error) read.error.dispose();
+		else {
+			data = JSON.parse(vm.dump(read.value));
+			read.value.dispose();
+		}
+		return {
+			vars: data.vars ?? {},
+			tests: data.tests ?? [],
+			logs: data.logs ?? [],
+			error
+		};
+	} finally {
+		vm.dispose();
+		runtime.dispose();
+	}
+}
+//#endregion
+//#region src/secrets.ts
+/** In-memory store (tests / explicit injection). */
+var StaticSecretStore = class {
+	values;
+	constructor(values = {}) {
+		this.values = values;
+	}
+	get(name) {
+		return Promise.resolve(this.values[name]);
+	}
+};
+/**
+* Reads `<prefix><NAME>` from the environment — the zero-dependency default
+* (Linux/CI). The default prefix is `SACKVILLE_SECRET_`; the aggregate server
+* overrides it to `SACKVILLE_API_SECRET_` so the api pillar's secrets live in its
+* own namespace and can't be read via a bare, shared name (ADR 0019).
+*/
+var EnvSecretStore = class {
+	env;
+	prefix;
+	constructor(env = process.env, prefix = "SACKVILLE_SECRET_") {
+		this.env = env;
+		this.prefix = prefix;
+	}
+	get(name) {
+		return Promise.resolve(this.env[`${this.prefix}${name}`]);
+	}
+};
+/** OS keychain via @napi-rs/keyring (macOS/Windows/Linux-desktop). The native
+* module is loaded lazily through a non-literal specifier so importing this file
+* never loads it; Secret Service can throw at runtime in headless containers, so
+* failures resolve to undefined. */
+var KeyringSecretStore = class {
+	service;
+	constructor(service = "sackville") {
+		this.service = service;
+	}
+	async get(name) {
+		try {
+			const { Entry } = await import("@napi-rs/keyring");
+			const value = new Entry(this.service, name).getPassword();
+			return typeof value === "string" ? value : void 0;
+		} catch {
+			return;
+		}
+	}
+};
+/** Try each store in order, first hit wins. */
+var ChainedSecretStore = class {
+	stores;
+	constructor(stores) {
+		this.stores = stores;
+	}
+	async get(name) {
+		for (const store of this.stores) {
+			const value = await store.get(name);
+			if (value !== void 0) return value;
+		}
+	}
+};
+/**
+* Default store: keyring (opt-in) chained ahead of env, else env only.
+* `env`/`envPrefix` override the environment source + variable prefix the
+* `EnvSecretStore` reads (the aggregate server passes `SACKVILLE_API_SECRET_`).
+*/
+function resolveSecretStore(opts = {}) {
+	const envStore = new EnvSecretStore(opts.env, opts.envPrefix);
+	return opts.keyring ? new ChainedSecretStore([new KeyringSecretStore(), envStore]) : envStore;
+}
+//#endregion
+//#region src/runner.ts
+const REDIRECT_CODES = new Set([
+	301,
+	302,
+	303,
+	307,
+	308
+]);
+/** Headers dropped when a redirect crosses to a different host (browser-like). */
+const CROSS_ORIGIN_DROP = new Set(["authorization", "cookie"]);
+/** Cap a retained per-hop body so a hostile redirect body can't bloat the synthesized
+* HAR (the read itself is bounded by the response; slicing a JSON body just fails to
+* parse downstream ⇒ unresolved ⇒ inconclusive, never a false pass). 5f. */
+const MAX_HOP_BODY_BYTES = 4 * 1024 * 1024;
+/** Append one hop's facts to the capture sink (string-only request body; binary omitted). */
+function recordHop(capture, hop) {
+	const record = {
+		method: hop.method,
+		url: hop.url,
+		status: hop.status
+	};
+	if (hop.resContentType) record.resContentType = hop.resContentType;
+	if (hop.resBody !== void 0) record.resBody = hop.resBody.slice(0, MAX_HOP_BODY_BYTES);
+	if (typeof hop.reqBody === "string" && hop.reqContentType) {
+		record.reqContentType = hop.reqContentType;
+		record.reqBody = hop.reqBody.slice(0, MAX_HOP_BODY_BYTES);
+	}
+	capture.hops.push(record);
+}
+function headerValue(headers, name) {
+	const v = headers[name];
+	return Array.isArray(v) ? v[0] : v;
+}
+/** Method/body for the next hop. 303 (and POST on 301/302) downgrades to GET and
+* drops the body; 307/308 preserve both. */
+function redirectTransition(status, method, body) {
+	if (status === 303 || (status === 301 || status === 302) && method.toUpperCase() === "POST") return {
+		method: "GET",
+		body: void 0
+	};
+	return {
+		method,
+		body
+	};
+}
+function dropCrossOriginHeaders(headers) {
+	const out = {};
+	for (const [key, value] of Object.entries(headers)) if (!CROSS_ORIGIN_DROP.has(key.toLowerCase())) out[key] = value;
+	return out;
+}
+function hasHeader(headers, name) {
+	const lower = name.toLowerCase();
+	return Object.keys(headers).some((k) => k.toLowerCase() === lower);
+}
+function hostOf(url) {
+	try {
+		return new URL(url).hostname;
+	} catch {
+		return "";
+	}
+}
+function flattenHeaders(headers) {
+	const out = {};
+	for (const [key, value] of Object.entries(headers)) out[key.toLowerCase()] = Array.isArray(value) ? value.join(", ") : String(value ?? "");
+	return out;
+}
+/**
+* Execute one request: resolve vars + secrets, apply the mutation safety gate
+* (mutating methods dry-run unless explicitly unlocked), dispatch via undici if
+* allowed, evaluate assertions, and return a result whose surfaced strings
+* (request, response headers, body artifact) are all secret-redacted.
+*/
+async function runRequest(collection, name, opts = {}) {
+	return runRequestImpl(collection, name, opts);
+}
+/**
+* Drive a request AND retain the raw per-hop facts a synthesized HAR is built from
+* (ADR 0013 Addendum 4, 5f) — the verify-driven api capture path. `RunResult` is
+* returned UNCHANGED (still fully redacted); `capture` is the produce-only raw channel
+* (never on `RunResult`). The caller (verify driver) folds `capture.registeredSecrets`
+* into a union redactor, then synthesizes + redacts + validates.
+*/
+async function runRequestForHar(collection, name, opts = {}) {
+	const capture = {
+		hops: [],
+		registeredSecrets: [],
+		redirectTruncated: false
+	};
+	return {
+		result: await runRequestImpl(collection, name, opts, capture),
+		capture
+	};
+}
+/**
+* Drive a request AND retain the un-redacted request facts a contract validator reads
+* (ADR 0014). `RunResult` is returned UNCHANGED (still fully redacted); `capture` is the
+* raw channel (never on `RunResult`). The caller (`api run --openapi`) folds
+* `capture.registeredSecrets` into a redactor, validates `capture.request` against the
+* contract, then redacts the findings before surfacing them.
+*/
+async function runRequestForContract(collection, name, opts = {}) {
+	const capture = {
+		request: {
+			method: "",
+			path: ""
+		},
+		registeredSecrets: []
+	};
+	return {
+		result: await runRequestImpl(collection, name, opts, void 0, capture),
+		capture
+	};
+}
+/** JSON-family media type: `application/json` or any `*+json`. */
+function isJsonFamily(ct) {
+	if (!ct) return false;
+	const base = (ct.split(";")[0] ?? "").trim().toLowerCase();
+	return base === "application/json" || base.endsWith("+json");
+}
+/** Decode a query string into a record; a repeated key collapses to an array. */
+function queryRecord(sp) {
+	const out = {};
+	for (const key of new Set(sp.keys())) {
+		const all = sp.getAll(key);
+		out[key] = all.length > 1 ? all : all[0] ?? "";
+	}
+	return out;
+}
+/**
+* Build the UN-redacted {@link RequestFacts} a contract validator reads from a prepared
+* request. A JSON-family body is parsed to its value (so schema validation is
+* meaningful); a present non-JSON / binary body (multipart/file/urlencoded/xml) is passed
+* through as a non-undefined value so the validator routes it to its presence-only
+* `unverified` path — never a false `missing-required-body`. A multipart body's
+* Content-Type (set by undici with the boundary, absent at prepare time) is synthesized as
+* a bare `multipart/form-data` so that routing is correct.
+*/
+function buildRequestFacts(prepared, sendHeaders, bodyType) {
+	const url = new URL(prepared.url);
+	const headers = flattenHeaders(sendHeaders);
+	if (bodyType === "multipart-form" && headers["content-type"] === void 0) headers["content-type"] = "multipart/form-data";
+	let body;
+	if (prepared.body) {
+		const content = prepared.body.content;
+		if (typeof content === "string") if (isJsonFamily(headers["content-type"])) try {
+			body = JSON.parse(content);
+		} catch {
+			body = content;
+		}
+		else body = content;
+		else body = prepared.body.preview;
+	}
+	const query = queryRecord(url.searchParams);
+	const facts = {
+		method: prepared.method,
+		path: url.pathname
+	};
+	if (body !== void 0) facts.body = body;
+	if (Object.keys(query).length > 0) facts.query = query;
+	if (Object.keys(headers).length > 0) facts.headers = headers;
+	if (prepared.body?.formFields) facts.form = prepared.body.formFields;
+	if (prepared.body?.formFileFields) facts.formFileFields = prepared.body.formFileFields;
+	return facts;
+}
+async function runRequestImpl(collection, name, opts = {}, capture, contractSink) {
+	const entry = collection.requests.get(name);
+	if (!entry) throw new Error(`no request '${name}' in collection at ${collection.dir}`);
+	const secrets = opts.secrets ?? new EnvSecretStore();
+	const redactor = new Redactor();
+	const scope = {
+		...opts.env ? collection.environments.get(opts.env) ?? {} : {},
+		...opts.vars ?? {}
+	};
+	if (entry.preScript) {
+		const pre = await runScript(entry.preScript, { vars: scope });
+		Object.assign(scope, pre.vars);
+	}
+	const prepared = await prepareRequest(entry.request, scope, secrets, redactor, collection.dir);
+	if (capture) capture.registeredSecrets = redactor.registeredSecrets();
+	const sendHeaders = { ...prepared.headers };
+	if (prepared.body?.contentType && !hasHeader(sendHeaders, "content-type")) sendHeaders["Content-Type"] = prepared.body.contentType;
+	if (contractSink) {
+		contractSink.request = buildRequestFacts(prepared, sendHeaders, entry.request.body?.type);
+		contractSink.registeredSecrets = redactor.registeredSecrets();
+	}
+	const redactedRequest = {
+		method: prepared.method,
+		url: redactor.redact(prepared.url),
+		headers: redactor.redactHeaders(sendHeaders),
+		body: prepared.body ? redactor.redact(prepared.body.preview) : void 0
+	};
+	const gate = checkGate(prepared.method, hostOf(prepared.url), {
+		allowUnsafe: opts.allowUnsafe,
+		allowedHosts: opts.allowedHosts
+	});
+	if (!gate.allowed) return {
+		request: redactedRequest,
+		sent: false,
+		dryRun: true,
+		reason: gate.reason
+	};
+	try {
+		await assertSsrfAllowed(prepared.url, {
+			allowPrivate: opts.allowPrivate,
+			lookup: opts.lookup
+		});
+	} catch (err) {
+		if (err instanceof SsrfError) return {
+			request: redactedRequest,
+			sent: false,
+			dryRun: false,
+			reason: `blocked: ${err.message}`
+		};
+		throw err;
+	}
+	const started = performance.now();
+	const maxRedirects = opts.maxRedirects ?? 0;
+	const redirects = [];
+	let currentUrl = prepared.url;
+	let currentMethod = prepared.method;
+	let currentHeaders = sendHeaders;
+	let currentBody = prepared.body?.content;
+	let currentContentType = prepared.body?.contentType;
+	const reqBodyStr = () => typeof currentBody === "string" ? currentBody : void 0;
+	let res = await request(currentUrl, {
+		method: currentMethod,
+		headers: currentHeaders,
+		body: currentBody
+	});
+	while (REDIRECT_CODES.has(res.statusCode) && redirects.length < maxRedirects) {
+		const location = headerValue(res.headers, "location");
+		if (!location) break;
+		if (capture) {
+			const hopText = await res.body.text();
+			recordHop(capture, {
+				method: currentMethod,
+				url: currentUrl,
+				status: res.statusCode,
+				resContentType: headerValue(res.headers, "content-type"),
+				resBody: hopText,
+				reqBody: reqBodyStr(),
+				reqContentType: currentContentType
+			});
+		} else await res.body.dump();
+		let nextUrl;
+		try {
+			nextUrl = new URL(location, currentUrl).toString();
+		} catch {
+			break;
+		}
+		try {
+			await assertSsrfAllowed(nextUrl, {
+				allowPrivate: opts.allowPrivate,
+				lookup: opts.lookup
+			});
+		} catch (err) {
+			if (err instanceof SsrfError) return {
+				request: redactedRequest,
+				sent: false,
+				dryRun: false,
+				reason: `blocked redirect: ${err.message}`
+			};
+			throw err;
+		}
+		const next = redirectTransition(res.statusCode, currentMethod, currentBody);
+		if (isMutating(next.method)) {
+			const g = checkGate(next.method, hostOf(nextUrl), {
+				allowUnsafe: opts.allowUnsafe,
+				allowedHosts: opts.allowedHosts
+			});
+			if (!g.allowed) return {
+				request: redactedRequest,
+				sent: false,
+				dryRun: true,
+				reason: `redirect blocked: ${g.reason}`
+			};
+		}
+		const nextHeaders = hostOf(nextUrl) === hostOf(currentUrl) ? currentHeaders : dropCrossOriginHeaders(currentHeaders);
+		redirects.push({
+			status: res.statusCode,
+			location: redactor.redact(nextUrl)
+		});
+		res = await request(nextUrl, {
+			method: next.method,
+			headers: nextHeaders,
+			body: next.body
+		});
+		currentUrl = nextUrl;
+		currentMethod = next.method;
+		currentHeaders = nextHeaders;
+		currentBody = next.body;
+		if (next.body === void 0) currentContentType = void 0;
+	}
+	if (capture && REDIRECT_CODES.has(res.statusCode)) capture.redirectTruncated = true;
+	const bodyText = await res.body.text();
+	const latencyMs = performance.now() - started;
+	const headers = flattenHeaders(res.headers);
+	if (capture) recordHop(capture, {
+		method: currentMethod,
+		url: currentUrl,
+		status: res.statusCode,
+		resContentType: headers["content-type"],
+		resBody: bodyText,
+		reqBody: reqBodyStr(),
+		reqContentType: currentContentType
+	});
+	let json;
+	try {
+		json = JSON.parse(bodyText);
+	} catch {
+		json = void 0;
+	}
+	const ctx = {
+		status: res.statusCode,
+		statusText: "",
+		headers,
+		bodyText,
+		json,
+		latencyMs
+	};
+	const assertions = evaluateAssertions(entry.assertions, ctx);
+	const captured = extractCaptures(entry.captures, ctx);
+	let scriptTests = [];
+	if (entry.postScript) {
+		const before = { ...scope };
+		const post = await runScript(entry.postScript, {
+			vars: scope,
+			res: {
+				status: res.statusCode,
+				headers,
+				body: bodyText,
+				json
+			}
+		});
+		scriptTests = post.tests.map((t) => ({
+			name: redactor.redact(t.name),
+			pass: t.pass,
+			error: t.error ? redactor.redact(t.error) : void 0
+		}));
+		for (const [key, value] of Object.entries(post.vars)) if (!(key in before) || before[key] !== value) {
+			captured[key] = value;
+			scope[key] = value;
+		}
+	}
+	const bodyHandle = (opts.artifacts ?? new ArtifactStore()).put(randomUUID(), redactor.redact(bodyText), headers["content-type"] ?? "application/octet-stream");
+	return {
+		request: redactedRequest,
+		sent: true,
+		dryRun: false,
+		response: {
+			status: res.statusCode,
+			latencyMs,
+			headers: redactor.redactHeaders(headers),
+			assertions,
+			scriptTests,
+			captured,
+			bodyHandle,
+			redirects
+		}
+	};
+}
+//#endregion
+//#region src/sequence.ts
+/**
+* Run requests in order, threading each response's captured variables into the
+* scope of the requests that follow (request chaining). Per-run options
+* (secrets, allowUnsafe, allowlist, artifacts) apply to every request; the
+* variable scope is the shared, accumulating one.
+*/
+async function runSequence(collection, names, opts = {}) {
+	const scope = { ...opts.vars ?? {} };
+	const captured = {};
+	const steps = [];
+	for (const name of names) {
+		const result = await runRequest(collection, name, {
+			...opts,
+			vars: scope
+		});
+		steps.push({
+			name,
+			result
+		});
+		if (result.sent && result.response) {
+			Object.assign(scope, result.response.captured);
+			Object.assign(captured, result.response.captured);
+			if (opts.stopOnFailure && !result.response.assertions.every((a) => a.pass)) break;
+		}
+	}
+	return {
+		steps,
+		captured
+	};
+}
+/**
+* Like {@link runSequence} but ALSO retains the raw per-hop capture across every step
+* (ADR 0013 Addendum 4, 5f) — for the verify-driven api capture path. Each step's
+* `SequenceStep.result` is UNCHANGED (redacted); `capture` aggregates all hops + the
+* union of run-resolved secret pairs. The transport-completeness guard (every
+* `step.result.sent`) lives in the driver, which folds a non-sent step to inconclusive.
+*/
+async function runSequenceForHar(collection, names, opts = {}) {
+	const scope = { ...opts.vars ?? {} };
+	const captured = {};
+	const steps = [];
+	const capture = {
+		hops: [],
+		registeredSecrets: [],
+		redirectTruncated: false
+	};
+	for (const name of names) {
+		const { result, capture: hopCap } = await runRequestForHar(collection, name, {
+			...opts,
+			vars: scope
+		});
+		steps.push({
+			name,
+			result
+		});
+		capture.hops.push(...hopCap.hops);
+		capture.registeredSecrets.push(...hopCap.registeredSecrets);
+		if (hopCap.redirectTruncated) capture.redirectTruncated = true;
+		if (result.sent && result.response) {
+			Object.assign(scope, result.response.captured);
+			Object.assign(captured, result.response.captured);
+			if (opts.stopOnFailure && !result.response.assertions.every((a) => a.pass)) break;
+		}
+	}
+	return {
+		result: {
+			steps,
+			captured
+		},
+		capture
+	};
+}
+//#endregion
+//#region src/har-produce.ts
+/**
+* The verify-DRIVEN API capture driver (ADR 0013 Addendum 4, milestone 5f). Drives the
+* `@sackville-mcp/api` runner for an operator-authored request (or sequence), SYNTHESIZES a
+* HAR from the run, redacts + stores it, and validates it against the contract via the
+* SHIPPED {@link validateCapturedTraffic} — the api-runner analogue of the browser
+* pillar's `driveBrowserFlowToHar` (5e). Unlike `har-synth.ts` this is NOT a pure leaf
+* (it imports the runner), so it lives in its own module.
+*
+* "Absence is never a pass" — TRANSPORT completeness is enforced HERE by THROWING
+* (⇒ the verify thunk rejects ⇒ inconclusive, mirroring `driveBrowserFlowToHar`): a
+* withheld/dry-run/blocked request, a non-sent step in a sequence, or a truncated
+* redirect chain never yields a validatable HAR. CONTRACT completeness (the verdict's
+* `clean` flag) is folded to inconclusive downstream by `@sackville-mcp/verdict`
+* `fromCaptureVerdict` (slice 6) — this driver returns the FULL verdict so that fold can.
+*
+* Redaction: the driver folds the run-resolved `{{secret:NAME}}` pairs (off the runner's
+* out-of-band channel) into the caller's union redactor BEFORE synthesizing or
+* validating, and {@link synthesizeRedactedHarZip} re-redacts at store time — so no raw
+* secret reaches the stored artifact or the findings.
+*/
+function countsFromRecords(hops) {
+	const byStatus = {};
+	const byMethod = {};
+	for (const h of hops) {
+		byStatus[String(h.status)] = (byStatus[String(h.status)] ?? 0) + 1;
+		byMethod[h.method] = (byMethod[h.method] ?? 0) + 1;
+	}
+	return {
+		entryCount: hops.length,
+		byStatus,
+		byMethod
+	};
+}
+/** Synthesize → redact → store → validate, after the transport guards have passed.
+* The caller has already folded the run-resolved secrets into the union redactor. */
+function finishProduce(capture, deps) {
+	if (capture.redirectTruncated) throw new Error("captured traffic did not complete its redirect chain (terminal status was a redirect)");
+	const redact = (v) => deps.redactor.redact(v);
+	const zip = synthesizeRedactedHarZip(capture.hops, redact);
+	const id = (deps.idFactory ?? randomUUID)();
+	const handle = deps.store.put(id, "har", zip, "application/zip");
+	const verdict = validateCapturedTraffic(zip, deps.contract, {
+		redact,
+		baseDir: deps.validate?.baseDir,
+		allowedOrigins: deps.validate?.allowedOrigins
+	});
+	return {
+		harHandle: handle,
+		summary: {
+			handle,
+			byteSize: zip.byteLength,
+			...countsFromRecords(capture.hops)
+		},
+		verdict
+	};
+}
+/** Drive ONE request → synthesize + validate its HAR. Throws (⇒ inconclusive) when the
+* request was not sent (withheld/dry-run/blocked) or its redirect chain was truncated. */
+async function runRequestToHar(collection, name, opts, deps) {
+	const { result, capture } = await (deps.runForHar ?? runRequestForHar)(collection, name, opts);
+	for (const s of capture.registeredSecrets) deps.redactor.register(s.name, s.value);
+	if (result.sent !== true) throw new Error(`captured request "${name}" was not sent (${deps.redactor.redact(result.reason ?? "withheld")})`);
+	return finishProduce(capture, deps);
+}
+/** Drive a SEQUENCE → synthesize + validate the aggregated HAR. Throws (⇒ inconclusive)
+* when ANY step was not sent (per `step.result.sent`) or any hop truncated a redirect. */
+async function runSequenceToHar(collection, names, opts, deps) {
+	const { result, capture } = await (deps.runSequenceForHar ?? runSequenceForHar)(collection, names, opts);
+	for (const s of capture.registeredSecrets) deps.redactor.register(s.name, s.value);
+	const unsent = result.steps.find((s) => s.result.sent !== true);
+	if (unsent) throw new Error(`captured sequence step "${unsent.name}" was not sent (${deps.redactor.redact(unsent.result.reason ?? "withheld")})`);
+	return finishProduce(capture, deps);
+}
+//#endregion
+//#region src/import.ts
+/**
+* Import foreign API-collection formats into a Bruno `.bru` collection on disk.
+*
+* Supported sources: **Postman** (v2.1 collection), **Insomnia** (v4 export),
+* **OpenAPI** (3.x — one request per operation, + an environment for the server
+* URL), and **HAR** (one request per logged entry). Each is normalized to a small
+* intermediate shape and serialized with `@usebruno/lang`'s `jsonToBruV2`, so the
+* output is a real Bruno collection that `loadCollection` reads back.
+*
+* Scope: method, URL, headers, and the common body types (json/text/xml +
+* form-urlencoded + graphql). multipart/file bodies are noted but not emitted
+* (no portable on-disk file to point at); auth blocks beyond a bearer/`{{var}}`
+* header are left to the operator. `{{var}}` templating passes through unchanged
+* (Postman/Bruno share the syntax).
+*/
+function headersFrom(list) {
+	return (list ?? []).filter((h) => h.disabled !== true && h.enabled !== false).map((h) => ({
+		name: h.name ?? h.key ?? "",
+		value: h.value ?? ""
+	})).filter((h) => h.name);
+}
+/** Postman v2.1 collection → requests (folders flattened, depth-first). */
+function importPostman(doc) {
+	const root = doc;
+	const requests = [];
+	const walk = (items) => {
+		for (const raw of items ?? []) {
+			const item = raw;
+			if (item.item) {
+				walk(item.item);
+				continue;
+			}
+			if (!item.request) continue;
+			const req = item.request;
+			const url = typeof req.url === "string" ? req.url : req.url?.raw ?? "";
+			requests.push({
+				name: item.name ?? `${req.method ?? "GET"} ${url}`,
+				method: (req.method ?? "GET").toUpperCase(),
+				url,
+				headers: headersFrom(req.header),
+				body: postmanBody(req.body)
+			});
+		}
+	};
+	walk(root.item);
+	return { requests };
+}
+function postmanBody(body) {
+	if (!body?.mode) return void 0;
+	if (body.mode === "raw") {
+		const lang = body.options?.raw?.language;
+		return {
+			type: lang === "json" || lang === "xml" ? lang : "text",
+			content: body.raw ?? ""
+		};
+	}
+	if (body.mode === "urlencoded") return {
+		type: "form-urlencoded",
+		params: kvParams(body.urlencoded)
+	};
+	if (body.mode === "graphql") return {
+		type: "graphql",
+		graphql: {
+			query: body.graphql?.query ?? "",
+			variables: body.graphql?.variables
+		}
+	};
+}
+function kvParams(list) {
+	return (list ?? []).filter((p) => p.disabled !== true && p.enabled !== false).map((p) => ({
+		name: p.name ?? p.key ?? "",
+		value: p.value ?? ""
+	}));
+}
+/** Insomnia v4 export → requests. */
+function importInsomnia(doc) {
+	const resources = doc.resources ?? [];
+	const requests = [];
+	for (const raw of resources) {
+		const r = raw;
+		if (r._type !== "request") continue;
+		requests.push({
+			name: r.name ?? `${r.method ?? "GET"} ${r.url ?? ""}`,
+			method: (r.method ?? "GET").toUpperCase(),
+			url: r.url ?? "",
+			headers: headersFrom(r.headers),
+			body: insomniaBody(r.body)
+		});
+	}
+	return { requests };
+}
+function insomniaBody(body) {
+	if (!body?.mimeType) return void 0;
+	if (body.mimeType.includes("json")) return {
+		type: "json",
+		content: body.text ?? ""
+	};
+	if (body.mimeType.includes("xml")) return {
+		type: "xml",
+		content: body.text ?? ""
+	};
+	if (body.mimeType.includes("x-www-form-urlencoded")) return {
+		type: "form-urlencoded",
+		params: kvParams(body.params)
+	};
+	if (body.text) return {
+		type: "text",
+		content: body.text
+	};
+}
+const HTTP_METHODS = new Set([
+	"get",
+	"put",
+	"post",
+	"delete",
+	"patch",
+	"head",
+	"options",
+	"trace"
+]);
+/** OpenAPI 3.x → one request per operation + an environment for the server URL. */
+function importOpenApi(doc) {
+	const spec = doc;
+	const requests = [];
+	for (const [path, item] of Object.entries(spec.paths ?? {})) {
+		if (!item || typeof item !== "object") continue;
+		for (const [method, op] of Object.entries(item)) {
+			if (!HTTP_METHODS.has(method.toLowerCase())) continue;
+			const operation = op;
+			requests.push({
+				name: operation.operationId ?? `${method.toUpperCase()} ${path}`,
+				method: method.toUpperCase(),
+				url: `{{baseUrl}}${path}`,
+				headers: [],
+				body: openApiBody(operation.requestBody)
+			});
+		}
+	}
+	const serverUrl = spec.servers?.[0]?.url;
+	return {
+		requests,
+		environment: serverUrl ? {
+			name: "Imported",
+			variables: { baseUrl: serverUrl }
+		} : void 0
+	};
+}
+function openApiBody(rb) {
+	const json = rb?.content?.["application/json"];
+	if (!json) return void 0;
+	const example = json.example ?? {};
+	return {
+		type: "json",
+		content: JSON.stringify(example, null, 2)
+	};
+}
+/** HAR → one request per logged entry. */
+function importHar(doc) {
+	const entries = doc.log?.entries ?? [];
+	const requests = [];
+	entries.forEach((raw, i) => {
+		const req = raw.request;
+		if (!req) return;
+		let label = req.url ?? "";
+		try {
+			label = new URL(req.url ?? "").pathname;
+		} catch {}
+		requests.push({
+			name: `${(req.method ?? "GET").toUpperCase()} ${label} #${i + 1}`,
+			method: (req.method ?? "GET").toUpperCase(),
+			url: req.url ?? "",
+			headers: headersFrom(req.headers),
+			body: insomniaBody(req.postData)
+		});
+	});
+	return { requests };
+}
+const PARSERS = {
+	postman: importPostman,
+	insomnia: importInsomnia,
+	openapi: importOpenApi,
+	har: importHar
+};
+/** Parse a source document (JSON, or YAML for OpenAPI) into normalized requests. */
+function parseImport(format, source) {
+	const doc = format === "openapi" ? parse(source) : JSON.parse(source);
+	return PARSERS[format](doc);
+}
+/** Map our canonical body type to the `@usebruno/lang` discriminator + payload. */
+function bruBody(body) {
+	if (body.type === "form-urlencoded") return {
+		discriminator: "formUrlEncoded",
+		body: { formUrlEncoded: (body.params ?? []).map((p) => ({
+			...p,
+			enabled: true
+		})) }
+	};
+	if (body.type === "graphql") return {
+		discriminator: "graphql",
+		body: { graphql: {
+			query: body.graphql?.query ?? "",
+			variables: body.graphql?.variables
+		} }
+	};
+	return {
+		discriminator: body.type,
+		body: { [body.type]: body.content ?? "" }
+	};
+}
+function toBruJson(req, seq) {
+	const http = {
+		method: req.method.toLowerCase(),
+		url: req.url,
+		auth: "none"
+	};
+	let body = {};
+	if (req.body) {
+		const mapped = bruBody(req.body);
+		http.body = mapped.discriminator;
+		body = mapped.body;
+	}
+	return {
+		meta: {
+			name: req.name,
+			type: "http",
+			seq
+		},
+		http,
+		headers: req.headers.map((h) => ({
+			...h,
+			enabled: true
+		})),
+		body
+	};
+}
+/** Sanitize a request name into a unique `.bru` filename stem. */
+function fileStem(name, used) {
+	const base = name.replace(/[^\w.-]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 80) || "request";
+	let stem = base;
+	let n = 2;
+	while (used.has(stem)) stem = `${base}-${n++}`;
+	used.add(stem);
+	return stem;
+}
+/**
+* Write a normalized import to `destDir` as a Bruno collection: `bruno.json`, a
+* `<name>.bru` per request, and (if present) an `environments/<env>.bru`. Returns
+* the request count written.
+*/
+function writeImported(destDir, result, opts = {}) {
+	mkdirSync(destDir, { recursive: true });
+	writeFileSync(join(destDir, "bruno.json"), `${JSON.stringify({
+		version: "1",
+		name: opts.name ?? "imported",
+		type: "collection"
+	}, null, 2)}\n`);
+	const used = /* @__PURE__ */ new Set();
+	result.requests.forEach((req, i) => {
+		writeFileSync(join(destDir, `${fileStem(req.name, used)}.bru`), jsonToBruV2(toBruJson(req, i + 1)));
+	});
+	if (result.environment) {
+		mkdirSync(join(destDir, "environments"), { recursive: true });
+		const variables = Object.entries(result.environment.variables).map(([name, value]) => ({
+			name,
+			value,
+			enabled: true
+		}));
+		writeFileSync(join(destDir, "environments", `${fileStem(result.environment.name, /* @__PURE__ */ new Set())}.bru`), envJsonToBruV2({ variables }));
+	}
+	return result.requests.length;
+}
+/** One-shot: parse a source document and write the Bruno collection to disk. */
+function importToCollection(format, source, destDir, opts = {}) {
+	return writeImported(destDir, parseImport(format, source), opts);
+}
+//#endregion
+export { ArtifactStore, ChainedSecretStore, EnvSecretStore, KeyringSecretStore, Redactor, StaticSecretStore, checkGate, evaluateAssertions, extractCaptures, harEntriesToFacts, importHar, importInsomnia, importOpenApi, importPostman, importToCollection, interpolate, isGraphqlEnvelope, isMutating, loadCollection, normalizeOpenApiSchema, parseImport, prepareRequest, redactHarZip, resolveOpenApiOperation, resolveSecretStore, runRequest, runRequestForContract, runRequestForHar, runRequestToHar, runScript, runSequence, runSequenceForHar, runSequenceToHar, summarizeHar, synthesizeRedactedHarZip, validateCapturedTraffic, validateGraphqlOperation, validateOpenApiRequest, validateOpenApiResponse, validateSchema, writeImported };
+
+//# sourceMappingURL=index.mjs.map