@scalar/workspace-store 0.43.0 → 0.44.0

package/dist/request-example/builder/resolve-request-factory-url.d.ts

@@ -0,0 +1,11 @@
+import type { RequestFactory } from '../../request-example/builder/request-factory.js';
+/**
+ * Resolves the request URL string from a {@link RequestFactory} using the same
+ * rules as {@link buildRequest} (path variables, query, security query params),
+ * without proxy rewriting or reserved-query encoding.
+ */
+export declare const resolveRequestFactoryUrl: (request: RequestFactory, options: {
+    envVariables: Record<string, string>;
+    securityQueryParams: URLSearchParams;
+}) => string;
+//# sourceMappingURL=resolve-request-factory-url.d.ts.map

package/dist/request-example/builder/resolve-request-factory-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-request-factory-url.d.ts","sourceRoot":"","sources":["../../../src/request-example/builder/resolve-request-factory-url.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2CAA2C,CAAA;AAE/E;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GACnC,SAAS,cAAc,EACvB,SAAS;IAAE,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,mBAAmB,EAAE,eAAe,CAAA;CAAE,KACtF,MA2BF,CAAA"}

package/dist/request-example/builder/resolve-request-factory-url.js

@@ -0,0 +1,28 @@
+import { replaceEnvVariables, replacePathVariables } from '@scalar/helpers/regex/replace-variables';
+import { mergeUrls } from '@scalar/helpers/url/merge-urls';
+/**
+ * Resolves the request URL string from a {@link RequestFactory} using the same
+ * rules as {@link buildRequest} (path variables, query, security query params),
+ * without proxy rewriting or reserved-query encoding.
+ */
+export const resolveRequestFactoryUrl = (request, options) => {
+    const variables = options.envVariables;
+    const pathVariables = Object.fromEntries(Object.entries(request.path.variables).map(([key, value]) => [
+        key,
+        encodeURIComponent(replaceEnvVariables(value, variables)),
+    ]));
+    const baseUrl = replaceEnvVariables(request.baseUrl, variables);
+    const path = replacePathVariables(request.path.raw, pathVariables);
+    const mergedUrl = mergeUrls(baseUrl, path);
+    const urlBase = globalThis.window?.location?.origin ?? 'http://localhost:3000';
+    const url = new URL(mergedUrl, urlBase);
+    // Merge in operation query params
+    for (const [key, value] of request.query.entries()) {
+        url.searchParams.set(replaceEnvVariables(key, variables), replaceEnvVariables(value, variables));
+    }
+    // Merge in security query params
+    for (const [key, value] of options.securityQueryParams.entries()) {
+        url.searchParams.set(key, value);
+    }
+    return url.toString();
+};

package/dist/request-example/builder/security/build-request-security.d.ts

@@ -1,14 +1,47 @@
 import type { SecuritySchemeObjectSecret } from '../../../request-example/builder/security/secret-types.js';
+/**
+ * BuildRequestSecurityResult
+ *
+ * Represents an extracted and normalized security credential for an OpenAPI operation input,
+ * to be used directly when building HTTP requests (headers, query params, or cookies).
+ *
+ * This type is produced by the security builder whenever a user selects a security scheme
+ * (such as API key, HTTP Basic, or HTTP Bearer) for an operation. Each object here maps directly
+ * to one HTTP request authentication mechanism, with its resolved, ready-to-use value.
+ *
+ * Detailed Fields:
+ * - `in`: Where to apply this security value in the outgoing HTTP request.
+ *   - `'header'`: Set as an HTTP header (e.g., `Authorization`, or API key header).
+ *   - `'query'`: Set as a query parameter (e.g., `/path?apikey=123`).
+ *   - `'cookie'`: Set as a cookie header (`Cookie: apikey=123`).
+ *
+ * - `name`: The key name to use for the security credential in the selected location.
+ *   - For headers/params, the header or query name.
+ *   - For cookies, the cookie key.
+ *
+ * - `format` (optional): Clarifies the expected format, especially for HTTP schemes.
+ *   - `'basic'`: HTTP Basic Auth.
+ *   - `'bearer'`: HTTP Bearer token.
+ *   - Not present for schemes without a special format (e.g., generic API keys).
+ *
+ * - `value`: The fully resolved secret value to use in the request.
+ *   - This may already include necessary prefixes (e.g., "Bearer x", "Basic y"),
+ *     or be a direct value depending on the scheme and usage.
+ *
+ * NOTE: This type does not capture UI display info, secret labels, or environment binding.
+ * It is intended purely for producing the final request input object. Multiple
+ * BuildRequestSecurityResult objects may be generated from a single operation if multiple
+ * security schemes are selected and must be included simultaneously.
+ */
 export type BuildRequestSecurityResult = {
-    /** The location of the security scheme */
+    /** The location of the security scheme in the HTTP request */
     in: 'header' | 'query' | 'cookie';
-    /** The name of the security scheme */
+    /** The key/name for the authentication value (header/query/cookie name) */
     name: string;
-    /** The type of security scheme */
-    type: 'simple' | 'basic' | 'bearer';
+    /** Format code for HTTP schemes (e.g., 'basic' | 'bearer'), if relevant */
+    format?: 'basic' | 'bearer';
     /**
-     * The value of the security scheme
-     * For basic auth we need to base64 encode the value when we build the request
+     * The fully resolved authentication value to use (may include tokens, encoded credentials, etc.)
      */
     value: string;
 };

package/dist/request-example/builder/security/build-request-security.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-request-security.d.ts","sourceRoot":"","sources":["../../../../src/request-example/builder/security/build-request-security.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iDAAiD,CAAA;AAEjG,MAAM,MAAM,0BAA0B,GAAG;IACvC,0CAA0C;IAC1C,EAAE,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAA;IACjC,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAA;IACZ,kCAAkC;IAClC,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAA;IACnC;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB;AAC/B,4DAA4D;AAC5D,yBAAyB,0BAA0B,EAAE;AACrD,qEAAqE;AACrE,8BAA0B,KACzB,0BAA0B,EA6E5B,CAAA"}
+{"version":3,"file":"build-request-security.d.ts","sourceRoot":"","sources":["../../../../src/request-example/builder/security/build-request-security.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iDAAiD,CAAA;AAEjG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,MAAM,0BAA0B,GAAG;IACvC,8DAA8D;IAC9D,EAAE,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,CAAA;IACjC,2EAA2E;IAC3E,IAAI,EAAE,MAAM,CAAA;IACZ,2EAA2E;IAC3E,MAAM,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAA;IAC3B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB;AAC/B,4DAA4D;AAC5D,yBAAyB,0BAA0B,EAAE;AACrD,qEAAqE;AACrE,8BAA0B,KACzB,0BAA0B,EAuF5B,CAAA"}

package/dist/request-example/builder/security/build-request-security.js

@@ -19,7 +19,6 @@ emptyTokenPlaceholder = '') => {
                     in: scheme.in,
                     name,
                     value,
-                    type: 'simple',
                 });
             }
             if (scheme.in === 'query') {
@@ -27,7 +26,6 @@ emptyTokenPlaceholder = '') => {
                     in: 'query',
                     name,
                     value,
-                    type: 'simple',
                 });
             }
             if (scheme.in === 'cookie') {
@@ -35,7 +33,6 @@ emptyTokenPlaceholder = '') => {
                     in: 'cookie',
                     name,
                     value,
-                    type: 'simple',
                 });
             }
         }
@@ -50,7 +47,7 @@ emptyTokenPlaceholder = '') => {
                     name: 'Authorization',
                     // We encode the value when we build the request since we want to be able to replace the variables in the value
                     value: value === ':' ? 'username:password' : value,
-                    type: 'basic',
+                    format: 'basic',
                 });
             }
             // Bearer auth
@@ -59,7 +56,7 @@ emptyTokenPlaceholder = '') => {
                 in: 'header',
                 name: 'Authorization',
                 value: value || emptyTokenPlaceholder,
-                type: 'bearer',
+                format: 'bearer',
             });
         }
         // OAuth2
@@ -70,7 +67,18 @@ emptyTokenPlaceholder = '') => {
                 in: 'header',
                 name: 'Authorization',
                 value: token || emptyTokenPlaceholder,
-                type: 'bearer',
+                format: 'bearer',
+            });
+        }
+        // OpenID Connect
+        if (scheme.type === 'openIdConnect') {
+            const flows = Object.values(scheme?.flows ?? {});
+            const token = flows.filter(isDefined).find((f) => f['x-scalar-secret-token'])?.['x-scalar-secret-token'] ?? '';
+            return result.push({
+                in: 'header',
+                name: 'Authorization',
+                value: token || emptyTokenPlaceholder,
+                format: 'bearer',
             });
         }
         return null;

package/dist/request-example/context/get-request-example-context.d.ts

@@ -1,3 +1,4 @@
+import type { AuthenticationConfiguration } from '@scalar/types/api-reference';
 import type { WorkspaceStore } from '../../client.js';
 import type { SelectedSecurity } from '../../entities/auth/index.js';
 import type { AuthMeta, ServerMeta } from '../../events/index.js';
@@ -46,6 +47,8 @@ export declare const getRequestExampleContext: (workspaceStore: WorkspaceStore,
     layout: Layout;
     appVersion: string;
     isElectron: boolean;
+    /** User facing authentication configuration */
+    authentication: AuthenticationConfiguration;
     /**
      * When the document is not in `workspace.documents[documentName]` yet, use this copy (same shape as the
      * workspace entry). Callers that already hold the resolved document should pass it so behavior matches

package/dist/request-example/context/get-request-example-context.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get-request-example-context.d.ts","sourceRoot":"","sources":["../../../src/request-example/context/get-request-example-context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAC9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAEpD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iDAAiD,CAAA;AAIjG,OAAO,EAAE,KAAK,MAAM,EAAqB,MAAM,iCAAiC,CAAA;AAIhF,OAAO,EAAE,KAAK,qBAAqB,EAAiB,MAAM,mDAAmD,CAAA;AAE7G,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAA;AACzE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qDAAqD,CAAA;AAC7F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAA;AAClF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAA;AACtE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAA;AAC3F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAA;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAE5D,KAAK,0BAA0B,GAAG;IAChC,SAAS,EAAE,eAAe,CAAA;IAC1B,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;QACnB,WAAW,EAAE,kBAAkB,CAAA;KAChC,CAAA;IACD,OAAO,EAAE;QACP,SAAS,EAAE,aAAa,EAAE,CAAA;QAC1B,QAAQ,EAAE,aAAa,EAAE,CAAA;KAC1B,CAAA;IACD,OAAO,EAAE;QACP,IAAI,EAAE,YAAY,EAAE,CAAA;QACpB,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAA;QAC7B,IAAI,EAAE,UAAU,CAAA;KACjB,CAAA;IACD,KAAK,EAAE;QACL,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;KACnB,CAAA;IACD,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAChC,CAAA;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,qBAAqB,CAAA;QAC9B,YAAY,EAAE,yBAAyB,EAAE,CAAA;QACzC,QAAQ,EAAE,gBAAgB,CAAA;QAC1B,eAAe,EAAE,0BAA0B,EAAE,CAAA;QAC7C,IAAI,EAAE,QAAQ,CAAA;KACf,CAAA;CACF,CAAA;AAED,eAAO,MAAM,wBAAwB,GACnC,gBAAgB,cAAc,EAC9B,cAAc,MAAM,EACpB,oBAAoB,kBAAkB,EACtC,UAAS,OAAO,CAAC;IACf,OAAO,EAAE,YAAY,EAAE,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB;;;;OAIG;IACH,gBAAgB,EAAE,iBAAiB,GAAG,IAAI,CAAA;CAC3C,CAAM,KACN,MAAM,CAAC,0BAA0B,CAmInC,CAAA"}
+{"version":3,"file":"get-request-example-context.d.ts","sourceRoot":"","sources":["../../../src/request-example/context/get-request-example-context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAA;AAE9E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAC9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AACvD,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AAEpD,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iDAAiD,CAAA;AAIjG,OAAO,EAAE,KAAK,MAAM,EAAqB,MAAM,iCAAiC,CAAA;AAIhF,OAAO,EAAE,KAAK,qBAAqB,EAAiB,MAAM,mDAAmD,CAAA;AAE7G,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAA;AACzE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qDAAqD,CAAA;AAC7F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAA;AAClF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAA;AACtE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAA;AAC3F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAA;AAChE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAE5D,KAAK,0BAA0B,GAAG;IAChC,SAAS,EAAE,eAAe,CAAA;IAC1B,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;QACnB,WAAW,EAAE,kBAAkB,CAAA;KAChC,CAAA;IACD,OAAO,EAAE;QACP,SAAS,EAAE,aAAa,EAAE,CAAA;QAC1B,QAAQ,EAAE,aAAa,EAAE,CAAA;KAC1B,CAAA;IACD,OAAO,EAAE;QACP,IAAI,EAAE,YAAY,EAAE,CAAA;QACpB,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAA;QAC7B,IAAI,EAAE,UAAU,CAAA;KACjB,CAAA;IACD,KAAK,EAAE;QACL,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;KACnB,CAAA;IACD,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAChC,CAAA;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,qBAAqB,CAAA;QAC9B,YAAY,EAAE,yBAAyB,EAAE,CAAA;QACzC,QAAQ,EAAE,gBAAgB,CAAA;QAC1B,eAAe,EAAE,0BAA0B,EAAE,CAAA;QAC7C,IAAI,EAAE,QAAQ,CAAA;KACf,CAAA;CACF,CAAA;AAED,eAAO,MAAM,wBAAwB,GACnC,gBAAgB,cAAc,EAC9B,cAAc,MAAM,EACpB,oBAAoB,kBAAkB,EACtC,UAAS,OAAO,CAAC;IACf,OAAO,EAAE,YAAY,EAAE,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,OAAO,CAAA;IACnB,+CAA+C;IAC/C,cAAc,EAAE,2BAA2B,CAAA;IAC3C;;;;OAIG;IACH,gBAAgB,EAAE,iBAAiB,GAAG,IAAI,CAAA;CAC3C,CAAM,KACN,MAAM,CAAC,0BAA0B,CAoInC,CAAA"}

package/dist/request-example/context/get-request-example-context.js

@@ -63,9 +63,9 @@ export const getRequestExampleContext = (workspaceStore, documentName, requestEx
         path: path ?? '',
         method: method ?? 'get',
     });
-    const securitySchemes = mergeSecurity(document.components?.securitySchemes ?? {}, {}, workspaceStore.auth, documentName);
+    const securitySchemes = mergeSecurity(document.components?.securitySchemes ?? {}, options.authentication?.securitySchemes ?? {}, workspaceStore.auth, documentName);
     const securityRequirements = getSecurityRequirements(document.security, operation.security);
-    const selectedSecurity = getSelectedSecurity(documentSelectedSecurity, operationSelectedSecurity, securityRequirements, securitySchemes);
+    const selectedSecurity = getSelectedSecurity(documentSelectedSecurity, operationSelectedSecurity, securityRequirements, securitySchemes, options.authentication?.preferredSecurityScheme);
     /** The above selected requirements in scheme form */
     const selectedSecuritySchemes = getSecuritySchemes(securitySchemes, selectedSecurity.selectedSchemes);
     const serverMeta = operation.servers != null ? { type: 'operation', path: path ?? '', method: method ?? 'get' } : { type: 'document' };

package/dist/request-example/context/security/get-selected-security.d.ts

@@ -1,3 +1,4 @@
+import type { AuthenticationConfiguration } from '@scalar/types/api-reference';
 import type { SelectedSecurity } from '@scalar/workspace-store/entities/auth';
 import type { OpenApiDocument } from '@scalar/workspace-store/schemas/v3.1/strict/openapi-document';
 type DefaultScopeScheme = {
@@ -6,10 +7,14 @@ type DefaultScopeScheme = {
 };
 /**
  * Resolves which security selection to use for an operation.
- * Priority: operation-level selection, then document-level selection, then a default.
- * When neither level has a selection, returns the first security requirement unless
- * authentication is optional or there are no requirements, in which case returns no selection.
+ *
+ * Priority order:
+ * 1. Operation-level selection (if set)
+ * 2. Document-level selection (if set)
+ * 3. Preferred security scheme from configuration (if provided)
+ * 4. First security requirement from the OpenAPI spec
+ * 5. No selection (if auth is optional or no requirements exist)
  */
-export declare const getSelectedSecurity: (documentSelectedSecurity: SelectedSecurity | undefined, operationSelectedSecurity: SelectedSecurity | undefined, securityRequirements?: NonNullable<OpenApiDocument["security"]>, securitySchemes?: Record<string, DefaultScopeScheme | undefined>) => SelectedSecurity;
+export declare const getSelectedSecurity: (documentSelectedSecurity: SelectedSecurity | undefined, operationSelectedSecurity: SelectedSecurity | undefined, securityRequirements?: NonNullable<OpenApiDocument["security"]>, securitySchemes?: Record<string, DefaultScopeScheme | undefined>, preferredSecurityScheme?: AuthenticationConfiguration["preferredSecurityScheme"]) => SelectedSecurity;
 export {};
 //# sourceMappingURL=get-selected-security.d.ts.map

package/dist/request-example/context/security/get-selected-security.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get-selected-security.d.ts","sourceRoot":"","sources":["../../../../src/request-example/context/security/get-selected-security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAA;AAE7E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8DAA8D,CAAA;AAInG,KAAK,kBAAkB,GAAG;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B,CAAA;AA4BD;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,GAC9B,0BAA0B,gBAAgB,GAAG,SAAS,EACtD,2BAA2B,gBAAgB,GAAG,SAAS,EACvD,uBAAsB,WAAW,CAAC,eAAe,CAAC,UAAU,CAAC,CAAM,EACnE,kBAAiB,MAAM,CAAC,MAAM,EAAE,kBAAkB,GAAG,SAAS,CAAM,KACnE,gBA4BF,CAAA"}
+{"version":3,"file":"get-selected-security.d.ts","sourceRoot":"","sources":["../../../../src/request-example/context/security/get-selected-security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAA;AAC9E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAA;AAE7E,OAAO,KAAK,EACV,eAAe,EAEhB,MAAM,8DAA8D,CAAA;AAIrE,KAAK,kBAAkB,GAAG;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B,CAAA;AAkED;;;;;;;;;GASG;AACH,eAAO,MAAM,mBAAmB,GAC9B,0BAA0B,gBAAgB,GAAG,SAAS,EACtD,2BAA2B,gBAAgB,GAAG,SAAS,EACvD,uBAAsB,WAAW,CAAC,eAAe,CAAC,UAAU,CAAC,CAAM,EACnE,kBAAiB,MAAM,CAAC,MAAM,EAAE,kBAAkB,GAAG,SAAS,CAAM,EACpE,0BAA0B,2BAA2B,CAAC,yBAAyB,CAAC,KAC/E,gBAgDF,CAAA"}

package/dist/request-example/context/security/get-selected-security.js

@@ -1,5 +1,12 @@
 import { getResolvedRef } from '@scalar/workspace-store/helpers/get-resolved-ref';
 import { isAuthOptional } from './is-auth-optional.js';
+/** Extracts the default scopes for a security scheme (only OAuth2 schemes support this) */
+const getDefaultScopes = (scheme) => {
+    if (!scheme || scheme.type !== 'oauth2') {
+        return [];
+    }
+    return scheme['x-default-scopes'] ?? [];
+};
 const applyDefaultScopes = (requirement, securitySchemes) => {
     let didApplyDefaultScopes = false;
     const hydratedRequirement = Object.fromEntries(Object.entries(requirement).map(([name, scopes]) => {
@@ -16,25 +23,68 @@ const applyDefaultScopes = (requirement, securitySchemes) => {
     }));
     return didApplyDefaultScopes ? hydratedRequirement : requirement;
 };
+/**
+ * Builds a security requirement from the preferred security scheme configuration.
+ * Handles both string and array formats for complex auth scenarios.
+ */
+const buildSecurityRequirementFromPreferred = (preferredSecurityScheme, securitySchemes) => {
+    if (!Array.isArray(preferredSecurityScheme)) {
+        const scheme = getResolvedRef(securitySchemes[preferredSecurityScheme]);
+        return { [preferredSecurityScheme]: getDefaultScopes(scheme) };
+    }
+    const requirement = {};
+    for (const item of preferredSecurityScheme) {
+        if (Array.isArray(item)) {
+            for (const schemeName of item) {
+                const scheme = getResolvedRef(securitySchemes[schemeName]);
+                requirement[schemeName] = getDefaultScopes(scheme);
+            }
+        }
+        else {
+            const scheme = getResolvedRef(securitySchemes[item]);
+            requirement[item] = getDefaultScopes(scheme);
+        }
+    }
+    return requirement;
+};
 /**
  * Resolves which security selection to use for an operation.
- * Priority: operation-level selection, then document-level selection, then a default.
- * When neither level has a selection, returns the first security requirement unless
- * authentication is optional or there are no requirements, in which case returns no selection.
+ *
+ * Priority order:
+ * 1. Operation-level selection (if set)
+ * 2. Document-level selection (if set)
+ * 3. Preferred security scheme from configuration (if provided)
+ * 4. First security requirement from the OpenAPI spec
+ * 5. No selection (if auth is optional or no requirements exist)
  */
-export const getSelectedSecurity = (documentSelectedSecurity, operationSelectedSecurity, securityRequirements = [], securitySchemes = {}) => {
-    // Operation level security
+export const getSelectedSecurity = (documentSelectedSecurity, operationSelectedSecurity, securityRequirements = [], securitySchemes = {}, preferredSecurityScheme) => {
+    // Operation level security takes highest priority
     if (operationSelectedSecurity) {
         return operationSelectedSecurity;
     }
-    // Document level security
+    // Document level security is next
     if (documentSelectedSecurity) {
         return documentSelectedSecurity;
     }
     const isOptional = isAuthOptional(securityRequirements);
+    // No need to default if auth is optional and no preferred scheme
+    if (isOptional && !preferredSecurityScheme) {
+        return {
+            selectedIndex: -1,
+            selectedSchemes: [],
+        };
+    }
+    // Use preferred security scheme if configured
+    if (preferredSecurityScheme) {
+        const requirement = buildSecurityRequirementFromPreferred(preferredSecurityScheme, securitySchemes);
+        return {
+            selectedIndex: 0,
+            selectedSchemes: [requirement],
+        };
+    }
     const firstRequirement = securityRequirements[0];
-    // No need to default if auth is optional
-    if (isOptional || !firstRequirement) {
+    // No requirements and no preferred scheme
+    if (!firstRequirement) {
         return {
             selectedIndex: -1,
             selectedSchemes: [],

package/dist/request-example/index.d.ts

@@ -1,5 +1,7 @@
-export { buildRequest, buildRequestSecurity, deSerializeParameter, filterGlobalCookie, getEnvironmentVariables, getExample, getExampleFromBody, getExampleFromSchema, getResolvedUrl, getSelectedBodyContentType, getServerVariables, requestFactory, serializeContentValue, serializeDeepObjectStyle, serializeFormStyle, serializeFormStyleForCookies, serializePipeDelimitedStyle, serializeSimpleStyle, serializeSpaceDelimitedStyle, } from './builder/index.js';
 export type { ApiKeyObjectSecret, HttpObjectSecret, OAuth2ObjectSecret, OAuthFlowAuthorizationCodeSecret, OAuthFlowClientCredentialsSecret, OAuthFlowImplicitSecret, OAuthFlowPasswordSecret, OAuthFlowsObjectSecret, OpenIdConnectObjectSecret, SecuritySchemeObjectSecret, } from './builder/index.js';
-export { combineParams, getActiveEnvironment, getActiveProxyUrl, getRequestExampleContext, getSecurityRequirements, getSecuritySchemes, getSelectedSecurity, getSelectedServer, getServers, isAuthOptional, mergeSecurity, } from './context/index.js';
+export { type RequestFactory, buildRequest, buildRequestSecurity, deSerializeParameter, filterGlobalCookie, getEnvironmentVariables, getExample, getExampleFromBody, getExampleFromSchema, getResolvedUrl, getSelectedBodyContentType, getServerVariables, requestFactory, serializeContentValue, serializeDeepObjectStyle, serializeFormStyle, serializeFormStyleForCookies, serializePipeDelimitedStyle, serializeSimpleStyle, serializeSpaceDelimitedStyle, } from './builder/index.js';
 export type { MergedSecuritySchemes } from './context/index.js';
+export { combineParams, getActiveEnvironment, getActiveProxyUrl, getRequestExampleContext, getSecurityRequirements, getSecuritySchemes, getSelectedSecurity, getSelectedServer, getServers, isAuthOptional, mergeSecurity, } from './context/index.js';
+export { createVariablesStoreForRequest } from './variable-store/index.js';
+export type { VariableEntry, VariablesStore } from './variable-store/types.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/request-example/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/request-example/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,UAAU,EACV,kBAAkB,EAClB,oBAAoB,EACpB,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,EAClB,cAAc,EACd,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,4BAA4B,EAC5B,2BAA2B,EAC3B,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,WAAW,CAAA;AAClB,YAAY,EACV,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,gCAAgC,EAChC,gCAAgC,EAChC,uBAAuB,EACvB,uBAAuB,EACvB,sBAAsB,EACtB,yBAAyB,EACzB,0BAA0B,GAC3B,MAAM,WAAW,CAAA;AAClB,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,EACxB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,aAAa,GACd,MAAM,WAAW,CAAA;AAClB,YAAY,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/request-example/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,gCAAgC,EAChC,gCAAgC,EAChC,uBAAuB,EACvB,uBAAuB,EACvB,sBAAsB,EACtB,yBAAyB,EACzB,0BAA0B,GAC3B,MAAM,WAAW,CAAA;AAClB,OAAO,EACL,KAAK,cAAc,EACnB,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EAClB,uBAAuB,EACvB,UAAU,EACV,kBAAkB,EAClB,oBAAoB,EACpB,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,EAClB,cAAc,EACd,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,4BAA4B,EAC5B,2BAA2B,EAC3B,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,WAAW,CAAA;AAClB,YAAY,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAA;AACtD,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,EACxB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,aAAa,GACd,MAAM,WAAW,CAAA;AAClB,OAAO,EAAE,8BAA8B,EAAE,MAAM,kBAAkB,CAAA;AACjE,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA"}

package/dist/request-example/index.js

@@ -1,2 +1,3 @@
 export { buildRequest, buildRequestSecurity, deSerializeParameter, filterGlobalCookie, getEnvironmentVariables, getExample, getExampleFromBody, getExampleFromSchema, getResolvedUrl, getSelectedBodyContentType, getServerVariables, requestFactory, serializeContentValue, serializeDeepObjectStyle, serializeFormStyle, serializeFormStyleForCookies, serializePipeDelimitedStyle, serializeSimpleStyle, serializeSpaceDelimitedStyle, } from './builder/index.js';
 export { combineParams, getActiveEnvironment, getActiveProxyUrl, getRequestExampleContext, getSecurityRequirements, getSecuritySchemes, getSelectedSecurity, getSelectedServer, getServers, isAuthOptional, mergeSecurity, } from './context/index.js';
+export { createVariablesStoreForRequest } from './variable-store/index.js';

package/dist/request-example/variable-store/index.d.ts

@@ -0,0 +1,7 @@
+import type { VariablesStore } from '../../request-example/variable-store/types.js';
+/**
+ * Creates an in-memory VariablesStore for a single request execution,
+ * managing environment, collection, global, and local variables in priority order.
+ */
+export declare function createVariablesStoreForRequest(): VariablesStore;
+//# sourceMappingURL=index.d.ts.map

package/dist/request-example/variable-store/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/request-example/variable-store/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAiB,cAAc,EAAE,MAAM,wCAAwC,CAAA;AAE3F;;;GAGG;AACH,wBAAgB,8BAA8B,IAAI,cAAc,CAuC/D"}

package/dist/request-example/variable-store/index.js

@@ -0,0 +1,41 @@
+/**
+ * Creates an in-memory VariablesStore for a single request execution,
+ * managing environment, collection, global, and local variables in priority order.
+ */
+export function createVariablesStoreForRequest() {
+    const environmentEntries = [];
+    const collectionEntries = [];
+    const worksapceEntries = [];
+    const localVariables = [];
+    return {
+        getEnvironment: () => environmentEntries,
+        getGlobals: () => worksapceEntries,
+        getCollectionVariables: () => collectionEntries,
+        getData: () => ({}),
+        getLocalVariables: () => {
+            return localVariables;
+        },
+        setLocalVariables: (variables) => {
+            localVariables.length = 0;
+            localVariables.push(...variables);
+        },
+        setCollectionVariables: (variables) => {
+            collectionEntries.length = 0;
+            collectionEntries.push(...variables);
+        },
+        setEnvironment: (variables) => {
+            environmentEntries.length = 0;
+            environmentEntries.push(...variables);
+        },
+        setGlobals: (variables) => {
+            worksapceEntries.length = 0;
+            worksapceEntries.push(...variables);
+        },
+        getVariables: () => {
+            return Object.fromEntries([...worksapceEntries, ...collectionEntries, ...environmentEntries, ...localVariables].map((v) => [
+                v.key,
+                v.value,
+            ]));
+        },
+    };
+}

package/dist/request-example/variable-store/types.d.ts

@@ -0,0 +1,59 @@
+/**
+ * External store for pm.variables used by post-response (and pre-request) scripts.
+ *
+ * Mirrors the Postman variable precedence: local (in-memory) overrides data, then
+ * environment, then collection, then globals. Scripts can read all scopes via
+ * pm.variables.get() and only write to the local scope via pm.variables.set();
+ * after execution, the adapter writes local variables back through setLocalVariables.
+ *
+ * @see https://github.com/postmanlabs/postman-sandbox test/unit/pm-variables.test.js
+ */
+export type VariableEntry = {
+    key: string;
+    value: string;
+};
+/**
+ * Store interface for workspace/env and in-memory local variables used by the
+ * Postman sandbox. The host (e.g. api-client) can implement this to provide
+ * environment/globals/collection variables and to persist local variables
+ * set by scripts (pm.variables.set), collection variables (pm.collectionVariables.set),
+ * and globals (pm.globals.set).
+ */
+export type VariablesStore = {
+    /** Workspace / environment variables (read-only in scripts). */
+    getEnvironment(): VariableEntry[] | Record<string, string>;
+    /** Global variables; scripts can set via pm.globals.set. */
+    getGlobals(): VariableEntry[] | Record<string, string>;
+    /** Collection-level variables; scripts can set via pm.collectionVariables.set. */
+    getCollectionVariables(): VariableEntry[] | Record<string, string>;
+    /** Request/iteration data (read-only in scripts). */
+    getData(): Record<string, string>;
+    /** In-memory local variables; scripts can set these via pm.variables.set. */
+    getLocalVariables(): VariableEntry[] | Record<string, string>;
+    /**
+     * Called after script execution with the updated local variables so the host
+     * can persist them for the next request or display.
+     */
+    setLocalVariables(variables: VariableEntry[]): void;
+    /**
+     * Optional. Called after script execution with collection variables set by
+     * the script (pm.collectionVariables.set). If implemented, the host can
+     * persist or merge these for the next request.
+     */
+    setCollectionVariables?(variables: VariableEntry[]): void;
+    /**
+     * Optional. Called after script execution with environment variables set by the script
+     * (pm.environment.set). If implemented, the host can persist or merge these
+     * for the next request.
+     */
+    setEnvironment?(variables: VariableEntry[]): void;
+    /**
+     * Optional. Called after script execution with globals set by the script
+     * (pm.globals.set). If implemented, the host can persist or merge these
+     * for the next request.
+     */
+    setGlobals?(variables: VariableEntry[]): void;
+    /** Merged variables from all scopes based on the different leyers. */
+    getVariables(): Record<string, string>;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/request-example/variable-store/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/request-example/variable-store/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,aAAa,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAA;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,gEAAgE;IAChE,cAAc,IAAI,aAAa,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC1D,4DAA4D;IAC5D,UAAU,IAAI,aAAa,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACtD,kFAAkF;IAClF,sBAAsB,IAAI,aAAa,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAClE,qDAAqD;IACrD,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACjC,6EAA6E;IAC7E,iBAAiB,IAAI,aAAa,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC7D;;;OAGG;IACH,iBAAiB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI,CAAA;IACnD;;;;OAIG;IACH,sBAAsB,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI,CAAA;IACzD;;;;OAIG;IACH,cAAc,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI,CAAA;IACjD;;;;OAIG;IACH,UAAU,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI,CAAA;IAC7C,sEAAsE;IACtE,YAAY,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACvC,CAAA"}

package/dist/request-example/variable-store/types.js

@@ -0,0 +1,11 @@
+/**
+ * External store for pm.variables used by post-response (and pre-request) scripts.
+ *
+ * Mirrors the Postman variable precedence: local (in-memory) overrides data, then
+ * environment, then collection, then globals. Scripts can read all scopes via
+ * pm.variables.get() and only write to the local scope via pm.variables.set();
+ * after execution, the adapter writes local variables back through setLocalVariables.
+ *
+ * @see https://github.com/postmanlabs/postman-sandbox test/unit/pm-variables.test.js
+ */
+export {};

package/dist/schemas/extensions/general/x-post-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x-post-response.d.ts","sourceRoot":"","sources":["../../../../src/schemas/extensions/general/x-post-response.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,mBAAmB;;EAE9B,CAAA;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;;;;;;;;;;;OAcG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,eAAO,MAAM,aAAa;;EAYzB,CAAA"}

package/dist/schemas/extensions/general/x-pre-request.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Pre-request scripts run before a request is sent. They are used to prepare or modify anything needed for the request to succeed.
+ *
+ * Common uses:
+ * - Set up data and variables
+ * - Generate timestamps, random values, IDs, or nonces
+ * - Set environment or collection variables for use in the URL, headers, or body
+ *
+ * @example
+ * ```yaml
+ * x-pre-request: |
+ *   var token = pm.environment.get("token")
+ *   pm.request.headers.set("Authorization", `Bearer ${token}`)
+ * ```
+ */
+export declare const XPreRequestSchema: import("@scalar/typebox").TObject<{
+    'x-pre-request': import("@scalar/typebox").TOptional<import("@scalar/typebox").TString>;
+}>;
+export declare const XPreRequest: import("@scalar/validation").ObjectSchema<{
+    'x-pre-request': import("@scalar/validation").OptionalSchema<import("@scalar/validation").StringSchema>;
+}>;
+export type XPreRequest = {
+    'x-pre-request'?: string;
+};
+//# sourceMappingURL=x-pre-request.d.ts.map

package/dist/schemas/extensions/general/x-pre-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x-pre-request.d.ts","sourceRoot":"","sources":["../../../../src/schemas/extensions/general/x-pre-request.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB;;EAE5B,CAAA;AAEF,eAAO,MAAM,WAAW;;EAQvB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA"}

package/dist/schemas/extensions/general/x-pre-request.js

@@ -0,0 +1,26 @@
+import { Type } from '@scalar/typebox';
+import { object, optional, string } from '@scalar/validation';
+/**
+ * Pre-request scripts run before a request is sent. They are used to prepare or modify anything needed for the request to succeed.
+ *
+ * Common uses:
+ * - Set up data and variables
+ * - Generate timestamps, random values, IDs, or nonces
+ * - Set environment or collection variables for use in the URL, headers, or body
+ *
+ * @example
+ * ```yaml
+ * x-pre-request: |
+ *   var token = pm.environment.get("token")
+ *   pm.request.headers.set("Authorization", `Bearer ${token}`)
+ * ```
+ */
+export const XPreRequestSchema = Type.Object({
+    'x-pre-request': Type.Optional(Type.String()),
+});
+export const XPreRequest = object({
+    'x-pre-request': optional(string()),
+}, {
+    typeName: 'XPreRequest',
+    typeComment: 'Pre-request script to run before the request is sent.',
+});

package/dist/schemas/extensions/operation/index.d.ts

@@ -1,6 +1,5 @@
 export { type XBadge, XBadgeSchema, type XBadges, XBadgesSchema, } from './x-badge.js';
 export { type XCodeSample, type XCodeSamples, XCodeSamplesSchema, } from './x-code-samples.js';
-export { type XPostResponse, XPostResponseSchema, } from './x-post-response.js';
 export { type XScalarSelectedContentType, XScalarSelectedContentTypeSchema, } from './x-scalar-selected-content-type.js';
 export { XScalarStabilitySchema, XScalarStabilityValues, } from './x-scalar-stability.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/schemas/extensions/operation/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/schemas/extensions/operation/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,MAAM,EACX,YAAY,EACZ,KAAK,OAAO,EACZ,aAAa,GACd,MAAM,WAAW,CAAA;AAClB,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EACL,KAAK,aAAa,EAClB,mBAAmB,GACpB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EACL,KAAK,0BAA0B,EAC/B,gCAAgC,GACjC,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,sBAAsB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/schemas/extensions/operation/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,MAAM,EACX,YAAY,EACZ,KAAK,OAAO,EACZ,aAAa,GACd,MAAM,WAAW,CAAA;AAClB,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EACL,KAAK,0BAA0B,EAC/B,gCAAgC,GACjC,MAAM,kCAAkC,CAAA;AACzC,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,sBAAsB,CAAA"}

package/dist/schemas/extensions/operation/index.js

@@ -1,5 +1,4 @@
 export { XBadgeSchema, XBadgesSchema, } from './x-badge.js';
 export { XCodeSamplesSchema, } from './x-code-samples.js';
-export { XPostResponseSchema, } from './x-post-response.js';
 export { XScalarSelectedContentTypeSchema, } from './x-scalar-selected-content-type.js';
 export { XScalarStabilitySchema, XScalarStabilityValues, } from './x-scalar-stability.js';